30 November 2020

unid 200Bd/400 MFSK-4

Yet another interesting signal sent me by my friend Eddy from Australia. The transmission has been recorded on 16320.0 KHz/USB at 0520Z and consists of 200Bd/400 FSK-4 segments (the signal in between does not carry information). Figure 1 shows the measurement of the relevant FSK parameters. 

Fig. 1

The first two segments A,B (the shorter ones) could probably act as selcall. Indeed, after the removal of the polynomial x^5+x^4+x+1, the stream exhibits an interesting 8-bit structure where repeated initial patterns can be seen.

Fig. 2

The longest segment has an interesting structure. In my opinion, the initial part is formed of a 118-bit initial sequence followed by a block consisting of a 192-bit (24 bytes) sequence which is four times repeated; probably it's the synch + initialization vector section of the message.

Fig. 3

After the removal of the initial part, the stream shows a 504-bit period but with several alternate sequences (Fig. 4). The same 8-bit structure is visible after the removal of the polynomial x^5+x^4+x+1 (Fig. 5 ). Most likely it's a Chinese waveform, although there are not more informations about it. Recently these transmissions have also been listened on the Twente websdr (and just on the same frequency).

Fig. 4
Fig. 5


24 November 2020

unid 200Bd/400 FSK bursts

Interesting 200Bd/400 FSK bursts heard on 12087.4 KHz/USB and reported by my friend Eduard (Eddy) Waters from Australia. The bitstream consists of repeated sequences of 32 bit; I did not find a suitable polynomial.

Fig. 1

Probably a kind of telecontrol sending the same values, for example 4-bit groups (assuming 1001 as the first group):
1001 0011 0001 1101 1011 0010 1100 1100
1001 0011 0001 1101 1011 0010 1100 1100
1001 ...
or groups of 8/16 bits.

Fig. 2

We wonder what that was all about, seems strange it has not come back on.


18 November 2020

unid 318000Bd/228 GFSK (UHF)

Unid 318000Bd/228 GFSK spotted on 428 MHz and sent me by a friend of mine

Fig. 1

After the removal of the scrambler x^9+x^4+1, the bitstream shows an interesting 228-bit (or 12 x 19-bit groups) period.

Fig. 2 - 19-bit grouped stream
Fig. 3 - 228-bit period stream


13 November 2020

OFDM 17-tone PSK4 62.5 Bd, "struna" HF (струна)

Heard on 10994.0/USB (10995.5 CF) starting from 1020Z on Twente WebSDR. That "Struna" HF waveform consists of OFDM 17-tone modulation using PSK4 at 62.5 Bd, tones are 62.5 Hz spaced. Struna transmissions take place on a pool of frequencies at .10, .20 and. 30 minutes every hour. Thanks to cryptomaster for the tip and radiotehnikaT101 for warning about the on-air signal presence.



a new toy

Just bought (and alreday at home) the compatible Arduino™ Mega 2560 R3  board: a microcontroller board based on the ATmega2560. It has 54 digital I/O pins (14 of which can be used as PWM outputs), 16 analogue inputs, 4 UARTs (serial hardware interfaces), a 16-MHz crystal oscillator, a USB interface, a power connection, an ICSP header and a reset button.

Really hope to do something useful with it for signals and analysis, as well as fool the time during covid-19 lockdown.

5 November 2020

A not easily classifiable burst waveform

The burst waveform has been monitored on 8118.0 KHz/USB for several days and is part of a multi-mode system which also uses OFDM and MFSK modulations [1]. According to some friends and milcomm listeners, OFDM and MFSK are used for data/ARQ while the bursts act as "sounding/probing" for the communication frequencies. The bursts have a fixed length and are modulated at the data rate of 2400 Baud; bursts are formed of (~) a 55ms TLC section probably used for transmitter level control and receiver AGC settling, a 45ms acquisition preamble and 22 data blocks; each data block has a duration of 20 msec and therefore consists of 48 symbols (Figure 1).

