I monitored the 8235.0 KHz/USB frequency (maritime band) since some days using some remote KiwiSDRs in Oita, Okayama (both Japan) and Daegu (South Korea) [1] recording several and very interesting QPSK and MFSK8 signals that I had never met before.
1) I noticed that QPSK transmissions usually start from 0730 UTC while MFSK8 transmissions start from around 0900 UTC; probably they have different contents and purposes. In this regard, it should be noted that I monitored only during the morning and early afternoon UTC and that Korean Standard Time (KST) is UTC+9. A second interestig aspect is that both types of transmission are not preceded by selcalls or ALE, perhaps 8235.0 KHz is a "stand-by" frequency of that net?
As shown in Figure 1, other than QPSK & MFSK8 data transfers, transmissions consist of voice comms that have been very useful since the analysis of the audio files (speech & accent), and in part of the waveforms too, allowed me to trace it back to a South Korean user; also note in Figure 1 the slight mistuned frequency between the operators.
 |
| Fig. 1 - QPSK and MFSK8 signals |
2) QPSK transmissions consist of a series of "segments" that are sent consecutively, the longest I have seen is about 32 seconds; voice comms occur before and after a series has been transmitted.
Each segment has a modulation rate of 750 Baud (1500 bps) and a 1600 Hz bandwidth. Each segment is preceded by two unmodulated tones lasting approximately 5 seconds and end with a short tone transmitted at the sub-carrier frequency (Figs 2,3); the distance between the two initial tones is 750 Hz.
 |
| Fig. 2 - QPSK signal parameters |
 | |
| Fig. 3 - QPSK modulation |
As confirmed by my friend ANgazu, the two initial tones make a BPSK signal whose modulation speed has the same value as their shift, ie 750 Bd; the carrier is the center of both. They transmit reversals and are very useful to adjust the AGC, fine-tuning the signal and synchronizing the demodulator's PLL. In this case, if using a QPSK demodulator, the initial preambe is "0202020202" and it achieves the same functions (Figure 4).
 |
| Fig. 4 - QPSK demodulation of the two initial tones |
I couldn't find a characteristic period of the demodulated QPSK bitstreams (Figure 5): instead, since they are raw PSK demodulations and NOT the result of a decoding, we should see something similar to a "framing" of the used HF waveform, as we usually see in these cases, even if bits are encoded and interleaved.
 | |
| fig. 5 - a bitstream after QPSK demodulation (BPSK preamble is omitted) |
Statistical analysis of one of these bitstreams (Figure 6) shows a compressed or encrypted stream: probably the encryption device is built into the modem or the encrypted streams are sent directly to a "simple" QPSK modulator.
 |
| Fig. 6 - statiscal analysis of a demodulated QPSK bitstream |
3) MFSK8 transmissions, unlike QPSK, consist in a "single" transfer, voice comms occur before and after each individual transmission.
tone Gray bin
• 1000 Hz 000 000
• 1250 Hz 001 001
• 1500 Hz 011 010
• 1750 Hz 010 011
• 2000 Hz 110 100
• 2250 Hz 111 101
• 2500 Hz 101 110
• 2750 Hz 100 111
• 1000 Hz 000 000
• 1250 Hz 001 001
• 1500 Hz 011 010
• 1750 Hz 010 011
• 2000 Hz 110 100
• 2250 Hz 111 101
• 2500 Hz 101 110
• 2750 Hz 100 111
(the frequency of the tones was established based on the correct tuning of the operators' voice)
Note that aurally it cannot be confused with the Thales Robust MFSK8 or MS-141A waveforms as they have a 250 Hz lower tones allocation and a lower Baud rate (125 Bd). By the way, the SPIDER MFSK8 its usage is probably similar to the Thales one, i.e. data transmission.
