25 January 2020

Unid FSK 35.5Bd/1000

Unid FSK 35.5Bd/1000 heard in idling mode on 10550 KHz (CF) and recorded using the KiwiSDR located in Kuopio, Finland.
The raster shows a distortion of the manipulation speed which is also visible in the phase detector (Fig. 2): most likely a native defect of the source modem/transmitter.

Fig. 1
Fig. 2
Although quite uncommon, the baud rate is 35.5 Bd, as shown in Figure 3 where I isolated and analyzed a "clean" signal segment. It's the first time for me I meet such speed in a FSK waveform (only in CIS-60 HDR modem) but it must be said that there is a possibility that the speed will change when switching from idle to traffic mode (as the old BEE 36/50 did), unfortunately during my listening the signal remained in idle mode.

Fig. 3
As for the source of the signal, it is reasonable to think of a Russian user since the shift of 1000 Hz is used in waveforms such as CIS-14, Vezha-S and also Akula as well as used by Rus-AF (1). Nevertheless, Indian Navy too (VTH9) uses 1000 Hz shift in their FSK 50Bd transmissions.  
Although I have been keeping an eye on that frequency, to date I have not yet had the opportunity to hear this signal again.

kiwi-kuo.aprs.fi_2020-01-23T10_26_37Z_10548.50_usb.wav

(1) REA4 Moscow AF HQ  uses FSK 50Bd/1000 in idling between skeds in FSK Morse (5FGs).

22 January 2020

SkyOFDM 28-tone 86Hz 65.6Bd PSK2 (2)

Just for background it might be helpful to read the previous post.

Most likely the signal that is continuously transmitted on 4150 KHz/usb is a modded or a new waveform of the Skysweep Technologies proprietary "SkyOFDM" family. SkyOFDM is a high speed modem based on the OFDM and turbo coding technologies.  It offers several baud  rates (300-9600  bps) and two different interleaving options (short and long). Also there are two bandwidth options: 2000Hz (OFDM 22 tones) and 2400 Hz (OFDM 28 tones).

Fig. 1 - SkySweeper running the SkyOFDM modem
I tried the SkyOFDM modes available in SkySweeper 5.13 (Fig. 1), a Windows based product for radio data decoding and signal analysis developed by SkySweep.  As expected, I could not synthesize the exact waveform running on 4158 KHz since the different speeds, modulations, and ACF:

params SkyOFDM 4150 Hz OFDM
bandwidth (Hz) 2000, 2400 2400
preamble 7 tones 7 tones
tones 22, 28 28
shift (Hz) 86 86
Baud rate 60.56, 64, 79 65.57x
modulations PSK2, PSK4, QAM PSK2/SDPSKx
ACF (ms) 78, 113.4 76.2x















A peculiar difference lies in the type of the used modulations: for example, if you filter out and look at the modulation used in the second channel, you will see that is not PSK2 but SDPSK (Simmetric Differential PSK), thus it seems that channels are mixed artfully (Fig. 2 ).

Fig. 2
In SA Phase-Plane using n-Ary = 4 and absolute mode (diff=0) the transitions between states are similar to QPSK but without diagonal paths; in differential mode (diff=1) we see transitions between two states (Fig. 3) (1).

Fig. 3
According to some utility DXers, SkyOFDM waveforms were used by Finnish MFA and that's correct since SkySweep Technologies is a Finnish high tech company. Although there are still many references in the web to SkySweep, their official website is no longer online: this suggests a ceased activity or an incorporation into another company. Indeed, looking at waybackmachine.com, the site skysweep.com was crawled last time on 13 June 2017; by the way, SkySweeper software was discontinued on June 1st 2009.
That said, the permanence of this signal on 4150 KHz and its purpose are still unknown to me as well as other friends.


(1) PSK encodes the input data sequences in pahes (states), while Differential PSK (DPSK) encodes the input data in the phase difference (transitions) between successive bits or symbols. This means that there would be a phase change in the modulation signal if the two successive bits in the input data sequence are different (0 to 1 or 1 to 0), and no phase changes if the successive bits are the same. DPSK is called conventional DPSK (or CDPSK) if the phase differences is in the set of [0,π] and symmetrical DPSK (SDPSK, also called π/2-DPSK) if the phase difference is in the set of [π/2,-π/2]. As you see in Fig. 3 the transitions in differential mode (diff=1) are in the set of [π/2,-π/2] so most likely it's a SDPSK (π/2-DPSK). 

