11 March 2022

1200Bd/800 Russian tactical datalink (2)

 (revised with some fixes)

My friend @pir34 (from UDXF group) and I are monitoring different frequencies which are supposedly changed on a per day/night basis, but not just that. We have noticed that the transmissions take place from at least two different sites (which I prefer not to indicate) and - more importantly - with two different data formats, even if they have the same transmission mode (1200Bd/800), same bit length (69) and same type of contents (radar tracks). In particular, the transmissions that take place on 6123.5 KHz/usb and 6232.5 KHz/usb (figures 2,3):

Fig. 1 - 6232.5 KHz transmission: spectrogram and modulation

Fig. 2 - 6232.5 KHz transmission: 69-bit period stream

According to COMIN Consulting (thanks to @pir34 for the report), this signal is known as "PIRS PEARCE" [1]: I met such signal some years ago, as annoted here in the blog, on about 20 MHz: as you see in figure, the bitstream is very similar although its length is 165 bits:

Fig. 3 - 165-bit frame length datalink

An anymous reader commented the post talking about the 165-bit "Akkord SS-PD" frame format, that he expected to see in the bitstream, and about the other more frequent frames of 69 & 117 bit lengths... just as the ones discussed in the previous post.

I did some research on the web about the Akkord format/algorithm but getting very few results: the most interesting referts to 165-bit length frames (called "Akkord-165") of which a description of the framing is also provided [2]:

4-bit (Start Of Message) + 6 x 24-bit words + 1 sep + 16-bit CRC

That described framing corresponds to those used in the formats of 69 and 117 bits reported in the previous post: in those cases the messages shall consist of two and four 24-bit words respectively (ie 48 and 96 bit length messages). The only difference is the polynomial used for the formation of the 16-bit cyclic code (thus, not used as a scrambler polynomial): in the Akkord-165 format it results to be x^16+x^12+x^5+1.

A second interesting source seems to indicate a device operating with two sub-set, each consisting of an "Akkord SS-PD" data transmission equipment plus a "similar" one and also provides the block diagram reported below in figure 4 [3]:

Fig. 4

(the label "C2" in figure 4 stands for the junction circuits between DTE and DCE)
That said, we think that the datalink transmission sites use two data formats both sent with the same 1200Bd/800 waveform, although the exchanged data are perfectly "understood" and parsed by the receive nodes. It's not clear if the two formats are provided by the data transmission unit shown in figure 4 .

[2] https://motherhouse.ru/en/mortgage/kompleks-sredstv-avtomatizacii-ksa-sbora-obrabotki-i-vydachi/

[3] http://vniira-ovd.com/index.php/en/products/communication/interface-equipment/bapd

7 March 2022

1200Bd/800 Russian tactical datalink

Interesting 1200Bd/800 "FSK" (apparently) transmissions spotted and monitored on 7980.0 KHz/usb from monday  feb. 28th until march 2nd when it disappeared. The heard  signal is a Russian "tactical data link" waveform which is used for HF comms in the Russian «БАРНАУЛ-Т» ("Barnaul-T") C2 system [1], a tactical air defense control subsystem set. The main tasks solved by "Barnaul-T" are reconnaissance of air targets, receiving and displaying information about the air situation, target distribution and issuing target designations for hitting air targets: basically, something very similar to NATO Link-11.

Fig. 1 - Russian «БАРНАУЛ-Т» set

Looking at the signal, the measured shift is = 0.67 Br so the used modulation could be GMSK or CPFSK (indeed, trajectories resolve in a circle): the phase plane and harmonics at 3rd power seems to confirm the assumption, although these "semi-modes" are hard to exactly determine (figs 2,3).

Fig. 2

Fig. 3

According to the demodulated bitstreams, two distinct framings are used:
_a) 69-bit length period (ACF = 57.5 ms), recording of 2022-03-01 at 1021 utc (figure 4)
_b) 117-bit length period (ACF = 97.5 ms), recordings of 2022-03-01 at 1757 utc and 2022-03-02 at 1112 utc (figure 5)
Actually the two framings differ only in the length of the data block and consist of:
2 start bits + 48/96 data bits + 1 bit separator + 16 bits for error detection and correction + 2 stop bits
ie, the _b frames allow to room a double space for data.

Fig. 4 - 69-bit length framing (48-bit length data block)
Fig. 5 - 117-bit length framing (96-bit length data block)

I had the chance to record some complete sessions of the _b framing. The preamble preceeding the data block consists of initial reversals followed by a same 112-bit sync sequence (just 96+16) which can be successfully descrambled with the polynomial x^21+x^11+1 (figure 6). The 117-bit data block follows and consists of single messages (approximately every 8 seconds) separated by what I think be pseudo-random traffic.

Fig. 6 - initial 112-bit sync sequence

Other 117-bit framing recordings do not show single inserts/messages within their stream but rather a continuous flow, in my opinion just pseudo-random traffic to keep the channel alive as STANAG-4285 does in the absence of messages to send (figure 7).

Fig. 7 - 117-bit framing "continuous" stream

After removing the 4 start/stop bits and the separator bit from both _a and _b frames, I obtained two codewords of 64-bit and 112-bit length respectively, coded as (64,48) as (112,96). My tests confirm that the rightmost position of the 16 EDAC bits (P15) stores an overall parity-bit (aka "extra parity bit"): that's a good clue in favor of the use of a Hamming-like coding and related parity-check matrix (figure 8).

Fig. 8 - the overall check parity bit in the two data blocks (48 and 96 bits length)

I then analyzed the two data parts (length 48/96 bits) and found that both are scrambled with the polynomial x^13+x^9+x^7+1. After removing the scrambler, the result is a stream consisting of 35/83 bits of zeros followed by 13 bits of data (figure 9): this is interesting because although the two frames have a different lengths, both transport a payload of the same length (13 bits): it could be that the choice of the framing to use depends on the channel conditions, but that's only a guess.

Fig. 9 - results after the removal of the x^13+x^9+x^7+1 scrambler

I cut off the zeros columns e found some other info about the remaining 13-bit payloads:
* the one of the 48-bit descrambled stream (_a framing) has a period of 389 bits
* the one of the 96-bit descrambled stream (_b framing) has - curiously - a parity bit (figure 10)

Fig. 10

Direction Finding results (TDoA algorithm), although they are not exactly coincident, indicate an area in North East Ukraine (figure 11): that makes sense given the current situation in that country and the purposes of the БАРНАУЛ-Т system. As said above, the signal disappeared on March 2nd morning: last signals I heard were short MS-5 (CIS-12/AT-3004D) transmission and a voice call around 1400Z ("Pervyy pervyy ya vtoroy, priyom"). Coincidently, the press service of the Ukrainian Ministry of Defense on March 3rd morning reports that "A unit of the Main Intelligence Directorate of the Ministry of Defense has seized the Russian module of intelligence and control 9C932-1 (Barnaul-T)" [2].


Fig. 11 - some direction finding (TDoA algo) results


[1] https://vpk.name/library/f/barnaul-t.html
[2] https://suspilne.media/213350-pid-kievom-zahopili-rosijskij-modul-barnaul-t-so-protidiav-ukrainskij-aviacii/