4 December 2024

256-bit IVs & 0xD1E221E1 sequence

Just a quick note to observe that bitstreams using (alleged) 256-bit Initialization Vectors (IV) encryption have the same 32-bit/4-byte sequence repeated three times. For example, in the bitstream in Figure 1 (MS-110A transmission) you can clearly see the 256-bit IV sequences, each repeated eight times. 

Fig. 1

But if you reshape the same bitstream into columns of 32 bits the same 32-bit sequence 0xD1E221E1 emerges (Figure 2).

Fig. 2

I have previously encountered bitstreams with 256-bit IVs [1] but at that time I had not investigated further, focusing only on those sequences. As a counter-proof, I took back and analyzed those signals and - surprise - they also all present the same sequence 0xD1E221E1 after the IVs (Figure 3).

Fig. 3

It should also be said that I have also encountered the sequence 0xD1E221E1 three times previously [2] but, when I re-analyzed those transmissions, the 256-bit IVs were not found (Figure 4).
 
Fig. 4

Both for the position of the 4-byte string 0xD1E221E1 (after or WITHOUT the alleged IVs) and for its presence in different streams it is difficult to say whether it identifies a sync string for a cipher device or whether it identifies a particular datalink protocol. However, in all cases I could analyze, STANAG-4538 (3G-HF) "circuit mode service" is used along with MS-110A as the traffic waveform.
Comments and suggestions on this matter are welcome!
 

[1] https://i56578-swl.blogspot.com/2020/09/s-4538110a-transmissions-using-unid-256.html
[2] http://i56578-swl.blogspot.com/search/label/P%3D32

14 November 2024

unid FSK 50Bd/612 bursts

Interesting and unid transmissions consisting of 50Bd/612(600?) FSK bursts heard by me and my friend cryptomaster a few days ago, respectively on 6969.10 KHz and 14353.73 KHz (both CF). The bursts have a duration of 3600 ms and are transmitted with an interval of 1340 ms (Figure 1). 

Fig. 1 - FSK bursts transmission

The bitmap shows an asynchronous 8N1 frame where curiously the start/stop bits appear to be transmitted with reverse polarity than usually used (Figure 2).

Fig. 2 - 8N1 frame

As shown in Figures 3,4 the bursts have the same content, probably some kind of ASCII command. DF's attempts have not produced consistent results, perhaps due to the nature of the transmissions (not continuous).

Fig. 3
 
Fig. 4

https://disk.yandex.com/d/qJPV_oDsKsxm3g

24 October 2024

Chinese 4x4 modem (probably PLA Navy)

Chinese 4x4 waveform consisting of two groups of four PSK channels modulated at a rate of 75 Bd, the two groups are spaced by 450 Hz and channel separation is 300 Hz. The signal spreads about 2500 Hz bandwidth (Figure 1). The modem is probably used by the The People's Liberation Army Navy, also known as the People's Navy, PLA Navy or simply Chinese Navy.

Fig.1 - Chinese 4x4 modem

I isolated a single channel to identify speed and what kind of PSK modulation is used, the spectrum of the third order harmonics (x^3) shows the typical central line (subcarrier frequency) of PSK8 modulation; indeed, the phase plane exhibits a 8-ary constellation, but there is no transition paths through the center (as in case of PSK-8) and the relative constellation (Diff-1) is a 90 degrees rotated QPSK: this suggest the use of π/4 DQPSK  (Differential Quadrature phase Shift Keying) modulation.
The π/4 DQPSK modulation uses two QPSK constellations offset by 45 degrees (π/4 radians) and transitions occur from one constellation to the other making the illusion of a PSK-8 modulation; data bits are encoded by phase changes, instead of absolute value of the phase. By the way, the π/4 DQPSK modulation format is also used in TETRA.

Fig. 2 - π/4 DQPSK modulation @ 75 Baud (single data channel)

The resulting bitstream after differential demodulation has a 22-bit (11 dibit symbols) length period, as shown in Figure 3.

Fig. 3 - demodulated bistream (single data channel)

The preamble preceding the data is also modulated in π/4 DQPSK mode at a speed of 75 Baud (Figure 4). The bitstream resulting from its demodulation (Figure 5) is formed by the repetition of a 22 bits length pattern, likely for AGC, fine-tuning, and synchronizing. Attempts to find the generating polynomial suggest x^23+x^22+x+1. In addition to the same period length (22 bits), the "similarities" between the two bitstreams (data Vs preamble) is to be noted.

Fig. 4 - π/4 DQPSK modulation @ 75 Baud (single preamble)

Fig. 5 - demodulated bistream (single preamble)

Messages addressed to multiple recipients are queued in a same transmission and, as shown in Figure 6, messages may have three different "formats" which here I call mode-A, mode-B, and mode-C (please notice that the "designations" used are only mine and are introduced just for convenient reference). In a same transmission may cohexist messages sent in different modes.

