15 April 2021

a long (and protected) FLSU async scanning call

STANAG-4538 async call of FLSU protocol consists of the transmission of 1.35N (nearest integer value) Request type 3 PDUs on the requested link frequency, where N is the number of channels in the scan list, and 1.35 is the duration of each dwell period in seconds; the "scanning call" ends with a single FLSU request PDU of type 0 (Fig. 1). Since up to 61 requests are used, 45 are the allocated channels for this network.

000 10 1000100000 1010100110 0 0 011 101100 011111 11011111
001 00 1101010101 0010000011 0 1 110 001100 010111 01011010
000 10 1000100000 1010100110 0 0 011 101100 011111 11011111
001 00 1101010101 0010000011 0 1 110 001100 010111 01011010
000 10 1000100000 1010100110 0 0 011 101100 011111 11011111
001 00 1101010101 0010000011 0 1 110 001100 010111 01011010
000 10 1000100000 1010100110 0 0 011 101100 011111 11011111
...
...
001 10 1000100101 0111010110 0 0 011 011111 000101 00110111

 

Fig. 1 - LFSU async call

One might be wondering why the 61 requests have different formats: the answer is that the calling station uses the Linking Protection (LP) procedure. 3G-ALE LP scrambles the 50-bit PDUs using a scrambling algorithm that depends on a key variable, the time of transmission of the PDU, and the frequency on which it is sent (the latter two dependencies enter via a seed that is distinct from the key variable). The 50-bit PDUs are scrambled using alternating the two "Word Numbers" (provided by the seed) 00000000 and 00000001 while the PDU of type 0 that concludes the asynchronous call is scrambled using the "Word Number" 00000010: thus that the same PDU is scrambled 61 times (in this sample) using two alternating keys, that's the reason of the alternating patterns seen above. The effect of this alternating scrambling is also reproduced in the ACF function of figure 2.

Fig. 2 - Auto Correlation Function of the async call

The scrambling  procedure use the SoDark-6 algorithm (48-bit length) and then only the last rightmost 48 bits of each FLSU PDU are scrambled so the first leftmost two bits are sent without scrambling. 

Note that LP does not address jamming or similar techniques, which are best countered by TRANSEC, nor is it intended to replace the COMSEC function of traffic protection. LP protects the linking function, including related addressing and control information.

https://disk.yandex.com/d/YM8rWZvP4heOoA (wav)
https://disk.yandex.com/d/wNR0-nLOl7i87g (bitstream)


14 April 2021

3 x 250Bd/500 FSK, likely Ukr nets

3 x 250Bd/500 FSK channels, probably Ukrainian-Mil broadcast, already met here in october 2020. This sample shows a 334-bit period with interesting preambles consisting of a repeated pattern followed by a "counter/progressive" binary field.

 

 https://disk.yandex.com/d/3wTfrevGpVvJ9A

8 April 2021

Rus 75Bd/200 FSK (T-208)

During the last week I have been monitoring the 75Bd/200 FSK transmissions (T-208 equipment) on 9044.0 Khz (CF): transmissions are on-air during daytime only, are encrypted (likely linear encryption) and appear look like  "fleet broadcast" in the way of T-600 50Bd/200 FSK or NATO S-4285 (ie continuous broadcast). 

Fig. 1

 All TDoA results point to Smolensk area, a Russian military communications center (Figure 2).

Fig. 2

T-208 equipment is announced as QYT9 in CW op-chats, for example:
RCB de RJF94 QYT9 QSX 8573 K.      
RJF94 de RCB OK QYT9 QWH 8573 K.

(RJF94 and RCB negotiate T-208 mode on 8573 Khz)

https://disk.yandex.com/d/667pA4SMJL6vWQ

A similar transmission (75Bd/200 FSK) was heard on 11 Jan 2018 on 4540.0 KHz. In that case, after differential decoding, the stream showed up a clear 365-bit period (Fig. 3) due to the sequence of the scrambler polynomial x^8+x^6+1. The descrambled stream is shown in Figure 4 (thanks to cryptomaster).

Fig.3 

Fig.4
  

31 March 2021

CIS-1200 DBPSK 1200Bd ("Makhovik", T-230-1A)

Good quality CIS-1200 (T-230-1A, DBPSK 1200Bd) transmission spotted on 9073.80 KHz (cf) thanks to the ArcticSDR. The transmission consists of a series of encrypted messages, the 240-bit Initialization Vectors are sent in 8x30-bit groups, each group repeted three times (Figure 2).

