tag:blogger.com,1999:blog-28051073057523776932024-03-18T17:26:35.554+01:00diario SWL I-56578 Antonio HF utility & milcomm signals<br>
<i>tony.anselmi@gmail.com</i>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.comBlogger653125tag:blogger.com,1999:blog-2805107305752377693.post-1446779701737184032024-03-18T17:26:00.000+01:002024-03-18T17:26:00.860+01:003G-HF Fast Traffic Manager (FTM) at work<p style="text-align: justify;">This sample provides an example of the use of 3G-HF (STANAG-4538) Fast Traffic Manager (FTM) protocol, which is sometimes referred to as simply FLSU (Fast Link SetUp). More precisely, FLSU is used to set up links, and it includes the traffic type that will be used immediately after the link set up is complete; FTM is used after the FLSU for cases in which the traffic type needs to be changed, or to negotiate channel access among linked stations. <br />As stated in S-4538 Annex-C Edition1 Amendment2, if a link has been established for delivery of packet traffic using the HDL+ data link protocol (BW7), all FTM and FLSU Protocol Data Units (PDUs) transmitted for the remaining duration of the packet link shall be transmitted using the BW6 burst waveform: thus, since the use of BW6, the link was initialized for HDL+ protocol. But, as you can see in Figure 1, at some point an FTM negotiation causes the change of the traffic type: from HDL+ (BW7 waveform) to LDL (BW3 waveform).</p><p style="text-align: justify;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5m27-Y_0WxwMYQjAM8f-uUM5YhfJ7sRTle8XhjO01QH8MhnMqAphi7krov8TVgBEFq_BCgCyLWIv0mBkuNaaFwG0yEoi8m81pJQmmwlXIsGY8HuWT25IzwC2d24HZtnJCGl2GHkLMqd-Lh91RPi_S5nHl5EzHnB-1AuIEmQlnzM11Dws5S31GSHNt4IY/s566/1.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="566" data-original-width="459" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5m27-Y_0WxwMYQjAM8f-uUM5YhfJ7sRTle8XhjO01QH8MhnMqAphi7krov8TVgBEFq_BCgCyLWIv0mBkuNaaFwG0yEoi8m81pJQmmwlXIsGY8HuWT25IzwC2d24HZtnJCGl2GHkLMqd-Lh91RPi_S5nHl5EzHnB-1AuIEmQlnzM11Dws5S31GSHNt4IY/s16000/1.PNG" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 1 - traffic type change</i><br /></td></tr></tbody></table><br />It's worth noting the use of BW4 waveform bursts after LDL data delivery, it's requested by the #4.6.5 Dual Demodulation condition: "Under no circumstances shall stations be required to simultaneously demodulate more than two waveforms. Any scenario requiring more than dual-demodulation is either an error in the specification or an error in interpretation" <i>(1)</i>.</p><p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5NZOA60-SZofTz2B1tBwI_Mt_5uGrxsHNbifuL7FgwYSdu65vQb651_3qep6HwwRCoF5k33xZhvLLI_FN-gkdxHxicgB9B_bWjL6E0MEOW0ynsPWtBMIfmmwawvlVdUtd6nhLm0aD3HWmOcQYfeIgo8uO2oCU4sMRlYAd2Lrosn8vbLSheMd16BbQZak/s641/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="216" data-original-width="641" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5NZOA60-SZofTz2B1tBwI_Mt_5uGrxsHNbifuL7FgwYSdu65vQb651_3qep6HwwRCoF5k33xZhvLLI_FN-gkdxHxicgB9B_bWjL6E0MEOW0ynsPWtBMIfmmwawvlVdUtd6nhLm0aD3HWmOcQYfeIgo8uO2oCU4sMRlYAd2Lrosn8vbLSheMd16BbQZak/s16000/2.PNG" /></a></div> <br />By the way, the BW3 burst transports a L3Harris "Citadel" encrypted message (Figure 2).<p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYlne6KKOFso7wourBboXaen4ghO60ofKDvdRd2QK7m7Z6_sgxdNGCQIO2YD1JbT_igq6gFYwR1v8E4m-2HAL33HPqQQwCWu9UkekHeLD8j54T8PgCX9XSNRcn-bXwl86oKFHHtZWsHhsWhRgcqcN_kGHZl2bZTdTVVdsPZ3Q0oKHnOBC5Yq0Cci4Vcwg/s943/3.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="716" data-original-width="943" height="486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYlne6KKOFso7wourBboXaen4ghO60ofKDvdRd2QK7m7Z6_sgxdNGCQIO2YD1JbT_igq6gFYwR1v8E4m-2HAL33HPqQQwCWu9UkekHeLD8j54T8PgCX9XSNRcn-bXwl86oKFHHtZWsHhsWhRgcqcN_kGHZl2bZTdTVVdsPZ3Q0oKHnOBC5Yq0Cci4Vcwg/w640-h486/3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><br /><p style="text-align: justify;"><a href="https://disk.yandex.com/d/YCupV-cFBXOmqQ" target="_blank">https://disk.yandex.com/d/YCupV-cFBXOmqQ</a></p><p style="text-align: justify;"><i>(1) HDL+ states is missing in the Table 4.6.5-1: however, since BW6 burst waveform is used for Ack/EOM/Term messages, Master and Slave stations expect to receive a BW6 or a BW7 waveform.</i></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-33918359175942425502024-02-26T11:51:00.004+01:002024-02-26T17:43:10.428+01:00(unid) synchronous transfer protocol over MS-110A & FED-1052 DLP<div><p style="text-align: justify;">Durings the last few days I have monitored the frequency 7762.0 KHz/U and collected very interesting recordings of transmissions regarding a (possible) synchronous transfer protocol which sits at a higher layer than the datalink one. All transmissions use MS-110A as the HF waveform and most of them use FED-1052 App.B as Data Link Protocol (DLP)<i><span style="color: #2b00fe;">(1)</span></i>: Figure 1 is an example in this regard. Since the use of FED-1052 DLP, the HF waveform could likewise be FED-1052 serial (single-tone) given that the two waveforms are interoperable. Links are performed using 2G-ALE handshakes (MS-141A), logged callsigns are K01, k02, K03, K08, K13, and K14. </p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmRnQNrZRxETxw1Bsp8_eSbX_oh2RQFtfobsAvT4fs19rBr1ututCwnVT7pR6WcBX2xIjvrkBnKSPaFZKFZGMuECp4NrRHuSCy9XVChmaTwcFb9pJJ9JmzIWL20VRQFn6OZk8cFTM11NNuc5CGQVTI9Bk3-ejTEFHb6VJagfaCRk98irxczDaFjXa8Jg8/s960/segnale.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="960" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmRnQNrZRxETxw1Bsp8_eSbX_oh2RQFtfobsAvT4fs19rBr1ututCwnVT7pR6WcBX2xIjvrkBnKSPaFZKFZGMuECp4NrRHuSCy9XVChmaTwcFb9pJJ9JmzIWL20VRQFn6OZk8cFTM11NNuc5CGQVTI9Bk3-ejTEFHb6VJagfaCRk98irxczDaFjXa8Jg8/w640-h224/segnale.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 1</i> <br /></td></tr></tbody></table><p></p><p style="text-align: justify;"><b>1.</b> The demodulated bitstreams of the first four Tx segments ("A" in Figure 1) have a common 26-byte (10+16) length initial sequence which may be seen as consisting of the two Hex strings/sequences shown in Figure 2:<br /></p><p style="text-align: center;"><b>[16 16 16 16 16 16 16 16 16 16] [8E 5C 0B AA 97 30 56 E6 93 A2 B3 FB 6D 1A E2 01]</b> </p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie27gW6DFpgwLqm6Cde_KFAY1qKPqbuN1NA2SXtpWGBTTORiKgxhV8zd-AC5HZL1QC1T2SLDrVPxXicMNPT-UseHAkxNShwMINtbqZ0DqcchJgYIRK929y5ayjpqQ37n9tRhOEwn1PzBeKXAzNec-ySNbZLL4dGFaQLtPLVOv_bjTXYLgIQGDmCT_1Yq4/s622/fa1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="622" data-original-width="590" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie27gW6DFpgwLqm6Cde_KFAY1qKPqbuN1NA2SXtpWGBTTORiKgxhV8zd-AC5HZL1QC1T2SLDrVPxXicMNPT-UseHAkxNShwMINtbqZ0DqcchJgYIRK929y5ayjpqQ37n9tRhOEwn1PzBeKXAzNec-ySNbZLL4dGFaQLtPLVOv_bjTXYLgIQGDmCT_1Yq4/w608-h640/fa1.PNG" width="608" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 2 - initial Hex sequences</i><br /></td></tr></tbody></table></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">The two initial strings are followed by an apparently random 224-bit/28-byte sequence which is 3 times repeated: that sequence is unique for each Tx segment so that it could be an Initialization Vector (IV): the repetitions are indeed a good clue (Figure 3):</div><div style="text-align: justify;"><br /></div><div style="text-align: center;"><b>[54 6A 59 86 D8 0D 5E EE 94 AF B7 25 C1 DB 44 A8 BF 4B F9 DF AF F4 BF 1D 94 F9 6D 3F]</b></div><div style="text-align: center;"><b>[FA D6 B4 C8 3D 50 BA 06 F1 E7 4C 22 02 A5 86 48 F9 6D AA 76 29 3C 0A E0 51 E8 61 FF] </b></div><div style="text-align: center;"><b>[58 FC 4A D4 09 C2 82 9B 75 93 16 2D 8A 11 B1 D3 8A DE F1 55 79 2E 52 E1 53 02 E2 B5] <br />[A7 55 A7 B1 8E E9 68 96 84 DF 57 FA AF A2 09 E9 EA DB D5 53 16 9F 20 E7 93 75 24 86]</b> <br /></div><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgp_HM0eZd_GdqbejPLypDrUyIaOKJL8EAHxNNeq02REnvbLnH-jWewlO-ZzAirpn6uj9PMCqDUy5kw8ZSFxJ-j-YtwUIRh_lIbtcJ3hN8iodFm3YddsMxD0GR7BfvSuPFfk4Z2aJi_JcyXW14Xhx3k1bKv1nkubfbaCVNg_FKtYApbZSTCbHCBVK3R2_k/s976/fa2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="498" data-original-width="976" height="326" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgp_HM0eZd_GdqbejPLypDrUyIaOKJL8EAHxNNeq02REnvbLnH-jWewlO-ZzAirpn6uj9PMCqDUy5kw8ZSFxJ-j-YtwUIRh_lIbtcJ3hN8iodFm3YddsMxD0GR7BfvSuPFfk4Z2aJi_JcyXW14Xhx3k1bKv1nkubfbaCVNg_FKtYApbZSTCbHCBVK3R2_k/w640-h326/fa2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 3 - 28 bytes sequences</i><br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The bitstreams end with a 20-byte string of 0x16, just the double of the length of the initial 0x16 sequence:</p><p style="text-align: center;"><b>[16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16] </b><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyC_mw0bfdIOoG6T2Kfbv16-iMio5lD83IqF7Pd8R8Fks0lj7yEJQYpCY0Y0ZEVd16OZCOx2PrblkIlVqVN8H1bbUQms5wQx0WLFE9lhmazOfIJ7FFjwtDmoVn582upSfujxJ0TXLVEG6FDgy91ybsZRIb7ISv3GcK7ydEEY5Cz8PKc3CbnwAZdp-cLMM/s632/fa3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="632" data-original-width="597" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyC_mw0bfdIOoG6T2Kfbv16-iMio5lD83IqF7Pd8R8Fks0lj7yEJQYpCY0Y0ZEVd16OZCOx2PrblkIlVqVN8H1bbUQms5wQx0WLFE9lhmazOfIJ7FFjwtDmoVn582upSfujxJ0TXLVEG6FDgy91ybsZRIb7ISv3GcK7ydEEY5Cz8PKc3CbnwAZdp-cLMM/w604-h640/fa3.PNG" width="604" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 3 - ending Hex sequences</i></td></tr></tbody></table><p></p><p style="text-align: justify;">Since these Tx segments are sent using the 2400bps/voice mode, the data blocks between the (presumed) IVs and and the ending sequences could consist of secure digital voice. The Shannon entropy value computed on data blocks (7.792888420337759) could suggest encrypted or compressed files. Just to be thorough, I thought about checking whether the repeated 28-bytes sequences were SHA-224 digests (64 rounds, by default) of the following data blocks, but the results did not confirm this hypothesis.</p><p style="text-align: justify;"><b>2.</b> The bitstreams resulting after demodulating the other 12 Tx segments ("B" in Figure 1) are recognized as FED-1052 App. B "DLP Data Link Protocol" frames (also known as HF Data Link Protocol, HFDLP). Quoting FED-1052 standard #50.1.1.1 Frame sync pattern: Each new transmission over the physical channel shall begin with a three byte (24-bit) frame synchronization pattern to identify the following traffic as DLP processed traffic. The frame synchronization sequence in hexadecimal format, shall be "5C5C5C". The sync pattern shall be transmitted such that the first eight bits in order of transmission are "00111010" (see Figure 4).<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNA6vSMCPSufFUDBl8f0SvZTYTa6EXuabHMb4PyMt_jc8lpqg01lwmMxFbI-NiWVxz76Eua52o-lxmBHzKluW3yI5o896zcv3Ht5CRT2kHlwaY3fm9NIG4Lulw_R1B2rMJ5AB4UlhCuJgfcYdTTXHJDrY7Rpl5voi9hPKpJB1E6LHQ7HboBmGO-uhVaXc/s914/fb1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="708" data-original-width="914" height="496" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNA6vSMCPSufFUDBl8f0SvZTYTa6EXuabHMb4PyMt_jc8lpqg01lwmMxFbI-NiWVxz76Eua52o-lxmBHzKluW3yI5o896zcv3Ht5CRT2kHlwaY3fm9NIG4Lulw_R1B2rMJ5AB4UlhCuJgfcYdTTXHJDrY7Rpl5voi9hPKpJB1E6LHQ7HboBmGO-uhVaXc/w640-h496/fb1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 4 - FED-1052 DLP sync patterns</i><br /></td></tr></tbody></table><p style="text-align: justify;">Looking at the Source and Destination Address fields<i> <span style="color: #2b00fe;">(2)</span></i> in the hexdumps of Figure 5, it's possible to see the exchanges of DLP frames between the addresses 03 (0x3330, ASCII 30) and 01 (0x3130, ASCII 10): forward and reverse directions are due to the ARQ feature of DLP protocol. Notice that the DLP addresses 01 and 03 match the ALE callsigns K01 and K03 used during the link setup process (Figure 5).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_SpH3dDw5V1L862bBs00vHOBGoG6LeSs7YV1V44f_X2FjFr0fId6fB_HNSUut9uc55tKTcVG09zTmI6ET864m3lDhczh-1UCIutNNSY-AWfVeILUytV6gYHHR_XEhryBpy8bktLUUUrccptvAjJlpCmN4-vfDRP7Qg2CXCD6GRMXeYzlyQuZRSmb32uk/s975/user1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="406" data-original-width="975" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_SpH3dDw5V1L862bBs00vHOBGoG6LeSs7YV1V44f_X2FjFr0fId6fB_HNSUut9uc55tKTcVG09zTmI6ET864m3lDhczh-1UCIutNNSY-AWfVeILUytV6gYHHR_XEhryBpy8bktLUUUrccptvAjJlpCmN4-vfDRP7Qg2CXCD6GRMXeYzlyQuZRSmb32uk/w640-h266/user1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 5 - DEF-1052 DLP frames exchanges</i><br /></td></tr></tbody></table><br /><p style="text-align: justify;">More precisely, each DLP transfer consists of 3 frames (Figure 6): the first is a data frame (bytes block delimited by 0x16) while the 2nd and 3th are control frames.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjb9jDW_y6PX1kUE0BKvFgaZQA69wT1B7JEdqvEWtSIsElsSYyW9dEHbZF831BU2ecuYplT7SiCbaE57BkqzMWPJf4DTzlPTMMzgIEOHDtMyzoNd3C6l9Xlpj58UN3P6hNQlLVIXyIVuFJgjy7XSC-nZL8yUQZnZcsgUg9BnHPQTmMZh6nDZdfe07S4-gY/s976/user2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="421" data-original-width="976" height="276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjb9jDW_y6PX1kUE0BKvFgaZQA69wT1B7JEdqvEWtSIsElsSYyW9dEHbZF831BU2ecuYplT7SiCbaE57BkqzMWPJf4DTzlPTMMzgIEOHDtMyzoNd3C6l9Xlpj58UN3P6hNQlLVIXyIVuFJgjy7XSC-nZL8yUQZnZcsgUg9BnHPQTmMZh6nDZdfe07S4-gY/w640-h276/user2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 6 <br /></i></td></tr></tbody></table><p></p><p style="text-align: justify;">DLP data frames consist of 56-bytes "packages", thus the re-assembly process produces files that have lengths in multiples of 56 (112, 168, 224, ...). By the way, packages are the result of a "fragmentation" of messages received from the user (or from a higher-layer protocol).</p><p style="text-align: justify;">The small files resulting after the re-assembly process (and the removal of FED-1052 DLP overhead) are not in clear-text... and here things get interesting. </p><p style="text-align: justify;">The files start with a common 18-byte (10+8) sequence which may be seen as consisting of two Hex strings: <br /></p><p style="text-align: center;"><b>[16 16 16 16 16 16 16 16 16 16] [DF 73 0D 1D 5B 22 53 81]</b></p><p style="text-align: center;"></p><p style="text-align: justify;">and term with the 20 bytes Hex sequence:</p><p style="text-align: center;"><b>[16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16] </b></p><p style="text-align: justify;">Also in this case, the ending 0x16 sequence is the double of the length of the initial 0x16 sequence (Figure 7): <br /></p><p></p><div><p style="text-align: left;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO0W_fm-9SmyFNrqrhOhWkrfZk_rcyK3quKZKD9x0OGp3JJkkdxCLhzNLJzvH6xtEQ4FEmDOMzcfgMa0r7eeqnHSlkfhiSARdbTvSP7t7p_1ymQL7i1NI5P_Vjo1TPM22UA9nl1w408An_AbxuuBsbl5ymXyzOhAGf-V0qQS_zpy7jqWaER1Mb03QhngM/s591/fb3b.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="473" data-original-width="591" height="512" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO0W_fm-9SmyFNrqrhOhWkrfZk_rcyK3quKZKD9x0OGp3JJkkdxCLhzNLJzvH6xtEQ4FEmDOMzcfgMa0r7eeqnHSlkfhiSARdbTvSP7t7p_1ymQL7i1NI5P_Vjo1TPM22UA9nl1w408An_AbxuuBsbl5ymXyzOhAGf-V0qQS_zpy7jqWaER1Mb03QhngM/w640-h512/fb3b.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 7 </i><br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The 0 value bytes are padding bytes added to the last package to obtain the 56-byte size: it can easily be verified for each packet by subtracting the "data" bytes from the "received" ones. Quoting FED-1052 standard #50.4.3.1.2: All data frames shall be of the same size [...] this implies that the last data frame of a message may need to be padded with fill bits. The receive terminal will use the transmit message size information to determine where the message is to be truncated in order to remove the fill bits from its output data stream. The 16-bit graphic rapresentations are shown in Figure 8.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ZnIbnsV6uxyvdpvmQN1rdqUX68lfwIrP6RAmTJf2PkvtPRulrASjr_ZypFvIzDE0Eb0bvALD4h2OhKMB3g5NlH2NdSTr1wmuywxyjZV46f3FoY8A9OT5WlPVk4Pd-NzTrLuVh-0RwNkA8RNEbgNz__3sovZHB5l6T-ywKaWvLxIPw5BKjWTfxBhdgQo/s733/grafica.