Fig. 6 -  messages' formats

mode-A examples
3BLK 3BLK 3BLK DE JQ02 JQ02 JQ02
3BLK 3BLK 3BLK DE JQ02 JQ02 JQ02
3BLK 3BLK 3BLK DE JQ02 JQ02 JQ02
JYJYJYJYJYJY HR MSG GA
41149   25   51   1001   1605
UXEE---Y9R
1213 0044 4433 7814 2404 2166 5873 4084 6463 2053
3462 8669 3268 6541 0511 3039 3930 2944 3388 6895
7921 4851 3871 2507 0062
MSG AGN
41149   25   51   1001   1605
UXEE---Y9R
1213 0044 4433 7814 2404 2166 5873 4084 6463 2053
3462 8669 3268 6541 0511 3039 3930 2944 3388 6895
7921 4851 3871 2507 0062

B81L B81L B81L DE JQ02 JQ02 JQ02
B81L B81L B81L DE JQ02 JQ02 JQ02
B81L B81L B81L DE JQ02 JQ02 JQ02
JYJYJYJYJY HR MSG GA
82230   23   51   1001   1025
UXEE---YXE
1243 0255 1667 1611 3469 2053 0063 5501 7301 1940
2587 7681 6966 7814 0584 6978 0091 2647 7217 7042
7179 5854 5844
MSG AGN
82230   23   51   1001   1025
UXEE---YXE
1243 0255 1667 1611 3469 2053 0063 5501 7301 1940
2587 7681 6966 7814 0584 6978 0091 2647 7217 7042
7179 5854 5844

3BLK 3BLK 3BLK DE JQ02 JQ02 JQ02
3BLK 3BLK 3BLK DE JQ02 JQ02 JQ02
3BLK 3BLK 3BLK DE JQ02 JQ02 JQ02

3BLK called station address
from
JQ02 caller station address

JYJYJYJYJYJY HR MSG GA
JYJYJYJYJYJY ?
HR MSG GA  are telegraphic abbreviations:
HR = here or hear
MSG = message
GA = good afternoon

it is common to read other abbreviations such as "message repetition":
MSG AGN  
MSG = message
AGN = again 

or even the "link termination"
AHR ZNN SK
AHR = ?
ZNN = All clear of traffic now
SK = End of contact

41149   25   51   1001   1605
41149 ?
25 number of the 4FGs groups that make up the message (seems to be always odd)
51 message group identifier?
1001 date (mmdd)
1605 local time (hhmm), maybe for drafting

UXEE---Y9R
probably these are military addresses which are expressed as "source---destination"; at least in my recordings, the source address seems to be composed of 4 digits. Cross-referencing the callsigns of the initial calls gives this (small) table:

JQ02 = UXEE
82VP = YXY
3BLK = Y9R
B81L = YXE
IJDW = YXX
THGM = 21II
WMBZ = 227
F9ED = 201
LTPE = 811
FMRK = 818

The  messages consists of 4-digit codewords (here referred to as 4FGs groups or simply "groups") which are sent 10 per row in enumbered blocks, each block consisting of 100 groups. Given that the Chinese writing system is by nature nonalphabetic and thus noncipherable, Chinese cryptography was bound to the use of codebooks (Chinese Telgraph Code, Chinese Standard character table or another unknown military codebook) containing a max of 10000 characters (0000-9999). 

1213 0044 4433 7814 2404 2166 5873 4084 6463 2053
3462 8669 3268 6541 0511 3039 3930 2944 3388 6895
7921 4851 3871 2507 0062

Interestingly, the 9th and 10th groups of the first line of each message block do not follow the rules seen in the case of similar 4FGs messages sent via M-39 modem (Chinese Air Force/Air Defense) [1]. Also note that the message sent to B81L contains the string: 82230 23 51 1001 1025 i.e. same date (1001, October 1st) but earlier time (1025) than that reported in the same string of the message sent to 3BLK (1605). In this regard, it should be noted that the timestamp of the recording is 2024-10-01T14_40_13Z and the official time of China (CST, China Standard Time) is UTC+8 so at the time of transmission it was 2240 Chinese local time. Perhaps it is a selective repetition of some messages sent during the day, it could also be following specific requests (it happens also in NATO fleet broadcasts).

mode-B examples
82VP 82VP 82VP DE JQ02 JQ02 JQ02
82VP 82VP 82VP DE JQ02 JQ02 JQ02
82VP 82VP 82VP DE JQ02 JQ02 JQ02
JYJYJYJYJY HR ++ GA
++
59628   1724
UXEE---YXY
6475/0/0/07/8877/08677/96277/767/74
MSG AGN
++
59628   1724
UXEE---YXY
6475/0/0/07/8877/08677/96277/767/74