Note that aurally it cannot be confused with the Thales Robust MFSK8 or MS-141A waveforms as they have a 250 Hz lower tones allocation and a lower Baud rate (125 Bd). By the way, the SPIDER MFSK8 its usage is probably similar to the Thales one, i.e. data transmission.
 |
| Fig. 7 |
 | |
| Fig. 8 |
The analysis of ACF and bitmap rasters reveals the presence of structured blocks at the beginning and at the end of each transmission (Figure 9): these blocks have a duration of 1364 ms that makes 341 symbols (at modulation speed of 250 Bd).
 |
| Fig. 9 - MFSK8 ACF and bitmaps |
I also tried a "plain" 8-tone demodulation using the SA demodulator and according to the tone order shown in Figure 10; for completeness I used both binary and Gray (MS-141 style) conversion. Again, Bit streams show two initial and final blocks that have equal length of 1023 bits, ie 341 symbols (each tone represents a 3-bit symbol).
 |
| Fig. 10 - binary and Gray coded MFSK8 bitstreams |
4) Why am I thinking of South Korean users?
My friend cryptomaster told me a great lead by reporting that the MFSK8 250Bd/250Hz is a "proprietary" waveform of the "SPIDER Tactical Communication System" by Huneed Technologies (Figure 11), a South Korea-based company engaged in the provision of tactical communication equipment to South Korea Army [2]; the system was deployed in the early 2000s. According to some Google searches, the transceiver used could be the SPIDER (CNR) HF PRC/VRC-950K, suited for either army and navy [3][4]. It's not known if, in addition to MFSK8, the QPSK waveform too is provided by that same device.
Since the speech & accent, the voice comms language is definitely Korean, as Max (KJ4WNA) from UDXF emailed me "a tell tale sign is the endings -nida". As for the North/South Korea ambiguity due to the use of the same language, AFAIK the North Korean military (Korean People's Army, KPA) uses communication equipments by Glocom Corp. and not South Korean ones. Unfortunately, further "geographic" confirmation was not possible because radio direction finding results were not reliable due to the brevity and near unpredictability of the transmissions as well as the lack of receivers west of the Korean peninsula.
My friend cryptomaster told me a great lead by reporting that the MFSK8 250Bd/250Hz is a "proprietary" waveform of the "SPIDER Tactical Communication System" by Huneed Technologies (Figure 11), a South Korea-based company engaged in the provision of tactical communication equipment to South Korea Army [2]; the system was deployed in the early 2000s. According to some Google searches, the transceiver used could be the SPIDER (CNR) HF PRC/VRC-950K, suited for either army and navy [3][4]. It's not known if, in addition to MFSK8, the QPSK waveform too is provided by that same device.
Since the speech & accent, the voice comms language is definitely Korean, as Max (KJ4WNA) from UDXF emailed me "a tell tale sign is the endings -nida". As for the North/South Korea ambiguity due to the use of the same language, AFAIK the North Korean military (Korean People's Army, KPA) uses communication equipments by Glocom Corp. and not South Korean ones. Unfortunately, further "geographic" confirmation was not possible because radio direction finding results were not reliable due to the brevity and near unpredictability of the transmissions as well as the lack of receivers west of the Korean peninsula.
 |
| Fig. 11 - SPIDER (Combat Net Radio) HF transceiver by Huneed |
As far as possible, I transcribed the Korean-language audio files into texts using some online tools [5], then I translated the txt files into English using Google/Yandex/DeepL translators obtaining rather interesting conversation' snippets (Figure 12). Although transcriptions and translations may results a bit "odd" and discordant, actually there are clues that point to South Korea.
 |
| Fig. 11 - example of a machine transcription & translation |
Speeches seem refer to a maritime scenario, as from the exchanged informations related to weather conditions, sailing, heading etc.: it must be said that the use of the SPIDER HF waveform would indicate an usage in a military environment such as the Navy and not in fishing boats. In addition to usual coordination and voice checks relating to the sending/receiving of data, operators cite names of some South Korean places such as "I'm going to go to Namhae by the South Sea"(1),"There's nothing else in Busan "(2), or "Mapo is 7 Km away" (3).
As I said, the transmissions are not preceded by selcal/ALE and I did not hear - or perhaps I did not figure out - any callsigns pronounced by the operators. Only in a few transmissions I came across sentences such as "I've communicated with all the surrounding turns... I've communicated with both SP3 and SP4" but I haven't heard anything else or additional context that actually confirms that these are callsigns. Only once I heard a link termination: "This is Yanglak-Dong 146 / This is Maunoi" (or perhaps "This is Yangrak-Dong 146 / This is Maunnoi").
