The burst waveform has been monitored on 8118.0 KHz/USB for several days and is part of a multi-mode system which also uses OFDM and MFSK modulations [1]. According to some friends and milcomm listeners, OFDM and MFSK are used for data/ARQ while the bursts act as "sounding/probing" for the communication frequencies. The bursts have a fixed length and are modulated at the data rate of 2400 Baud; bursts are formed of (~) a 55ms TLC section probably used for transmitter level control and receiver AGC settling, a 45ms acquisition preamble and 22 data blocks; each data block has a duration of 20 msec and therefore consists of 48 symbols (Figure 1).
 |
Fig. 1
|
For what concerns the framing and the used modulation, a bit more accurate analysis is needed. Ruled that the total length of one frame is 48 symbols (Figure 2), the time durations inevitably have small inaccuracies that do not allow a definitive measurement of the symbols used for the data (Unknown Symbols, UK) and consequently the number of the symbols used for the probes (Known symbols, K): milliseconds matter! The framings that we can reasonably suppose, indicated in the form [UK + K], are: [35 + 13] and [34 + 14]; although the [32 + 16] framing is possible, it appears in my opinion a little too "generous" since it takes 6.66 msec to transmit 16 symbols. I point out that the patterns in Figure 2 are a function of time and therefore do not depend on the modulation used.
 |
Fig. 2
|
The structure of the frames can also be drawn from the analysis of the bitstream resulted after demodulating the bursts, and here things get complicated. The question to be resolved is whether it is a 4-ary or 8-ary modulation.
At first glance, the absolute constellation looks like a PSK8 modulation, although the four states 45°,135°,225°, 315° are clearly less dense and unstable. Moreover, looking at the transitions more carefully, the paths between those states and the π/4 adjacent ones are almost completely missing. The three lines in the harmonics spectrum at 2^ power and the transitions in differential demodulation are a good clue in favor of a 4-ary modulation. It could be said that it's a π/4-DQPSK modulation, but the zero-crossing transitions rule out this modulation.
Me and friends cryptomaster and KarapuZ have discussed this aspect. In my opinion, it seems that they use a PSK4 modulation and two symbols sets [0-2-4-6] and [1-3-5-7] (ie π/4 shifted) for probes and data; the symbols are then directly mapped to a PSK8 constellation without pre-scrambling them with pseudo-random three bit numbers. This way, the two π/4 shifted PSK4 constellations appear superimposed in the phase plane, giving the impression that it's a PSK8 constellation. With this assumption, the few transitions between the two sets of states find an explanation (switching from data to probe and viceversa).
 |
Fig. 3
|
Obviously, demodulation shall produce a 96-bit period stream in case of PSK4 (2-bit symbols x 48) or a 144-bit period stream in case of PSK8 (3-bit symbols x 48). Me and cryptomaster tried a differential PSK4 demodulation and results are indeed interesting. A [UK + K] = [33 + 15] framing clearly emerges from the bitstreams reported in Figures 4 and 5, and - specifically - the 15 symbols that form a single probe consist of the 30-bit sequence:
000001010101101010101111111100
(the 22 probes can be clearly identified in Figure 5).
Even more interesting is to note the repeated presence of the same sequence also in the preamble bits: it means that what I named as "probes" are most likely "preamble re-insertions".
 |
| Fig.4 - 96-bit stream after dPSK4 demod (I56578) |
 |
| Fig. 5- 96-bit stream after dPSK4 demod (thanks to cryptomaster) |
As said above, symbols appear not mapped to a PSK8 constellation thus a final scrambler - if present - is not used in the same way as in 188-110; anyway, we have found some success with the generator polynomial x^3+x^2+x+1. Assuming the classic chain of functional blocks FEC -> interleaver -> symbol formation -> scrambler going further in the analysis is a mission impossible in the absence of specific documentation.
Friend KarapuZ preferred go down the road of a differential PSK8 modulation (Figure 6): the bitstream shows a [32 + 16] framing but, in that case, the same 16-symbol pattern forming the probes
101101110111001011110001101001110011001111110101
is not visible in the preamble. It's to notice that after removing the probes, an interesting 48-bit pattern shows up with a further phasing element consisting of two "ones" value columns.
 |
| Fig. 6- 144-bit stream after dPSK8 demod (thanks to KarapuZ) |
As regards the monitored frequency (8018.0 KHz/usb) the bursts are transmitted according to the scheme 3-2-3 represented in Figure 7; no other wavfeorm (OFDM or MFSK) was however heard.
 |
| Fig. 7 - timings |
|
No comments:
Post a Comment