Notes about Akula (v. 291121b)

My friend Nicola, with whom we often collaborate and whom I thank here, has been studying Akula's code for several months now and recently sent me a paper related to his work: I am very happy to publish the (current) results of his analysis, soliciting readers to express their views and comments. 

1. Introduction
Akula (the formal designation is not known) is a communication system used by the Russian navy. Originally Akula was designed as a high speed morse based communication system for submarines to avoid HF direction finding. Various sources set the maximum on-air time for these transmissions to 0.72 seconds. It was not until the USA started deploying the gigantic Wullenweber direction finding antennas that it became possible to triangulate (or multi-angulate) these transmissions.
Today’s Akula normally uses FSK at 500 Baud and a 6-bit alphabet for surface communication links. A
variant called Akula II is a DBPSK burst modem for the use among other in submarine communications.
Other variants have been observed, see Table I below.

Table I

Messages intercepted have mostly consisted of encrypted streams, however messages consisting of five
figure groups have also been observed.

2. Alphabet
2.1. Preliminary approaches
Akula utilizes a 6-bit alphabet. Until now 17 different code words have been identified. What the characters represent seems to depend on the message payload format, i.e. five-figure groups or encrypted stream. Ten characters represent the figures from 1 to 9, 6 represent the hex numbers A to F,one represents both a decimal number and SPACE and one is a control character, EOT. 

The only code words determined with certainty when these notes were begun, were ’Separator’ (000000 or 11111) and ‘EOT’ (011110 or 011110) marked in green. The codewords representing a decimal figure (0-9) have been determined from a message containing only five figure-groups, but the actual value assigned to a character was not known. However, another interpretation has been done, based on a message perceived as a test transmission in DBPSK modulation.

Table II below shows the 6-bit alphabet in use for Akula consolidating the information available at the time these notes were begun. Characters with the MSB bit set to ‘1’ in normal condition or ‘0’ in inverted condition are part of the number range 0-7, whereas the ones with the MSB bit set to ‘0’ in normal condition or ‘1’ in inverted condition are either within the range 8 – F or is a control character.

Table II - Akula 6-bit alphabet

 

Figure 1 (below, to the left) shows an interpretation, based on the assumption that the message represents the sequence “1 2 3 4 5 6 7 8 9 0” and that the group ‘4443’ in fact represents an error. However, the weak point of this interpretation is the composition of the number sequence. If one let this sequence start at ‘0’ instead of ‘1’ it will be seen that now ‘8’ and ‘9’ both start with a ‘0’ as MSB, which agrees with the previous analysis.

 

Fig. 1

2.2. Final approach
After investigating the messages available, a new approach was initiated based on the following analysis (1): In a message consisting of five figure groups, 10 different characters in addition to the control characters SPACE and EOT were observed, 8 with an initial ‘0’and 2 with an initial ‘1’, which must represent the numbers ‘0…9’. Analyzing a number of messages with a payload consisting of an encrypted stream identified another 6 characters with an initial ‘1’, which must represent the hexadecimal numbers ‘A…F’.

Going back to the characters identified in the five figure groups, and using the knowledge gained above, the two code words having an initial ‘1’must represent ‘8’ and ‘9’. As SPACE is used as separator between succeeding groups it cannot represent ‘0’. However, this value is mandatory in five figure-groups as well as in encrypted stream messages, thus another code word must represent the value of ‘0’, and logically it should be placed in the range of code words starting with ‘0’, which would correspond to the lower range of hexadecimal figures ordered in descending order.

This could point to an alphabet based on four binary digits plus two check bits. Comparing it to knownmethods of redundancy, a Hamming code can immediately be ruled out as it would require three check bits to protect four data bits. On the other hand, old Soviet radioteletype codes very often used just two check bits to cover 12 data bits.

Now, using the inverted mode of the code words as shown below, and testing various positions of the data bits as exponents of 2 and keeping this together with the position of the parity bits it seemed that one viable guess for the format of an Akula code word could be this:

where d3 = 2^3, d2 = 2^2, d1 = 2^1, d0 = 2^0, p1 = (d3 + d2 + d0) and p0 = (d3 + d2 + d1).