Amogng other txt files, a September 23 0923 UTC (1623 KST) voice recording requesting the location of a boat carrying (North Korean) defectors must be noted (Figure 12). North Korean "defectors" are Koreans who have fled North Korea seeking asylum in South Korea or other nations. For the sake of completeness, I must say that the day after I looked at the Yonhap news agency website [6] but I did not find any reference to alleged defectors. Perhaps the news was not so relevant or there was no intervention by South Korean assets ...but here we enter the realm of suppositions.
As I said, the transmissions are not preceded by selcal/ALE and I did not hear - or perhaps I did not figure out - any callsigns pronounced by the operators. Only in a few transmissions I came across sentences such as "I've communicated with all the surrounding turns... I've communicated with both SP3 and SP4" but I haven't heard anything else or additional context that actually confirms that these are callsigns. Only once I heard a link termination: "This is Yanglak-Dong 146 / This is Maunoi" (or perhaps "This is Yangrak-Dong 146 / This is Maunnoi").
Amogng other txt files, a September 23 0923 UTC (1623 KST) voice recording requesting the location of a boat carrying (North Korean) defectors must be noted (Figure 12). North Korean "defectors" are Koreans who have fled North Korea seeking asylum in South Korea or other nations. For the sake of completeness, I must say that the day after I looked at the Yonhap news agency website [6] but I did not find any reference to alleged defectors. Perhaps the news was not so relevant or there was no intervention by South Korean assets ...but here we enter the realm of suppositions.
 |
| Fig. 12 |
5) Given the the use of a "informal language", the machine transcriptions/translations might sometimes generate military jargon terms and names that seem a bit odd and out-of-context, as the the classic term "Christmas trees" used in board U.S. submarines and reffered to nuclear missiles. For example, I have often noticed the use of the term "seagull" which, judging by the speeches context, may not refer to the well-known bird. Also, it must be said that the operators speak Korean(!) and not more "easy" languages such as English, Spanish or even French, so I could not correct the errors as I should desire and confirm that the transcriptions were accurate, but I simply copied and pasted the automatically transcripted texts.
6) At present I do not have sufficient evidence to confirm whether this is the South Korean Navy (ROKN, Republic of Korea Navy) or possibly other assets such as the Coast Guard (KCG, Korea Coast Guard), although the latter is not under the Ministry of Defense (the Coast Guard is an independent and external branch of the Ministry of Maritime Affairs and Fisheries). Therefore I can't not exclude that users may be other South Korean military/civilian organization: further recordings & analysis and blog readers too will help.
(to be continued)
https://disk.yandex.com/d/_Ab_KPufsyPGPw (waveforms and a relevant op-chat)
(1) Namhae is the site of the South Regional HQ of Korean Coast Guard and also a Mine Sweeper Hunter of Korean Navy
(2) The Busan Naval Base is a group of ports and land facilities of Korean Navy (ROKN), located at Nam-Gu, Busan. The United States Naval Forces Korea headquarters sit within this base
(3) "Mapo" could be a mistranscription of the word "Mopko" which is the Third Fleet Command HQ of ROKN and also the West Sea Regional HQ of KCG. This way, the sentence "Mopko is 7 Km away" would make sense
[1] http://kiwi.web-sdr.net:80/ (list) http://22052.proxy.kiwisdr.com:8073/ http://hl5ntr-sdr.ddns.net:8073/
[2] https://huneed.gobizkorea.com/mini/site/miniSiteMain.do?domn_id=huneed
[3] https://en.wikipedia.org/wiki/...
[4] https://blog.naver.com/PostView.nhn?blogId=altecsound&logNo=6017573017
[5] https://app.transkriptor.com https://turboscribe.ai https://www.notta.ai
[2] https://huneed.gobizkorea.com/mini/site/miniSiteMain.do?domn_id=huneed
[3] https://en.wikipedia.org/wiki/...
[4] https://blog.naver.com/PostView.nhn?blogId=altecsound&logNo=6017573017
[5] https://app.transkriptor.com https://turboscribe.ai https://www.notta.ai