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="733" data-original-width="542" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ZnIbnsV6uxyvdpvmQN1rdqUX68lfwIrP6RAmTJf2PkvtPRulrASjr_ZypFvIzDE0Eb0bvALD4h2OhKMB3g5NlH2NdSTr1wmuywxyjZV46f3FoY8A9OT5WlPVk4Pd-NzTrLuVh-0RwNkA8RNEbgNz__3sovZHB5l6T-ywKaWvLxIPw5BKjWTfxBhdgQo/w474-h640/grafica.PNG" width="474" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 8</i></td><td class="tr-caption" style="text-align: center;"><br /></td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table> </div><div style="text-align: justify;">Data consist of a few bytes, I do not think they are compatible with digital voice or "informal messages", maybe they are numerical data even if some format does not emerge.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b>3.</b> I know that 0x16 is the <SYN> "Synchronous Idle" (TC9) ASCII control character. It is used in synchronous transmission systems to provide a signal from which synchronous correction may be achieved between data terminal equipments, particularly when no other character is being transmitted. The SYNC char was also used in syncrhonous modems at start and end of info blocks. So, the initial sequences of SYNC make me think of a kind of "synchronous transfer protocol" sitting at higher-layer.<br />Moreover, from the bitstreams analysis, it seems to me that the protocol is used to send different type of data and in different modalities: some types of data (Tx segments "A" in Figure 1) are forwarded directly to the MS-110A/FS-1052 modem, other types of data (Tx segments "B" in Figure 1) are first managed by FED-1052 DLP and then forwarded to the MS-110A/FS-1052 modem. Maybe the two initial strings announce the type of the following data blocks, but it's only a my guess.<br /></div><div style="text-align: center;"><p></p><p style="text-align: justify;"><b></b></p><div style="text-align: center;"><b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB_fSJvpt-DhbhOWN-y5tkC2PYMTg0xTy9rX66-m9H9vFDVJi7F__5PAZQwnpcQtX2IhlDVPtjdE4tgVJatRBlo2MfOSxENwK-dbS-BLna7EstdsmgC6drSrloMnQ9JRmRSjwCBMJ6Pm3K_B-Cz5jqjQfxwwz2ScIweyTmhABI5Rpx6vQU3GONOycfGhc/s667/doppio.png"><img border="0" data-original-height="369" data-original-width="667" height="354" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB_fSJvpt-DhbhOWN-y5tkC2PYMTg0xTy9rX66-m9H9vFDVJi7F__5PAZQwnpcQtX2IhlDVPtjdE4tgVJatRBlo2MfOSxENwK-dbS-BLna7EstdsmgC6drSrloMnQ9JRmRSjwCBMJ6Pm3K_B-Cz5jqjQfxwwz2ScIweyTmhABI5Rpx6vQU3GONOycfGhc/w640-h354/doppio.png" width="640" /></a></b></div><b> </b><b></b><p></p><p style="text-align: justify;">By the way, the long durations of the 2G-ALE scanning call provide some indications about the number of the available channels: assuming full compatibility(!) with MS-141, the collected scan lists should be >= 20 channels <i><span style="color: #2b00fe;">(3)</span></i>. User should be Dutch MIL... but it's not confirmed.<br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0hPkx9dEtKNgC-Di-HsZWPPXELcdUG5_9WQaLy24Pfed1vSKurTS7wup5FgNekMVu-whVoGO_QeXsLsAnb5wjOpkIToMiep-Y5-4MJHPWzameE3d56MXZhV_RCr5fEMvVUnPm9n5Mqz59jI4Gfy4tO8eMaR2gmEk8QFsQ5vcMLgTKz5ANLUCt3Ew0LMY/s885/A29a.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="486" data-original-width="885" height="352" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0hPkx9dEtKNgC-Di-HsZWPPXELcdUG5_9WQaLy24Pfed1vSKurTS7wup5FgNekMVu-whVoGO_QeXsLsAnb5wjOpkIToMiep-Y5-4MJHPWzameE3d56MXZhV_RCr5fEMvVUnPm9n5Mqz59jI4Gfy4tO8eMaR2gmEk8QFsQ5vcMLgTKz5ANLUCt3Ew0LMY/w640-h352/A29a.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 9 - 2G-ALE MS-141 scan call<br /></td></tr></tbody></table><p></p><p style="text-align: justify;"></p><p style="text-align: justify;"></p><p style="text-align: justify;"><b></b></p><p style="text-align: justify;"><b> </b></p><p style="text-align: justify;"></p><p style="text-align: justify;"><b></b><a href="https://disk.yandex.com/d/CrXu2QY4-AP9vQ" target="_blank">https://disk.yandex.com/d/CrXu2QY4-AP9vQ</a> <b><br /></b></p><p style="text-align: justify;"><i><span style="color: #2b00fe;">(1)</span> The HFDLP is a selective repeat ARQ protocol with the ability to adaptively vary several parameters in response to changing channel conditions. A transmission usually consists of a data series, containing several data frames, or a single control frame. Every frame contains a CRC. Before data transfer commences, HFDLP terminals exchange control frames to negotiate the number of data bytes per data frame (56 to 1023), the number of data frames per data series (1 to 255), and a few other characteristics of the data transfer procedure.</i></p><p style="text-align: justify;"><i><span style="color: #2b00fe;">(2)</span> As per FED-1052 standard, Source Address and Destination Address fields are restricted to two bytes each, LSB first. </i></p><p style="text-align: justify;"><i><span style="color: #2b00fe;">(3)</span> 188-141 A.5.5.3.1 "If the called station (JOE) is known to be listening on the chosen channel (not scanning), the calling station (SAM) shall transmit a single-channel call that contains only a leading call and a conclusion (see upper frame in figure A-29). Otherwise, it (SAM) shall send a longer calling cycle that precedes the leading call with a scanning call of sufficient length to capture the called station’s receiver as it scans (lower frame in figure A-29). The duration of this scanning call shall be 784ms for each channel that the called station is scanning.</i><br /></p></div>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-69992597122339806052024-02-20T12:48:00.002+01:002024-02-26T13:13:31.595+01:00KW-46 secured fleet broadcast over S-4285 in ISB mode (Humpty Doo, MHFCS)<p style="text-align: justify;">Interesting fleet broadcast from the MHFCS (Modernised High Frequency Communications System) site in Humpty Doo, Northern Territory - Australia. The transmissions use STANAG-4285 600bps/L in ISB mode and are audible on 11145.0 KHz (Figure 1).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIl8k8cUHoHVzc9ztH8DMXjyJeR8M-qZj1PBD3KQ8fhIQr4peViHUnWKM2OdsNFfSBLoqKWKRU5t6F2d0RnIKsrLhKloEPSkqdGxwC8XVIyyh7lFN28KylQzwnSwEG4CJtmOkN7eUeiLs-FcLrHz1INMxwL_mFMubDlVIkZBWvlBlIQ6CoSm2L5hd9m8w/s883/0.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="883" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIl8k8cUHoHVzc9ztH8DMXjyJeR8M-qZj1PBD3KQ8fhIQr4peViHUnWKM2OdsNFfSBLoqKWKRU5t6F2d0RnIKsrLhKloEPSkqdGxwC8XVIyyh7lFN28KylQzwnSwEG4CJtmOkN7eUeiLs-FcLrHz1INMxwL_mFMubDlVIkZBWvlBlIQ6CoSm2L5hd9m8w/w640-h242/0.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 1</i><br /></td></tr></tbody></table><p></p><p></p><p style="text-align: justify;">Bitstream of the LSB channel (Figure 2) is a "classic" broadcast which is encrypted using KW-46 (or compatible) cipher device given the presence of the m-sequence generated by the polinomyal <span style="font-family: courier;">x^31 + x^3 +1</span> (KW-46T uses that M-sequences to synch the KW-46R receive devices).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKyAnsrLOBrUcn014M-dugEv3yRQtz2lipc6SkH_nZrYsbL4aL8xgzN0-iTUHk3yWAAyEklXh40VSBiQWr28qgMb7EC7-jobyz1LJp-fioLW8d7x5l6HSe1atmV2AdANPGakSynFKvanKtvHGiCaBYTT7OaYeFCM4HhjxEI47h2C0yrA-eOn6zcDrgHyg/s822/2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="822" data-original-width="434" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKyAnsrLOBrUcn014M-dugEv3yRQtz2lipc6SkH_nZrYsbL4aL8xgzN0-iTUHk3yWAAyEklXh40VSBiQWr28qgMb7EC7-jobyz1LJp-fioLW8d7x5l6HSe1atmV2AdANPGakSynFKvanKtvHGiCaBYTT7OaYeFCM4HhjxEI47h2C0yrA-eOn6zcDrgHyg/w338-h640/2.PNG" width="338" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 2 - bitstream of the LSB channel</i><br /></td></tr></tbody></table><p style="text-align: justify;">The bitstream of the USB channel is more interesting since it consists of 12-bit strings where all the bits have the same logical value, likely originated by the GA-205 12-channel time division multiplexer: I already met such signal some years ago <span style="color: #2b00fe;">[1]</span> but that time from the "Naval Communication Station Harold E. Holt" (NCS HEH) 6 km north of Exmouth. USB channel too transports a KW-46 secured traffic: as shown in Figure 3, I filtered out 11 channels and reshaped a single "column" into a 7-bit pattern then I successfully checked the presence of the <span style="font-family: courier;">x^31 + x^3 +1</span> m-sequence.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHpNEEGWzEkWok9M6OJx4mpb1cE-hiQMKu-yKaIU11XpSVbiR3df4WajuSTyj9AfpmTMAgWtq4StA0NtRuWk_RCmqjLglpEMrD7TuWBq-Rsmw3p22zPYOvC9hVrNE2GTC_K24T5PxI6RrS65-Rz4iiHTB9mhSDpZM5zNFl_L1wN8DDmMG8Vg66OyxTtg0/s918/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="839" data-original-width="918" height="584" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHpNEEGWzEkWok9M6OJx4mpb1cE-hiQMKu-yKaIU11XpSVbiR3df4WajuSTyj9AfpmTMAgWtq4StA0NtRuWk_RCmqjLglpEMrD7TuWBq-Rsmw3p22zPYOvC9hVrNE2GTC_K24T5PxI6RrS65-Rz4iiHTB9mhSDpZM5zNFl_L1wN8DDmMG8Vg66OyxTtg0/w640-h584/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 3 - bitstream of the USB channel</i><br /></td></tr></tbody></table><p style="text-align: justify;">As said, in this case the transmission is source by a Tx located in Humpty Doo, Northern Territory Australia.</p><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAi4LeW3pJlS3ZG6Ji95zzxRugQQRGd7x6scHRueyT-t3OG4YxrsDxwYlR9DQrXvTKne1nmWVf-yDTUlqm-I3p9uBKGaoFzQXtlZwkTQEp_9o6OgxpYtgrZvIXRfHhIObuxKVv78cXB_47EHb-ezOTivGuPqr3_24Lr1-mAjJyfYDPEIsGwPc-ONlhpVc/s1035/df1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="747" data-original-width="1035" height="462" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAi4LeW3pJlS3ZG6Ji95zzxRugQQRGd7x6scHRueyT-t3OG4YxrsDxwYlR9DQrXvTKne1nmWVf-yDTUlqm-I3p9uBKGaoFzQXtlZwkTQEp_9o6OgxpYtgrZvIXRfHhIObuxKVv78cXB_47EHb-ezOTivGuPqr3_24Lr1-mAjJyfYDPEIsGwPc-ONlhpVc/w640-h462/df1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 4 - DirectionFinding results (TDoA algorithm)</i><br /></td></tr></tbody></table> <p></p><p><a href="https://disk.yandex.com/d/cd6YKgpc18NPrw" target="_blank">https://disk.yandex.com/d/cd6YKgpc18NPrw</a><br /></p><p style="text-align: justify;"><span style="color: #2b00fe;">[1]</span> <a href="http://i56578-swl.blogspot.com/2019/05/kw-46kiv-7m-secured-fleet-broadcast.html" target="_blank">http://i56578-swl.blogspot.com/2019/05/kw-46kiv-7m-secured-fleet-broadcast.html</a></p><br />Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-5278717621828438752024-02-01T17:39:00.003+01:002024-02-12T15:47:41.096+01:00MIL 188-220 App.D (Combat Net Radio) compliant transmissions in HF band<p style="text-align: justify;">MIL-STD 188-220 suite (here indicated as MS-220D) was developed to meet the requirements for mobile Combat Net Radios (CNR) such as SINCGARS (Single Ground and Airborne Radio System) or more recent JTRS (Joint Tactical Radio System). The radios can handle voice and data communication, both secure and non-secure. SINCGARS radios work in the lower VHF band (30 to 88 MHz), with 25 kHz channel spacing and can operate on a single channel as well as in Frequency Hopping mode (FH). It's therefore rather rare to find transmissions in HF that use this protocol suite, especially in the low HF band (7 MHz)... but it may happen. Indeed, I was lucky enough to catch such transmissions on the same day (1030Z and 1058Z) on 7510 KHz/U (and it's not the first time it occurs).<br />The transmissions under consideration (Figure 1) are in STANAG-4538 "circuit service" mode, where link setup is performed by FLSU request/confirm exchanges (BW5 bursts) and MIL-STD 188-110A is the used traffic waveform.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5LxGgrhMuOxRK5QcDtg7Es0Mz-h5LF3AhjR9KJtwQPRRS0IpBJqZ5CoJHQMxIZ9BBqb0aRbM6TFTO8sZJAE_4tlUxqC22zC4Q8QDI16aeyObfGLLEw1mj2YIvcpP9r3-D9nVbEZ8e7ei_R6_4TqokXE21229d4TUnZO3XLeacdGpHyBcyjyzyG59m-tY/s894/f1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="894" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5LxGgrhMuOxRK5QcDtg7Es0Mz-h5LF3AhjR9KJtwQPRRS0IpBJqZ5CoJHQMxIZ9BBqb0aRbM6TFTO8sZJAE_4tlUxqC22zC4Q8QDI16aeyObfGLLEw1mj2YIvcpP9r3-D9nVbEZ8e7ei_R6_4TqokXE21229d4TUnZO3XLeacdGpHyBcyjyzyG59m-tY/w640-h240/f1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 1 - STANAG-4538 Circuit Service mode<br /></i></td></tr></tbody></table><p style="text-align: justify;">Appendix D of of MIL-STD-188-220 regards Communications Security Standards (COMSEC) and describes the requirements of the transmission frame structure when link encryption is provided by "external COMSEC" (traditional COMSEC) or by "embedded COMSEC" devices. The demodulated bitstreams perfectly fit the COMSEC preamble for external COMSEC (Figs. 2,3), ie when link encryption is provided by external devices.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXCSX7mtJcHpbcxI1-mn9py1Hziucf5YQ0QMOD4bOQhtAgsJvEcvCbhvcPpgEJr7TRltrsDoBw9V7Q8bIHP02g6YtssdPUTfV3dcPNbHnGB5J6aYBH_KNt1imJ4peVIFauPWAvgaGUZBj2RxeuhcSdUrDEkgUIZaFYrijowJnLmMXqFNzs6T1pSP2k5cM/s725/f2.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="190" data-original-width="725" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXCSX7mtJcHpbcxI1-mn9py1Hziucf5YQ0QMOD4bOQhtAgsJvEcvCbhvcPpgEJr7TRltrsDoBw9V7Q8bIHP02g6YtssdPUTfV3dcPNbHnGB5J6aYBH_KNt1imJ4peVIFauPWAvgaGUZBj2RxeuhcSdUrDEkgUIZaFYrijowJnLmMXqFNzs6T1pSP2k5cM/w640-h168/f2.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 2 - Traditional COMSEC transmission frame structure (FIGURE D-1, MS-220D)</i></td></tr></tbody></table><p style="text-align: justify;"><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuCH9QoXrWiHmTuiYElfE0jrOa6vt3BEuPa9sSOe_9UecHe0xrwnDERcbSm91bcHgm2QyR2gBwLsVZkMsxt_WAizxbFACumapNmOlYTFg6Q_tFCHUT_yGnoAMRKqNn_bkIb_ST-ZwZWTzWbxYxRJ5kqLxQFey9CsNpdNL4nNotEJXfKD6DZuiRVe7eRmw/s803/f3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="803" data-original-width="796" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuCH9QoXrWiHmTuiYElfE0jrOa6vt3BEuPa9sSOe_9UecHe0xrwnDERcbSm91bcHgm2QyR2gBwLsVZkMsxt_WAizxbFACumapNmOlYTFg6Q_tFCHUT_yGnoAMRKqNn_bkIb_ST-ZwZWTzWbxYxRJ5kqLxQFey9CsNpdNL4nNotEJXfKD6DZuiRVe7eRmw/w634-h640/f3.PNG" width="634" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 3 - The COMSEC preambles of the demodulated bitstreams</i></td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><p></p><p style="text-align: justify;"><b>Bit Synchronization subfield</b> is used to provide a signal for achieving bit synchronization and for indicating activity on a data link to the receiver. The subfield consists of the data-rate clock signal, a string of alternating ones and zeros.</p><p style="text-align: justify;"><b>Frame Synchronization subfield</b> is used to provide a framing signal indicating the start of the encoded MI (Message Indicator) to the receiving station. As for MS-220D "<i>this subfield shall be 465 bits long, consisting of 31 Phi-encoded bits (1 encoded bit = 15 bits). The Phi patterns are a method of redundantly encoding data bits, a logical 1 data bit shall be encoded as Phi(l)=111101011001000, and logical 0 data bit shall be encoded as Phi(0)=000010100110111. A simple majority voting process may be performed at the receiver to decode the Phi-encoded frame pattern to its original format</i>". Figure 4 shows the Frame Sync subfield of the demodulated bitstreams: as one can easily verify, the Phi-decoded content matches perfectly the sync pattern indicated in Figure D.2 of MS-220D (#D.5.1.1.2). </p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQjpor6Nf4dOr_I_waS0j_TuFBv3ceP5yViqK_L2MJmmJXiCZ3yDAXkssu1FFPrc1CPdXVePtSz_R1CPjid-LSVPTzZXvGP8mKsa2kMuTnCEQKmr8XUI_RfKTjy1IUtLPjfKTZdVn9d7I_vfI4Hc6ZHmbd10z3BtdbN83q-JUfLdGDjrxF5x1CTA5x3lo/s926/f5.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="802" data-original-width="926" height="554" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQjpor6Nf4dOr_I_waS0j_TuFBv3ceP5yViqK_L2MJmmJXiCZ3yDAXkssu1FFPrc1CPdXVePtSz_R1CPjid-LSVPTzZXvGP8mKsa2kMuTnCEQKmr8XUI_RfKTjy1IUtLPjfKTZdVn9d7I_vfI4Hc6ZHmbd10z3BtdbN83q-JUfLdGDjrxF5x1CTA5x3lo/w640-h554/f5.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 4 - Phi-encoded frame sync</i><br /></td></tr></tbody></table><p></p><p style="text-align: justify;"><b>Message Indicator subfield</b> contais the COMSEC-provided MI (or
Initialization Vector), a stream of 87 random bits that are
redundantly encoded using the Phi patterns seen above. Cryptographic
synchronization is achieved when the receiver acquires the correct MI.
