27 May 2020

unid 200Bd/800 FSK (2)

(see the previous post for background)
My friend cryptomaster suggested me an interesting way to measure and analyze the two component frequencies of the 200Bd/800 FSK signal by using the VMW module of SA. Indeed, using that tool it is quite possible to obtain additional phase characteristics of the signals. For this, it is necessary to consider the bitmap picture of the carrier signal, adjusting the scan so that one period of the carrier wave fits on the line of the raster. Two columns of red and blue colors  on the screen of the WMV module reflect the positive and negative half-cycles of the oscillation (Fig. 1).

Fig. 1 - oscillation period (thanks to cryptomaster)
Well, it turned out that during the formation of this FSK signal the pahses of the two frequencies are preserved after each "shift" (Figs 2a,2b): that suggests that it's formed by switching (mechanically or electronically) two independent F1 F2 frequency generators which bear some inter-relationships or by using a VCO system.

Fig. 2a - F1 component phase (on a 2 periods view)
Fig. 2b - F2 component phase (on a 3 periods view)
Phase analysis was performed on a signal recorded in IQ mode exactly on its center fequency of 5094.7 KHz: in this case the two values of the frequency generators are:

F1 ~ 5602,6 HZ (2:0,000356972)
F2 ~ 6402,6 Hz (3:0,000468558) 

as expecetd, 800 Hz shift.
Me and cryptomaster discussed these values and he obtained an interesting result recording the signal at a frequency of 5093.50 KHz/usb. In this case, the carriers are equal to F1 = 800Hz F2 = 1600 Hz (Fig. 3).
Fig. 3 - F1 F2 components (thanks to cryptomaster)
Probably the lower frequency is obtained using a d
ivide-by-2 circuit. Anyway, examining the signal at different intervals, one can notice a small discrepancy in the phases of these two frequencies (Fig. 4): thus, it is once again proved that the signal is generated by two different generators.

Fig. 4 - discrepancy between F1 F2

22 May 2020

unid 200Bd/800 FSK

Odd  and unid (to me) 200Bd/800 FSK spotted this morning on 5094.7 KHz (CF). ACF shows a transmission period of 15 bit: 111101011100101
Apparently, no relevant results after defferential decoding or descrambling tries.
Fig. 1
Fig. 2 - 15-bit pattern in the decoded bitstream
Note also in Fig. 3 the unwanted "spikes" during the manipulation when carrier (and carrier phase too in this case) change:

Fig. 3
All my TDoA Direction Finding runs point to the District of Poznan, Poland.

Fig. 3 - TDoA results

16 May 2020

yet another odd STANAG-4481F channel

(for background read all the post of this topic
May 16th update
Interesting tip from my friend cryptomaster (thanks) who pointed me the 13229 KHz (cf) fequency: also in this case it's a STANAG-4481F transmission with the characteristic of the 3-bit pattern (and obviously KW-46 encryption) but the source, however, is NAU Naval Radio Transmitter in Isabela  (PTR).

Therefore, contrary to what I had observed so far, such broadcasts do not come only from Niscemi (NSY) and Barford (AJE). Below the updated list of the successful frequencies and sites (all CF):

05120.5 NSY
06383.0 NSY
06732.0 AJE
07545.5 NSY
08145.0 NSY, AJE
08204.5 NSY
13229.0 NAU

May 9th
6732.0 KHz: another STANAG-4481F KW-46 secured channel that use the odd 3-bit pattern discussed here. This one is most likely from AJE (Barford St, John, UK) and // with 8204.5 KHz from NSY (Niscemi, Italy). 

Fig. 1
Fig. 2
Fig. 3

So far, it seems that only the transmissions from NSY and AJE exhibit the odd 3-bit pattern we are talking about. Below the current list of the successful frequencies which I observed (all CF):

5120.5 NSY
6383.0 NSY
6732.0 AJE (new update)
7545.5 NSY
8145.0 NSY, AJE
8204.5 NSY

In winter, my friend cryptomaster observed two more frequencies: 4723.9 and 5118.6 kHz (the latter probably NSY tuning freq.).

As said, it's to notice that most of the times the NSY frequencies are logged as "NSY Sigonella": well, NAVCOMTELSTA (U.S. NAVAL COMPUTER AND TELECOMMUNICATIONS STATION) Sicily, located in Naval Air Station  Sigonella, manages the Naval Radio Transmitter Facility Niscemi, housing LF/HF transmitters. Same story about AJE Barford St.John that probably is sometimes reported as Croughton, nearby (6 miles distant). 

13 May 2020

(slow) 19.5Bd/97Hz FSK, likely a Russian-Mil network

19.5Bd/97Hz (slow) FSK waveform spotted on 5331.0 KHz followed by opchat in Morse:
"RGJV de PZSF QSY 17542 K"

Source is probably some Russian-Mil network. Transmission consists of a repeated 126-bit sequence (Figs. 1,2).

Fig. 1
Fig. 2
 Interesting: a time shift of half bit is added after each sequence most likely for synch purposes (Fig. 3)

Fig. 3
A similar signal, except the 125 Hz shift, was also noted by my friend Cryptomaster: