7 July 2016

"T207" recognition in CIS VFT systems

Some days ago I heard some CIS VFT systems and in particular one of them, a six  100Bd/120Hz channels, caught my attention. I already logged it but sent its main parameters as speed, modulation and shift, to my friend Karapuz asking if he knew the real name of that signal or the name of the modem. He told me that in last January he had just the same receptions and pointing an interesting discussion in radioscanner.ru about the encryption/coding used in such signals: T-207.  Although radioscanner is entirely in Russian, reading the opinion of the expert analyzers from this forum was interesting and I could figure out how detect the T-207 presence. In this post I describe the way I sought its "signature" in some CIS VFT signals as:

a) 3 x 100Bd/1440Hz VFT system
b) 6 x 100Bd/120Hz VFT system

replicating the experiences seen in radioscanner.ru and getting the expected results. 
By the way, these VFT systems are easy to receive (with good strength, at least here in JN52) on 13-16 MHz USB bands, mainly during the morning  and seldom during weekends.
T-207 detection has to be manually spotted by processing the demodulated bitstream and checking if it matches the criteria described in the cited post. We have first to choose a 14 bit period for the bistream and then focus on the first 12 positions and count the amount of "1" symbols:
- if the amount counts 2 or 6 or 10: the last two symbols (13th and 14th bits) must be 10
- if 3 or 7: 00
- if 4 or 8: 11
- if 5 or 9: 01
In case the sum is 0, 1, 11 and 12, it can be assumed that the last two symbols will be 11, 01, 00 and 11, respectively. These rules are shown in tab. 1.
Tab.1 - T-207 criteria
Since the above rules act presumably as a synchronization mechanism, the signal will be decoded and decrypted once removed the columns 13 and 14.

 a) 3 x 100Bd/1440Hz VFT
fig. 1 - 3 x 100Bd/1440Hz VFT
In this signal we have three channels modulated at 100Bd and a pilot tone at ~3300 Hz (characteristic feature of Russian systems). Every channel has a 1440 Hz shift and 100 Baud speed, channels are separated by 480Hz steps and interleaved as in figure1.

In my test I used the lower channel (fig. 2).
fig. 2

The obtained bitstream must be processed using the right/left shift (one bit at time) and sometimes the negative polarity:  criteria of Tab. 1 must be checked in all the rows at each shift-step, in case of fails we go on shifting. Unless possible interferences and demodulator errors, I confirmd the T-207 signature (fig. 3).
fig. 3


b) 6 x 100Bd/120Hz VFT

the 6 x 100Bd/120 system (a variant of the 3 x 100Bd/1140 system) allows six independent channels, each of them exhibits 440 Hz shift and 120 Baud speed: in this sample the one-of-six mode is used. T-207 signature was found after processing the demodulated bitstream in the usual way (figs 5,6).


No comments:

Post a comment