Decoding can be easily achieved (Figure 5).</p><p style="text-align: justify;"></p><p style="text-align: justify;"></p><p style="text-align: justify;"></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgawfUzrO84cVoq3J0nXoFAp_THEDtk_4X0k13mdKui8vTSWuu7LQE7nFRCCnvs7tYM-QnRrwQPUmMofawLwoGjfwZGZBKifevmaE5PxwXVv9iv7CP21_Keg4jeCzElRbcTNejx0o91jVlERD2NJ3IM3ry6-FSSj2c9AsVb_4nB_UhA5E6dLebLT-JOQg/s912/f7.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="802" data-original-width="912" height="562" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgawfUzrO84cVoq3J0nXoFAp_THEDtk_4X0k13mdKui8vTSWuu7LQE7nFRCCnvs7tYM-QnRrwQPUmMofawLwoGjfwZGZBKifevmaE5PxwXVv9iv7CP21_Keg4jeCzElRbcTNejx0o91jVlERD2NJ3IM3ry6-FSSj2c9AsVb_4nB_UhA5E6dLebLT-JOQg/w640-h562/f7.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 5 - Message Indicator subfield</i></td></tr></tbody></table><p style="text-align: justify;"></p><p style="text-align: justify;">Since the COMSEC preambles of the analyzed bitstreams match the "external COMSEC" frame structure, likely the encrypted parts (voice/data) are secured by an external crypto unit such as the KY-57 (Vinson) or the more advanced KY-99.<br />Such uncommon (in HF band) transmissions are maybe a forward from a VHF link, who knows.</p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/-_3GnxUV_XKN9Q" target="_blank">https://disk.yandex.com/d/-_3GnxUV_XKN9Q</a></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-78921616261037616512024-01-27T11:59:00.001+01:002024-02-26T13:15:42.368+01:00QPSK (Link-22) & PSK8 (unid) bursts<p style="text-align: justify;">Since some days on 7907.0 KHz/USB, starting in the morning, it's possible to hear long sessions of 2400Bd burst signals which use different modulations and ways. Signal "A" in Figure 1 consists of 4-segment bursts, each segment lasting about 420 ms.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie7kM5EnI0v81j0bXS-DivaygzSu5TNn471luyKNXpOw9b7OVXe1fK5mPQQlIQ-890VOp0TnGv__kqEk06uJT1f5hrH7u7VYx_wKUjjbDeTbx0uMJ1RyHFfV0_1QOjQUA6Nl4uKb_W8vCMeKbEiAPBJ7njVygp0rrECNV7c8Y_sQbNaMRSA5Ms0kFoBkM/s885/f1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="807" data-original-width="885" height="584" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie7kM5EnI0v81j0bXS-DivaygzSu5TNn471luyKNXpOw9b7OVXe1fK5mPQQlIQ-890VOp0TnGv__kqEk06uJT1f5hrH7u7VYx_wKUjjbDeTbx0uMJ1RyHFfV0_1QOjQUA6Nl4uKb_W8vCMeKbEiAPBJ7njVygp0rrECNV7c8Y_sQbNaMRSA5Ms0kFoBkM/w640-h584/f1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table><br />Modulation used is PSK8 at the rate of 2400Bd. The demodulated bitstream has a period length of 18 bits (6 PSK8 symbols, Figure 2) that can be reduced to 3 bits or even 2 bits if the "1s" column is removed.<p></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgjDxiVOD2AW00e6tjz3BkERG8XsglXF5XrJF4CsA2y-VZ_hYyloml9dSiRZJKQv87JQ49WEleOLLAVmKlQ29pMDXF4uUzu5QtbwDaFv2JTqm9TG87E7R3bczWWUSTnOaLH2iRD_l5uEQMQSEAUdohP6ScD_KeqC7Azk05IQG2kFc-PFXGY5S2sViwmQs/s914/f3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="619" data-original-width="914" height="434" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgjDxiVOD2AW00e6tjz3BkERG8XsglXF5XrJF4CsA2y-VZ_hYyloml9dSiRZJKQv87JQ49WEleOLLAVmKlQ29pMDXF4uUzu5QtbwDaFv2JTqm9TG87E7R3bczWWUSTnOaLH2iRD_l5uEQMQSEAUdohP6ScD_KeqC7Azk05IQG2kFc-PFXGY5S2sViwmQs/w640-h434/f3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - demodulated bitstream of a PSK8 burst<br /></td></tr></tbody></table><br />Signal "B" in Figure 3 is the same as the above but in this case two station are involved, as it's easy to figure out looking at the different strengths of the bursts and their fading patterns. The "2-stations" mode starts randomly after a while but w/out a sort of schedule: in my opinion the time-slot paradigma (or Time Division Multiple Access mode, TDMA) is used <span style="color: #2b00fe;"><i>(1)</i></span>.<p></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaeh-PvY7Z5e-JNrn2fr5YhIa64bhbClYe5FZF3Vevfg1xXjlSYYQa87zhvd0MeDWQFIUYciTG3PRDLbIAnd9jP4eqD-uk1ZcFxw8bSXkBmdwx8OlLC89MTUS-t2XoBvOPmvA1_2PJMAxoxdvuByexY_6jRrbTFnIIzeAbRGqqb59l36-2XWKG4qcvHfY/s882/f4.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="579" data-original-width="882" height="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaeh-PvY7Z5e-JNrn2fr5YhIa64bhbClYe5FZF3Vevfg1xXjlSYYQa87zhvd0MeDWQFIUYciTG3PRDLbIAnd9jP4eqD-uk1ZcFxw8bSXkBmdwx8OlLC89MTUS-t2XoBvOPmvA1_2PJMAxoxdvuByexY_6jRrbTFnIIzeAbRGqqb59l36-2XWKG4qcvHfY/w640-h420/f4.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Signal "C" (Figure 4) use QPSK modulation instead (again 2400Bd) and 550 ms bursts with a "duty cycle" of 50%. </p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggxMFRXUNTwVbQIBhZBk9POwBtgolW8HjBYsrgNhSEG1FIFAfi7Rxc7pAjeyXLwj5_TrbFBf1UzdUI8bWESja3JInMTahA2kEmHjge7WU3J9craDh0nxqC2enCpe00LFaguUcGEjYH9xwVQpjoqotbyfD87F3WzeNeYlhmV73hl2X3FDba53J8y6zW4NI/s879/f5.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="559" data-original-width="879" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggxMFRXUNTwVbQIBhZBk9POwBtgolW8HjBYsrgNhSEG1FIFAfi7Rxc7pAjeyXLwj5_TrbFBf1UzdUI8bWESja3JInMTahA2kEmHjge7WU3J9craDh0nxqC2enCpe00LFaguUcGEjYH9xwVQpjoqotbyfD87F3WzeNeYlhmV73hl2X3FDba53J8y6zW4NI/w640-h408/f5.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The demodulated bitstreams have a period length of 540 bits (270 PSK4 symbols, Figure 5) with a clearly visible framing consisting of 8 sections "Data-MiniProbe" of different durations. The 270-symbol frames and the durations of the eight "Data-MP" sections are the same of the STANAG-4539 TDMA waveform WF2 (see Table I), thus the recording "C" is definitely a Link-22 transmission <i><span style="color: #2b00fe;">(2)</span></i>.<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgelXfP_TPn_59sN_iE6x7g4lai9zACh7N2ULP5pUzvCArdRNqet3VJGjNMkIdLoNUXJWSYDxJPpuplwo5UBIiJvRYr_mZ6-oQH2CTINYYTEdaLsZ6LK3vc26cRAJUX3wKU3DQ3QtKe6cPUT2LJZow86z51Xnm7aiQYOQMKYK9i1eq37q6LZkoc3rAsfs/s860/f6-2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="324" data-original-width="860" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgelXfP_TPn_59sN_iE6x7g4lai9zACh7N2ULP5pUzvCArdRNqet3VJGjNMkIdLoNUXJWSYDxJPpuplwo5UBIiJvRYr_mZ6-oQH2CTINYYTEdaLsZ6LK3vc26cRAJUX3wKU3DQ3QtKe6cPUT2LJZow86z51Xnm7aiQYOQMKYK9i1eq37q6LZkoc3rAsfs/w640-h242/f6-2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Table I<br /></td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihBCSubQGFD-L-qxbnTbfTRxZ7M1HLxl1eTHb6fb0rVm-nT_3V3xcPkC-CXvUZhJCCxP6vdEK1dq1w1DWXVw5yZb0ghhPiHXxyEga5UokV78zhtLnHevnpAzncGwlLk99jcBveqQxBW19s5MC7SGWUf9Tmcy_jwD7Okp0n4FavZPa-NhxXJ5JmzW46a9s/s1167/f6.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="392" data-original-width="1167" height="214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihBCSubQGFD-L-qxbnTbfTRxZ7M1HLxl1eTHb6fb0rVm-nT_3V3xcPkC-CXvUZhJCCxP6vdEK1dq1w1DWXVw5yZb0ghhPiHXxyEga5UokV78zhtLnHevnpAzncGwlLk99jcBveqQxBW19s5MC7SGWUf9Tmcy_jwD7Okp0n4FavZPa-NhxXJ5JmzW46a9s/w640-h214/f6.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5 <br /></td></tr></tbody></table><p></p><p style="text-align: justify;">All my direction finding tries (TDoA algorithm with 5 receivers!) point to an area near Nuremberg (Nürnberg), Germany. Probably it's the <b>USAG (U.S. Army Garrison) Ansbach base</b> which is located in northern Bavaria, approximately 40 kilometers southwest of Nuremberg<span style="color: #2b00fe;"> [1]</span>.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIi8TJVzuKy5WLeFcqiZSxIHw6BnXnJ8OTb2JJrwZ2SsT0EL3Ft3JabKpWT5EIloPfraTRW96OF60WOGTrpf6gdGfFYyT8N-mdbqciqJHnmxLN5DDMcVgSfnr5XX58ma34M2TpJkj4_PmCk1H02goKZJiHSudZiM51ZVRv1w9U1RWXMAAX5wK-JHOtGxg/s942/df1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="919" data-original-width="942" height="624" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIi8TJVzuKy5WLeFcqiZSxIHw6BnXnJ8OTb2JJrwZ2SsT0EL3Ft3JabKpWT5EIloPfraTRW96OF60WOGTrpf6gdGfFYyT8N-mdbqciqJHnmxLN5DDMcVgSfnr5XX58ma34M2TpJkj4_PmCk1H02goKZJiHSudZiM51ZVRv1w9U1RWXMAAX5wK-JHOtGxg/w640-h624/df1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 6 - Direction Finding tries<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">For what concerns the PSK8 bursts, bitstreams and TDMA mode make me think about a Tactical Data Link (TDL), even if the analyzed waveforms do not match the standards Link-11 or Link-22 (atleast the ones I know). Anyway, given the lack of other information, it cannot be ruled out that it could be telemetry signals.<br /></p><p style="text-align: justify;">Monitoring has been made thanks to KiwiSDRs of OE3AKB (Landersdorf, AUSTRIA) e OZ1BFM (Vejby, Denmark)<span style="color: #2b00fe;"> [2][3]</span>.</p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/b04EpZUQIO5GIw" target="_blank">https://disk.yandex.com/d/b04EpZUQIO5GIw</a></p><p style="text-align: justify;"><i><span style="color: #2b00fe;">(1)</span> In TDMA mode each user is allowed to transmit only within specified time intervals named as "Time Slots" so that different users transmit in differents time slots.<br /><br /><span style="color: #2b00fe;">(2)</span> #2.3.2 Media Code Frame structure, Annex D to STANAG-4539 </i></p><p style="text-align: justify;"><span style="color: #2b00fe;">[1]</span> <a href="https://installations.militaryonesource.mil/military-installation/ansbach-united-states-army-garrison" target="_blank">https://installations.militaryonesource.mil/.../ansbach-united-states-army-garrison</a><br /><span style="color: #2b00fe;">[2]</span> <a href="http://oe3akb.ddns.net:8073/" target="_blank">http://oe3akb.ddns.net:8073/</a><br /><span style="color: #2b00fe;">[3]</span> <a href="http://oz1bfm.proxy.kiwisdr.com:8073/" target="_blank">http://oz1bfm.proxy.kiwisdr.com:8073/</a><br /> <br /></p><p><br /></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-38854570504931847422024-01-18T12:32:00.001+01:002024-02-26T13:16:58.582+01:00ISR Navy PSK8/2400Bd (datalink protocol)<div><p style="text-align: justify;">Just some notes about the datalink protocol used by Israeli Navy (IDF) and their proprietary PSK8/2400Bd modem.<br />The datalink protocol transfers data using "Tx-Frames" formats consisting of 6, 12 and 18 fixed length packets of 55 bytes (440 bits) for a total room of 330, 660, and 990 bytes per Tx-Frame. The choice of the Tx-Frame to use (TF6, TF12, TF18) depends on the size of the data to be transmitted, taking into account the minimum possible waste of bytes; indeed, if the size of data is of a shorter length, a sequence of null bytes (of value zero) is appended to the data so as to extend it to the legth of the chosen Tx-Frame (Figs 1,2). Thus, a generic Tx-Frame may be seen as a <i>n</i>-position array, in which <i>n</i> is a multiple of 6 and each position can accommodate a single 55-byte packet: </p><p style="text-align: justify;">- TF6 accomodates six 55-byte packets<br />- TF12 accomodates twelve 55-byte packets<br />- TF18 accomodates eighteen 55-byte packets<br /></p><p style="text-align: justify;">probably also a TF24 exists, but so far I have not seen a such format during my monitorings.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwmtqEJzeEsimTcG6kZfaA7kqFYq01nJ0eRvHOTppfVL89fO1D1xP-ic6gJ978v8f035_4FrRas5YLVyiycsD6ksi5X1JFbk8TFUThx1GNvx0rJe8Jtvt2bdWlVRA5fwJOoJkXYHJoLfPdLXZeZtYAY83jMpGk2YTj1fNxwOhp1twRBgVyUyyEu6WHaaM/s988/bursts_6.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="770" data-original-width="988" height="498" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwmtqEJzeEsimTcG6kZfaA7kqFYq01nJ0eRvHOTppfVL89fO1D1xP-ic6gJ978v8f035_4FrRas5YLVyiycsD6ksi5X1JFbk8TFUThx1GNvx0rJe8Jtvt2bdWlVRA5fwJOoJkXYHJoLfPdLXZeZtYAY83jMpGk2YTj1fNxwOhp1twRBgVyUyyEu6WHaaM/w640-h498/bursts_6.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 1 - TF6 type TX-Frames (7 bursts)</i><br /></td></tr></tbody></table> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHkC7BHp8u52mYtztzp3PaM1RXEJsHk_PAt6CPlGT5xB8oE8RbDYaQHMiHLPnw-gPCC3okciSnmZluBwtN2_Cr-SQfPdiXakulaQPxt7wVR8RLRyiLA1zxEaZEqAq1VVbEZzBWVTvQUGwPFoYbqUHZWXeDFrWBdMtP-p0EotM8e7Kc2v4Ub_DRJmhd7Po/s989/bursts_12.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="763" data-original-width="989" height="494" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHkC7BHp8u52mYtztzp3PaM1RXEJsHk_PAt6CPlGT5xB8oE8RbDYaQHMiHLPnw-gPCC3okciSnmZluBwtN2_Cr-SQfPdiXakulaQPxt7wVR8RLRyiLA1zxEaZEqAq1VVbEZzBWVTvQUGwPFoYbqUHZWXeDFrWBdMtP-p0EotM8e7Kc2v4Ub_DRJmhd7Po/w640-h494/bursts_12.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 2 - TF12 type TX-Frames (7 bursts)<br /></i></td></tr></tbody></table><p></p><p style="text-align: justify;">The first packet of a Tx-Frame contains a 56-bit/7-byte synchronization sequence (please note the curious progression):<br /></p><p style="text-align: center;">10001111010011111100111100101111101011110110111110000000 (0xF1F2F3F4F5F601)</p><p style="text-align: center;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhWmev56peBjhHCEa6jdHsy5WQvCom9yfBEIUTpJNj7XIvP4KrJPImGKyETlrhIpT4s3DTdM23rhwyUZ7W4nUW6Mw5O-As4xpofxrTVlT8HlihlDxtrjwmvID6a39I82O3Zi4DliLZ-hTIAzBW0ZMa5rSOpcbK6VvxSUWElwxo4gV4FLKfG4j-z4IWtyg/s977/single-burst_6&12.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="535" data-original-width="977" height="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhWmev56peBjhHCEa6jdHsy5WQvCom9yfBEIUTpJNj7XIvP4KrJPImGKyETlrhIpT4s3DTdM23rhwyUZ7W4nUW6Mw5O-As4xpofxrTVlT8HlihlDxtrjwmvID6a39I82O3Zi4DliLZ-hTIAzBW0ZMa5rSOpcbK6VvxSUWElwxo4gV4FLKfG4j-z4IWtyg/w640-h350/single-burst_6&12.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 3</i></td></tr></tbody></table><p style="text-align: justify;"><b>Each Tx-Frame is transmitted using a single burst waveform</b>, therefore a transmission is made up of as many bursts as the number of the data messages to be sent. All the types of Tx-Frames can coexist within the same transmission (Figure 4): since null value bytes filling is used, this could mean that fragmentation is not foreseen, i.e. if the size of the data to be sent is greater than the TF(<i>n</i>) then TF(<i>n+1</i>) it's used. </p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAIJB8oEdm6hWa1PwOthuJ1cz_fIBbwkFwSTY0XUXvD4Z394HpgfKKgW_TIZa8TAWNvSjEdJQcH0vlsH59xs5NLGz7cgyvQa8RETgXSQF0v-T8kXKonyUKPpLbpQ5FSUpaY6IyuuThwlhhLuFuXz6xPINdQvU1CkjU8O7BaE6lCyZKzAEYu3MLkgoQ9Bo/s883/bursts_6&12&18.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="308" data-original-width="883" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAIJB8oEdm6hWa1PwOthuJ1cz_fIBbwkFwSTY0XUXvD4Z394HpgfKKgW_TIZa8TAWNvSjEdJQcH0vlsH59xs5NLGz7cgyvQa8RETgXSQF0v-T8kXKonyUKPpLbpQ5FSUpaY6IyuuThwlhhLuFuXz6xPINdQvU1CkjU8O7BaE6lCyZKzAEYu3MLkgoQ9Bo/w640-h224/bursts_6&12&18.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 - three types of Tx-Frames used in a same transmission<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The protocol does not appear to be an ARQ sysem but rather a FEC broadcast with the add of redundancy; for example, sometimes is possible to see that multiple copy of the same datagrams are sent within the same transmission (Figure 5). Obviously, the receiver shall discard the repeated Tx-Frames.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6h1RlmOs-EUsQi3Y83ufrydX-gyLc8pW9oZyVi35wTH7CwqQiUly9XOaKbwyx4s6I3zZyMa5iBbNYfHB2TQAxmAkGqWwnvvjnqRzxzn_lkC557eiVHmL6SLpzJb7tYj1sK3IRiiJCIWkXWMa2SMd69TIcC0S-ti4Ry9Kt7uOOcdRUP3a13mmP3ss9LJA/s1000/ridondanza.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="428" data-original-width="1000" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6h1RlmOs-EUsQi3Y83ufrydX-gyLc8pW9oZyVi35wTH7CwqQiUly9XOaKbwyx4s6I3zZyMa5iBbNYfHB2TQAxmAkGqWwnvvjnqRzxzn_lkC557eiVHmL6SLpzJb7tYj1sK3IRiiJCIWkXWMa2SMd69TIcC0S-ti4Ry9Kt7uOOcdRUP3a13mmP3ss9LJA/w640-h274/ridondanza.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 5 - a six bursts transmission bearing 3-times repeated Tx-Frames </i><br /></td></tr></tbody></table><br /><p></p><p style="text-align: justify;"><b>Burst Waveform</b><br />The HF modem generates a burst waveform consisting of two signal formats: parallel and serial, that's why the designation "hybrid/mixed" modem. The initial part of the waveforms consists of 4 or 7 tones where the 3rd and 4th respectively indicate the 1800-Hz of the audio subcarrier being modulated. Tones are likely used in the receive modem for the detection of the signal present, correction of doppler and identification of the beginning of the preamble (Figure 6).</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8f_kpHcJELdz3UnNpV6GeY6ZxoigEFLYdT0MFJ3G_8LqSb_nV7quqjQFie_AIQ2gdU6qApwQpkizboaq0Lelh2ehpPYoukZZOFPug_5IxsAIZPlkXWMvcDXIMGrMNO_XuPQmsO95FgGDUHKDC1UZlFdgg0fNVNLTSas77LeKpkVnupRhmqmlgZtx2O1g/s935/4&7_toni.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="534" data-original-width="935" height="366" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8f_kpHcJELdz3UnNpV6GeY6ZxoigEFLYdT0MFJ3G_8LqSb_nV7quqjQFie_AIQ2gdU6qApwQpkizboaq0Lelh2ehpPYoukZZOFPug_5IxsAIZPlkXWMvcDXIMGrMNO_XuPQmsO95FgGDUHKDC1UZlFdgg0fNVNLTSas77LeKpkVnupRhmqmlgZtx2O1g/w640-h366/4&7_toni.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 6 - initial tones</i><br /></td></tr></tbody></table><br />The segment following the 4/7 tones is modulated at the rate of 75 Bd using a parallel QPSK waveform (Figure 7); although the bursts may have different lengths, it has always the same duration. The analysis of a single channel' bitstream shows a well-defined 96-bit/82-byte framing with an initial sync sequence: this segment is probably a "preamble" aimed to provide synchronization and parameters related to the following data segment (autobaud waveform?).<p></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghootCW5J6JkLM5UHQsNtZpsP7s9A-jMA6HXe38DR_GT_uHyDsdlHQBmpHRvPl_cpx4-9nZJwpAo6bVDV7rvqZYnbT6CMgXUc6X5hJzeGU2og_d0gc7kS9FVKArhLoHJJ0Zgq9G2a-WQ9DFRklxTeAgba03hmUwW2kfqZhGoz6Ae78UzinRKqE4hA-6Co/s901/parallel.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="666" data-original-width="901" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghootCW5J6JkLM5UHQsNtZpsP7s9A-jMA6HXe38DR_GT_uHyDsdlHQBmpHRvPl_cpx4-9nZJwpAo6bVDV7rvqZYnbT6CMgXUc6X5hJzeGU2og_d0gc7kS9FVKArhLoHJJ0Zgq9G2a-WQ9DFRklxTeAgba03hmUwW2kfqZhGoz6Ae78UzinRKqE4hA-6Co/w640-h474/parallel.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 7 - analysis of a single QPSK/75Bd channel</i><br /></td></tr></tbody></table><br /></div><div style="text-align: justify;">The following segment has the same ACF (66.6ms) and parameters (PSK8 2400 Bd) of a MIL 188-110A serial modem, although a specific MS-110A demodulator doesn't not recognize the waveform as such. The 160-symbol ACF pattern indicates a data rate from 150 up to 1200 bps <span style="color: #2b00fe;"><i>(1)</i></span>. This is the data segment of the burst waveform.</div><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnSyQm_pdEyVgeaVVuyE8wpaNUVEHfkaDTeJPdS8K3XU5YvycCKPY0ERPx4H0dgtiTaUUyTqjm-_24lfDWlTNSYsVmk7-FM4L-5CVTjh78nJwYGPJpFsFS0B9ft7K-EC619Smonlafh5DY-evbnCKmJhQN_hoQSZTpZvYApMc9S3j0FDTZf8MbMu5_Iw4/s896/serial.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="500" data-original-width="896" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnSyQm_pdEyVgeaVVuyE8wpaNUVEHfkaDTeJPdS8K3XU5YvycCKPY0ERPx4H0dgtiTaUUyTqjm-_24lfDWlTNSYsVmk7-FM4L-5CVTjh78nJwYGPJpFsFS0B9ft7K-EC619Smonlafh5DY-evbnCKmJhQN_hoQSZTpZvYApMc9S3j0FDTZf8MbMu5_Iw4/w640-h358/serial.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 8 - analysis of the serial segment<br /></i></td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><p style="text-align: justify;">In order to prove that the QPSK parallel segment is actually a preamble, and not about the data, I randomly cut off a portion of that segment obtaining a "reduced burst": resulting bitstreams remain unaffected by the shorter duration of the segment (Figure 9).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiViWo5nHqPIksBMpFQkMknDCGcU4EGT8CEPyxt516YMCMTat63qpDmF-CI_60k4_3igl_9qyeb7Pdszx0Eh6Cs9PIaw6py3vY7kNHAsPN87D_Jgt0lh1fqjrGuUPPII5itQAgZB4kIpdSVFkp680xVBG385fxavBRKKgluelKjQabx4hsQPQ4yM93XnYo/s975/reduced.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="636" data-original-width="975" height="418" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiViWo5nHqPIksBMpFQkMknDCGcU4EGT8CEPyxt516YMCMTat63qpDmF-CI_60k4_3igl_9qyeb7Pdszx0Eh6Cs9PIaw6py3vY7kNHAsPN87D_Jgt0lh1fqjrGuUPPII5itQAgZB4kIpdSVFkp680xVBG385fxavBRKKgluelKjQabx4hsQPQ4yM93XnYo/w640-h418/reduced.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 9</i></td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><p style="text-align: justify;">In my opinion, extra bytes (such as : CRC string, number of packets in the Tx-Frame, position of the packet within the Tx-Frame, first/last packet,...) are appended to each data packet during the formation of the burst waveform: these extra bytes are omitted in the bitstreams.</p><p style="text-align: justify;"> </p><p style="text-align: justify;"></p><p style="text-align: justify;"><i><span style="color: #2b00fe;">(1)</span> In case of MS-110A low data rates (from 150 up to 1200 bps) the data frames are structured as a 40-symbol pattern: each frame consisting of a data block consisting of 20 data symbols, followed by a probe consisting of 20 symbols of known data. The expected ACF value is then 16.67 ms, but the actual one is 66.67 ms ie four times greather (Figure 5). The reason is that four groups of the pairs data + probe count 160 symbols (4×40) and they are just "in sync" with the scrambler length (160 symbols) causing the strong 66.67 ms ACF spikes. <br /></i></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-92080772970951163162024-01-02T10:55:00.001+01:002024-02-02T10:46:06.534+01:00unid PSK8 waveform<div><p style="text-align: justify;">Unid PSK8 2400Bd serial waveform heard on 6987.0 KHz/USB, data transfers appear to occur in ARQ mode (Figure 1). </p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQW6ZRaPF0EPIECXh4L-PZRYhVOTC7ukIzvE5UXCm3FCeqVKV0T2TN_F13LgrVwtsnJKsZex9VWsJ1haWrI0eWVWmp0MIXj3VIxFWNtaXPKRNRWdhOGuhuWad2gLeFiLW9BwknGEd1i4D7eKHIrbxfgUYAhDHt7oBv2q6BvbZPECgUNL8b44hEOrmC-6U/s930/f1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="756" data-original-width="930" height="520" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQW6ZRaPF0EPIECXh4L-PZRYhVOTC7ukIzvE5UXCm3FCeqVKV0T2TN_F13LgrVwtsnJKsZex9VWsJ1haWrI0eWVWmp0MIXj3VIxFWNtaXPKRNRWdhOGuhuWad2gLeFiLW9BwknGEd1i4D7eKHIrbxfgUYAhDHt7oBv2q6BvbZPECgUNL8b44hEOrmC-6U/w640-h520/f1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table><p style="text-align: justify;">The larger signal' segments have strong 66.66ms ACF spikes that make a 160-symbol framing consisting of 32 known symbols (mini-probe?) followed by 128 symbols of data. </p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjavukac4dG3yGiRGVPcRJ89P8XfhTy55QkSTa8-RKiM5-q0zP4nAjeMYmb6cqkUaIGgK5OdIlg-jVoBEzh8iR35BGcfXhXD-tyklOO0QIgtdQYUMaWO7HAywgFveXUxXh-THTuQGMAh-TwUEGwV4lHGmidZguDiwP4ZYzyE2ed9d3pVb8foI_xqmcGNZg/s938/f2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="611" data-original-width="938" height="416" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjavukac4dG3yGiRGVPcRJ89P8XfhTy55QkSTa8-RKiM5-q0zP4nAjeMYmb6cqkUaIGgK5OdIlg-jVoBEzh8iR35BGcfXhXD-tyklOO0QIgtdQYUMaWO7HAywgFveXUxXh-THTuQGMAh-TwUEGwV4lHGmidZguDiwP4ZYzyE2ed9d3pVb8foI_xqmcGNZg/w640-h416/f2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - 66.66ms ACF and relative 160-symbol frame<br /></td></tr></tbody></table><br />The analysis of the frame' symbols (Figure 3) reveals that the mini-probes consist of a 16-symbol sequence which is repeated two times.<p></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy1NznVHkh5iB97w1GG_hCoo5bD9nrTpKmTasBBD_ZZZ7WoMuY9fC4V5vhkOKEd_nVTwaQ4pQaw2Z1pIx7HHub76DdIPO2rP2cNPoZunQlNbIHXtMqJp_LXpejJ9vSSNtlR4cp_6FEdwbbr3V6uVvvIKW_OtPKTcqSUAzqeqM1CN_rLOQoCKhWYSCZNkw/s854/f3.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="480" data-original-width="854" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy1NznVHkh5iB97w1GG_hCoo5bD9nrTpKmTasBBD_ZZZ7WoMuY9fC4V5vhkOKEd_nVTwaQ4pQaw2Z1pIx7HHub76DdIPO2rP2cNPoZunQlNbIHXtMqJp_LXpejJ9vSSNtlR4cp_6FEdwbbr3V6uVvvIKW_OtPKTcqSUAzqeqM1CN_rLOQoCKhWYSCZNkw/w640-h360/f3.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3 - analysis of the frame symbols<br /></td></tr></tbody></table><br /></div><div style="text-align: justify;">Short segments too, maybe ACKs or some other negotiation messages, are PSK8 modulated and have a period of 768-bit/256-symbol length: at glance, it looks like a Walsh Orthogonal modulation mode (Figure 4).<br /></div><div style="text-align: justify;"> </div><div style="text-align: justify;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6mkW1InDTkdlnt4QfQsvttZIfDBcMOrEacrU90xNAnx8tTthn8Cwt5bnDAdk48o_S6VE09rE6Y0Y2iE-OcXSwTYuuYzrYWyNDt-FGY34kymhusC8NnwMGwOFjIntBCWifIXz9mlZCQPRKctROPsr6cuEaqKopMsX6jVPNqZ2tEAc_aqE8f44RQlVcF1Q/s938/f4.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="735" data-original-width="938" height="502" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6mkW1InDTkdlnt4QfQsvttZIfDBcMOrEacrU90xNAnx8tTthn8Cwt5bnDAdk48o_S6VE09rE6Y0Y2iE-OcXSwTYuuYzrYWyNDt-FGY34kymhusC8NnwMGwOFjIntBCWifIXz9mlZCQPRKctROPsr6cuEaqKopMsX6jVPNqZ2tEAc_aqE8f44RQlVcF1Q/w640-h502/f4.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4<br /></td></tr></tbody></table></div><p></p><p> </p><p><a href="https://disk.yandex.com/d/fNYT-NOu7CPfbw" target="_blank">https://disk.yandex.com/d/fNYT-NOu7CPfbw</a></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-64980852761582391322023-12-23T11:08:00.000+01:002023-12-23T11:08:12.152+01:00Swedish Defence, unid datalink protocol over MS-110A<div><div><p style="text-align: justify;">The analysis concerns short transmissions monitored on 3824.0 KHz/USB within the 80mt Ham Band <i>(1)</i> thanks to SM1OTX Airspy HF+ in Sweden and OZ1AEF KiwiSDR in Denmark. According to my observations, at least on this channel (3824 KHz/USB), daytime transmissions occur at intervals of 15 minutes but not with a fixed schedule (for sample: hh05, hh20, hh35, hh50; hh10, hh25, hh40, hh55; hh08, hh23, hh38, hh53) and if there are messages to be sent. The transmissions seem less frequent at night, but I don't have enough IQ monitoring to say for sure; however I have noticed that - at night - the same frequency is sometimes occupied by CIS-12 transmissions.<br /></p><p style="text-align: justify;">I ran several Direction Finding tests using the TdoA algorithm and all the results point to an area south from Stockholm, probably the NAVCOMMCEN of the Sweden Defence (Figure 1).</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPylYkF2ZDMJ9nbLQuDcxmZSsRQIs7q_Hh1_nLqT0INvV59n1KiDmqn4s5T2Lq_w5mpOPiCKc0Tc3Js-0xn4FThUxthwE76_MGYAAx2Ww_-v-5-vEPWjqHA4YPowSGluGMQ7wTXAxX8fIF2RTCRidLDl6lz97O5JbF-mx9KdJYoL275lOUHTDfixLClB4/s756/tdoa-1.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="445" data-original-width="756" height="376" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPylYkF2ZDMJ9nbLQuDcxmZSsRQIs7q_Hh1_nLqT0INvV59n1KiDmqn4s5T2Lq_w5mpOPiCKc0Tc3Js-0xn4FThUxthwE76_MGYAAx2Ww_-v-5-vEPWjqHA4YPowSGluGMQ7wTXAxX8fIF2RTCRidLDl6lz97O5JbF-mx9KdJYoL275lOUHTDfixLClB4/w640-h376/tdoa-1.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 1 - Direction Finding results</i><br /></td></tr></tbody></table><br /></div><div><div style="text-align: justify;">In this regard, it's worth noting the use of the 3824 KHz frequency. Indeed , at that high latitudes, due to the long dark periods and the sun low on the horizon during winter, the low portion of HF must be used (lack of F layers). The 80 meter band is certainly the best choice for medium distance contacts (eg ships in Baltic Sea or Gulf of Bothnia) as it guarantees 100% reliability over 24 hours (Figure 2) and is suitable for NVIS (Near Vertical Incidence Skywave) mode propagation for local contacts.</div><p></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvlNt400i1UOoC7Q05n7K8b4IS3EcIZ1smAZ4Zxzl0cLM8kzoictsu4ZPrM85VZC13GMa1d3BYPpKHZRnSZnXKLCLN7arB4o0x9VWUKOa5PS4DSdYh3FAHKQWsB30P1FAd68wpetO4hXQZ_wa0iA5zfLtCA6maM8jyHm31L05UzVf9Wj8_SqTQdxzHASA/s990/2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="599" data-original-width="990" height="388" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvlNt400i1UOoC7Q05n7K8b4IS3EcIZ1smAZ4Zxzl0cLM8kzoictsu4ZPrM85VZC13GMa1d3BYPpKHZRnSZnXKLCLN7arB4o0x9VWUKOa5PS4DSdYh3FAHKQWsB30P1FAd68wpetO4hXQZ_wa0iA5zfLtCA6maM8jyHm31L05UzVf9Wj8_SqTQdxzHASA/w640-h388/2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 2 - Circuit Reliability for 80 mt comms between medium distances</i><br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Below the results of my analysis, aimed to understand and write down the Protocol Data Units (PDUs) of the datalink protocol and the way their fields are encoded. Please notice that the "designations" used <b>are only mine</b> and are introduced just for convenient reference.</p><p style="text-align: justify;">The MIL-STD 110A (MS-110A) 1200bps Short Interleaver is the used HF waveform (Figure 3).<br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZIsxz5Wie479GOZiJdQPTOuPI1tQxu9Q5TxGAFa6QaUec1pInnZMp-0QntVlTZr_bDL-d_W-zIHS86aHHXHyNuwfIIuacr5v0lVBgbbG2quOwMCcJ0XWCNSkLY4fZKo3q_s1iQ-bnmcxkM_fN5NKohruCnI9Tr88ngMvUewiO1pdlwrcdlNLns0NEXcU/s1024/f1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="682" data-original-width="1024" height="426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZIsxz5Wie479GOZiJdQPTOuPI1tQxu9Q5TxGAFa6QaUec1pInnZMp-0QntVlTZr_bDL-d_W-zIHS86aHHXHyNuwfIIuacr5v0lVBgbbG2quOwMCcJ0XWCNSkLY4fZKo3q_s1iQ-bnmcxkM_fN5NKohruCnI9Tr88ngMvUewiO1pdlwrcdlNLns0NEXcU/w640-h426/f1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 3 - MS-110A waveform and ACF (66.6 ms)</i><br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Sometimes it may happens to see fast exchanges (bursts 1-4) before a "usual" data transfer: judging by the fading patterns in Figure 4, two nodes are involved.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv5WrbU5X99hyY5S0VN-6pg8qGCQKEGbywBnoFNtsxLW7TCL6iInAgC8q5Bi1iB842p5jss9bKiUuEYLb2wEJsCmj_zBYz8-BNTYXsm93AO-a_1JgKI0C9-DmbnlHzbTmfN8vTtgwjZMWF1asCb0r_dSDaaJgaFlNa3f5cK36Jw2KCA68TQPHJhGEo6b4/s886/chunks.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="886" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv5WrbU5X99hyY5S0VN-6pg8qGCQKEGbywBnoFNtsxLW7TCL6iInAgC8q5Bi1iB842p5jss9bKiUuEYLb2wEJsCmj_zBYz8-BNTYXsm93AO-a_1JgKI0C9-DmbnlHzbTmfN8vTtgwjZMWF1asCb0r_dSDaaJgaFlNa3f5cK36Jw2KCA68TQPHJhGEo6b4/w640-h242/chunks.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 4 - fast exchanges before a data transfer</i></td></tr></tbody></table><p></p></div><div></div><div><p></p><p>Discarding the MS-110A waveform overhead, the bitstreams exhibit a 104-bit period: data blocks, well-defined structures and repeated patterns are clearly visible in Figure 5.</p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOn_rI1J-kU8x65keOtbAgUZ8XigPkgHCxMPK7kwu2sJB4YCHZcCqkJwDAdV93zyTBwgILotqp3KIy0rS6qxw9BJrJh1CEw0f2DuZ-q5GZisZAejwcb2E-8i1vyTugwMOZf13IStwuwjWIuQOMtkFo3-9gyXdTuZzgw3ZB5BcMixC5glnbu2uKdoi6x3Y/s900/f32.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="715" data-original-width="900" height="508" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOn_rI1J-kU8x65keOtbAgUZ8XigPkgHCxMPK7kwu2sJB4YCHZcCqkJwDAdV93zyTBwgILotqp3KIy0rS6qxw9BJrJh1CEw0f2DuZ-q5GZisZAejwcb2E-8i1vyTugwMOZf13IStwuwjWIuQOMtkFo3-9gyXdTuZzgw3ZB5BcMixC5glnbu2uKdoi6x3Y/w640-h508/f32.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 5 - a bitstream after the removal of MS-110A waveform</i><br /></td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><p></p><p></p><p style="text-align: justify;">Blocks are delimited by long series of logical "1s" and are composed of up to 17 <i>datagrams</i>. Each datagram starts with a <i>synchronization-type PDU</i> (S_PDU) followed by <i>data-type PDU</i>s (D_PDU):</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqKZ96ZYD1l2gc48rpyV4Q0YAx_1zyK_1lUAFS1io0bn_GPnlPKEpjWovxowdFqBZfehw93rftWmGETMAANt4ZoHc-TOtn9ja6WjHudtI6deq4ggk1SL68eL0f-S1dWR7shluDvktxHoZsIS044zk-_Ys0C73C-QBdv0d0Sot95L1P5t9dcVNduayF0KU/s739/f88.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="239" data-original-width="739" height="207" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqKZ96ZYD1l2gc48rpyV4Q0YAx_1zyK_1lUAFS1io0bn_GPnlPKEpjWovxowdFqBZfehw93rftWmGETMAANt4ZoHc-TOtn9ja6WjHudtI6deq4ggk1SL68eL0f-S1dWR7shluDvktxHoZsIS044zk-_Ys0C73C-QBdv0d0Sot95L1P5t9dcVNduayF0KU/w640-h207/f88.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 6 - general structure of a MS-110A transmission</i><br /></td></tr></tbody></table><br /><b>synchronization-type PDU (S_PDU)<br /></b>The S_PDU consists of a common 40-bit/5-byte sync sequence <i>(2)</i><p></p><p style="text-align: center;"><span style="font-family: courier;">[0111111001111110100010111001100010111001] 0x7E7E8B98B9</span></p><p style="text-align: justify;">followed by a 104-bit/13-byte chunk of data which is repeated three times. After synchronizing the bitstreams on the sync sequence and a length of 144 bits (ie: sync + ACF), the 13-byte chunk is formed of (<span style="font-family: inherit;">Figures 7,8):</span></p>- a specific 8-bit field <i>h</i> (designated a <i>header</i>) <br />- a 40-bit/5-byte field <i>m</i> <br />- a common (!) 32-bit/4-byte sequence<i> s</i><br /></div><div style="text-align: center;"><span style="font-family: courier;">[11101010011010100010001001100010] 0xEA6A2262</span><br /></div><div>- a 3 bits ("000") string <br />- a 21 bits field <i>n</i> <br /><br /><p style="text-align: justify;"><span style="font-family: inherit;"><i></i></span></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqRZ05qIcgSctgbtP7zzF2zskA8w1gbWxtC69ma6j6Q-etLFij9bYqoin3rFrEADcAkdkeNC10-87RXx2sJ3xRe6QXXKvE_jM7kevZ1Y4pk62J1YoOH1qYS0YIdAuiXgzRM7hPiJZUAGWvrHZBFwv2sbtpQ4QM2QU-bCfDhs08c3qyo8ppVLaMuZ4MSF0/s921/f5.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="674" data-original-width="921" height="468" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqRZ05qIcgSctgbtP7zzF2zskA8w1gbWxtC69ma6j6Q-etLFij9bYqoin3rFrEADcAkdkeNC10-87RXx2sJ3xRe6QXXKvE_jM7kevZ1Y4pk62J1YoOH1qYS0YIdAuiXgzRM7hPiJZUAGWvrHZBFwv2sbtpQ4QM2QU-bCfDhs08c3qyo8ppVLaMuZ4MSF0/w640-h468/f5.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 7 - a synched bitstream (first 144 bits)</i> <br /></td></tr></tbody></table><span style="font-family: inherit;"><i> </i></span></div><div><span style="font-family: inherit;"><i></i> </span></div><div style="text-align: justify;"></div><div style="text-align: justify;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbKG1858CC56KW5O1YStS8TGPg-QqNJYOtbnoYuPPUqOLySMXGtbpzBuuP-M0k5fjVuIvIxopRaz3zdyk6Ezw9yzJ1smq_ESypE07sFVAkMrpUz3RE4yu1-LNVEIKKBlyJKuF4PsU200z0o1-cG-kB4LJyge1I-2sszBNipYq7APdmN-_7vE8xuD1v7Jg/s522/f55.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="168" data-original-width="522" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbKG1858CC56KW5O1YStS8TGPg-QqNJYOtbnoYuPPUqOLySMXGtbpzBuuP-M0k5fjVuIvIxopRaz3zdyk6Ezw9yzJ1smq_ESypE07sFVAkMrpUz3RE4yu1-LNVEIKKBlyJKuF4PsU200z0o1-cG-kB4LJyge1I-2sszBNipYq7APdmN-_7vE8xuD1v7Jg/s16000/f55.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="font-family: inherit;"><i>Fig. 8 - bit-field map of the synchronization-type PDU (S_PDU)<br /></i></span></td></tr></tbody></table> </div><div style="text-align: justify;"><b>data-type PDU (D_PDU)</b> <br /></div><div style="text-align: justify;">The D_PDU consists of 80-bit/10-byte field <i>p</i> (designated a <i>payload</i>) followed by a 3 bits "000" string and a final 21 bits field <i>q </i>(Figures 9,10): notice that the final part is the same as the one of the S_PDU. <br /></div><div style="text-align: justify;"></div><div style="text-align: justify;"> <br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCYyG0AS-ElkQm7T23z7ALloalwkcbfTLWAQQM7FQUGoJY1at8hjIHAO7ByYY98OyNSDCgckIaOjzCp2JpYmDtY7NzZ_nrpodseIRm6ToAyR_cG3w7TAwKrH9q8AS2bxbh0GMTfRqVM6e_fHVwVRWUv0XnZyXATFhuvKOE1Gv1XP9BakmZnkToGorHxR0/s935/f8.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="695" data-original-width="935" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCYyG0AS-ElkQm7T23z7ALloalwkcbfTLWAQQM7FQUGoJY1at8hjIHAO7ByYY98OyNSDCgckIaOjzCp2JpYmDtY7NzZ_nrpodseIRm6ToAyR_cG3w7TAwKrH9q8AS2bxbh0GMTfRqVM6e_fHVwVRWUv0XnZyXATFhuvKOE1Gv1XP9BakmZnkToGorHxR0/w640-h476/f8.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 9 - datagrams consisting of a S_PDU followed by D_PDUs <br /></i></td></tr></tbody></table></div><div style="text-align: justify;"> <br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAJtaWZ0LcCVH7F7uiP4eknni7_oyeePKqnjKzAvqu3BNyRDBIco3Z1APsFQtQcVdre1bA4aGyWWu52AOM52CMoLmTFNZ4wNncRcjAirzBP1II2lZ4PNNIMFOlcf4ZjLO0ONh3z4gMg_UeLNScHFbjB2bXrvcymrmnHiTi-dkSmBlO0NMSdlf88jZSVFM/s408/f8888.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="142" data-original-width="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAJtaWZ0LcCVH7F7uiP4eknni7_oyeePKqnjKzAvqu3BNyRDBIco3Z1APsFQtQcVdre1bA4aGyWWu52AOM52CMoLmTFNZ4wNncRcjAirzBP1II2lZ4PNNIMFOlcf4ZjLO0ONh3z4gMg_UeLNScHFbjB2bXrvcymrmnHiTi-dkSmBlO0NMSdlf88jZSVFM/s16000/f8888.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><span style="font-family: inherit;"><i>Fig. 10 - bit-field map of the data-type PDU (D_PDU)</i></span></td></tr></tbody></table><br /></div><div style="text-align: justify;"> The general structure of a datagram is shown in Figure 11:</div><p style="text-align: justify;"></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5XVZcIYcmSct7nvpM0J0tbSsxNf33LCCP6HdB9ejNnK7quag8sl3dwjg8YqIdrU_Y9TpW0eHdJRmek1Q4dRXQ_gMMhloV3WO3bnjO-Bsf5xhU_Rm234WMHFAnCt79xklEyn9ytOBJCXumLQB_jJ2HndufK5VgWG5xlIPUB2G1G_IQKwtWBB0ylv6GFDk/s602/f88-2.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="329" data-original-width="602" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5XVZcIYcmSct7nvpM0J0tbSsxNf33LCCP6HdB9ejNnK7quag8sl3dwjg8YqIdrU_Y9TpW0eHdJRmek1Q4dRXQ_gMMhloV3WO3bnjO-Bsf5xhU_Rm234WMHFAnCt79xklEyn9ytOBJCXumLQB_jJ2HndufK5VgWG5xlIPUB2G1G_IQKwtWBB0ylv6GFDk/s16000/f88-2.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 11</i><br /></td></tr></tbody></table><p></p><p></p><p style="text-align: justify;">I spent some days studying the bitstreams and trying to understand the meaning of the fields of both S_PDU and D_PDU, and I came to the following conclusions. </p><p style="text-align: justify;"><b>Header field</b><br />The argument of the 8-bit header field of the S_PDU is coded as described in CCITT V.42 paragraph 8.1.2.2, which specifies that the least significant bit of a 1-byte argument shall be transmitted first. Therefore, after its conversion into a decimal number xyz, I found that the field it indicates the number of the useful bytes of the datagram and the eventual presence of a filler in the last D_PDU of the datagram.<br />Given that:<br />- each D_PDU has a payload of 10 bytes (40 bits)<br />- the header field of the S_PDU is a 8-bit field <br />the system is designed so that each datagram may contain up to 255 bytes of data (11111111). For example (see Figure 12):<br /><br /><b>xyz = 130:</b> 130 useful bytes, 13 complete D_PDUs, no padding<br /><b>xyz = 126:</b> 126 useful bytes, 12 complete D_PDUs + 6 useful bytes in the 13th D_PDU (the remaining space is filled with four 0 value bytes)<br /><b>xyz = 118:</b> 118 useful bytes, 11 complete D_PDUs + 8 useful bytes in the 12th D_PDU (the remaining space is filled with two 0 value bytes)<br /><br />So, the max value of the header field (255) stands for: 255 useful bytes, 25 complete D_PDUs + 5 useful bytes in the 26th D_PDU (the remaining space is filled with five 0 value bytes).</p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuG7dFiS400l9dvFaMqz50OzxPA-_WUkkdWprewxixVkdmLkGMEJk0wI92PKV62xYt5wJ_g0qJO6H12h3UmQZn_8NqCdJrS09ZwVmASIe9AjrknCHCuoZyoLZqxStntlJjZXPsxXuNL7_oVCT160ScDNsxlQM3L1NBeGXmUMyotkxaNsF2m-tKLRu8Vm4/s1004/300.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="807" data-original-width="1004" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuG7dFiS400l9dvFaMqz50OzxPA-_WUkkdWprewxixVkdmLkGMEJk0wI92PKV62xYt5wJ_g0qJO6H12h3UmQZn_8NqCdJrS09ZwVmASIe9AjrknCHCuoZyoLZqxStntlJjZXPsxXuNL7_oVCT160ScDNsxlQM3L1NBeGXmUMyotkxaNsF2m-tKLRu8Vm4/w640-h514/300.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 12 - meaning of the header field of S_PDU</i></td></tr></tbody></table><p></p><p style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">That meaning of the header field is also confirmed by analyzing the bistreams of the bursts in Figure 4</span></span></span> </p><p style="text-align: justify;">- burst 1 (header: 01101110) carries 110 bytes of data within a single datagram of 11 D_PDUs <br />- bursts 2,3,4 (header: 00001110) carry short 14-byte "messages" in 2 D_PDUs and six padding bytes</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMzfTDT10DoMdOT0k0FwtZHuF_r37iEdhAt5ZjIDoI4lUo0BMmLCw9eWaI37A_P7JRYbqT3Ia2Xsm7sO4oXI6Y29-JPBvnu5LzEJ5E-BGv3LQQPAQaV7hC5JFHOT_HqhC0A3_bIrlahke04SYJHLgqUTj0HNQmJzXn-yEGdo-MAog5P7j5QJjoMKY-XVc/s893/chunks.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="448" data-original-width="893" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMzfTDT10DoMdOT0k0FwtZHuF_r37iEdhAt5ZjIDoI4lUo0BMmLCw9eWaI37A_P7JRYbqT3Ia2Xsm7sO4oXI6Y29-JPBvnu5LzEJ5E-BGv3LQQPAQaV7hC5JFHOT_HqhC0A3_bIrlahke04SYJHLgqUTj0HNQmJzXn-yEGdo-MAog5P7j5QJjoMKY-XVc/w640-h322/chunks.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 13</i><br /></td></tr></tbody></table><br />(It is practically impossible to define the nature of these short 14-byte
messages, one can only assume that it involves some form of negotiation
between the two nodes. Likewise, it cannot
be said whether these messages are due to the operator intervention or
whether they are automatically generated by the protocol, as is the case
