Just a quick note to observe that bitstreams using (alleged) 256-bit Initialization Vectors (IV) encryption have the same 32-bit/4-byte sequence repeated three times. For example, in the bitstream in Figure 1 (MS-110A transmission) you can clearly see the 256-bit IV sequences, each repeated eight times.
Fig. 1 |
But if you reshape the same bitstream into columns of 32 bits the same 32-bit sequence 0xD1E221E1 emerges (Figure 2).
Fig. 2 |
I have previously encountered bitstreams with 256-bit IVs [1] but at that time I had not investigated further, focusing only on those sequences. As a counter-proof, I took back and analyzed those signals and - surprise - they also all present the same sequence 0xD1E221E1 after the IVs (Figure 3).
Fig. 3 |
Fig. 4 |
Both for the position of the 4-byte string 0xD1E221E1 (after or WITHOUT the alleged IVs) and for its presence in different streams it is difficult to say whether it identifies a sync string for a cipher device or whether it identifies a particular datalink protocol. However, in all cases I could analyze, STANAG-4538 (3G-HF) "circuit mode service" is used along with MS-110A as the traffic waveform.
[1] https://i56578-swl.blogspot.com/2020/09/s-4538110a-transmissions-using-unid-256.html
[2] http://i56578-swl.blogspot.com/search/label/P%3D32
No comments:
Post a Comment