31 July 2015

Using SA to measure and fix sound card digitizer errors

(by Angazu)
All sound cards and A/D converters have some clock error. This is especially true if converters are commercial and cheap ones, like PC sound cards and similar. Professional and expensive converters exhibit a much better clock stability and jitter. To correct this error, one must know nominal parameters of the signal under test. If these parameters are known, it is quite easy to correct digitizing clock error using SA.
Information for this doc was obtained from:
Unfortunately, Baudline has no windows version, but the web contents can be useful for the reader.

The SA method of  “Correction of BR” is quite good for this job, but perhaps using resampler as data input is a better procedure.
The correction factor will have to be measured for any digitizing speed and mode. Bear in mind that for cheap cards, the speed can vary due to various factors, so if high precission measurements are required, a new calculus should be carried out. For a good measurement, a quite big signal is needed.
This method is useful for PSK,FSK,MFSK and other modulations. To use it with OFDM, some more operations should be carried out using SA. Ideally, an external signal like GPS 1000 Hz or a signal from a high end signal generator will provide the best results. Also, a radio timing signal should be good enough.
The best way to understand the subject are examples. 

A well known signal as Stanag-4285 (sampled at 8000 sps) will be used to show the method.
We know 4285 has a nominal speed of 2400 sps. Since a frame is 256 symbols, the frame time must be 106,666666 mS. This is the value that should be obtained if using the VMW feature of SA when signal structure is perfectly vertical. As we can see, the measured value is 106,69241

Correction factor = measured value/nominal value = 106.69241/106.66666= 1.000241
Error PPM = (correction factor-1)* 1000000 = (1.000241-1)*1000000=  241 PPM.
Real Digitizing speed = 8000*1.000241 =  8001.931
Real modulation speed (Br) = 2400/1.000241 =  2399.421739
Measured SA Br = 2399.41

Now, lets go to correct the signal using calculated BR in SA.

The signal parameters are almost perfect, so we can save the corrected signal and after this procedure, we can be quite sure the new signal will be demodulated using any comercial demodulator.
Also, we know the correction factor for the used card in that speed.
In this sample, error is quite small and no problem for demodulators, but bear in mind that error can be very  big. I measured errors of more than 100 samples in an 8000 nominal sample rate. That means that demodulators will fail to demodulate the signal and even analysis will be quite complicated and erroneous

The MIL-STD 188-110 App.B is a well known OFDM waveform: baudrate 44.44, channel separation 56.25 Hz, 39 tones + I pilot, correlation triangle (k) = 17/64 and modulation "pi/4 DQPSK" in all channels. The analysed sample, although it exibiths the expected 39 +1 tones, is not protocol compliant for what concern baudrate, separation and K (and OFDM parameters too)

The measured clock is 44.48 Hz and according to this article  the signals has a native sample rate of multiple of 3600 Hz.
As said above, go on fixing the baudrate and re-sampling to the correct frequency (7200 Hz in this case)

Although the absolute constellation is not stable, all the mentioned parameters are now correct and the fixed sample can be saved and published.

calcolo delle constellazioni pi/4 DQPSK e (D)QPSK

the OFDM SA module calculates the arity (n-Ary) in automatic mode: in order to detect if the modulation in the channels is pi/4 DQPSK or QPSK/DQPSK we have to get a stable absolute constellation (with the help of shift)  and look at its arity. Carriers have pi/4 DQPSK modulation in case of the absolute constellation exhibits an 8 arity (Figure A)

Figure A

Modulation is QPSK if the arity of the absolute constellation is 4 (Figure B)

Figure B

Working with phase modulation, the arity must be calculated manually. In the phase module the button button Diff 0 - corresponds to an absolute mean  and Diff 1 - corresponds to the relative. In order to calculate the-arity, it is necessary to consider the harmonics at different degrees. 

For example (Figure 1) QPSK carrier and side harmonics are manifested in grade 4. Accordingly, it should be seen in the phase module with the n-Ary = 4 (Figure 2).

Figure 1
Figure 2
Now PSK-8, carrier and the side harmonics can be seen in the eighth degree (Figure 3). Next phase module, n-Ary = 8, pay attention to the trajectory of the constellations that pass through the center ! (Figure 4).

Figure 3
Figure 4

Finally, pi/4 DQPSK, the carrier and the harmonics are in degree 8 (the fourth degree exhibits only 2 harmonics unlike the 3 harmonics shown in QPSK!) (Figure 5).
And now attention - look in the phase module with the n-Ary = 8 (Figure 6). Notice that there is no transition paths through the center of the constellation (as real PSK-8 does), and the constellation of a relative is ike QPSK, but it's 45 degrees (π/4) rotated!!!

