(updated)
Since some days me and my friend Cryptomaster
are discussing an FSK signal detected on 6511.50 Khz (CF).
Transmissions starts (and ends) with a long reversals sent at 150 baud
speed followed by (repeated) messages sent at 300 baud; although some slight fluctuations, we decided to fix the shift to 500 Hz.
 |
| Fig. 1 - FSK main parameters |
The bitstream shows a 24-bit lenght period, one of which is the phasing bit (the last column of "0s"); data are preceeded by a 240-bit sequence generated by the polynomial x^12+x^10+x^9+x^3+1.
 |
| Fig. 2 - the resulting bitstream after demodulation |
Again,
the question arises of whether or not to use Differential FSK mode:
infact, as already cited in some previous posts [1][2], as result of the
differential decoding, we get a uniform parity check, except for the
first combination of bits (figure 3). We think that the differential
mode probably does not apply, and that's a kind of "trick".
 |
| Fig. 3 - parity checked stream obtained after differential decoding |
Speaking with some of his friends, Cryptomaster was able to use their particular program capable of detecting the presence of any CRC sequences in bitstreams: as a result, after inverting the 9th column of the stream, a clear H(24,16) coding was found, ie 16-bit data followed by 8-bit CRC. We then found and verified the relative (8,24) check matrix
1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0 0 0 0
0 1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0 0 0
0 0 1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0 0
0 0 0 1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0
0 0 1 1 1 0 0 1 1 1 0 1 0 1 1 1 0 0 0 0 1 0 0 0
1 0 1 0 1 1 1 0 0 0 0 1 0 0 1 1 0 0 0 0 0 1 0 0
0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0 0 0 1 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
 |
| Fig. 4 - bitstream (left) and CRC (right) computed using the (16,8) check sub-matrix: the two CRC sections coincide |
The program that generated the matrix, during flow control, re-inverts the ninth column of the bitstream (perhaps the first inversion is done during signal formation). Something similar has been observed in some CIS signals and
in Finnish NOKIA. We also found that the check matrix is generated with
the polynomial x^7+x^3+x^2+x+1 (figure 5).
 |
| Fig. 5 |
The
message data is therefore made up of 202 bytes, organized in a 16 x 101
bit matrix; statistical analysis does not seem to indicate the use of
cryptography (figure 6)
 |
| Fig. 6 |
For the sake of completeness, I add that in the first instance we tried to de-interlace the stream thinking that it was previously undergoing a block interleaver: then we get a stream arranged as a (24,101) bit matrix. As a result, a (101,84) check matrix was obtained which really encodes the information. But we were puzzled by the fact that only 101-84 = 17 bits of information remain in each codeword (51 bytes of data transferred) with a Hamming distance of 48: quite irrealistic in our opinion.
 |
| Fig. 7 |
3rd August update
The signal reappeared, but with less amplitude, on the frequency of 8084.0 KHz (cf). Attempts at Direction Finding (TDoA algorithm) indicate the Kaliningrad oblast as a possible site of the Tx, see figure 8. Further confirmations are however necessary.
KiwiSDR receivers used for monitoring:
http://77.223.174.203:8073 (Smøla, Norway)
http://julussdalen.proxy.kiwisdr.com:8073 (Julussdalen, Elverum-Norway)
 |
| Fig. 8 - TDoA results (tentative) |
https://disk.yandex.com/d/7JHDI9np2IXR3Q
[1] https://i56578-swl.blogspot.com/2021/12/chinese-psk2-2400bd-serial-waveform.html
[2] https://i56578-swl.blogspot.com/2022/06/akula-almost-always-holds-surprises.html
No comments:
Post a Comment