IJDW IJDW IJDW DE JQ02 JQ02 JQ02
IJDW IJDW IJDW DE JQ02 JQ02 JQ02
IJDW IJDW IJDW DE JQ02 JQ02 JQ02
JYJYJYJYJY HR ++ GA
++
27016   1724
UXEE---YXX
2624/9/4/07/8587/95777/92087/977/75
MSG AGN
++
27016   1724
UXEE---YXX
2624/9/4/07/8587/95777/92087/977/75
 
These types of messages are much more cryptic and beyond the initial "sentences" it is difficult to guess the meaning of the digits separated by slashes.

mode-C examples
NR920 CK93 35 1011 1447 --
215 203 011 326 314 004 773 353 246 351
420 938 407 445 486 382 005 773 353 246
351 403 938 417 445 486 382 006 773 353
246 351 403 938 417 445 486 382 008 773
353 403 938 417 445 486 382 009 773 357
403 938 417 445 466 486 382 010 773 357
403 446 486 382 011 773 353 403 938 417
445 466 486 382 012 773 357 403 447 486
384 938 383 013 773 357 372 403 446 486
758 483 382
MSG AGN
NR920 CK93 35 1011 1447 --
215 203 011 326 314 004 773 353 246 351
420 938 407 445 486 382 005 773 353 246
351 403 938 417 445 486 382 006 773 353
246 351 403 938 417 445 486 382 008 773
353 403 938 417 445 486 382 009 773 357
403 938 417 445 466 486 382 010 773 357
403 446 486 382 011 773 353 403 938 417
445 466 486 382 012 773 357 403 447 486
384 938 383 013 773 357 372 403 446 486
758 483 382

AHR MSG GA

NR921 CK165 35 1011 1447 --
215 203 011 326 004 773 318 357 407 445
486 319 353 938 354 373 418 445 486 758
483 005 773 318 353 417 938 407 445 486
319 357 372 407 938 418 445 486 758 483
006 773 318 357 417 938 407 445 486 319
357 372 407 445 486 338 758 482 008 773
318 357 417 445 486 319 357 372 417 938
418 445 486 338 758 482 009 773 318 357
372 417 445 466 486 758 483 319 354 372
417 938 418 445 486 758 483 010 773 318-1
357 403 446 486 319 357 403 446 938 445
486 011 773 318 357 417 445 466 486 319
357 372 417 938 407 445 486 758 483 012
773 318 353 403 447 938 446 467 486 319
353 403 446 938 445 466 486 013 773 318
354 246 353 403 445 466 486 319 357 372
404 445 486 758 483
MSG AGN
...
...

This type of message follows the same rules seen in mode-A except that the numeric groups are made up of 3 digits (3FGs) instead of 4.
 
Monitoring was possible thanks to KiwiSDRs located in Osaka and Okayama (Japan) [2][3].
(to be continued)
 

27 September 2024

QPSK & "SPIDER HF" MFSK8 waveforms (ROK Military)

I monitored the 8235.0 KHz/USB frequency (maritime band) since some days using some remote KiwiSDRs in Oita, Okayama (both Japan) and Daegu (South Korea) [1] recording several and very interesting QPSK and MFSK8 signals that I had never met before.

1) I noticed that QPSK transmissions usually start from 0730 UTC while MFSK8 transmissions start from around 0900 UTC; probably they have different contents and purposes. In this regard, it should be noted that I monitored only during the morning and early afternoon UTC and that Korean Standard Time (KST) is UTC+9. A second interestig aspect is that both types of transmission are not preceded by selcalls or ALE, perhaps 8235.0 KHz is a "stand-by" frequency of that net? 
As shown in Figure 1, other than QPSK & MFSK8 data transfers, transmissions consist of voice comms that have been very useful since the analysis of the audio files (speech & accent), and in part of the waveforms too, allowed me to trace it back to a South Korean user; also note in Figure 1 the slight mistuned frequency between the operators.

Fig. 1 - QPSK and MFSK8 signals

2) QPSK transmissions consist of a series of "segments" that are sent consecutively, the longest I have seen is about 32 seconds; voice comms occur before and after a series has been transmitted. 
 
Each segment has a modulation rate of 750 Baud (1500 bps) and a 1600 Hz bandwidth. Each segment is preceded by two unmodulated tones lasting approximately 5 seconds and end with a short tone transmitted at the sub-carrier frequency (Figs 2,3); the distance between the two initial tones is 750 Hz.
 