with STANAG-5066) <br /><p></p><p style="text-align: justify;"><b>FEC</b><br />The argument of field <i>q</i> of the D_PDU consists of the 21-bit Cyclic Redundancy Check (CRC) applied and computed on the first 83 bits (ie payload <i>p</i> + "000"). The same consideration can be made up regarding the S_PDU, where the argument<i> </i>of field<i> n</i> is the 21-bit CRC field and fields <i>h+m+s</i> + "000" form the 83 bits which shall be coded.<br />Indeed, thanks to the help of my friend <i>cryptomaster</i>, we found a (104,21) matrix generated by the polynomial: </p><p style="text-align: center;"><span style="font-family: courier;">x^21+x^18+x^17+x^15+x^14+x^12+x^11+x^8+x^7+x^6+x^5+x+1</span></p><p style="text-align: justify;">which is well suited to the specific case.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLbVBoS4X_d50Hyw41DgOWqvQDNpTnYRaxvFaDZlLaiaQO2xnhhEq2ryBn1ZfxSoLhz_sXWg9RHQOsT5oxExTxgG0dz-Fy3VJId7cbDcrfsjFCvrEJWMpw7NkXKO8EvoNelFbcWtdS3slarwJBZqB6UaOpAYMXqUEXv71rXjqsgp-a2i6ai2_1sG5C4ms/s920/f10.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="293" data-original-width="920" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLbVBoS4X_d50Hyw41DgOWqvQDNpTnYRaxvFaDZlLaiaQO2xnhhEq2ryBn1ZfxSoLhz_sXWg9RHQOsT5oxExTxgG0dz-Fy3VJId7cbDcrfsjFCvrEJWMpw7NkXKO8EvoNelFbcWtdS3slarwJBZqB6UaOpAYMXqUEXv71rXjqsgp-a2i6ai2_1sG5C4ms/w640-h204/f10.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 14 - (104,21) matrix used for CRC</i><br /></td></tr></tbody></table><p></p><p style="text-align: justify;">I coded a short Octave script and tested the check sub-matrix on the first 83 bits of both the types of PDUs, results are shown in Figures 15,16: the check-matrix works like a charm! So, if we consider that fields are structured in bytes, the 000 bits act as kind of padding added to the word being coded and a (104,83) FEC coding is used (BCH? LDPC?).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJxWhmWQ67rIkxmyxCx5caHORIJFM_9CC19COJHilccafANGELvH-VbZFDmUNNoLXV-absg9-HpU_uyI3f9viFEIfmssTPERrdDAIsopyGDBU2FvfD6CpFAAKnyUjy9pjhIl6-KRJFYR4slo1eaOlUPGgKY-z3k6iyRXjQ-b3ii7iuyFX8PEzhyphenhyphenCHY1SU/s933/f11.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="247" data-original-width="933" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJxWhmWQ67rIkxmyxCx5caHORIJFM_9CC19COJHilccafANGELvH-VbZFDmUNNoLXV-absg9-HpU_uyI3f9viFEIfmssTPERrdDAIsopyGDBU2FvfD6CpFAAKnyUjy9pjhIl6-KRJFYR4slo1eaOlUPGgKY-z3k6iyRXjQ-b3ii7iuyFX8PEzhyphenhyphenCHY1SU/w640-h170/f11.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 15 - check matrix applied to the S_PDUs</i><br /></td></tr></tbody></table><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLtaq9r5mMIQ-cAYOzlkq6oF1i-3hbS5z_qfA6wxM9hSqis6QIAaCvUwZH9qnGk3RQC6JGoXIB3hkoYPip_n7lR1gq8yZeL6ACfUA8FU3X2qXoQmuvaGqdTgfMTUs8BKYzXroRgQgwsWRiSFTRocP3Ig4NkNB6PXlhq3GQah3MC0IrEN7ofuNsw161mHY/s885/f12.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="624" data-original-width="885" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLtaq9r5mMIQ-cAYOzlkq6oF1i-3hbS5z_qfA6wxM9hSqis6QIAaCvUwZH9qnGk3RQC6JGoXIB3hkoYPip_n7lR1gq8yZeL6ACfUA8FU3X2qXoQmuvaGqdTgfMTUs8BKYzXroRgQgwsWRiSFTRocP3Ig4NkNB6PXlhq3GQah3MC0IrEN7ofuNsw161mHY/w640-h452/f12.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 16</i><i>- check matrix applied to the D_PDUs</i></td></tr></tbody></table><p></p><p style="text-align: justify;"><b>Encryption</b><br />In this regard I extracted and merge together more than 500 D_PDU payloads into a single stream then I performed some tests on it. The quality of the cryptography can be evaluated with a statistical method or by calculating the Shannon Entropy <i>(3)</i> and the Index of Coincidence (IC) <i>(4)</i> of the stream. <br />The statistical test (Figure 17) determines the randomness, the number of single bits in the stream is counted, then the double bits, then the triple bits and so on to the end. The result is a graph: if the information is not systematic, the adjacent columns should be half the size of the previous ones. The test shows good encryption quality. </p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr0KnGbGFMi0Ry8af3nTXEA5wZ_Q9ezIWlPQoOOcp2N610Z94DxAtyj1KKTU3MCbG8LtcecdgUOMJB8nlUfqZiZNxoXSLxwWmN9CV3TVBePLfRZJHq8cjJzYMoSRqAnt2KInwVOHjr6yWnvuLMFIFBYGtjYeLsc-Uz9GPRgxcnZd72oNu4o8tY28fPBwE/s900/f72.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="334" data-original-width="900" height="238" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr0KnGbGFMi0Ry8af3nTXEA5wZ_Q9ezIWlPQoOOcp2N610Z94DxAtyj1KKTU3MCbG8LtcecdgUOMJB8nlUfqZiZNxoXSLxwWmN9CV3TVBePLfRZJHq8cjJzYMoSRqAnt2KInwVOHjr6yWnvuLMFIFBYGtjYeLsc-Uz9GPRgxcnZd72oNu4o8tY28fPBwE/w640-h238/f72.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 17</i><br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The measure of the Shannon Entropy can be used, in a broad sense, to detect whether data is likely to be structured or unstructured. 8 is the maximum, representing highly unstructured, 'random' data. Properly encrypted or compressed data should have an entropy of over 7.5 while a low IC generally means that the text is random, compressed or encrypted (Figure 18):<br /></p><p>Shannon entropy: 7.948409571238646<br />Index of Coincidence: 0.039349499261437125<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjneLib-XmngfQdSd_dnogdKvgUP5lNvko0Ft9YountBYaUtMyT_gWLUGC2p4osXP55MQeTmoyHfKgMF7sctCeRBa569uTb-ogYwI63MPMGRkYDuoNdklatIqUIR8inI3SaQKWRHimCLU_KTdrLKa2foENUmm7zUV2oTy2GycSv3wN076NQeQWI0Ql9MaQ/s754/f7.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="220" data-original-width="754" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjneLib-XmngfQdSd_dnogdKvgUP5lNvko0Ft9YountBYaUtMyT_gWLUGC2p4osXP55MQeTmoyHfKgMF7sctCeRBa569uTb-ogYwI63MPMGRkYDuoNdklatIqUIR8inI3SaQKWRHimCLU_KTdrLKa2foENUmm7zUV2oTy2GycSv3wN076NQeQWI0Ql9MaQ/w640-h187/f7.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 18 - Shannon Entropy and Index of Coincidence </i><br /></td></tr></tbody></table><p style="text-align: justify;">If my guess is correct, the string <i>m</i> of the S_PDU is an Initialization Vector (repeated 3 times) of a stream cipher and thus the preamble is actually a COMSEC preamble consisting of bit sync, header, Initialization Vector, frame sync and a final CRC field.<br /></p><p style="text-align: justify;"><b>A Secure Text system? </b><br />According my analysis, the PDUs of the used datalink protocol consists of the following formats (please notice that the 3-bit field encoded with the value "0" could be specified as NOT USED): <br /></p><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhldbHWUlxUOboO1bKTIPzbyfE-yVbY3kc1lUARBLh7tDFFdV4ZETrO4y2zDxAMrNgRs8H4mt2kXpDTuxbNfLoCRIGS0JboS2zqZ_f1iqPd1mFUCp2pxZTM8iwVeBtN-po1LzOuYtjL_gnKrvDSsRbYZ59k87Ee9hR2vOgVzRHxDCluY0ixYJiNBFh-bm8/s780/200-2.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="694" data-original-width="780" height="570" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhldbHWUlxUOboO1bKTIPzbyfE-yVbY3kc1lUARBLh7tDFFdV4ZETrO4y2zDxAMrNgRs8H4mt2kXpDTuxbNfLoCRIGS0JboS2zqZ_f1iqPd1mFUCp2pxZTM8iwVeBtN-po1LzOuYtjL_gnKrvDSsRbYZ59k87Ee9hR2vOgVzRHxDCluY0ixYJiNBFh-bm8/w640-h570/200-2.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 19</i></td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><p></p><p></p>But what kind of comms we are speaking about? <br /> </div><div style="text-align: justify;">- although a datagram may contain up to 255 bytes of data, according my recordings each datagram is composed of no more than 130 bytes of data: such brevity could mean that the datagrams are made up of short text messages; <br />- transmissions occur almost regularly every 15 minutes, as if the sender station collects messages coming from one link and then group and forward them into another link;<br />- transmissions are in a "blind" way, i.e. they are not preceded by 2G/3G ALE neither by voice calls and are not followed by ACKs: this could mean transmissions addressed to "stared" receiver(s);<br /></div><div style="text-align: justify;"> </div><div style="text-align: justify;">the above issues make me think of a Secure Text system, ie a system that allows text and data exchange up to and including the level of secret and protected by cryptographic devices (5).<br />A good point in favor of my guess is that Swedish Armed Forces currently use a variety of national secure text messages that are not interoperable with international systems and are distributed just through the MaRA Naval Communications Centre (NAVCOMMCEN) for maritime platforms and operations [1].<br /></div><div><p style="text-align: justify;"></p><p style="text-align: justify;"></p><p></p><p></p><p style="text-align: justify;"><b>...some speculations</b><br />Since Sweden Defence use national crypto for domestic comms <i>(6)</i>, what about the MGZI "Kryptomodem 1401" (Kryapp 1401, Crypto Modem for serial communication) commissioned by FMV (Swedish Defense) to Sectra [2]?</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcUl9mZyvkYAq2i87xnaUkJzozLh5mwiY3wpoEmGJStTZ6EeSqdQlDfRUn6yJifa4fPfMiqUt2OMBqljVr0EqcZ3neMrE0pQzIhGcQLa0XQWKMhsdacEbN7qDna4uxbSyVq6fJ4WT21Yb6xnx9VghwpYfx18M-0jH5-W4xsxidCyKj4whBGKp4sUATvnI/s965/1-sectra.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="821" data-original-width="965" height="544" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcUl9mZyvkYAq2i87xnaUkJzozLh5mwiY3wpoEmGJStTZ6EeSqdQlDfRUn6yJifa4fPfMiqUt2OMBqljVr0EqcZ3neMrE0pQzIhGcQLa0XQWKMhsdacEbN7qDna4uxbSyVq6fJ4WT21Yb6xnx9VghwpYfx18M-0jH5-W4xsxidCyKj4whBGKp4sUATvnI/w640-h544/1-sectra.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 20</i><br /></td></tr></tbody></table><p style="text-align: justify;">The Swedish Defence Materiel Administration (Swedish: Försvarets materielverk, FMV)[3] is a Swedish government agency that reports to the Ministry of Defence. The agency is responsible for the supply of materiel to the Swedish defence organisation. In this case they also provide Kryptomodem 1401 to the Swedish Navy. Notice in Figure 21 that maybe the "Stri 8000" could be identified with the HF-8000 SDR Radio System prioduced by ELBIT (ELBIT Sweden is one of the supplier of Swedish Defence).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPVGrwrA-Lbv02__qe3nLHhWxJglS7uJbzWZdDnym5TJaQUKNfxK7FQNTLW70fxuJHtdDaJOl0zW-sU3CWOA4KibHFIu683dIzBeba0vBfMTBhD-6zD1Rx1v7nfTmE4y1Lx9OLOGbgQ5RXFoW-WOCXTf2Bd4aObZ-OTmAkQOYClcQcw9Neg_fdcBo_muQ/s1009/3-Teknisk%20specifikation.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="824" data-original-width="1009" height="522" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPVGrwrA-Lbv02__qe3nLHhWxJglS7uJbzWZdDnym5TJaQUKNfxK7FQNTLW70fxuJHtdDaJOl0zW-sU3CWOA4KibHFIu683dIzBeba0vBfMTBhD-6zD1Rx1v7nfTmE4y1Lx9OLOGbgQ5RXFoW-WOCXTf2Bd4aObZ-OTmAkQOYClcQcw9Neg_fdcBo_muQ/w640-h522/3-Teknisk%20specifikation.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><i>Fig. 21</i><br /></td></tr></tbody></table><p style="text-align: justify;"> </p><p style="text-align: justify;"> <a href="https://disk.yandex.com/d/3qW7_b3IbdkEGw" target="_blank">https://disk.yandex.com/d/3qW7_b3IbdkEGw</a> </p><p style="text-align: justify;"><i>(1) The 80-meter or 3.5 MHz band is a band of radio frequencies allocated for amateur radio use, from 3.5 to 4.0 MHz in IARU Region 2, and generally 3.5 to 3.8 or 3.9 MHz in Regions 1 and 3 respectively. European common allocation is AERONAUTICAL MOBILE (OR) FIXED LAND MOBILE </i></p><p style="text-align: justify;"><i>(2) It must be said that in many messages the sync sequence seems to be 48 bits starting with [00000000] 0x00</i></p><p style="text-align: justify;"><i>(3) In the context of information theory, Shannon's entropy is a measure of the rate at which information is produced by a source of data. It can be used, in a broad sense, to detect whether data is likely to be structured or unstructured. 8 is the maximum, representing highly unstructured, 'random' data. English language text usually falls somewhere between 3.5 and 5. Properly encrypted or compressed data should have an entropy of over 7.5</i></p><p style="text-align: justify;"><i>(4) 0 represents complete randomness (all characters are unique), whereas 1 represents no randomness (all characters are identical). English text generally has an IC of between 0.67 to 0.78 whereas 'Random' text is determined by the probability that each letter occurs the same number of times as another. A low IC generally means that the text is random, compressed or encrypted. </i></p><p style="text-align: justify;"><i>(5) Secure text systems enable the armed forces to transmission and receipt military request, reports, orders, plans and policies and can be achieved in different ways, both regarding the format of the message and its method of transmission.<br /></i></p><p style="text-align: justify;"></p><p style="text-align: justify;"><i>(6) A few words on Swedish cryptology<br />For two centuries Sweden has upheld neutrality in the sense that the country has not been member of any military alliance. Only recently did the country apply for NATO membership although it has been a public secret that Sweden since the end of WWII has had an informal, but quite strong collaboration with NATO countries, especially the Scandinavian countries including Finland with which strong historical, cultural and linguistic bonds exist. The cooperation has manifested itself in the area of signals intelligence, exchange of intercepted information and interoperability of communications equipment including crypto equipment, and more recently in a close collaboration with NSA.<br />The credibility of neutrality has been supported by strong defense forces, including cryptologic efforts. A few cases serves to lustrate this: In spite of its neutrality, Sweden was able to just a short time after Germany attacked Denmark and Norway in April 1940 by systematic interception to reading German military telegraph traffic, which transited Sweden, by cracking the so called Geheimschreiber (a kind of substitution cipher where the key was changing with each character and the initialization vector was altered with a few days’ interval) primarily based on the attack by a mathematical genius, Arne Beurling. <br />Another feat was the successful evacuation – operation Stella Polaris - of the entire (nearly) Finnish SIGINT staff, their families and crypto analytic material and equipment after the Russo-Finnish war in 1944 ended in Finnish defeat. <br />Already in 1942, all cryptological and cryptanalytic effort were concentrated in FRA, Försvarets Radioanstalt (Defense Radio Establishment).<br />Thus, for many years the crypto efforts of Sweden's defence forces and government communications have had a high priority as a national endeavour, mainly due to the centuries long Swedish neutrality, as described above. Today, as Swedish membership of NATO is imminent pending ratification by the Turkish parlament, this collaboration of long duree ensures that the transition from neutrality to NATO mebership will be smooth. There is no doubt that the navy of Sweden in the actual geopolitical situation will play an important regional role in the Baltic Sea and the approaches to this ocean area.