28 February 2020

Makhovik secured CIS PSK2/1200Bd

This post is an update and a correction to a previous post to which reference. I want to thank an anonymous reader who in his comment to that post suggested to use differential PSK2 decoding.
In that post I verified the use of Makhovik crypto system (T-230 bundle ciphering device for teleprinter and data connections) in CIS-12 transmissions as well as in CIS PSK2/1200Bd (CIS-1200) transmissions. One of Makhovik's features that can be considered as a signature, in addition to the characteristic 30-bit Message Indicators, is the use of 511-bit pseudo-random sequences generated by the primitive polynomial x^9+x^5+1. These sequences follow the ITU Recommendation O.153 [1] and are primarily intended for error measurements at bitrates up to 14400bps  and synchronization purposes (188-110B "39-tone parallel mode" too uses that pattern).
I searched just these 511-bit sequences in three different CIS-1200 recordings (files psk2_a, psk2_b, and psk2_c) and the search was successful in all the three files but I did not find the right sequences, and then the generator polynomial x^9+x^5+1, in the _a recording (Fig. 1).

Fig. 1
As said above, an anonymous reader suggested to use differential decoding for the _a file: well, I took his advice and results are interesting: as shown in Fig. 2, after the differential decoding the bitstream have the right 511-bit sequences generated by the polynomial x^9+x^5+1 !

Fig. 2 - psk2_a diff. decoded bitstream
This is a further indication in favor of the use of  Makovik encryption with the CIS-1200 waveform,  in these cases the modem T-230-1A (a single channel version of T-230) should have been used. 
As usual, further recordings are needed.


24 February 2020

3 x 7-bit KW-46 secured channels over STANAG-4481F, NRTF Niscemi

(cryptomaster, I56578, KarapuZ)

This post may be considered as a continuation of an interesting analysis started by my friends cryptomaster and  KarapuZ, see the radioscanner post for background. The signals analyzed by my friends and me consist of STANAG-4481F waveform (also known as NATO-75, FSK 75Bd/850) and  have been spotted on 8202.5 KHz/usb (tuning frequency, CF = +2000 Hz): in our opinion they seem to be (off line) fleet broadcasts of 3 x 7-bit multiplexed encrypted channels.
I want to thank my friend AngazU and the owner of the KiwiSDR http://158.255.239.102:8073/ in Alicante (Spain) who allowed me to use his device w/out time limits in order to monitor these transmissions.

The interesting aspect is the 3-bit structure which is visible in SA raster (Fig. 1) by using, for example, a time window of 200ms (=15 bits @75bps); notice that it does not occur in time windows that implie a number of bits which is not an integer multiple of 3.

Fig. 1 - 3-bit structure in a 200ms raster window
Following this results, the demodulated stream has been reshaped into a 3-bit framing (Fig. 2): it is easy to see that two columns have the same content.

Fig. 2 - 3-bit framing of the demodulated stream
Then, each column in turn has been reshaped in a 7-bit pattern in order to obtain 3 separate files corresponding to the three channels. Karapuz noted that the Fibonacci's bit sequence (generated by the polynomial x^31 + x^3 + 1) is present in each channel (Fig. 3): this is the main indication that the source data was encrypted using the KW-46/KIV-7 cryptographic device, according to STANAG -5065.

Fig. 3 - the KW-46 M-sequences in the 3 channels conveyed by a single S-4481F trasnmission
The presence of three distinct channels suggests that a time division multiplexer (TDM) be used upstream of the S-4481F modem, but there is a problem with the speeds at stake. The used TDM must have a 75bps "aggregate" speed in order to meet the S-4481F waveform requirements, thus each (encrypted!) input channel should have a speed of 25bps... but crypto devices such as KG-46 or KIV-7 do not work at speeds lower than 50 bps! (Fig. 4).

Fig. 4
So, it seems that a kind of "rate change" occurs between TDM and S-4481F modem but a such kind of store-and-forward device to down the speed  appears unrealistic in case of long broadcasts.

During my monitoring I had the luck to catch the beginning of a transmission. Interestingly, the M-sequences generated by the polynomial x^31 + x^3 + 1 just start from the very first bit of the 3 demodulated streams (100% indication in Fig. 5), there are no signatures or magic numbers attributable to transfer protocols or to file formats, neither preambles or synch sequences.

Fig. 5
According to TDoA direction finding tries, the transmitter site is the Naval Radio Transmitter Facility (NRTF) in Niscemi, Italy (Fig. 6): an infrastructure of the NATO communication system that is linked with other US military bases [1]. It's to notice that similar transmissions (3-bit structure S-4481F) can be heard on 7545.5 and 6383 KHz (CF), also them from NRTF Niscemi!

Fig. 6 - TDoA result
As I said, two channels have the same content, as indeed shown in the raster (Fig. 1): it's to notice that such repetitions of encrypted channels were also noted in some KW-46/KIV-7M secured fleet broadcast of the Australian Ny, see the blog post. In that case we have an aggregate speed of 600bps and 12 multiplexed channels, i.e. 50bps speed per channel.

I checked sveral other S-4481F transmissions but so far these odd 3-bit structure is present only in the ones coming from Niscemi: help and comments from readers are very apreciated and welcome.

High Frequency dual mode antennas at NRTF Niscemi (source Wikipedia)
24 Feb update
As expected, parallel transmissions on 8204.5 KHz and 6383 KHz convey the same content (Fig. 7); the third frequency (7545.5 KHz) is not used at this time. 