This arrangement is the logical arrangement of hexadecimal figures with the MSB leftmost. Other configurations are entirely possible as long as the MSB is kept as representing 2 3 and the positions of the check bits are fixed. Using this, Table II has been rearranged as shown below:

Table III - Rearranged Akula alphabet table with parity calculation

In Table III p0 is marked in turquoise and p1 in yellow. Parity violations are marked in red. The parity inversion for ’0’ may be explained as to avoid a continuous string of binary zero making the extraction of clocking more difficult. The same may make sense for ‘1’ and ‘4’. In the case of EOT the reason could be to establish a unique code word.

Something special surfaced when taking a closer look at a five figure-group message. No code word representing ‘9’ using the power of two calculation given above yielded a ‘9’, which should have been ‘101000’, but a hex ‘B’ ‘101011’ is used for a ‘9’. However, in encrypted stream messages a proper ‘9’ is used.

3. Transmission structure
Below the start of what are considered test messages is depicted. 

3.1. Bit sync
Before message transmission starts, bit reversals (a ‘meandr’ in Russian) is transmitted to enable bit synchronization. This is followed by a separator code word (000000 or 11111) or just a number of binary ‘0s’.

3.2. ‘Sync’ group
This group never varies and contains 6 6-bit code words from the figures range arranged as 4 x 100101 + 3 x 110001 followed by a separator:

100101
100101
100101
100101
110001
110001
000000

 Polarity is shown in normal mode.

3.3. ‘Preamble’ group
The ‘preamble’ group contains 7 code words with two different, but varying values arranged as 4 x 1st code word + 3 x 2nd code word. If data following the ‘preamble’ group is encoded as 5 figure groups, the preamble is followed by a separator code word. Polarity is shown in normal mode.  Given the information in Table IV, it is clear that the group cannot be a bit counter as the preamble group covers four different message lengths.

Table IV

3.4. Message format
Data may be transmitted either as five figure-groups separated by a separator character or a stream of characters. In the first case, a separator character also separates the data group from the End-Of-Message group. If data is encoded as a stream, all 16 6-bit characters are used, except EOM, and data is not separated from the EOM group by a separator code word.

3.5. End-Of-Message group
Polarity is shown in inverted mode.

010000  0
011101  6
011101  6
010000  0
100001  EOT

3.5.1. EOT character
The EOM group ends with an EOT character, 100001.

4. Unresolved issues
- Confirmation of the proper arrangement of the d2, d1 and d0 data bits;
- Is the ‘Sync’ group in fact a synchronization group, i.e. is it the same for all messages disregarding priority, contents …? (the reason for raising this issue is the simplicity of this group – normally a synchronization group or unique word would be constructed in such a way and with such a length to obtain optimum resilience against distortions and noise);
- The function of the ‘preamble’ group.

HARRIS PSK8 2400 Bd Digital Voice, an autobaud waveform?

Discussing with my fiend ANgazu about the HARRIS Digital Voice waveform (see this post), it turns out that likely that waveform is designed to provide the autobaud feature which is coded - in our opinion - in its initial header just before the normal frames' structure. As shown in figure 1, the "presumed" autobaud header consists of 8 frames each with a duration of 13.3 ms and a length of 32 bit (given the PSK2 modulation at 2400 Bd) for a total length of 256 bit. The synchronization functions would then be performed by the preamble sequences which are transmitted every 106.6 ms.  The autobaud function it may be necessary  since, according to the RF-5800 data sheet, the narrowband digital voice mode may use MELP and LPC-10 algorithms at 2400 and 600 bps.

Fig. 1 - the presumed autobaud header

Moreover, looking at the bitstream of an entire session (figure 2) it can be argued that the shorter segments are used for the management of the voice-link (ARQ mode); selcall, link setup and link closure are performed by the HARRIS specific waveform.