18 January 2020

unid SkyOFDM 28-tone 86Hz 65.6Bd PSK2

Continuous ofdm bursts transmission picked up on 4158 KHz/USB thanks to the "ArcticSDR" in Kongsfjord Arctic Norway: a KiwiSDR managed by my friend Bjarne Mjelde
http://arcticsdr.ddns.net:8073/ 
https://www.facebook.com/groups/1628656197277661/

Timings of the transmission and its spectrum are shown in Fig. 1 

Fig. 1 - timing and spectrum
The analysis of the OFDM signal clearly shows 28 channels and a frequency spacing of ~86 Hz, each channel is modulated using PSK2 at the symbol rate of 65.57 Bd (Fig. 2). The same results are obtained/verified by analyzing a single channel as shown in Fig. 3 (higher channel).
 
Fig. 2 - OFDM analysis
Fig. 3 - anlysis of the higher channel (#28)
As you see in Fig. 2, I did a further analysis after resampling the signal at 10109 Hz. Indeed, I used the tool OCG [1] in order to calculate and sythesize an OFDM waveform having the same parameters (channels, Br, Shift, modulation, width,...) and got 10109 Hz as one of the possible "native" sampling rate. The analysis of the synthesized OFDM is visible in fig. 4: notice the similarity between the PSK2 constellation of the synthesized signal and the one of the real signal (although resampled).

Fig. 4 - analysis of the synthesized OFdM-28 signal
The seven initial tones last 30 symbol periods and are derived from the OFDM generator as shown in Fig. 5; more precisely the used tones are: 2, 5, 6, 9, 13, 16, and 19.

Fig. 5 - initial seven unmodulated tones
The autocorrelation has a value of 76.2 ms (Fig. 6) that makes a 140 symbols length frame if considering an aggregate speed of ~1836 Bd (65.57 x 28).

Fig. 6 - autocorrelation
A similar OFDM waveform but with shorter and different bursts (Fig. 7) was reported on 2016.02.05 by my friend Cryptomaster [2] just on the same frequency of 4158 KHz/USB. In that case the modulation used was a form of PSK4, anyway number of tones, shift, Br, and ACF are the same; thus, that signal is on-air since several years.


Fig. 7
As regards the signal source, several TDoA tries always indicated an area north to Helsinki as probable Tx site (Fig. 8) although qrg.globaltuners.com reports exactly the same waveform/spectrum (and frequency too) indicating it as a signal sourced by the Spanish Navy [3].  In my opinion that's quite odd since the signal is fairly well received in the northern European countries such as Sweden, Norway, and Finland, while it is rather weak or inaudible at all in south Europe... I don't think of such a long skip.

 
Fig. 8 - TDoA reults

In my opinion it's an evolution of the original Skysweep Technologies proprietary waveform named "SkyOFDM", probably used by Finnish MFA (thanks to Roland Proesch for the hint). Indeed, the mentioned recording by my friend Cryptomaster just matches the features of the "original" SkyOFDM waveform (Fig. 9).

Fig. 9 - Skysweep Technologies OFDM-28

It's worth noting that SkySweeper Pro 5.13 software does not recognize the "new" OFDM-28 PSK2 that is analyzed  in this post.
(to be continued)

arcticsdr.ddns.net_2020-01-15T04_36_08Z_4159.70_iq.wav
synthetized_ofdm28_r10109Hz.wav

[1] OCG is a program for calculating and synthesizing OFDM signals, it can be downloaded from here
[2] http://www.radioscanner.ru/files/unknown/file19060/
[3] http://qrg.globaltuners.com/details.php?id=17420

13 January 2020

COMSEC transmissions using a S4285 variant (2)

Secured burst transmission using a modified S4285 waveform [1] spotted around midnight on 4015 KHz/usb, the S4285 mode is 600bps and short interleaver. 

Fig. 1
After demodulation, the COMSEC preamble resembles 188-220D std and consists of 3 parts (my guess):
1) 60-bit Frame Sync (110000100000111000101111001011011101101001001011111010101100)
2) 5 x 128-bit strings, encoded Message Indicator (five times repeated)
3) 64-bit idling sequence (time to load the key?)

Preamble is followed by the encrypted data block which ends with "01" sequences.
 
Fig. 2 - demodulated stream of bursts

Fig. 3 - COMSEC preamble (my guess)


https://yadi.sk/d/nY-DTuTz-ZWG8g  (2020-01-10T005300Z, 4.015 MHz, USB.wav)
https://yadi.sk/d/oIHVEWbUO0_few   (2020-01-10T010336Z, 4.015 MHz, USB.bin)

[1] The same modified S4285 waveform was met here on 6931 KHz/usb:
http://i56578-swl.blogspot.com/2018/06/comsec-transmissions-using-s4285.html 

Speed distortion in an FSK signal

Most likely modem instability is the cause of the distortion in the manipulation speed (~42 bps), as it's evident in SA raster.



https://yadi.sk/d/qT-d1A_5bFtJHg