Figure 5
Figure 6

Below, another example of  pi/4 DQPSK measurement:

Harris AVS (Analogue Voice Security)

Discussing about an odd MS 188-110 App.B sample found in the web,  KarapuZ sent me a recording with a "combined" of signals in which are visible not only the 39-tone signal but also some Harris vocoder (AVS) segments. The ending ALE segment, once decoded, reveals the Roumenian Police network as source: [TO ][1P ][TWS][SIB]

Harris AVS
I take this opportunity to speak briefly about it. The Harris AVS (Analogue Voice Security) is a not-synced scrambler that use 24 subchannels and spreads about a  2700 Hz band. A detailed analysis can be read in the radioscanner.ru forum http://signals.radioscanner.ru/base/signal111/
Harris offers both digital encrypted and analog scrambler systems for COMSEC, below their short introduction to the AVS system: "In voice communications systems that do not require extremely high security, you can protect against casual eavesdropping by scrambling. Scrambling, as an analog COMSEC technique, involves separating the voice signal into a number of audio sub-bands, shifting each sub-band to a different audio frequency range, and combining the resulting sub-bands into a composite audio output that modulates the transmitter."

SA: symbol-by-symbol e funzione "Each" nel modulo OFDM

e' possibile esplorare un segnale OFDM con la tecnica symbol-by-symbol, ovvero visualizzando l'insieme dei canali spostandoci avanti/indietro un simbolo alla volta cliccando nello spazio a sinistra e destra del cursore.

Questo serve per vedere se la struttura dei canali (numero, ampiezza,...) cambia e se cambia, ogni quanti simboli. Guardiamo come abbiamo ottenuto la situazione mostrata nella figura in alto.

Qui sotto si vede che una certa struttura dei canali cambia ogni 5 simboli:

Si nota come ogni 5 simboli trasmessi (LS6 - LS11) si ripeta la medesima struttura dei canali. Per vedere in dettagliocosa accade ogni 5 simboli selezionamo un simbolo in cui la struttura da indagare si presenta e da qui impostaiamo la funzione "Each" sul valore 5 (ciclo di ripetizione) e vediamo in corrispondenza quale forma assumano le constellazioni. Questa indagine puo' anche essere ripetuta canale per canale, esplorando i vari tipi di modulazione all'interno di un medesimo simbolo (come nel caso del modem HVDVL).

Si vede chiaramente che ogni 5 simboli viene trasmesso un simbolo non-modulato che puo' essere chiamato di "servizio". La modulazione usata nei canali e' visibile impostando la funzione "Each" al valore di default (1)

Aumentando la risoluzione e precisione, quindi aumentando il numero dei simboli utilizzati per l'analisi, si puo' notare la presenza di questo simbolo di servizio.
Per questo tipo di indagine occorre avere pero' un buon segnale, ben centrato nella sua frequenza e campionato alla sua frequenza nativa. Qualcosa si puo' sempre correggere con la funzione "Shift Frequency" (shift virtuale, il segnale rimane dove e') oppure shiftando sempre virtualmente il segnale di uno o piu' canali in alto o in basso con la funzione accanto al "Mode A" (solo per questo modo).

SA: ricampionare un segnale OFDM

Il segnale OFDM ha bisogno di essere ricampionato alla sua requenza nativa di campionamento. Se questa non e' nota ma lo sono i valori di formazione del segnale OFDM, allora si puo' ricorrere alla formula:

freq. di ricampionamento = LS * baudrate
 dove LS = LU+LG.

Ad esempio nel segnale qui sotto conosciamo il valore di K ed il baudrate, i corretti valori di LU e LG possono essere recuperati tramite il programma OCG. 

Sappiamo che il coefficiente k per questo segnale e' uguale a 0,34375 (11/32). Per questo fattore OCG visualizza le seguenti  coppie di LU e LG:

Possiamo scegliere qualsiasi coppia LU-LG ma conviene lasciare il segnale il piu' possibile cosi' come e' ovvero senza ricampionamenti "pesanti". Per far questo usiamo una coppia il piu' possibile vicino alla coppia che abbiamo trovato dal modulo OFDM, prendiamo quindi la seconda serie di parametri LU e LG.  
LU = 96, LG = 33, LS = LU + LG = 129 e la frequenza di campionamento corretta per l'analisi / demodulazione e' pari a (129 * 64.099364) = 8268.817956 Hz. Arrotondato a 8269 Hertz.