Fig. 1

Fig. 2

The transmission ends with a long "idling" part consisting of the 511-bit m-sequence generated by the polynomial x^9+x^5+1 (Figure 3). All is ok with previous CIS-1200 recordings [1].

Fig. 3

https://disk.yandex.com/d/599vbjcIfpRzrA
[1]  https://i56578-swl.blogspot.com/search/label/Makhovik

24 March 2021

async STANAG-4481F with KG-84/KIV-7 encryption (DHFCS)

updates: spotted on 6245.20, 8127.0, and 10272.0 KHz (all Cf)

We are used to see (and recognize) KG-84/KIV-7 encryption in synchronous STANAG-4481F, but this time I ran across such encryption in async S-4481F (75Bd/850) transmissions heard on 8127.0 KHz (cf). The demodulated bitstream has the classic 5N1 framing (Baudot) from which you don't get much, at least until you have the chance to record the beginning of a new message, as shown in Figure 1 (monitoring gets on files).

Fig. 1 - 5N1 bitstream after demodulation

One way to get an idea of what you heard is obviously to remove the start/stop bits and then examine the Baudot code you get, then the experience comes in help. Infact, if it happens to  see the words:
VMGTCNJ <line feed>
BH
we are facing a message which is secured by KG-84/KIV-7 devices. Notice that due to the add of the framing bits, your decoders (such as K500 or Sorcerer) wont intercept the typical KG-84 sync pattern. The classic approach is the examination of the headers of the message after the removal of the start/stop bits and 64-bit period reshaping (Figure 2).

Fig. 2 - analysis of the message headers
 
The first two lines are a short idle state (RYRYRYRY...)
0101010101010101010101010101010101010101010101010101010101010101
0101010101010101010101010101010101010101010101010101010101010101
 
The third line is the well-known 64-bit sync pattern used by KG-84/KIV-7 devices
1111101111001110101100001011100011011010010001001100101010000001
(just the Baudot chars VMGTCNJ <line feed> BH)
 
The following 128-bit Initialization Vector is splitted in two 64-bit groups: 0x118A4DBCD0FA80BE 0x01AC4C5F065D8517 each repeated twice (lines 4,5 and 6,7). That's another interesting feature of these transmissions: indeed the two 64-bit groups forming the initialzation vector are usually repeated four times (the same behavior was noted in 2815.0 KHz transmissions, 75Bd/850 fom UK MoD).
1000100001010001101100100011110100001011010111110000000101111101
1000100001010001101100100011110100001011010111110000000101111101
1000000000110101001100101111101001100000101110101010000111101000
1000000000110101001100101111101001100000101110101010000111101000

Direction finding tests indicate north UK as probable transmitter' location, more precisely I think it's the DHFCS (UK MoD) Tx station located in Crimond (Aberdeenshire, Scotland): operations are remotely managed by Forest Moor net center. As a further clue, it's to be noticed that the DHFCS ALE callsign "XSS" has been heard many times on 8125.0 KHz/USB, ie on the tuning frequency of the S-4481F transmissions (cf - 2000Hz).

Fig. 3 - TDoA runs point to DHFCS site of Crimond

From what I have been able to see these days, the transmission take place only in the morning (never heard after 1300Z), don't know if they are training transmissions or scheduled broadcasts.

 

Fig. 4 - DHFCS Crimond, former RNAS Rattray (HMS Merganser) (1)

(1) photo on the left by flickr  https://www.flickr.com/photos/53277566@N06/36701528042/

22th March update
same on 10272.0 KHz (cf)

23 March 2021

Unid 100Bd/1500 FSK

Unid and unusual 100Bd/1500 FSK spotted on 4010.0 KHz (cf) on 10th march thanks to the KiwiSDR in Skerjafjörður Reykjavik; although the numerous attempts in the days to follow, unfortunately I no longer had the opportunity to tune it. The analysis was done a little blindly, not having the initial sequences but only traffic: also, I went late on the signal so Df was not possible. Below are the two different approaches adopted by me(1) and my friend cryptomaster(2).