Fig. 1

For what concerns the framing and the used modulation, a bit more accurate analysis is needed. Ruled that the total length of one frame is 48 symbols (Figure 2), the time durations inevitably have small inaccuracies that do not allow a definitive measurement of the symbols used for the data (Unknown Symbols, UK) and consequently the number of the symbols used for the probes (Known symbols, K): milliseconds matter! The framings that we can reasonably suppose, indicated in the form [UK + K], are: [35 + 13] and [34 + 14]; although the [32 + 16] framing is possible, it appears in my opinion a little too "generous" since it takes 6.66 msec to transmit 16 symbols. I point out that the patterns in Figure 2 are a function of time and therefore do not depend on the modulation used. 

Fig. 2
The structure of the frames can also be drawn from the analysis of the bitstream resulted after demodulating the bursts, and here things get complicated. The question to be resolved is whether it is a 4-ary or 8-ary modulation.
At first glance, the absolute constellation looks like a PSK8 modulation, although the four states 45°,135°,225°, 315° are clearly less dense and unstable. Moreover, looking at the transitions more carefully, the paths between those states and the π/4 adjacent ones are almost completely missing. The three lines in the harmonics spectrum at 2^ power and the transitions in differential demodulation are a good clue in favor of a 4-ary modulation. It could be said that it's a π/4-DQPSK modulation, but the zero-crossing transitions rule out this modulation.
Me and friends cryptomaster and KarapuZ have discussed this aspect. In my opinion, it seems that they use a PSK4 modulation and two symbols sets [0-2-4-6] and [1-3-5-7] (ie π/4 shifted) for probes and data; the symbols are then directly mapped to a PSK8 constellation without pre-scrambling them with pseudo-random three bit numbers. This way, the two π/4 shifted PSK4 constellations appear superimposed in the phase plane, giving the impression that it's a PSK8 constellation. With this assumption, the few transitions between the two sets of states find an explanation (switching from data to probe and viceversa).

Fig. 3
Obviously, demodulation shall produce a 96-bit period stream in case of  PSK4 (2-bit symbols x 48) or a 144-bit period stream in case of PSK8 (3-bit symbols x 48). Me and cryptomaster tried a differential PSK4 demodulation and results are indeed interesting. A [UK + K] = [33 + 15] framing clearly emerges from the bitstreams reported in Figures 4 and 5, and - specifically - the 15 symbols that form a  single probe consist of the 30-bit sequence:
(the 22 probes can be clearly identified in Figure 5).
Even more interesting is to note the repeated presence of the same sequence also in the preamble bits: it means that what I named as "probes" are most likely "preamble re-insertions". 
Fig.4 - 96-bit stream after dPSK4 demod (I56578)

Fig. 5- 96-bit stream after dPSK4 demod (thanks to cryptomaster)
As said above, symbols appear not mapped to a PSK8 constellation thus a final scrambler - if present - is not used in the same way as in 188-110; anyway, we have found some success with the generator polynomial x^3+x^2+x+1. Assuming the classic chain of functional blocks FEC -> interleaver -> symbol formation -> scrambler going further in the analysis is a mission impossible in the absence of specific documentation.
Friend KarapuZ preferred go down the road of a differential PSK8 modulation (Figure 6): the bitstream shows a [32 + 16] framing but, in that case, the same 16-symbol pattern forming the probes
is not visible in the preamble. It's to notice that after removing the probes, an interesting 48-bit pattern shows up with a further phasing element consisting of two "ones" value columns.
Fig. 6- 144-bit stream after dPSK8 demod (thanks to KarapuZ)
As regards the monitored frequency (8018.0 KHz/usb) the bursts are transmitted according to the scheme 3-2-3 represented in Figure 7; no other wavfeorm (OFDM  or MFSK) was however heard.
Fig. 7 - timings