Non conoscendo i valori fondamentali di un segnale OFDM, un trucco per ottenere una o piu' frequenze di campionamento "efficaci" e' quello di moltiplicare il valore ottenuto dello shift per un numero intero.

freq. di ricampionamento = Sh * num_intero

SA: shift "virtuale" (x canale e x frequenza) nel modulo OFDM

Dopo aver ricampionato il segnale abbiamo una situazione stabile nella costellazione relativa ma la costellazione assoluta e' ancora confusionaria (b1). La modulazione puo' essere PSK oppure pi/4 dqpsk. Cerchiamo innanzitutto se esistono simboli speciali, esaminando il segnale symbol-by-symbol.

Dall'indagine symbol.by-symbol ediamo che ogni 5 simboli viene trasmesso un simbolo speciale, forse di sincronizzazione (b2)

Shiftiamo "virtualmente" il segnale lungo la griglia dei canali (in alto o in basso) fino a trovare una posizione il piu' possibile stabile nelle costellazioni: l'indagine viene fatta ovviamente con Each=1. Il valore migliore trovato e' -7 (b3). Per ottenere lo stesso risultato dovremmo fisicamente shiftare in basso di un valore pari a 7 * Sh e non e' detto che dopo lo shift fisico il segnale rientri senza distorsioni nella banda visualizzata (4 Khz, dato il campionamento a 8 KHz). Questo shift virtuale sposta il segnale con step di un canale, potremmo chiamarlo shift di canale.

Una volta individuato il miglior shift di canale, ci aiutiamo con lo shift virtuale di frequenza (quindi a step variabile, molto preciso) e otteniamo quello che cercavamo, ovvero costellazioni stabili in grado di rivelare il tipo di modulazione: in questo caso PSK-4 (b4). 

Il discorso vale anche per il carattere speciale trasmesso ogni 5 simboli: anche in questo caso si ottiene una costellazione assoluta stabile (b5).
Come si nota, lo shift virtuale di frequenza agisce sulla costellazione assoluta del segnale.


22 July 2015

RACAL/THALES PANTHER-H: Intelligent Frequency Hopper

Pic. 1: the 8-bursts train
I heard this signal several times, and today too on 20698.0 KHz on USB at 1445z. The waveform: 760 mSec spaced bursts (always eight), ~2500 Hz bandwidth, serial tone with sub-carrier at 1800Hz and PSK-4 2400 Bd manipulation, as shown in picture 2. Always a "train" of 8 bursts (pic. 1) during the SOC (Start Of Conversation) sync procedure, after synchronization the next hops are within 2 MHz.The signal belongs to the RACAL/THALES HF transceiver Pather-H, running in the Intelligent Frequency Hopper mode, and it is reported in radioscanner.ru at this address:
Thanks to my great friend KrapuZ (radioscanner.ru) for pointing me to the right signal name.

Pic. 2: manipulation speed and serial tone sub-carrier
PANTHER-H is an intelligent frequency hopping transceiver and is the result of many years research to find a tactical HF radio system which provides a Low Probability of Intercept (LPI) and anti-jamming protection whilst delivering reliable, good quality communications on all types of HF link: http://www.railce.com/cw/casc/racal/panther-h.htm
Racal was purchased by Thomson-CSF (now Thales Group) in 2000.

Several times I noticed spread spectrum transmissions (hopping frequency spectrum transmissions, HFSS) after few seconds the end of the SOC sync: possibly it is the traffic just following that sync. Below an eaxmple of these HFSS


18 July 2015

Unid MFSK-7 200Bd 400Hz

This waveform is an MFSK-7 running at 200 baud, the seven tones are 400 Hz spaced. The ACF is 350 mSec then 70 bits long. Looking at its frame (pic. 3,4,5) it seems that 7 bits transport something like data while the other 63 bits have a constant sequence (Sync?).
It looks like a "selective call" and the only think that I could find in the web is a reference to the "AirCal": an MFSK 7 tone system by the old Racal (!?): http://www.scancat.com/rvw-faqc.html 
Well, Racal was taken over by Thomson-CSF and now it's Thales. Although Thales has continued part of the former Racal product line, most products have gradually disappeared along with the name 'Racal' itself. 
The signal was caught by KarapuZ on 10150.0 KHz on USB, around 1540z on 15 July (present year): it's available on request for your further analysis: just email me.

pic.1 - speed

pic.2 grid
pic.3 ACF

pic.4 frame structure

pic.5 FSK demod

16 July 2015

CIS-45 v2 HDR modem: modulation switching

16230.0 --- Russian Mil, RUS:
   1412 USB OFDM 45-tone HDR Modem v1, 33.33Bd 62.5Hz DBPSK bursts
   1410 USB OFDM 45-tone HDR Modem v2, 40Bd 62.5Hz pi/4 DQPSK then BPSK stream

