12 February 2020

Interesting MS-110D App.D (WBHF) traffic


Interesting traffic heard on 5750 KHz/USB and picked up thanks to the UK KiwiSDR owned by G8JNJ.
Most of the signals are definitely "110C Appendix D" 3 KHz BW waveform (WID 1 or 2, BPSK). The synchronization preamble has a framing of ~240ms length that makes 576 symbols @2400Bd speed (Fig. 1). From 188-110C App.D documentation, the orthogonal Walsh modulation is used in the synchronization section of the preamble and the length of the repeated super-frame is 18 channel-symbols, ie: 9 (fixed) + 4 (downcount) + 5 (waveform identification). Since in 3 KHz bandwidth waveforms the preamble channel-symbols are 32 symbol long, the length of each repeated superframe is: 18 (channel-symbols) x 32 (length of one channel-symbol) that just matches the measured 576 symbols length.
Data section has 40ms length frames (Fig. 2) i.e. each frame consists of 96 symbols: 48 unknown data + 48 known data (mini-probe). This framing meet the waveform IDs 1 and 2 of the 3KHz bandwidth set (BPSK modulated data).

Fig. 1 - Synchronization preamble superframes
Fig.2 - data section frames
Anyway, FLSU BW5 bursts and unid 2400Bd bursts are the most interesting aspects in this catch.
In my opinion the presence of (repeated) 3G-HF Fast Link SetUp (FLSU) BW5 bursts is rather strange also because the link seems to be terminated with a 188-141A 2G-ALE "TWS" sequence: a kind of "fall back" for 2G-ALE? Perhaps we're dealing with a STANAG-4538 "circuit-mode" service and I did not hear the BW5 PDUs sent by the other side of  the link, or perhaps BW5 PDUs are just used to signal the following traffic waveform.
The other 2400Bd bursts (Fig. 3) have a fixed duration of ~2840ms: unfortunately the poor SNR of the signals does not allow to get other significant parameters from their analysis.

Fig. 3
As said, the link was terminated using 2G-ALE: the TWS message was sent by the ALE callsign "AC7", It's to be noticed that during the monitoring period other ALE soundings from calls "AC7" and "AC9"  have been heard. According to recent UDXF logs, these calls refer to a unid Jordan network, although it sounds weird to me that they use WBHF technology. Maybe some WBHF trials... but it's just a guess.

southwest.ddns.net_2020-02-06T21_02_31Z_5750.00_usb.wav
southwest.ddns.net_2020-02-06T20_56_47Z_5750.00_usb.wav

4 February 2020

Israeli Navy running their proprietary PSK serial tone with Tadiran/Elbit DCS (Digital-Coded Squelch)


Reading radioscanner.ru I found an interesting post my friend Cryptomaster about Israeli Defense Force (IDF) Navy transmissions consisting of their proprietary PSK serial tone waveform sent along with the Tadiran/Elbit Digital Coded Squelch (DCS) signal activated. Since the Istraeli Ny transmissions are quite frequent and easy to receive and recognize, I decided to take a look at the frequency reported by Cryptomaster (13372.0 Khz/USB): the transmissions were picked up using the Italian KiwiSDR owned by IZ6BYY.

The DCS signal is sent continuously, starting when transmission begins, and transmitted on a frequency which is slightly higher than the one used by the data signal (i.e. "over" the data signal) by using an FSK waveform wich is modulated at the rate of 125 bit/sec and 290 Hz shifted (Fig. 1).

Fig. 1
Tadiran/Elbit DCS implementation is a 84 bit long string, while standard DCS [1] codewords consist of 23 bit long string (10 bit data + 3 fixed bits + 11 check bits): don't know if a similar framing is used here. Anyway, notice that at the end of each transmission the encoder changes the code to a pattern consisting of the same string sent in opposite polarity: most likely it's a "turn off" code that causes receiving decoders to mute (Fig. 2) and to signal the end of the data transmission.

Fig. 2 - Tadiran/Elbit DCS bitstream
Radios with DCS options are generally compatible, provided the radio's encoder-decoder will use the same code as radios in the existing network. indeed, the use of DCS has only been noted on this frequency: Fig. 3 shows contemporary transmissions on 13372 and 8070 KHz/USB. Notice that the two signals occupy the same bandwidth: it may be that before DCS were applied the PSK signal is subjected to a tighter filtering.

Fig. 3 - Isr-Ny contemporary transmissions
DCS support could be provided by Tadiran/Elbit devices such as the HF-6000 or HF-8000 [2]: I already met that signal coupled with the Nokia msg terminal.
Since a compatible radio ignores signals that do not include a bitstream with the specified code, DCS could also be used as a type of selective calling. Indeed, the Tadiran "Selective Calling" feature (that's not ALE) just uses an FSK waveform as DCS: perhaps the DCS words "open" the squelch of the addressed radios (all, group, individual) but it's only a my guess...

Fig. 4