Fig. 1 - 100Bd/1500 FSK

1) The search for a scrambler results in the polynomial x^6+x^5+x^4+x^3+x^2+x+1. The bitstream after scrambler removal has a 7-bit frame consisting of (presumed) six bit of data + 1 bit set to "0". The 6-bit "code" doesn't seem meaningful.

Fig. 2 - 7-bit framing

 2) I noticed that the seven-column raster resembles an RTTY code (start + 5 bits + stop), folded into some kind of sequence: In addition, blocks with small displacements are visible on the raster (Fig. 3)

Fig. 3

If we discard the conditional start/stopbits and start the search for a scrambler for the remaining 5-bit code, we get the polynomial x^35 + x^25 + x^10 + 1. The result after removing the scrambler is shown in Figure 4. The search for patterns in the received 5-bit code was not found.

Fig. 4 - 10-bit framing

 https://disk.yandex.com/d/AfRS6tsZ-9jmbg

15 March 2021

dwell on STANAG-4481F is always interesting

Sometimes we overlook the usual STANAG-4481F or similar FSK signals, but they are precisely the ones that turn out to be the most interesting: just in these days I heard two STANAG-4481F transmissions that, one way or another, are both notable.
The first one is the Dutch Navy which operates at 6358.5 KHz (cf). That channel is normally used by PBBs for their well known Frequency Availability Broadcast (FAB, also known as CARB) but I was lucky enough to listen to them in "traffic" mode, more precisely using the waveform 50Bd/850 in secured mode (KW-46 device). Likely it was a Maritime Rear Link to communicate with a specific ship. 

https://disk.yandex.com/d/fRp605mzIwB_aQ
 

Fig. 1

Fig. 2
 

The second one has been heard on 8994.0 KHz (cf) using the waveform 75Bd/850, it also secured with KW-46 encryption: Tx site is AJE Barford St. John (UK). Well, apart from the use of KW-46 with the 75Bd waveform, the transmission is interesting since the tuning frequency (8992.0 KHz/USB) is one of the primary channels of the HFGCS network. One can object that 8992.0 KHz is CRO - Croughton, actually  both sites (Croughton and Barford St. John) belong to the same communications complex, being just a few miles apart. One site is the receiving station, the other one the transmitting station.

Fig. 3

Fig. 4
 
It may happen (Figure 5) that the FSK transmission is momentarily suspended to make way for an EAM message which - as you know - has a higher priority ("Ubi maior minor cessat").
 
Fig. 5 - higher prority EAM breaks a STANAG-4481F broadcast

https://disk.yandex.com/d/iEx8-puTY0KwZQ

12 March 2021

Rus PSK4 1200Bd: solved

The questions related to the "nature" of the 1022-bit period of the QPSK 1200Bd signal (see the previous post) has been solved thanks to the help of my friend cryptomaster: I was waiting for traffic ("I tuned it waiting for traffic, but luckless until it went off") but actually it was already there!
He had the great intuition to reshape the bitstream into di-bit symbols, ie 2 bits per row given the 4ary modulation, then we gone on analyze the two columns separately and found the m-sequence x^9+x^5+1 (or the equivalent x^9+x^4+1) in the second column: therefore, each bit of data is followed by one bit of the m-sequence, ie the 1022-bit period consists of 511 bit of data interleaved with the 511 bit of the sequence generated by the LFSR x^9+x^5+1 (Figure 1).

Fig. 1 - x^9+x^5+1 sequence in the 2nd column
 
The next step was to see if the same polynomial is to some extent involved in the bits of the first column. Based on the ninth degree of the polynomial x^9+x^5+1, a 9x511 parity check matrix was constructed, assuming that an H(511,502) code - based on that same polynomial - is used in the fomation of the bits of column #1. Notice that  a H(m,k) code is a Hamming code that encodes k bits of data into m bits (the codeword), adding m-k parity bits (CRC). 
Our parity matrix consists of a 9x502 check sub-matrix and a 9x9 identity sub-matrix (Figure 2):
 
Fig. 2 - Hamming parity check (511,502) matrix

As you know, the CRC formation is carried out by comparing column-by-column the k bits of each data row in turn with all the (m-k) rows of the check sub-matrix and counting the "vertical" correspondences of the "1"s of the data row and the r-row of the check sub-matix: if the count is odd then the CRC bit #r will be set to "1", otherwhise will be set to "0". That way, the (m-k) bits of the CRC is appended to the k bits of the data row just examined and the computation go ahead with the next data row.
That said, the bitstream of column #1 (the file demod-bit1.txt) has been reshaped to form a 511-column matrix of codewords. Manually checking the about two hundred 511-bit length codewords would have been a nightmare, so I wrote a short Octave script that would do the job for me and calculate the 9-bit CRC of each row along with a simulation of the final PSK4 modulation - the result in Figure 3.
 