Today I heard the CIS-45 OFDM HDR modem running on 16230.0 KHz on USB around 1410z. More precisely, the heard signals were the two well known CIS-45 waveforms: the 33.33 Baud version (v1) in burst mode and the 40 Baud version (v2) in bistream. The v2 modem came with a discrete signal so I decided to record it for later analysis. The signal clearly exhibits the CIS-45 v2 features: baudrate = 40, Sh = 62.5 and BPSK modulation in the channels as in:

I was surprised by analyzing another segment of that signal: the modulation in the channels is no more the expected BPSK but pi/4 DQPSK and still running at 40 Baud. So, it seems that the system has the capability to change the modulation mode (from pi/4 DQPSK to BPSK) on-the-fly, mantaining the same baudrate:

I do not know the reasons of such behavior, possibly an adaptive feature? I searched the web to get some other informations and found that KarapuZ too recently noticed this beahavior: http://www.radioscanner.ru/forum/topic36750-153.html#msg1183165

As the others, this signal is available on request: just email me.

9 July 2015

French Navy OMAR HF-NG

09/07/15 14716.6 1OMFUJ French Navy OMAR net Noumea, NCL 0555z USB MIL 188-141A clg 1OMFUM then into THALES TRC-1752 modem Stanag-4285

OMAR (Organisation MARitime des transmissions haute fréquence) HF New-Generation program had the task to modernize all the High-Frequency transmissions media of about 80 assets of the Ocean forces of the French Navy, maintaining interoperability with other NATO Navy. The project was committed to Thomson-CSF (now THALES):

The ALE calls logged here show the common prefix 1OM (One Organisation Maritime) followed by the usual French Navy IDs:
FUJ = Noumea, New Caledonia
FUM = Papeete, French Polinesia

I do not know if the "1" in the prefix stands for HQ or something other: there are logs that report such ALE calls just w/out any number (OMFUF) as well as calls with a different number (2OMFUM).

About the waveforms, the ALE one is a plain MIL 188-141A while the PSK segments have all the characteristics inherent STANAG-4285 (serial tone carrier 1800 Hz, speed 2400 baud and modulation PSK-8) but they are not recognized by such decoders. 

The lack of PSK strength does not allow an accurate analysis, but given the presence of Thomson-CSF/THALES in the OMAR project, it is very likely that it could be the TRC-1752 modem PSK-8 waveform, as reported here: http://signals.radioscanner.ru/base/signal101/
(I already heard this wavefrom on March http://i56578-swl.blogspot.it/search/label/THALES%20TRC-1752).

Looking for TRC-1752 modem, it seems to be replaced by the new 17xx HF multi-mode modem family:

7 July 2015

Israeli Navy hybrid modem in DSB/ISB ?

This is the first time that I see the Israeli Hybrid OFDM/Serial modem running on both the two sidebands: I did not analyze the contents of the two signals so it could be a DSB or ISB modulation but in any case the presence of the "supposed" carrier (10164.0 Khz) is quite odd since DSB and ISB does not provide its transmission. So, what I may say about that carrier? does it belongs to the signal?
Although 10164.0 has been reported as belonging to 4XZ Israeli Navy some years ago (precisely in 2013) and the waveform definitely refers to Israeli Navy, this frequency is very often used by the Russian Navy in T600 mode: many logs report such transmissions just on this frequency.
The second interesting point is the offset of the two signals from this "supposed" carrier. The first preamble tone is located at carrier+1000 Hz in the upper band (d1) while it is at carrier-800 Hz in the lower band (d2): ie the two lateral bands are not symmetric with respect to the carrier and that's wrong in AM modulation, other than in dual and independent sidebands.
The strenght of the two signal is just the same, then it is not the case of "fake" signals.
Concluding, it may be that this is something like a test  or something wrong/failure in the transmitter. I will try to pay a look at that frequency, if possible at same time of reception (2135z).

3 July 2015

Unid FSK 1200Bd/600 (MSK)

I heard this signal on 14747.0 USB at 0645 (30 Jun 15), it's a  500 mS bursts transmission with Br = 1200 Baud (Fig. 1) and 500 Hz Shift.  The source/user is unidentified. 
According to http://signals.radioscanner.ru/info/item68/ the waveform looks like a classic MSK modulation with Shift = 1/2 * Br, as clearly visible in Fig. 2.
The second harmonic of the MSK waveform (Fig. 4) has two bright spectral lines, the spacing between these lines is equal to Br, that is one of the signs of these modes. This is the necessary condition of their definition at the analysis, but not the sufficient: two lines in the second degree/power can be also given by both SDPSK and OQPSK modes; the constellation (transitions) of the signal is shown in Fig. 5.

Fig. 1

Fig. 2
Fig. 4
Fig. 5