Fig. 2 - QPSK signal parameters

Fig. 3 - QPSK modulation
 
As confirmed by my friend ANgazu, the two initial tones make a BPSK signal whose modulation speed has the same value as their shift, ie 750 Bd; the carrier is the center of both. They transmit reversals and are very useful to adjust the AGC, fine-tuning the signal and synchronizing the demodulator's PLL. In this case, if using a QPSK demodulator, the initial preambe is "0202020202" and it achieves the same functions (Figure 4).
 
Fig. 4 - QPSK demodulation of the two initial tones

I couldn't find a characteristic period of the demodulated QPSK bitstreams (Figure 5): instead, since they are raw PSK demodulations and NOT the result of a decoding, we should see something similar to a "framing" of the used HF waveform, as we usually see in these cases, even if bits are encoded and interleaved.
 
fig. 5 - a bitstream after QPSK demodulation (BPSK preamble is omitted)

 
Statistical analysis of one of these bitstreams (Figure 6) shows a compressed or encrypted stream: probably the encryption device is built into the modem or the encrypted streams are sent directly to a "simple" QPSK modulator.
 
Fig. 6 - statiscal analysis of a demodulated QPSK bitstream

3) MFSK8 transmissions,
unlike QPSK, consist in a "single" transfer, voice comms occur before and after each individual transmission. 
Transmissions are preceded by two unmodulated tones with a separation of 500 Hz and a duration of about 5 seconds (as in the QPSK waveform). The unmodulated ending tone, lasting about 1 second, coincides with the lowest data tone (the initial two tones do not match any data tone). The eight data tones are modulated at the speed of 250 Baud (750 bps) and the space between the tones is 250 Hz giving an occupied bandwidth of 2250 Hz (Figs 7,8). Each tone (symbol) represents three bits of data as follows (least significant bit (LSB) to the right):
 
   tone       Gray   bin
• 1000 Hz  000    000
• 1250 Hz  001    001
• 1500 Hz  011    010
• 1750 Hz  010    011
• 2000 Hz  110    100
• 2250 Hz  111    101
• 2500 Hz  101    110
• 2750 Hz  100    111
 
(the frequency of the tones was established based on the correct tuning of the operators' voice)
Note that aurally it cannot be confused with the Thales Robust MFSK8 or MS-141A waveforms as they have a 250 Hz lower tones allocation and a lower Baud rate (125 Bd). By the way, the SPIDER MFSK8 its usage is probably similar to the Thales one, i.e. data transmission.
 
Fig. 7

Fig. 8

The analysis of ACF and bitmap rasters reveals the presence of structured blocks at the beginning and at the end of each transmission (Figure 9): these blocks have a duration of 1364 ms that makes 341 symbols (at modulation speed of 250 Bd).

Fig. 9 - MFSK8 ACF and bitmaps

I also tried a "plain" 8-tone demodulation using the SA demodulator and according to the tone order shown in Figure 10; for completeness I used both binary and Gray (MS-141 style) conversion. Again, Bit streams show two initial and final blocks that have equal length of 1023 bits, ie 341 symbols (each tone represents a 3-bit symbol).
 
Fig. 10 - binary and Gray coded MFSK8 bitstreams

 
4) Why am I thinking of South Korean users?
My friend cryptomaster told me a great lead by reporting that the MFSK8 250Bd/250Hz is a "proprietary" waveform of the "SPIDER Tactical Communication System" by Huneed Technologies (Figure 11), a South Korea-based company engaged in the provision of tactical communication equipment to South Korea Army [2]; the system was deployed in the early 2000s. According to some Google searches, the transceiver used could be the SPIDER (CNR) HF PRC/VRC-950K, suited for either army and navy [3][4]. It's not known if, in addition to MFSK8, the QPSK waveform too is provided by that same device.  
Since the speech & accent, the voice comms language is definitely Korean, as Max (KJ4WNA) from UDXF emailed me "a tell tale sign is the endings -nida". As for the North/South Korea ambiguity due to the use of the same language, AFAIK the North Korean military (Korean People's Army, KPA) uses communication equipments by Glocom Corp. and not South Korean ones. Unfortunately, further "geographic" confirmation was not possible because radio direction finding results were not reliable due to the brevity and near unpredictability of the transmissions as well as the lack of receivers west of the Korean peninsula.
 
Fig. 11 - SPIDER (Combat Net Radio) HF transceiver by Huneed

As far as possible, I transcribed the Korean-language audio files into texts using some online tools [5], then I translated the txt files into English using Google/Yandex/DeepL translators obtaining rather interesting conversation' snippets (Figure 12). Although transcriptions and translations may results a bit "odd" and discordant, actually there are clues that point to South Korea.
 