Fig. 2

THALES Robust MFSK-8, TRC-1752 STANAG-4285 FEC, STANAG-4539

Interesting sessions recorded some days ago on 9072.0 KHz (CF) consisting of an initial THALES Robust MFSK-8 session followed by THALES TRC-1752 STANAG-4285 + STANAG-4539 encrypeted traffic, the latter used in QAM-16 6400bps mode (figure 1).The MFSK-8 waveform uses the same tone library as 188-141A/B 2G ALE but callsigns are limited to a maximum length of 2 figures only and can also be used as a robust-data mode. Aurally and visually it is easily mistaken for a normal ALE since the 250 Hz spaced eight tones and 125Bd speed. 

 

Fig. 1

Direction Finding tests, TDoA method,  point to center of France as shown below in figure 2:

 

Fig. 2 - Direction Finding tests

It must be said that the TRC-1752 modem is a bit old and therefore has probably been replaced by the new TRC-177x multi-mode modems.

https://disk.yandex.com/d/TR1V34hxloVeGw

Harris RF-5800 Digital Voice PSK8 serial waveform (yet another 106.6 ms ACF)

A friend of mine sent me these signals consisting of a complete session utilizing the Harris 600/2400 bps Digital Voice (DV) mode:

1- selcall & link setup
2- 600/2400 bps vocoder PSK segments
3- link terminate

Fig. 1 - Harris Digital Voice mode session

Selcall is quite clear:  it's an MSK/OQPSK modulation at 2000 Baud speed, followed by short MFSK-8 125 Baud in non-standard MS-188-141A fomat, ACF is 50 ms (100 bit) and the resulting bitstream is characterized by the presence of the usual pattern (figures 2a, 2b).

Fig. 2a - Harris selcall MSK/OQPSK part

Fig. 2b - Harris selcall MFSK segment part

The VD mode PSK8 serial waveform is used only when a voice link is selected, although it also allows data to be sent over the same link; both data and voice are secured with Citadel encryption. Its ACF is the quite common 106.6 ms and that causes false-positive STANAG-4285 detections by decoders. As shown in figures 3a 3b, each frame consists of 256 tribit symbols, according to SA raster and bitstream each frame consisting of 66 sync sequence symbols (instead of 80 as in other similar 106.6 ACF waveforms), followed by a data block consisting of 190 symbols. The sync sequence is transmitted recurrently every 106.6 ms and uses PSK2 modulation.

Fig. 3a - Harris VD PSK8 serial

Fig. 3b - Harris VD framing

From Harris RF-5800 datasheet: "The digital voice mode utilizes the latest military MELP and LPC-10 algorithms for high-quality secure narrowband voice at 2400 bps. The Harris 600 bps vocoders extend the communication range beyond conventional 2400 bps systems." [1]

About the 106.6 ms ACF waveforms (figure 4), as said here, it seems that decoders such as Sorcerer and therefore also K500 try to identify a signal by measuring its ACF and comparing it against an internal table that allows the identification: likely, the length of the ACF and the initial PSK2 sync sequence mislead the decoders which consequently give a false positive STANAG-4285 id.

Fig. 4 - some common 106.6 ms ACF waveforms

https://disk.yandex.com/d/jMGcjN4lD8RH9Q 

[1] https://disk.yandex.com/i/sFOl3aX98-d6SQ

 

unid OFDM-121 system

Unid Russian OFDM-121 system recently heard on 11071.0 KHz (CF) until monday morning, frequency spacing between channels is 25 Hz, symbol rate in channels is 21 Baud, the used modulation seems to be a form of PSK4. As from figure 1, not all of the 121 available channels are used and it's possible to note a different arrangement of the channels in different days. The modulation used in the 2400Bd bursts preceeding the OFDM segments remains to understand, although there is a prevalence of PSK2 blocks.

Fig. 1

For what concerns the 2400Bd bursts which preceede the OFDM segments, I could not get a clean constellation; anyway looking at SA phase detector and 2nd order harmonics (figure 2), I think it is some kind of PSK2 modulation, or at least it's the prevalent one.