<br />The designations of Swedish crypto equipment is quite straightforward: </i></p><p style="text-align: justify;"><i>MXY[Z] - Maskinkrypto; Machinegenerated crypto<br />X - G = Gemensamt (common for all service branches), M - Marinen (navy), L - Flygvapnet (air force)<br />Y - Typ Y; Type Y<br />[Z] - Optional designator; Z = I, for international use, Z = U, for use abroad<br />The equipment is graded according to its degree of signal protection (Sw., SG, signalskyddsgrad), i.e. SG R(estricted), C(onfidential), S(secret) and T(op) S(ecret). <br /></i></p><p style="text-align: justify;"><br />[1] <a href="https://docplayer.net/45022367-Missiv-datum-postadress-besoksad-ress-telefon-telefax-e-post-internet.html" target="_blank">https://docplayer.net/45022367...internet.html</a><br />[2] <a href="https://communications.sectra.com/case/encryption-solutions-for-the-swedish-defence/" target="_blank">https://communications.sectra.com/case/encryption-solutions-for-the-swedish-defence/</a><br />[3] <a href="https://www.fmv.se/english/" target="_blank">https://www.fmv.se/english/</a></p></div>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com2tag:blogger.com,1999:blog-2805107305752377693.post-78082673904299619462023-11-17T11:33:00.000+01:002023-11-17T11:33:13.057+01:0016Kbps/16KHz encrypted wideband FSK (WBFSK)<p style="text-align: justify;">Unid 16Kbps/16000 wideband FSK (WBFSK) heard and sent me by my friend Martin on 31875 KHz, just a bit beyond the limit of the HF region (LVHF). Notice in Figure 1 the sharp filtering at the edge of FSK transitions.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzVZwLqAWO-hBtqiIU_GLbjQuWqHZTRSNvyDi99vTvQOYA2up7cVH9S5iuDqVElGpxosQbMkAztFcuCAy5SbSAKcgPnoaW7eozeBx_R7qT_5qm_qEcZu0pWIkh6NVeMIH-7ngGK_wAH8-1DGKKJHvRp-FtYF35Q3p3lCEGAID_Qo7r6yAIvg_ynwK37q4/s936/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="900" data-original-width="936" height="616" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzVZwLqAWO-hBtqiIU_GLbjQuWqHZTRSNvyDi99vTvQOYA2up7cVH9S5iuDqVElGpxosQbMkAztFcuCAy5SbSAKcgPnoaW7eozeBx_R7qT_5qm_qEcZu0pWIkh6NVeMIH-7ngGK_wAH8-1DGKKJHvRp-FtYF35Q3p3lCEGAID_Qo7r6yAIvg_ynwK37q4/w640-h616/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1</td><td class="tr-caption" style="text-align: center;"><br /></td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The signal has strong 196 ms ACF spykes which are due to the inserted bursts limiting the blocks in which the transfer is arranged (Figure 2).</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMX5nO5eH8o7E9cX-2UWxPtG6t4T_tJG0A15oL2od2PYyqHX4wrtOhHKs1DLpZZ3Iy-YV1i_WwErvGeYRcHVXZBFT0_FjyowzGqCFWvO0ObWzh_0MtWA3eBAP7jwfTWXcPHtI3mQmMBYQCvUGwTCI0NrQSoN3ODAgIZZtui03Rz5I1cMyS_hbyDo46tew/s904/2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="823" data-original-width="904" height="582" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMX5nO5eH8o7E9cX-2UWxPtG6t4T_tJG0A15oL2od2PYyqHX4wrtOhHKs1DLpZZ3Iy-YV1i_WwErvGeYRcHVXZBFT0_FjyowzGqCFWvO0ObWzh_0MtWA3eBAP7jwfTWXcPHtI3mQmMBYQCvUGwTCI0NrQSoN3ODAgIZZtui03Rz5I1cMyS_hbyDo46tew/w640-h582/2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The bitstream resulting after demodulation of part of the signal has a 3136-bit length framing, as expected since the 196 ms ACF, consisting of a 191-bit known sequence (the above mentioned inserted bursts) followed by 2945-bit of unknown data; the inserted burst are probably used for (re)synchronization purposes. Despite several runs, I did not find a valid LFSR for that sequence. Also note - zooming the bitstream - further 33 bits that could not be part of the following data block: this way it could be a 192-bit sequence followed by a 32-bit CRC... but it's only a mine speculation!</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkvNf1C0YT4w8__m-9Zl5bIP-0crbk9KwpCGvZKNriaKR3VCpvOIcYv_ayQpJ76b1jIxTiMWJrUsqiY4XLnh7PWEKruTIM4kdAgSdIIh_o8WVZ9k2nJDOqVElq4OAmxGFElDcxezIbThcvO2OO5rTYKxnUKqjOisCRZquvTkVaW3iyg-WVVrnCyvR2_4Q/s902/3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="775" data-original-width="902" height="550" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkvNf1C0YT4w8__m-9Zl5bIP-0crbk9KwpCGvZKNriaKR3VCpvOIcYv_ayQpJ76b1jIxTiMWJrUsqiY4XLnh7PWEKruTIM4kdAgSdIIh_o8WVZ9k2nJDOqVElq4OAmxGFElDcxezIbThcvO2OO5rTYKxnUKqjOisCRZquvTkVaW3iyg-WVVrnCyvR2_4Q/w640-h550/3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Voice or data? The 16 Kbps speed and the way it sounds (like a white noise, to make it difficult to intercept) make me think of a vocoder. Indeed, in many VHF radio stations the analog speech signal is converted into digital form using CVSD (Continuous Variable Slope Delta) [1] just running at 16 kbit/s and then encrypted probably using a VINSON family crypto device such as KY-57/KY-58 [2].<br />L3Harris RF-7800H-MP could be a possible candidate among other radios since it allows both VHF WBFSK and CVSD vocoder.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcFb7l-S_hcNO6K1Sh8YtbzfDmcBNm_SYiBTC5pGpZrMfEM_k-oHyA62T5e-OzBotBAcLpEbyEGI5T4NOGe3GJGocV6XrVu9k6sJA3xG9b5-RKcYrhTdiZX2hFUOPnLxLEghpUlMkDc6OvY85j4Az8S9tEFAzjQozxMCbBrEcO495MqZbgsN_u37IbdJo/s508/4.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="221" data-original-width="508" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcFb7l-S_hcNO6K1Sh8YtbzfDmcBNm_SYiBTC5pGpZrMfEM_k-oHyA62T5e-OzBotBAcLpEbyEGI5T4NOGe3GJGocV6XrVu9k6sJA3xG9b5-RKcYrhTdiZX2hFUOPnLxLEghpUlMkDc6OvY85j4Az8S9tEFAzjQozxMCbBrEcO495MqZbgsN_u37IbdJo/s16000/4.PNG" /></a></div><p style="text-align: justify;">Likely, the 191-bit (or 224-bit) inserts are not a CVSD specific feature but are added by the crypto device.</p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/MFoYcvA0pRjp4Q" target="_blank">https://disk.yandex.com/d/MFoYcvA0pRjp4Q</a></p><p style="text-align: justify;">[1] <a href="https://en.wikipedia.org/wiki/Continuously_variable_slope_delta_modulation" target="_blank">https://en.wikipedia.org/wiki/Continuously_variable_slope_delta_modulation</a><br />[2] <a href="https://en.wikipedia.org/wiki/VINSON" target="_blank">https://en.wikipedia.org/wiki/VINSON</a><br /></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com3tag:blogger.com,1999:blog-2805107305752377693.post-10371726709014486802023-11-13T15:38:00.003+01:002023-11-14T10:57:06.553+01:00a new family of wideband OFDM waveforms<p style="text-align: justify;">A new family of wideband OFDM signals has recently appeared on-air, most likely tests of Russian origin, and which - at least according to the observations carried out so far - seems to be composed of six waveforms which for convenience I call OWF (OFDM Waveform):</p><p style="text-align: justify;">OWF3: 3 KHz bandwidth, OFDM 64-tone<br />OWF6: 6 KHz bandwidth, OFDM 128-tone *<br />OWF12: 12 KHz bandwidth, OFDM 256-tone<br />OWF24: 24 KHz bandwidth, OFDM 512-tone <br />OWF48: 48 KHz bandwidth, OFDM 1024-tone <br />OWF96: 96 KHz bandwidth, OFDM 2048-tone </p><p style="text-align: justify;"> * the OWF6 waveform has not been observed "directly" but its characteristics and main parameters can be obtained from early-test transmissions [1]<br /></p><p style="text-align: justify;">Note that, unlike the western 188-110D App.D (single-tone waveforms, not OFDM), the bandwidths of 9, 15, 18, 21, 30, 36, 42 are missing.<br />The six waveforms share some common features:<br /><br />1. initial preamble consists of an LFM segment followed by MFSK-64 37.5 Bd segment<br />2. MFSK segent is followed by up-chirped FMCW (Frequency Modulation Continuous Wave) sweeps<br />3. data transfer is arranged in 15 OFDM blocks, separated by chirps as in 2<br />4. OFDM blocks have all the same speed of 37.5 Baud and same channel separation of 46.8 Hz<br />5. in some waveforms (OWF1, OWF24, OWF48) the initial MFSK preamble is followed by the same up-chirped sweeps as in 2<br /><br />It's interesing to note that OFDM parameters fit DRM-B ones.</p><p style="text-align: justify;"><b>OWF3 (3 KHz bandwidth)</b><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvnjQeI4dO1PJyXQX-AlHDJg8j02AfqS6XOlu0rSD9qcCPZ08F4DbRf3KoHdvJBj-mu8x8niPvkeZem7bCG9CT4O1oyYO1CJ_fS14i-Zp7165oqhpooiRclsUltdHofFZDsV2X8cY_Nl9GP2j3YfDtt5WfnUB0NVGZhLRlxRxgioeIUxFLvrxr42mLHNw/s884/OWF3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="884" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvnjQeI4dO1PJyXQX-AlHDJg8j02AfqS6XOlu0rSD9qcCPZ08F4DbRf3KoHdvJBj-mu8x8niPvkeZem7bCG9CT4O1oyYO1CJ_fS14i-Zp7165oqhpooiRclsUltdHofFZDsV2X8cY_Nl9GP2j3YfDtt5WfnUB0NVGZhLRlxRxgioeIUxFLvrxr42mLHNw/w640-h242/OWF3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1 - 3 KHz bandwidth waveform</td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDFHabIshA6PQfklpFn4uPmiyrlvzFn4YdcggVqo9nFbf8dwgXBh3zoEoyWh3c7cwwo7DzkA9Xmb5AKvGsc8ePQI_mSI1MWMaURaN7JFSK4TgUb4zJh6OIvVA6NltW3Vq0bR4mkztwet75NrM6tFKWiTzUpQNEyPualdPR1FAdpRu8eWVHdAvd92E7RDs/s903/3KHz-ofdm.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="488" data-original-width="903" height="346" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDFHabIshA6PQfklpFn4uPmiyrlvzFn4YdcggVqo9nFbf8dwgXBh3zoEoyWh3c7cwwo7DzkA9Xmb5AKvGsc8ePQI_mSI1MWMaURaN7JFSK4TgUb4zJh6OIvVA6NltW3Vq0bR4mkztwet75NrM6tFKWiTzUpQNEyPualdPR1FAdpRu8eWVHdAvd92E7RDs/w640-h346/3KHz-ofdm.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - 3 KHz bandwidth OFDM</td></tr></tbody></table><p></p><p><b>OWF6 (6 KHz bandwidth)</b></p><p><b></b></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIWT6P8GdWMod5Ln8nIygf6-Nuvj8df_RaPB3E29YestvWeZCDcGaF_FzIA2NgCiBWEXe-4Bbh4Z_ar0lcxUb47j3a7jTQpl8zaDFPfnTCWdN6YffVO4616AEOdlSSkVUQ9GBQKevBnA1XaFT17OZGdV2Blma6rbTuKsLtKwdO0PzMfivvnKPWJipLI-I/s884/OWF6.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="334" data-original-width="884" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIWT6P8GdWMod5Ln8nIygf6-Nuvj8df_RaPB3E29YestvWeZCDcGaF_FzIA2NgCiBWEXe-4Bbh4Z_ar0lcxUb47j3a7jTQpl8zaDFPfnTCWdN6YffVO4616AEOdlSSkVUQ9GBQKevBnA1XaFT17OZGdV2Blma6rbTuKsLtKwdO0PzMfivvnKPWJipLI-I/w640-h242/OWF6.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3 - 6 KHz bandwidth waveform</td><td class="tr-caption" style="text-align: center;"> </td></tr></tbody></table><b> </b><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqXPzD3TaOw5zaa-_5260-GlW8_bXSzRV0q4zxxSJKs3A9L8cvtxqwBTivYh4wwaP-D54guPMbzNhLNsmCPeOowsDL9f9heL_yE7SUBGg7qsakfO2UQJau-76QD2N1D2KldfJN8jXl5hNHmsYUqlONxlILEcBnI7s9ApLWsE_JmtrINhIddZr8blHxpyk/s903/6KHz-ofdm.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="486" data-original-width="903" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqXPzD3TaOw5zaa-_5260-GlW8_bXSzRV0q4zxxSJKs3A9L8cvtxqwBTivYh4wwaP-D54guPMbzNhLNsmCPeOowsDL9f9heL_yE7SUBGg7qsakfO2UQJau-76QD2N1D2KldfJN8jXl5hNHmsYUqlONxlILEcBnI7s9ApLWsE_JmtrINhIddZr8blHxpyk/w640-h344/6KHz-ofdm.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 - 6 KHz bandwidth OFDM</td></tr></tbody></table><p><br /><b>OWF12 (12 KHz bandwidth)</b></p><p><b></b></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3Xa7BzcA4DuzDkjswAV-3pSgitavEU0bpl0n-67ZIcTy65zcRJ2kjGwqawB1o7zD3NAmk68vDxL9xJJyqwI4g6i7g8RxelS1N_2-6trEpyAoC3Ek6c_vqtiM8pkxjMBb60IVisBJGH8dWlvJ-VOAVOQGPQMJF0LmmhZYrW_UWJN8RgCs134RYQ6hzj5g/s882/OWF12.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="334" data-original-width="882" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3Xa7BzcA4DuzDkjswAV-3pSgitavEU0bpl0n-67ZIcTy65zcRJ2kjGwqawB1o7zD3NAmk68vDxL9xJJyqwI4g6i7g8RxelS1N_2-6trEpyAoC3Ek6c_vqtiM8pkxjMBb60IVisBJGH8dWlvJ-VOAVOQGPQMJF0LmmhZYrW_UWJN8RgCs134RYQ6hzj5g/w640-h242/OWF12.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5 - 12 KHz bandwidth waveform</td><td class="tr-caption" style="text-align: center;"> </td></tr></tbody></table><b> </b><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL1oJF98ZXGUGMANDbn_THuDnzvDGCw3oh-pU7SW4PSgBXPVJNUycnb-UVk-F3sdoiZInYuYm_68ZGTfPKWNu_DORtqbvTj1PTjilvu4BjFvgDaZZPfrBs3Dvg04qjVHatgUuf49U4y7-ZMUNYIRGmK91VTi4z_LeRhYqglpa1Wc88KDwTMa_m7ecMABk/s984/12KHz-ofdm.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="487" data-original-width="984" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL1oJF98ZXGUGMANDbn_THuDnzvDGCw3oh-pU7SW4PSgBXPVJNUycnb-UVk-F3sdoiZInYuYm_68ZGTfPKWNu_DORtqbvTj1PTjilvu4BjFvgDaZZPfrBs3Dvg04qjVHatgUuf49U4y7-ZMUNYIRGmK91VTi4z_LeRhYqglpa1Wc88KDwTMa_m7ecMABk/w640-h316/12KHz-ofdm.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 6 - 12 KHz bandwidth OFDM</td></tr></tbody></table><p><br /><b>OWF24 (24 KHz bandwidth)</b></p><p><b></b></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNU33fTcDU8OuF4k_mzH_j9T1t00i3EU2VnvfCMWz_Ih8VkM469l-xMGGIJtMrA0yoDQe5U7wWxr82TGtrRPRGsDpDOEY8cUR-9TcGaz9NzBZNaZjjUqs1dSAcZfomxlEKM5tQGG0TtdP6Tumbt5jJcZigHHK6Tuo31bz2Tco5O1sdVWWQfIp01LLdtBY/s879/OWF24.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="332" data-original-width="879" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNU33fTcDU8OuF4k_mzH_j9T1t00i3EU2VnvfCMWz_Ih8VkM469l-xMGGIJtMrA0yoDQe5U7wWxr82TGtrRPRGsDpDOEY8cUR-9TcGaz9NzBZNaZjjUqs1dSAcZfomxlEKM5tQGG0TtdP6Tumbt5jJcZigHHK6Tuo31bz2Tco5O1sdVWWQfIp01LLdtBY/w640-h242/OWF24.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 7 - 24 KHz bandwidth waveform</td></tr></tbody></table><b> <table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLn9Y2yg-nNAraDniJskO6ZGn9E4VaFkZa0TzXXhSIrwlmRoSemsfB7DEyhqLQtHBKKWSwqmE001JqA1-6-wjjw-1JEfX28Z_ejbNbF80bPFB53GtpIo2DkDZc63vgL7O0WLSCHFGNuWBSpzb3oiLKnILQEF1r1SUJrBV4nVueG3i18w4YUdmkjr71kCI/s1513/24KHz-ofdm.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="526" data-original-width="1513" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLn9Y2yg-nNAraDniJskO6ZGn9E4VaFkZa0TzXXhSIrwlmRoSemsfB7DEyhqLQtHBKKWSwqmE001JqA1-6-wjjw-1JEfX28Z_ejbNbF80bPFB53GtpIo2DkDZc63vgL7O0WLSCHFGNuWBSpzb3oiLKnILQEF1r1SUJrBV4nVueG3i18w4YUdmkjr71kCI/w640-h222/24KHz-ofdm.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 8 - 24 KHz bandwidth OFDM</td></tr></tbody></table></b><p></p><p><b>OWF48 (48 KHz bandwidth)</b></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgSFDILdGjSLLD8Djrizs6aIP9bTrWhjazvoCopWZU667KCw5Z8uYL1YdiAoZyEdqbym6PfNtRKt2xTqyWN6pnqV1UHgusi9KeM9dmDwCQUCU0pKD46GeDuwj7jZr4bvtjJ44L8rlGTHJIuitwNlXdxgmRo0Zw7rJZGf1PqJ-0LusdxnTJG4fi-s57cBE/s886/OWF48.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="886" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgSFDILdGjSLLD8Djrizs6aIP9bTrWhjazvoCopWZU667KCw5Z8uYL1YdiAoZyEdqbym6PfNtRKt2xTqyWN6pnqV1UHgusi9KeM9dmDwCQUCU0pKD46GeDuwj7jZr4bvtjJ44L8rlGTHJIuitwNlXdxgmRo0Zw7rJZGf1PqJ-0LusdxnTJG4fi-s57cBE/w640-h242/OWF48.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 9 - 48 KHz bandwidth waveform</td><td class="tr-caption" style="text-align: center;"> </td></tr></tbody></table><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiCZ-C1AEo9FMENIdiSi1P6SMSbYHlORwj7zA-YPP7SfwqYPwVjjBLsqyOfD7jSyJLbRE1OWB9PyLnJ4LZ1-owpcYX0sw8TaqXjlN450muq6sxmKp8p4E5WCaV8ZxZI2FSnoZ25IlnKuc0do7G9BOMdHC0p5-D8N7DHlS4T0gCUuwaJ33B4Exvwqyle_Y/s1455/48KHz-ofdm.