Fig. 11 - example of a machine transcription & translation

Speeches seem refer to a maritime scenario, as from the exchanged informations related to weather conditions, sailing, heading etc.: it must be said that the use of the SPIDER HF waveform would indicate an usage in a military environment such as the Navy and not in fishing boats. In addition to usual coordination and voice checks relating to the sending/receiving of data,  operators cite names of some South Korean places such as "I'm going to go to Namhae by the South Sea"(1),"There's nothing else in Busan "(2), or "Mapo is 7 Km away" (3).
As I said, the transmissions are not preceded by selcal/ALE and I did not hear - or perhaps I did not figure out - any callsigns pronounced by the operators. Only in a few transmissions I came across sentences such as "I've communicated with all the surrounding turns... I've communicated with both SP3 and SP4" but I haven't heard anything else or additional context that actually confirms that these are callsigns. Only once I heard a link termination:  "This is Yanglak-Dong 146 / This is Maunoi" (or perhaps "This is Yangrak-Dong 146 / This is Maunnoi").
Amogng other txt files, a September 23 0923 UTC (1623 KST) voice recording requesting the location of a boat carrying (North Korean) defectors must be noted (Figure 12). North Korean "defectors" are Koreans who have fled North Korea seeking asylum in South Korea or other nations. For the sake of completeness, I must say that the day after I looked at the Yonhap news agency website [6] but I did not find any reference to alleged defectors. Perhaps the news was not so relevant or there was no intervention by South Korean assets ...but here we enter the realm of suppositions.
 
Fig. 12

5)
Given the the use of a "informal language", the machine transcriptions/translations might sometimes generate military jargon terms and names that seem a bit odd and out-of-context, as the the classic term "Christmas trees" used in board U.S. submarines and reffered to nuclear missiles. For example, I have often noticed the use of the term "seagull" which, judging by the speeches context, may not refer to the well-known bird. Also, it must be said that the operators speak Korean(!) and not more "easy" languages ​​such as English, Spanish or even French, so I could not correct the errors as I should desire and confirm that the transcriptions were accurate, but I simply copied and pasted the automatically transcripted texts.

6) At present I do not have sufficient evidence to confirm whether this is the South Korean Navy (ROKN, Republic of Korea Navy) or possibly other assets such as the Coast Guard (KCG, Korea Coast Guard), although the latter is not under the Ministry of Defense (the Coast Guard is an independent and external branch of the Ministry of Maritime Affairs and Fisheries). Therefore I can't not exclude that users may be other South Korean military/civilian organization: further recordings & analysis and blog readers too will help.
(to be continued)
 
https://disk.yandex.com/d/_Ab_KPufsyPGPw (waveforms and a relevant op-chat)

(1) Namhae is the site of the South Regional HQ of Korean Coast Guard and also a Mine Sweeper Hunter of Korean Navy

(2) The Busan Naval Base is a group of ports and land facilities of Korean Navy (ROKN), located at Nam-Gu, Busan. The United States Naval Forces Korea headquarters sit within this base

(3) "Mapo" could be a mistranscription of the word "Mopko" which is the Third Fleet Command HQ of ROKN and also the West Sea Regional HQ of KCG. This way, the sentence "Mopko is 7 Km away" would make sense

30 August 2024

Citadel II encryption in sync/async MS-110A transmissions (Algerian AF)

Altought it was introduced in 2004 [1], so far I had always seen the Citadel II encryption algorithm occur in 3G-ALE/STANAG-4538 contexts which use the circuit mode service [2][3]; conversely, in 3G-ALE/S-4538 packet mode service (xDL protocols), and just few times in async S-4285 and MS-110A transmissions, I met the Citadel I algorithm. Of course this doesn't mean that Citadel II is only used in S-4538 circuit mode: it's just a commentary on my experiences. Finally, after almost one year since the last "Citadel detection", some interesting recordings show the use of Citadel II also in a 2G-ALE/MS-110A context (1).
Transmissions were recorded a few days ago on 11480.0 KHz/USB thanks to the EA5JGN KiwiSDR located in Hondon Valley (Spain) [4]: that frequency - as is known - is largely used by the Algerian Air Defence/Territorial Air Defence (say Algerian AF), as confirmed by the decoding of the 2G-ALE 188-141A exchanged messages (2).

Fig. 1

Figures 2,3 show the decoded bitstreams of the first two MS-110A segments of Figure 1 (T08_02_07Z recording) before and after the removal of the well-known sync sequence

0x [1E 56 1E 56 1E 56 1E 00 1A 5D 1A 5D 1A 5D 1A 5D]

In both the cases, 12-byte/96-bit length Initialization Vectors (3 times repeated) are used.