 

Fig. 2 - 2nd order harmonics, phase detector e constellation

 

4-ary constellation test

Moreover, the ACF has a 20ms value (figure 3) that makes 48 over-the-air symbols per frame, each frame consisting of 32 unknown data symbols followed by 16 known symbols. If the 20ms pattern in figure 3 represented bits then it would count a 32-bit length for the data block, therefore 1 symbol = 1 bit and thus we have a PSK2 modulation. As rightly suggested by my friend KarapuZ, in this case, the palette of the pattern consists of more than two or three colors: what does this mean? That we see more than just two or three levels of manipulation.

 

Fig. 3 - 2400Bd bursts framing

Apparently, this is one of the command and control systems and is associated with the recent military exercises in Belarus. Direction Finding indicate the Moscow area as Tx site location, as shown in figure 3.

Fig. 3

https://disk.yandex.com/d/qQrCn43mL0UO1Q

4339.8 KHz, an occasional French-Ny fleet broadcast FSK channel ?

On Sunday evening I came across an FSK 50Bd/850 transmission on 4339.8 KHz (CF): first time I have ever seen a S-4481 on this frequency, usually occupied by French Navy fleet broadcast in STANAG-4285 from FUG Saissac on 4338.0 KHz (// 4325.0 Khz). The dozens of DF tests carried out have all indicated the same FUG site as the location of the transmitter, while the analysis of the bitstream revealed the use of KW-46 encryption which is normally used in NATO 50Bd/850 FSK fleet-broadcast.
Actually I expected to find the classic 21-bit pattern, typical of domestic broadcast, even if 4339.8 is not among the FSK channels used by the French navy (see here).  I thought about a new FSK channel, but in subsequent monitoring the frequency has always resulted to be occupied by STANAG-4285 transmissions.
It's interesting to note that the same frequency/mode appears only once in the UDXF logs, precisely on March 21  of this year and only nighttime: coincidentally this too during the night between Sunday and Monday.  

Fig. 1 - STANAG-4285 & 50Bd/850 FSK both KW-46 secured from FUG

Fig. 2 - 4339.0 KHz FSK Direction Findings (TDoA algorithm)

https://disk.yandex.com/d/laasTSzeM0o7fQ

unid PSK8 2400Bd burst waveform

Unid PSK8 2400 Baud burst waveform spotted on 10557.0 KHz (CF) by using OZ1AEF KiwiSDR (Skanderborg, Denmark). ACF value is 293.4 ms, which makes a period length of 704 tribit symbols or 2112-bit length frames (figs 1,2). The resulting bitstream after demodulation does not have a well defined structure formed by known/unknown data blocks,  it could be a Walsh modulation but it is only a guess.

Fig. 1

Fig. 2

As a test I tried to analyze the bursts using a STANAG-4538 demodulator and surprisingly the decoder reacts but only to the first 700ms of each burst by identifying a 256 symbols initial segment (!) and a subsequent block of data (960 symbols only), even if not identifying any of the xDL traffic waveforms that it knows (BW1-BW7) and thus reporting the phase positions only:

6231017000770100000702070000001700000107010107000701070000000000
0000001001000070000010000000000107000000000000000010000000000000
0000000000000000000000000000000000000000000000000000000000070000
2357710003120162744325456425622470623725424155361132757073500120
 
0014030174251457266112142317764402235571057447051475133602436767
2703175471117746713161441063517300743117565244064305766450657067
3543135630554510775272301561043433561260120020160261523037545324
2056267511155732621360060321622731415212020343736426773247451624
1334736342650470251144547564221770112446074633674036402257132565
6167206436000663560205033075240623327644201057731763021170310231
2243202452744340766416127045073236601451345335341351405636207065
7530151204440026515461331365415522030410171723262531566213715260
5435401652143142551606034474235200464762472263162671465355421572
7246675441411506774573373574776501311646273035007266555622770517
4374175707126456760404241210370111043001250537550271063761077252
5455361471666153216322237212306173775100324261130557670052346734
3347363427504702511445475642217771124460746336740364022571325656
1672064360006635602050330752406233276442010577317630211703102312
2432024527443407664161270450732366014513453353423514056362070657

The period of the data bitstream is however in contrast to the value measured by the ACF (figure 3) but it could due to the short segment which is recognized and demodulated (700ms) and by now I still prefer to rely on SA.