Fig. 7 - same contents on parallel transmissions

  (to be continued)
[1] https://www.globalsecurity.org/military/facility/niscemi.htm

158.255.239.102_2020-02-18T21_13_33Z_8203.00_usb.wav 
transmission_start.wav
158.255.239.102_2020-02-18T21_13_33Z_8203.00_usb.txt.bin
start.txt.bin

12 February 2020

Interesting MS-110D App.D (WBHF) traffic


Interesting traffic heard on 5750 KHz/USB and picked up thanks to the UK KiwiSDR owned by G8JNJ.
Most of the signals are definitely "110C Appendix D" 3 KHz BW waveform (WID 1 or 2, BPSK). The synchronization preamble has a framing of ~240ms length that makes 576 symbols @2400Bd speed (Fig. 1). From 188-110C App.D documentation, the orthogonal Walsh modulation is used in the synchronization section of the preamble and the length of the repeated super-frame is 18 channel-symbols, ie: 9 (fixed) + 4 (downcount) + 5 (waveform identification). Since in 3 KHz bandwidth waveforms the preamble channel-symbols are 32 symbol long, the length of each repeated superframe is: 18 (channel-symbols) x 32 (length of one channel-symbol) that just matches the measured 576 symbols length.
Data section has 40ms length frames (Fig. 2) i.e. each frame consists of 96 symbols: 48 unknown data + 48 known data (mini-probe). This framing meet the waveform IDs 1 and 2 of the 3KHz bandwidth set (BPSK modulated data).

Fig. 1 - Synchronization preamble superframes
Fig.2 - data section frames
Anyway, FLSU BW5 bursts and unid 2400Bd bursts are the most interesting aspects in this catch.
In my opinion the presence of (repeated) 3G-HF Fast Link SetUp (FLSU) BW5 bursts is rather strange also because the link seems to be terminated with a 188-141A 2G-ALE "TWS" sequence: a kind of "fall back" for 2G-ALE? Perhaps we're dealing with a STANAG-4538 "circuit-mode" service and I did not hear the BW5 PDUs sent by the other side of  the link, or perhaps BW5 PDUs are just used to signal the following traffic waveform.
The other 2400Bd bursts (Fig. 3) have a fixed duration of ~2840ms: unfortunately the poor SNR of the signals does not allow to get other significant parameters from their analysis.

Fig. 3
As said, the link was terminated using 2G-ALE: the TWS message was sent by the ALE callsign "AC7", It's to be noticed that during the monitoring period other ALE soundings from calls "AC7" and "AC9"  have been heard. According to recent UDXF logs, these calls refer to a unid Jordan network, although it sounds weird to me that they use WBHF technology. Maybe some WBHF trials... but it's just a guess.

southwest.ddns.net_2020-02-06T21_02_31Z_5750.00_usb.wav
southwest.ddns.net_2020-02-06T20_56_47Z_5750.00_usb.wav

4 February 2020

Israeli Navy running their proprietary PSK serial tone with Tadiran/Elbit DCS (Digital-Coded Squelch)


Reading radioscanner.ru I found an interesting post my friend Cryptomaster about Israeli Defense Force (IDF) Navy transmissions consisting of their proprietary PSK serial tone waveform sent along with the Tadiran/Elbit Digital Coded Squelch (DCS) signal activated. Since the Istraeli Ny transmissions are quite frequent and easy to receive and recognize, I decided to take a look at the frequency reported by Cryptomaster (13372.0 Khz/USB): the transmissions were picked up using the Italian KiwiSDR owned by IZ6BYY.

The DCS signal is sent continuously, starting when transmission begins, and transmitted on a frequency which is slightly higher than the one used by the data signal (i.e. "over" the data signal) by using an FSK waveform wich is modulated at the rate of 125 bit/sec and 290 Hz shifted (Fig. 1).

Fig. 1
Tadiran/Elbit DCS implementation is a 84 bit long string, while standard DCS [1] codewords consist of 23 bit long string (10 bit data + 3 fixed bits + 11 check bits): don't know if a similar framing is used here. Anyway, notice that at the end of each transmission the encoder changes the code to a pattern consisting of the same string sent in opposite polarity: most likely it's a "turn off" code that causes receiving decoders to mute (Fig. 2) and to signal the end of the data transmission.

Fig. 2 - Tadiran/Elbit DCS bitstream
Radios with DCS options are generally compatible, provided the radio's encoder-decoder will use the same code as radios in the existing network. indeed, the use of DCS has only been noted on this frequency: Fig. 3 shows contemporary transmissions on 13372 and 8070 KHz/USB. Notice that the two signals occupy the same bandwidth: it may be that before DCS were applied the PSK signal is subjected to a tighter filtering.

Fig. 3 - Isr-Ny contemporary transmissions
DCS support could be provided by Tadiran/Elbit devices such as the HF-6000 or HF-8000 [2]: I already met that signal coupled with the Nokia msg terminal.
Since a compatible radio ignores signals that do not include a bitstream with the specified code, DCS could also be used as a type of selective calling. Indeed, the Tadiran "Selective Calling" feature (that's not ALE) just uses an FSK waveform as DCS: perhaps the DCS words "open" the squelch of the addressed radios (all, group, individual) but it's only a my guess...

Fig. 4