Fig. 2

Fig. 3

The 3d MS-110A segment in Figure 1 is the most interesting one since - curiously - its decoded bitstream shows an async 8N1 framing: perhaps the related file comes from a different workstation of the network, also connected to the same messaging server. Figure 4 shows the 12-byte Initialization Vector after start/stop bits and sync sequence were removed.

Fig. 4

As I mentioned before, Algerian AF network (in this example nodes CNC and CM3) usually uses this frequency as well as MS-110A asynchronous transmissions; for this reason I went to search for similar transmissions in my files and found - right in the blog - a post dated December 2017 [5]. The analysis of the bitstream shows that Citadel II encryption was already used since then in that network. At that time I was a bit less experienced and probably I focused on the particular 8-bit pattern, neglecting to search for other possible sequences.

Fig. 5

https://disk.yandex.com/d/BwSBToYfOJp5TA

(1) please note that although Citadel I and II  are referred to as algorithms, they are actually ASIC chips (Application-Specific Integrated Circuit), ie algorithms rendered in hardware, which are embedded - for example - in L3Harris Falcon II, Falcon III family radios.  

(2) collected ALE Address
BLD: [Air Defense] Blida
TDF: [Air Defense] Tinduf
COF: [Air Defense] Cheraga
ANB: [Air Defense] Annaba
CM5: Commandement de la 5e Région Militaire, Constantine
CM3: Commandement de la 3e Région Militaire, Bechar
CNC: Commandement des Forces Aériennes d'Alger, Cherage 

[1] https://www.cryptomuseum.com/crypto/harris/citadel2/
[2] http://i56578-swl.blogspot.com/2023/05/harris-citadel-ii-secured-traffic.html
[3] http://i56578-swl.blogspot.com/2023/06/harris-citadel-ii-secured-transmissions.html
[4] http://ei2hh.proxy.kiwisdr.com:8073/
[5] http://i56578-swl.blogspot.com/2017/12/a-ms-110a-modem-running-in-async-mode.html
 

26 August 2024

about the unid 32-bit protocol used in S-4538 + MS-110A transfers

This is the third time I have encountered these transmissions [1] and, given the good number of recordings made over a few days on the frequency 6964.5 KHz/USB, it is now possible to draw a more definitive "picture".

Transmissions normally occur each 5 minutes and last 1.5 - 2 minutes average. STANAG-4538 (3G-HF) "circuit mode service" is used, where MS-110A (usually in 75bps/Long Interleaver mode) is the used traffic waveform; sometimes a transmission may consist of two or more distinct data transfer sessions (Figure 1).

Links are established using the FLSU (Fast Link SetUp) Asynchronous scanning call, using BW5 and an "optimized" waveform which provides no repetition of the initial TLC section (used for transmitter level control and receiver AGC settling). Such a scanning call is exactly described in paragraph C.5.2.4.5.2 of  MIL 188-141B Appendix C: "The LE_Scanning_Call PDU shall be sent repeatedly to capture scanning receivers [...] During a scanning call, only the first LE_Scanning_Call PDU shall include TLC. All succeeding LE_Scanning_Call PDUs and the LE_Call PDU shall omit TLC, and include only the BW0 preamble and data portions" (1)(2). So, we look at a STANAG-4538 FLSU Async call (since the use of BW5 waveform) which is 188-141B compliant for what regards its formation (since the omission of  the TLC sections): ie, a sort of  188-141B/STANAG-4538 mixed implementation most likely implemented by L3Harris [2][3]. That "formation" of the Async call clarifies why decoders recognize only the "first" BW5 PDU. 

Fig. 1

Looking at the asynchronous scan calls, at first glance it seems that Linking Protection (LP) is not used: in fact, as you can see, the decoded strings are identical. This should not happen since when operating in encrypt mode, the LP algorithm takes as inputs the PDU to be scrambled, a key variable, and a “seed” that contains Time of Day (TOD) and the frequency that carries the protected transmission.

2024-08-21T09_54_32Z BW-5 00111001010000100011011001001010011110001000011010
2024-08-21T09_56_17Z BW-5 00111001010000100011011001001010011110001000011010
2024-08-21T10_01_54Z BW-5 00111001010000100011011001001010011110001000011010

2024-08-22T07_46_52Z BW-5 00010110100000110011111110111010101110111100000110
2024-08-22T07_51_52Z BW-5 00010110100000110011111110111010101110111100000110

Anyway, it's to note that when the protection against spoofing offered by LP is not required, LP may be used without a key variable or seed to provide only scrambling based on the network number as described in STANAG-4538 4.1.2 (in this regard, note that the scanning calls of 2024-08-22, for example, do not have the expected value "001" in the first three bits). 

The analysis of the MS-110A decoded bitstreams show initial 100 bytes length headers which have some parts common to all the bitstreams, the header "format" is more evident after the removal of the initial "10"s sequence (Figures 2,3).