Fig. 3

The shorter burts like those in figure 4 are instead recognized as BW0 waveform, Robust Link Setup RLSU protocol (1), although the latter has a slightly shorter duration, and then decoded:

11010000100010001010111011
11010100010010010000001110
11010000100010001010111011

Fig. 4

Regarding the initial segment of 256 symbols, mentioned above, it's important noting that the bursts of the BW0, BW1, BW4, and BW5 waveforms begin with 256 “throwaway” symbols that are sent while the transmitter level control and receiver AGC are settling (the so-called TLC/AGC guard sequence); this is probably the reason of the STANAG-4538 false-positives detections.

Despite this, I think that the similarity with the burst waveforms of STANAG-4538 should be taken into consideration in view for further insights and analysis of these signals.

https://disk.yandex.com/d/s8BveGOqLx_s2g
https://disk.yandex.com/d/X4z5LZJK59_QxA 

(1) robust burst waveform 0 (BW0) is used by the robust link setup (RLSU) protocol and carries a payload of 26 protocol bits

a note about CIS Navy FSK (T-600)

My friend Nicola, whom I thank for the collaboration, reported to me an inaccuracy in the post of April 16, 2021 "CIS Navy FSK 50Bd/250 (T-600)", more precisely regarding the 44-bit sequence which is sent after the reversals:

11100001010010111110000101001101011010101101  

The 44-bit sync sequence is in fact a 42-bit sequence (six 7-bit characters). The reason is that the transition from idle to traffic condition is signalled by a violation of the bit reversal structure so that a '1' is inserted instead of a '0' when the systems transits to traffic condition, ie the end is '...0101011' and not '01010' as given in my post (figure 1). That initial sync sequence of six 7-bit characters is also a violation of the 4:3 ratio. This ensures that sync is reliable. To use violation as signalling is quite common in many protocols, e.g. Ethernet LAN protocols.

Fig. 1

Generally speaking, one should notice that 'primitive' block protocols as the ones used by the Russian Navy will have this general structure:
- Call and acknowledgement provided by morse coded session
- Bit sync provided by bit reversals with or without a final violation
- Character sync provided by an initial Unique Word (or sync sequence, the designation is a matter of semantics)
- Possibly, but not necessarily a header (address, length, type of message etc.)
- Data, including possible initialization vectors or session keys
- End-of-Message
- End-of-Transmission, which could be provided by yet another morse session

again about crypto devices with (5x) 128-bit Initialization Vectors

Recently in the list of the UDXF group a log of the UTE listener howardhawks (HH) appeared about transmissions of the Royal Navy of Oman (RNO) in 110A 1200bps/S mode on 8403.0 KHz/USB: nothing special except the use of encryption with 128-bit length initialization vectors, as indicated by KarapuZ in his comments to the message. This fact intrigued me and, since I have already met crypto systems that use initialization vectors of equal length and with the same format (ie five times repeated) [1], I decided to monitor those transmissions and collect some recordings to compare with other similar ones stored in my hard disks, ie:

- STANAG-4285 from Croatia (TDoA), recorded on January 2020 (*)
- 110A and STANAG-4539 attribute to the Swiss Emergency Network, recorded on October 2017 (*)

The bitstreams after demodulation of the above signals are shown all together in Figure 1:

Fig. 1 - COMSEC preambles using 5x128-bit length IVs

As you can see, the three COMSEC preambles - highlighted in figure 1 - have the same pattern, regardless of polarity:

• 000110000100000111000101111001011011101101001001011111010101 60-bit length frame sync
• 128-bit (16 bytes) sized Initialization Vector (5x)
• 0101010101010101010101010101010101010101010101010101010101010101 64-bit length phasing/idling sequence

I don't know if it's an external COMSEC devices (ie standalone equipment such as KG-84) or communications equipment with built-in COMSEC, the fact is that the preambles are the same and this leads me to think that the above  transmissions - coming from three different countries/organizations - are secured by the same COMSEC device. In this respect, it would be important to know which providers of communication equipments the above users have in common.

