30 June 2020

CIS-75 FSK 75Bd/250 (3): 126-bit LFSR sequence

(for background, read all the posts of this topic)
Russ-Mil CIS-75 75Bd/250 FSK system spotted this morning on 15832.0 KHz (cf). After differential decoding, the bitstream shows a clear 385-bit period and a 126-bit pseudo random sequence, generated by the polynomial x^7+x^6+1, which is inserted in the data stream probably to re-sync the receive modem among the messages, note that the sequence has one bit in error (maybe planned?):


Fig. 1 - 126-bit pseudorandom sequences
Fig.2 - the synched stream
It's interesting to note that in previous CIS-75 recordings, we saw the use of a 128-bit (!) length pseudo-random sequence transmitted in positive and negative polarity: those sequences are easily identifiable by inspecting the stream with a window, coincidentally, 385-bit wide.
By the way, the same polynomial x^7+x^6+1 is also used by the French-Ny in their 50Bd/850 FSK fleet broadcast as one of the two stream LFSR delimiters [1].  

29 June 2020

unid 40.4Bd/800 FSK & FSK/Morse

6800.0 KHz (cf): unusual 40.4Bd/800 FSK long time reversals then into FSK/Morse "UUG4 de UTN7 ZC GB 73 SK" and off-air. Most likely a CIS network.
Comments are welcome 😄

23 June 2020

CIS Navy 50Bd/500 FSK 136 bit (T-600-136)

Yet another 50Bd/500 FSK transmission, this time recorded monday morning on 14704.0 KHz (cf) around 1340Z and almost surely sourced by the CIS Navy T600 system (typical shifts: 200, 250, and 500 Hz): given the 136-bit length frames this waveform is also known as "T600-136".

Fig. 1 - FSK parameters
Note that the full transmission period is 544-bit length, i.e. 4 x 136-bit frames. Indeed, from a quick examination of the demodulated bitstream (Fig. 2), it is easy to see that it's composed of blocks of four repeated frames, probably to add redundancy to the system.

Fig. 2 - CIS-Ny 50Bd/500 bitstream (136-bit frames)
The same 136-bit framing is also used in the CIS-Ny 50Bd/250 FSK, still from a T600 system (Fig. 3): these two waveforms seem to be used to carry the same "type" of messages unlike the CIS-Ny 50Bd/200 FSK which shows a different structure of the frames (70-bit Message Indicator, 4:3 ratio,...) and it's mainly used for fleet broadcast.

Fig. 3 - CIS-Ny 50Bd/250 bitstream (136-bit frames)

Although the shift is a multiple of the manipulation speed, the two tones do not preserve their phase (Fig. 4).

Fig. 4 - CIS-Ny 50Bd/500 tones

14 June 2020

50Bd/500 FSK (likely CIS Gov/Mil)


My friend cryptomaster (thanks) confirmed the user (CIS networks) and he also pointed out that the 128-bit sequence is actually a 64-bit sequence that is transmitted in opposite polarity:

As well as the central part of the message which is the same 64-bit sequence (here 13-bit shifted) but with one bit in error:


11 June 2020

Unid (likely CIS) 50Bd/500 FSK message recorded on 12221 KHz (cf) at 1035z using the KiwiSDR "nsk" located near Novosibirsk, Russia. Notice the sequences generated by the polynomials x^7 + x^5 +x + 1 (128 bytes length) and x^5 + x^4 + x + 1 (Fig. 1).

Fig. 1 - the two LFSR sequences
Although the shift is an integer multiple of the speed, the two FSK tones do not preserve their phases (Fig. 2).

Fig. 2 - phases of the two FSK tones

5 June 2020

Saab Grintek MHF-50 "preamble" variant

Saab Grintek MHF-50 variant recorded on 8603.0 KHz/USB using the KiwiSDR located at TWR Kempton Park, South Africa: notice that 8603.0 Khz is believed to be one of working channels used by South African Navy.
The signal has a kind of "preamble" (Figs. 1,2) which is followed by the usual multimode waveform. This preamble consists of a short 75Bd/170 FSK
followed by a 120 sec long 1622 Hz tone which exhibits interesting markers each 12 & 1 seconds maybe to serve sync purposes.

As said, the preamble is followed by the well known multimode waveform (Figs. 3,4) consisting of 54.4Bd/390 FSK and 54.4Bd/65 MFSK-33 with the characteristic 3 tones signaling the EOM.

Fig. 3
Fig. 4

6 June 2020 update

As noted by my friend KarapuZ, the 75Bd/170 FSK segment 
can be successfully descrambled using the polynomial x^8 + x^6 + x + 1; maybe it serves sync purposes for the following MFSK decoder. It's interesting to note that the same polynomial is used in CIS-75 waveform.

It's supposed that some frequencies (4346, 6504, 8580, 12982, ...) are either channel markers, propagation markers and/or FAB channels and some other (4245, 6407, 6493, 8603, ...) are traffic channels; anyway, it seems that they carry different patterns.


3 June 2020

NATO 75Bd & 50Bd FSK: F1F2 phase

I decided to replicate the analysis of the phase of the two FSK tones shown in the  previous post  by taking a look at the NATO 75Bd & 50Bd FSK transmissions just because only in the latter the shift (850 Hz) is an integer multiple of the bit rate (850/50 = 17). The The difference between manipulation with a break and without a phase break during switch-over is also visible in SA program in Wave Form mode (Fig. 1): signal "a" is 75Bd/850 FSK, signal "b" is 50Bd/850 FSK; all NATO transmissions.

Fig. 1 -
As expected, both the tones of the signal a (75Bd/850 FSK) do not preserve their phase after each switch-over (Fig. 2) while the tones of signal b (75Bd/850 FSK) preserve their phase (Fig. 3).

Fig . 2 - 75Bd/850 FSK
Fig. 3 - 50Bd/850 FSK
To be precise, 75Bd FSK is from NAU Isabela on 16121 KHz and 50Bd FSK is from NSY Niscemi on 8203 Khz: therefore it must be considered that generally the data are not generated in the same place where the FSK signal is formed. Don't know if the same modem is used in both the waveforms (...and in both the two TX sites), anyway the two tones of the French-Ny 50Bd FSK too have the same behavior i.e their phase is preserved (Fig. 4).

Fig. 4 - French-Ny 50Bd/850 FSK

2 June 2020

200Bd/1000 FSK Rus-Intel 288-bit (F06x)

200Bd/1000 FSK Rus-Intel 288-bit (aka Enigma F06x) transfers with a slightly different pattern, although all recognized by Rivet [1]. Each frame starts with a 32-bit (4 bytes) sync sequence 0x7D12B0E6
followed by a 11-bit frame line counter (block index). The sync sequence could be generated by the polynomial x^5 + x^4 + x^3 + X + 1.
More and accurate details here.