Fig. 2

Fig. 3

In my opinion, headers are made up of the following structure (Figure 4):

1) common initial sequence

1100000100011100101001 (maybe 001100000100011100101001, 0x0CE294)

2) common 193 bits length "01"s sequence, (phasing?). Boundaries are marked by two consecutive logical "1"

3) common 160 bits / 20 bytes length sequence (sync sequence for the receive crypto device?)

10001011010001111000010010000111
01111011101101001011100010000111
01000100011110000100100001110111
10111011010010111000101101110100
01000111100001001000011101111011

4) 256 bits / 32 bytes length sequence which is different in every bitstream (Initialization Vector?)

5) common 5×32 bits / 4 bytes repeated sequence (frame sync?). Note that the sequence can't be an Initialization Vector since it's always the same in every bitstream.

10001011010001111000010010000111
10001011010001111000010010000111
10001011010001111000010010000111
10001011010001111000010010000111
10001011010001111000010010000111


Also note that the 4 bytes repeated sequence is used in the first 4 bytes of the 160 bits sequence.

Fig. 4 - the common blocks in the headers of the bitstreams

According to the results of the "Shannon Entropy" and "Statistical" tests, the ansferred data are most probably encrypted (Figure 5).
The measure of the Shannon Entropy can be used, in a broad sense, to detect whether data is likely to be structured or unstructured. 8 is the maximum, representing highly unstructured, 'random' data. Properly encrypted or compressed data should have an entropy of over 7.5 The statistical test below determines the randomness, the number of single bits in the stream is counted, then the double bits, then the triple bits and so on to the end. The result is a graph: if the information is not systematic, the adjacent columns should be half the size of the previous ones. Both the test shows good encryption quality.

Fig. 5 - Shannon Entropy and Statistical tests on the data portions

The transmissions are fairly receivable only in the northern regions of Europe, likely a low power transmitter is used or a local/domestic area shall be served. Just about the site of the transmitter,  all my direction finding attempts point to a quite large area in Norway (Figure 6): maybe a Royal Norwegian Navy Tx? Anyway, it's to notice that the DF results "suffer" from the lack of detection points west of Norway.

Fig. 6 - Direction finding attempts (TDoA algorithm)

Monitoring & recordings thanks to the remote KiwiSDRs SM0KOT (Sweden) and OZ1AEF (Denmark) [4][5]. 

https://disk.yandex.com/d/AcwncUTKxXlQ_A (decoded bitstreams)

(1) MIL 188-141B refers to BW0 as the waveform to convey "LE_Scanning_Call PDU" and "LE_Call PDU" (LE stands for Link Establishment): FLSU, and consequently the BW5 waveform, were not yet defined at that time.

(2) 188-141B (released on March 1999!) was superseded by 188-141C (December 2011), in its turn superseded by 188-141D (December 2017): the last two standards no longer have the Appendix C but only some short paragraphs, among them the #C.6 says "The specifications previously contained in this appendix have been replaced with reference to the essentially identical NATO STANAG 4538".

[1] http://i56578-swl.blogspot.com/search/label/P%3D32
[2] http://i56578-swl.blogspot.com/2022/10/harris-3g-ale-flsu-async-call.html
[3] http://i56578-swl.blogspot.com/2022/10/harris-3g-ale-flsu-async-call-2.html
[4] http://aspliden.kostet.se:8074/
[5] http://85.191.35.22:8073/

 

31 July 2024

unid FSK 300Bd/300 bursts

Interesting and unidentified FSK 300Bd/300 bursts heard on ~14490 KHz and sent to me by my friends ANgazu and cryptomaster (Figure 1).

Fig. 1 - FSK 300Bd/300 bursts

The signals recorded by the latter (6 bursts) have a better SNR and therefore more suitable to be analyzed. As you can see in Figure 2, the demodulated bitstreams (d1-d6) can be divided into the 4 groups G1, G2, G3, and G4:

Fig. 2 - couples of demodulated bitstreams d1-d2, d3-d4, d5-d6
 

G1: (40 bits) probably a header/SOM sequence, this group is common to all the bitstreams;

G2: (40 bits) this group is different in every bitstream and maybe consists of something related to the message. In a 10-bit format it's possible to see repeated "fields", when reshaped to a 20-bit format the groups may consist of a 11-bit "field" followed by a common 9-bit pattern (Figure 3);

Fig. 3 - G2 groups

G3: (variable length)  I think this group is the data part of the message, this is sent twice into two different bursts (sometimes 3 times in 3 bursts). These groups have a period of 50 bits in length that appears to have some form of structure (Figure 4);

Fig. 4 - G3 groups

G4: (20 bits) probably the EOM sequence, this group is common to all the bitstreams.

During the formation of this FSK signal the phases of the two frequencies are preserved after each "shift" (Figure 5), ie the frequency shift is generated by a single generator and its clock frequency changes, so the manipulation is achieved without disrupting the phase of the signal. If two frequency generators are used then we should see changes of phase in both f1 and f2, unless the two generators are in some way phase synchronized.

f2 ~ 1976,98 HZ (2:0,001011640)
f1 ~ 1676,95 Hz (2:0,001192640)

as expecetd, 300 Hz shift (f2 - f1).

Fig. 5 - phases of the two frequencies

The prevailing opinion is that this is probably some type of selcall or ALE probing, in which case the G2 groups could be the addresses.

https://disk.yandex.com/d/3gK_L2RqFjHXXQ



19 July 2024

CIS-1200 SDPSK 1200Bd ("Makhovik", T-230-1A)

updated (23 July 2024)

This transmission, along with a probably spurius emission 600 Hz above, was recorded on 13002.5 KHz (cf) thanks to the remote KiwiSDR located in Azumino-city Nagano, Japan [1].

Fig. 1 - main signal and its spurius

The signal that I assume is the "actual" one and that I analyzed is characterized by a SDPSK (Simmetrical Differential PSK) modulation at a speed of 1200 Baud. Indeed SDPSK is equivalent to π/2 DBPSK or PSK2 with phase rotation: ie, as shown by the transitions in absolute mode, SDPSK assumes that the phase is rotated by +π/2 for bit “0” and by -π/2 for bit “1” thus there is not a 180° turn (transitions do not pass through 0). The information transmitted is encoded in the transition and not in the state. The signal can be demodulated using the differential mode (diff=1).

Fig. 2 - SDPSK modulation

The transmission consists of some segments that differ by the presence or absence of an initial preamble (signals A and B in Figure 3) which consists of a repeated 511-bit length pseudo-random sequence generated by the polynomial x^9+x^5+1 (1) as for the ITU Recommendation O.153 [2] (188-110B "39-tone parallel mode" too uses that sequences).

Fig. 3
 
Fig. 4 - 511 bits length sequence

The presence of such sequences is one of the features of the so-called Makhovik (aka the "flywheel"), a well known Soviet-Mil crypto system. Although someone classifies Makhovik as vocoder, it can can be used for time-multiplexed encryption of both voice and data up to 9600 bps. It's official name is "T-230 bundle ciphering device for teleprinter and  data connections" and was designed to operate in UHF but very often is found in LF and in HF.
After the removal of the initial preamble, the following data block consists of a "common" sequence:

110101100100011110101100100011

followed by 240-bit Initialization Vectors that are sent in 8x30-bit groups, each group repeted three times (Figure 5): these 30-bit groups are another peculiar feature of  the Makhovik system.

010000111011001110010100001110
011101100101000011001010000111
110010100001110010000111011001
001110110010100000111011001010
001110110010100011001010000111
111111111111111000011101100101
001110110010100111011001010000
101100101000011011101100101000

Fig. 5

Segments sent w/out the initial preamble (type B in Figure 3) show exactly the same structure: note as the Initialization Vectors slightly differ (Figure 6): this feature should be further studied (it is probably somehow related to the presence/absence of the initial preamble) but it is necessary to obtain several more recordings.

010000111011001110010100001110
011101100101000011001010000111

110010100001110010000111011001
001110110010100000111011001010
001110110010100011001010000111
111111111111111000011101100101
001110110010100111011001010000
101100101000011011101100101000

010000111011001110010100001110
011101100101000011001010000111

011001010000111100001110110010
111011001010000110010100001110
010100001110110110110010100001
100101000011101001010000111011
111011001010000111111111111111
011101100101000100001110110010

Fig. 6

It's worth noting that in some previous Makhovik recordings I saw differential encoded data & BPSK, while this ones consist of  plain encoded data & SDPSK [3].

update (23 July 2024)
I willingly add a comment sent me by my friend cryptomaster.
The common sequence in Figs 5,6

110101100100011110101100100011

shall be right shifted to appear as

111101011001000111101011001000

which in turn is the repetition of the 15 bits length M-sequence generated by the polynomial x^4+x+1 (Figure 7).

111101011001000

Fig. 7 - the repetition of the 15 bits M-sequence generated by the polynomial x^4+x+1

https://disk.yandex.com/d/Vg5XruORhd8_5A

(1) the use of the polynomial x^9+x^5+1 is quite common in CIS waveforms,see http://i56578-swl.blogspot.com/p/polynomials.html

[1] http://jf0fumkiwi.ddns.net:8073/
[2] https://www.itu.int/rec/T-REC-O.153/en
[3] https://i56578-swl.blogspot.com/search/label/Makhovik