By the way, signals gathering has been possible thanks to the KiwiSDRs operated by Kuwait Amateur Radio Society [2]. Transmissions on 8403.0 KHz, at least those listened to, mainly consist of voice calls/radio-checks and short exchanges of  messages using as mentioned 188-110A in 1200bps/S mode. Unlike other HF networks, neither 188-141A or some other ALE system is used for link setup so it is assumed that the nodes are simultaneously listening on the same frequency and responding when called by the net control station (callsign F4). Stations mentioned in traffic on this net so far include H5R, O5H, R7N, W6J, W3M, O3P and G9I, as well as vessels RNOV Al Mubshir S11, RNOV Al Seeb Z20, Shabab Oman II (thanks to the logging by howardhawks).

http://9k2ra-2k.proxy.kiwisdr.com:8073

(*) 188-110A and STANAG-4285 modems show a slightly modified waveform due to the addition of 4 unmodulated initial tones

[1] https://i56578-swl.blogspot.com/p/initialization-vectors.html
[2] http://9k2ra-2k.proxy.kiwisdr.com:8073

CIS MPSK-16, a POSTNET 2-of-5 variant?

As for the 6-bit encoding used in CIS MPSK-16 streams, see this post for background, my friend Nicholas suggested that most likely it's a variant of the 2-out-of-5 code [1], a constant-weight code that provides ten possible combinations of two bits and is used for representing the decimal digits using five bits. A such coding works as follows: each bit position is assigned a numerical weight, i.e. a value, e.g. seen from the left '01236', so if bit 4 (the leftmost bit) is a '1' and bit 2 is also a '1' then the combination '10100' would yield 0+2 = 2.

The codeword format is XXXXXS, where X = '0' or '1' and S is the stop bit, always '1', so in order to decode it you will have to invert the polarity of the bitstream 1 to obtain a 1:0 ratio of 2:3, indeed, I found a ratio 1:0 = 3:2 in reverse polarity.

Fig. 1

Using the table shown in the cited post, after  invert the polarity and remove the stop bits, I tried to apply the  POSTNET 74210 code [2] to the source message (assuming 11111/00000 is the codeword used for the separator character):

Fig. 2 - 2-out-of-5 code

 

00111 = A     11000 = 0 (---)
01011 = B     10100 = 9 (7+2)
01101 = C     10010 = 8 (7+1)
01110 = D     10001 = 7 (7+0)
10011 = E     01100 = 6 (4+2)
10101 = F     01010 = 5 (4+1)
10110 = G     01001 = 4 (4+0)
11001 = H     00110 = 3 (2+1)
11010 = I     00101 = 2 (2+0)
11100 = L     00011 = 1 (1+0)

 

As you see, applying the POSTNET 74210 coding to the source message, from the fourth group of the first line (and form the first group of the last line) yields the 5-digit group 99932  where 32 is just the total number of the groups within the message:

79128 79128 79128 99932
73814 04737 77008 73818
73717 65621 93714 65728
71837 65621 72185 46677
73815 72716 63472 21056
98742 10365 72716 62714
75321 63451 45660 87242
65721 72716 16078 75025
45666 12343 23445 00352
99932 79128 79128 79128

However, it remains to be seen whether '999' is actually '000' or "---" (as said, the coding could be a variant of 74210) and the meaning of the other 3 groups (79128) of the first and last line: probably something related to the message itself, perhaps the number of the message?

[1] https://encyclopedia.thefreedictionary.com/two-out-of-five+code
[2] https://en.wikipedia.org/wiki/POSTNET