Fig. 3 - 9 bit CRC rows (left); PSK4 modulation of data +CRC (right)

By comparing the calculated CRC bits (Figure 3 on the left) with the bit stream of column n. 1 (Figure 4), it is clear that each row of the bitstream is nothing more than a "codeword" consisting of 502 bits for data plus 9 bits for Hamming CRC, ie the 511-bit period that we saw.

Fig. 4 - the bistream of column #1

My friend cryptomaster tested also a 2016 recording and found it matches with the above conclusions (Figure 5). For what concerns the nature of the 502-bit strings of data they are probably telecontrols, further recordings are need. A possible (!) functional block diagram of the modulator is shown in Figure 6.
 
Fig. 5
 

5 March 2021

Rus PSK4 1200Bd

Transmission heard on 8741.5 KHz/USB, thanks to the KiwiSDR owned by YO3IBZ (Bucharest, Romania), on march 3rd. Although I tuned it on 8741.5 KHz I think the real tuning frequency be 8742.0 KHz (usual 1800 Hz subcarrier). As shown in Figure 1 the waveform employs a QPSK modulation at a rate of 1200Bd, ACF  result is 425 ms, ie 511 dibit symbols @1200Bd speed.

Fig. 1

As expected from ACF (511 symbols), the demodulated bitstream consists of a continuous repetition of the same 1022-bit pattern (Figure 2) thus - from time to time - I tuned it waiting for traffic, but luckless until it went off. All I can tell is that the signal was on-air all the "monitoring" period (ie 12 hours, from 0700 to 1900 utc), but in the following days and until today (March 5th), the transmissions seem to have ceased, at least on the reported frequency.

Fig. 2
 TDoA attempts clearly indicate an area south-east from Moscow as the most probable site of the Tx (Figure 3)

Fig 3

https://disk.yandex.com/d/O6yCdhU29f0Y3w

27 February 2021

15-channel DBPSK 500Bd 30KHz, CIS (wideband?) Akula

Quite rare Akula ("Shark") [1] signal catched by my friend KarapuZ. The usual Akula 500Bd/1000 FSK2 waveform is preceeded by the transmission of 15 PSK tones (MPSK-15) lasting the same time of the FSK signal. The 15 channels are about 2200 Hz spaced and occupy a bandwidth of 30 KHz, each channel consisting of a Differential BPSK modulated tone at the symbol rate of 500Bd (Akula II), ie the same of the following FSK2 burst; the 15 subcarriers are not orthogonal (Figs 1,2).

Fig. 1

Fig. 2
 
Either the DBPSK channels and the FSK2 transport the same data and use the well-known distinctive sign "1771/"  as shown in Figure 3.
As per [1], FSK2 Akula may be descrambled using the LFSRs described by the polinomyals x^5+x^3+x+1 or x^4+x^3+1 after differential decoding: well, in this case none of the two modes (DBPSK and FSK2) is successfully descrambled using the above polynomials.
 
Fig. 3 - ending parts of the demodulated bitstreams

The FSK2 signal is exactly centered on the passband of the preceeding 8th DBPSK tone (likely the "call" frequency): it could be that the FSK2 signal is targeted to "legacy" receivers while the wideband part to "stared" SDR receivers (as said, the contents are the same)... but that's only a my guess, who knows? anyway, using such a width signal (about 30 kHz) should provide good noise immunity. It's to notice how the power of the FSK signal appears spreaded on the DBPSK signals (same transmitter). 
 
The use of BPSK modulation (Akula II) is not new, as a 2015 recording demonstrates (Figure 4). Also in this sample, the FSK signal is centered on the passband of the preceeding BPSK subcarrier, although the switch time  BPSK -> FSK2 is longer than the one 15xDBPSK -> FSK2. The two demodulated bitstreams - at least in this sample - are not the same (Figure 5).
 
Fig. 4 

 
Fig. 5