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="485" data-original-width="1455" height="214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiCZ-C1AEo9FMENIdiSi1P6SMSbYHlORwj7zA-YPP7SfwqYPwVjjBLsqyOfD7jSyJLbRE1OWB9PyLnJ4LZ1-owpcYX0sw8TaqXjlN450muq6sxmKp8p4E5WCaV8ZxZI2FSnoZ25IlnKuc0do7G9BOMdHC0p5-D8N7DHlS4T0gCUuwaJ33B4Exvwqyle_Y/w640-h214/48KHz-ofdm.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 10 - 48 KHz bandwidth OFDM</td></tr></tbody></table><p><b>OWF96 (96 KHz bandwidth)</b></p><p><b></b></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhICaHG0NyZOFl7u7586afXazUnuvuTsusXhoYa4QW_IMXdfear4XCyhhKV-2LDbuBCL4ByHAe75XbuKvZeacr8MOBq7Jm6gt54G7GLj1rY8SQoKSM5cwepf0gjAqihL1_lHlTTiiNVRXTo_TFfRNwO2AcX6n139B836dtezeCBld_PANzbIkJIjwgdlX4/s882/OWF96.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="335" data-original-width="882" height="244" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhICaHG0NyZOFl7u7586afXazUnuvuTsusXhoYa4QW_IMXdfear4XCyhhKV-2LDbuBCL4ByHAe75XbuKvZeacr8MOBq7Jm6gt54G7GLj1rY8SQoKSM5cwepf0gjAqihL1_lHlTTiiNVRXTo_TFfRNwO2AcX6n139B836dtezeCBld_PANzbIkJIjwgdlX4/w640-h244/OWF96.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 11 - 96 KHz bandwidth waveform</td></tr></tbody></table><p></p><p></p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWFxM69VtAT5rVPnNHaO-pYRpSqj8mrvlz5Y6UazMZv47O5R4E7MOi_UdL2KmupKEPtqYmukfA03xrndaXQTZqH62NuuM0bnBu3Unf6DyBlGH6tJKdfjiZ7dPlnStsTbefqXFCtxeo4WzWr_FDWC3PUDTKpTpiOy49oqqrcOIaBx5FllH0-IQQa0Vs92k/s1011/a.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="486" data-original-width="1011" height="308" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWFxM69VtAT5rVPnNHaO-pYRpSqj8mrvlz5Y6UazMZv47O5R4E7MOi_UdL2KmupKEPtqYmukfA03xrndaXQTZqH62NuuM0bnBu3Unf6DyBlGH6tJKdfjiZ7dPlnStsTbefqXFCtxeo4WzWr_FDWC3PUDTKpTpiOy49oqqrcOIaBx5FllH0-IQQa0Vs92k/w640-h308/a.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 12 - 96 KHz bandwidth OFDM</td></tr></tbody></table><p></p><p></p><p style="text-align: justify;">While the vast majority of Western countries use single tone waveforms (see the aforementioned MS-110D) Russian friends favor the development of multi-tone waveforms, as OFDM in this case: I am not able to make a comparison of performances, there is certainly a valid reason behind preferring one approach or the other.</p><p style="text-align: justify;">Thanks to my friends <i>ANgazu, Joni, Linkz</i> and <i>KarapuZ</i> for sending me their recordings.</p><p style="text-align: right;"><i>(to be continued) </i><br /></p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/s4FclhpM7ZFbAw" target="_blank">https://disk.yandex.com/d/s4FclhpM7ZFbAw</a><br /></p><p style="text-align: justify;">[1] <a href="http://i56578-swl.blogspot.com/2016/05/cis-ofdm-64-tone-qam-16-40bd.html" target="_blank">http://i56578-swl.blogspot.com/2016/05/cis-ofdm-64-tone-qam-16-40bd.html</a></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-45375124518352312142023-11-11T12:29:00.005+01:002023-11-11T12:30:10.141+01:00unid MFSK-17 125Bd<p>Unid (probably Russian) MFSK-17/125 125Bd burst transmission heard on 21292 kHz USB (15mt HAM band) USB at 0830 UTC. </p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV9ZwJ0ANhDWjzOQa-L2XtdPw6xwTluFRpeM59GsWCv7MIZD6fnzWZx7noNzU9exHH4hBfO-mtCEwwRBIjJ2Z_5vTWI9pmGVuHtXX-Hxyq3bb22na_q6_q2IC6liCS8l2896MMpKzx-LhWfVZADpXQVJnU0vdxHHMeHFK7ot1q79Iy_wHEanHfeAIOTCc/s947/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="630" data-original-width="947" height="426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV9ZwJ0ANhDWjzOQa-L2XtdPw6xwTluFRpeM59GsWCv7MIZD6fnzWZx7noNzU9exHH4hBfO-mtCEwwRBIjJ2Z_5vTWI9pmGVuHtXX-Hxyq3bb22na_q6_q2IC6liCS8l2896MMpKzx-LhWfVZADpXQVJnU0vdxHHMeHFK7ot1q79Iy_wHEanHfeAIOTCc/w640-h426/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTjQk_XyzYr4GIyx4k3tLpP7zl6tGiVndRMheiTU_VODEC2S3_-Yyy7NEIj2bpRtgHiHhoXk1cuZ1buK5bjQD_1OUlOaCnV2ksJXN3HwqIAfRADNiMH3EIlHJTbspf3CJHkwodT4xo1H1ELUazhHRnxkWX2MTPYcLKS4d2eAvCCD8kLGCZAGvpKoUhe30/s948/2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="613" data-original-width="948" height="414" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTjQk_XyzYr4GIyx4k3tLpP7zl6tGiVndRMheiTU_VODEC2S3_-Yyy7NEIj2bpRtgHiHhoXk1cuZ1buK5bjQD_1OUlOaCnV2ksJXN3HwqIAfRADNiMH3EIlHJTbspf3CJHkwodT4xo1H1ELUazhHRnxkWX2MTPYcLKS4d2eAvCCD8kLGCZAGvpKoUhe30/w640-h414/2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2<br /></td></tr></tbody></table><p>The same waveform was already noted six years ago(!) and reported in this blog:<br /><a href="http://i56578-swl.blogspot.com/2017/07/russian-mfsk-17-125bd125hz-burst-system.html" target="_blank">http://i56578-swl.blogspot.com/2017/07/russian-mfsk-17-125bd125hz-burst-system.html</a> </p><p> <a href="https://disk.yandex.com/d/7LLoZu03nFRhaA" target="_blank">https://disk.yandex.com/d/7LLoZu03nFRhaA</a> <br /></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-60833574169671492662023-11-09T11:01:00.029+01:002023-11-09T17:50:26.120+01:00Akula 250Bd/500 FSK version<div><p style="text-align: justify;">A friend of mine, whom I'm grateful, sent me this interesting and quite rare example of the Akula 250Bd/500 FSK waveform. Transmission was recorded on 9202 KHz around 0800 UTC using a Japanese SDR: as you see, the values of the FSK parameters are the half of the usual ones (500Bd/1000) </p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0osHxJABjZWjY5Y5zB95OZ8Fvmz4sA_R19z7khuMCQFbiuAdno4RKljCG2BemkNpPhWoxxxC7pEps44xnfrLV_6qX-gG7PZb8Jmy5yTekbi_p0uUT4ydeO0Ycmu_-AgCx18R7Lx0qkrHIqqvqG_hmbH7j2HcHgBpTuhGnGmUqi_pDrSpmJWsGKm-BQnE/s907/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="812" data-original-width="907" height="572" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0osHxJABjZWjY5Y5zB95OZ8Fvmz4sA_R19z7khuMCQFbiuAdno4RKljCG2BemkNpPhWoxxxC7pEps44xnfrLV_6qX-gG7PZb8Jmy5yTekbi_p0uUT4ydeO0Ycmu_-AgCx18R7Lx0qkrHIqqvqG_hmbH7j2HcHgBpTuhGnGmUqi_pDrSpmJWsGKm-BQnE/w640-h572/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1 - Akula 250Bd/500<br /></td></tr></tbody></table><p></p><p>The demodulated bitstream shows the normal Akula "stuff" (Figure 2):<br />- reversals<br />- sync group (6 code words followed by 6-bit "0"s separator)<br />- preamble group (7 code words with two different, but varying values arranged as 4 x 1st code word + 3 x 2nd code word)<br />- data block<br />- End-Of-Message group + EOT group (which never varies and consists of the five code words 010000 011101 011101 010000 100001) <br /></p></div><div style="text-align: justify;">Also notice in Figure 2 the slight difference between the preamble of this sample:<br />3 x 100101 + 110101 + 2 x 110001<br />and the characteristic one obtained from the demodulation of the 500Bd/1000 waveform:<br />4 x 100101 + 3 x 110001<br />further registrations are needed before we can say that this is the characteristic preamble of the 250Bd/500 waveform.<br /></div><div><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUY6zME8QfNYdR2zgtYDdFpUsfE80imptntq1VDY0vWSD8-76hzyMlWUEbh4FIxmyrILk8RLe-HvDn4EAHuUz3Enk8_yAc2vbL1eJQT2nN_6zd0yCT10O6ZI5VjSA8PZEz9UNwt4EzoUXjW9moA3pWk2PlGtfOCeOa6e3Pt9GZ10MhpxFaS3DsKYUPwTY/s859/2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="563" data-original-width="859" height="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUY6zME8QfNYdR2zgtYDdFpUsfE80imptntq1VDY0vWSD8-76hzyMlWUEbh4FIxmyrILk8RLe-HvDn4EAHuUz3Enk8_yAc2vbL1eJQT2nN_6zd0yCT10O6ZI5VjSA8PZEz9UNwt4EzoUXjW9moA3pWk2PlGtfOCeOa6e3Pt9GZ10MhpxFaS3DsKYUPwTY/w640-h420/2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - Akula 250Bd/500 demodulated bitstream<br /></td></tr></tbody></table><br /><p></p><p></p><p></p><p style="text-align: justify;">It's worth noting in Figure 1,3 the continuous carrier in absence of messages, as already seen in other recordings [1]: probably this is due to the adopted ship-shore "paradigma". While in many of the western navies the shore stations are used to broadcast a list of available listening frequency (FABs/CARBs) <i>(1)</i>, it could be that the Russian shore stations transmit a carrier on their known listening frequencies at scheduled times on behalf of subs which have something to comunicate to the shore station itself. That's obviously my and my frield's guess.<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4xqLWaEL85qhLwdQ53SgY9gTE8rVCAKuY2qij07Y7pZVOpu9DRsZD8T4Uh3Lx7Srd9iEsH0yyUvUZ_I5fnS0nlrGqNlbmNFCI2tDlHXL32OeoMgrq-m-WvEuOw5zLTobZwyuh6d6lywxK9Gp_cwMgq6xsHixmVHSL59jAweXgWdmGifpBNQycbkUpNOM/s878/3.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="549" data-original-width="878" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4xqLWaEL85qhLwdQ53SgY9gTE8rVCAKuY2qij07Y7pZVOpu9DRsZD8T4Uh3Lx7Srd9iEsH0yyUvUZ_I5fnS0nlrGqNlbmNFCI2tDlHXL32OeoMgrq-m-WvEuOw5zLTobZwyuh6d6lywxK9Gp_cwMgq6xsHixmVHSL59jAweXgWdmGifpBNQycbkUpNOM/w640-h400/3.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3 <br /></td></tr></tbody></table><p style="text-align: justify;">It's very interesting to note that a day after, and on the same frequency, a short speech was noted: "GREYDER ya DALNIE", more over the Ministry of Defense of the Russian Federation web site reports about an anti-submarine exercise in Peter the Great Bay by the Pacific Fleet just on 8th November (Figure 4) [3]. Note that "Peter the Great Bay" is located in the Sea of Japan, northwestern Pacific Ocean, in the Maritime (Primorye) region of far eastern Russia and that the Akula sample was heard using a remote KiwiSDR in Nagano, Japan. Just a coincidence?</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHL7sYcih8NrQGl7tX9tLpMbD4OU5q9g3AfuWEUZNj38nBziBRC3qhgJ16Z9yrcFqac8uuDiFoXv054JJdmEMXqs08JBUAPXbiErz1u-Io45h17B1I9og-oKeui_iDP8atOf7MDWHXY8bzEYnqSI0iKnJvLo3oOiOAAdLk_Myxblw5fHs_mNlzsvlMOls/s859/a.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="859" data-original-width="826" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHL7sYcih8NrQGl7tX9tLpMbD4OU5q9g3AfuWEUZNj38nBziBRC3qhgJ16Z9yrcFqac8uuDiFoXv054JJdmEMXqs08JBUAPXbiErz1u-Io45h17B1I9og-oKeui_iDP8atOf7MDWHXY8bzEYnqSI0iKnJvLo3oOiOAAdLk_Myxblw5fHs_mNlzsvlMOls/w616-h640/a.PNG" width="616" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 - <a href="https://function.mil.ru/news_page/country/more.htm?id=12484855@egNews" target="_blank">https://function.mil.ru/news_page/country/more.htm?id=12484855@egNews</a><br /></td></tr></tbody></table><p style="text-align: justify;"></p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/kGyl5tQco6hKWg" target="_blank">https://disk.yandex.com/d/kGyl5tQco6hKWg</a></p><p style="text-align: justify;"><i>(1) CARB is the acronym for Channel Availability and Receipt Broadcast, these transmissions radiate information on the frequencies available for ship-shore traffic and to pass control and receipt messages; sometimes also indicated as FAB or Frequency Availability Broadcast. These procedures are used to automatically perform a channel-link before a message could be sent [2]. </i></p><p style="text-align: justify;">[1] <a href="http://i56578-swl.blogspot.com/2022/04/akula-quite-unusual-session.html" target="_blank">http://i56578-swl.blogspot.com/2022/04/akula-quite-unusual-session.html</a><br />[2] <a href="http://i56578-swl.blogspot.com/search/label/FAB" target="_blank">http://i56578-swl.blogspot.com/search/label/FAB</a> <br />[3] <a href="https://function.mil.ru/news_page/country/more.htm?id=12484855@egNews" target="_blank">https://function.mil.ru/news_page/country/more.htm?id=12484855@egNews</a><br /></p></div>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com1tag:blogger.com,1999:blog-2805107305752377693.post-13671896324237264102023-10-26T19:29:00.004+02:002023-10-26T20:00:02.149+02:00NILE/Link-22, likely QAM traffic waveforms<p style="text-align: justify;">Two NILE/Link-22 close channels recorded this morning (26th October) on 14.656 KHz and 14.659 KHz using a remote AirSpy server located in Romania [1], traffic in the two channels flowed in alternating mode.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYaYSVFLL94kHj2JQu_bjBHxnyPlVllrUElCBmU_EXBYJZbY_9SQy5Z674InXWIRyGcoD5vkFG9fxKG8IULJz8FZlcfZVRhgGtTHE91A0N6V6yiUKvzVic_1WhLyE4EB8ua3ACf20D4EK7TdAskyn1-63ZfT4NAy2ab57e4yDtHwtybjkitzRwz8wMtVw/s882/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="607" data-original-width="882" height="440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYaYSVFLL94kHj2JQu_bjBHxnyPlVllrUElCBmU_EXBYJZbY_9SQy5Z674InXWIRyGcoD5vkFG9fxKG8IULJz8FZlcfZVRhgGtTHE91A0N6V6yiUKvzVic_1WhLyE4EB8ua3ACf20D4EK7TdAskyn1-63ZfT4NAy2ab57e4yDtHwtybjkitzRwz8wMtVw/w640-h440/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1 - NILE/Link-22 transmissions<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Link-22 use the TDMA (Time Division Multiple Access) waveforms, as for STANAG-4539 Annex D: modulation technique consists of phase shifting of a 00 Hz sub-carrier and speed of 2400 baud. In TDMA mode each user is allowed to transmit only within specified time intervals named as "Time Slots" so that different users transmit in differents time slots (1). According to S-4539 Annex D, a TDMA slot is the high level structure in which information will be transmitted/received and it is composed of a Preamble, a certain number of Media Code Frames and a Guard Time.<br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-rir8gvRNjNvtXBHNdj6zUD1Yjk2E7cBVEXaZhV41KTV2p4pg4L4KFcwYz_QZpHbpgLMrPqX7CzSqmaooROcJRVyxp8_hDY81uQEHzXNNwobskYuSWpwspYtw-4NgEHOyq7ZS_R2IwAX84m-EV2RkeXXhGTYzxO7LY2DtiZmruR0oNN7NsbSL3RCHK1s/s613/MediaCodeFrame.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="100" data-original-width="613" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-rir8gvRNjNvtXBHNdj6zUD1Yjk2E7cBVEXaZhV41KTV2p4pg4L4KFcwYz_QZpHbpgLMrPqX7CzSqmaooROcJRVyxp8_hDY81uQEHzXNNwobskYuSWpwspYtw-4NgEHOyq7ZS_R2IwAX84m-EV2RkeXXhGTYzxO7LY2DtiZmruR0oNN7NsbSL3RCHK1s/s16000/MediaCodeFrame.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"> <br /></td></tr></tbody></table><p style="text-align: justify;">A Media Code Frame is composed of 270 symbols to be transmitted at the modulation rate of 2400 baud and using different Traffic Waveforms and modulations. Each Traffic Waveform is composed of a sequence of different Data blocks and Mini Probe (MP) blocks: the Data block contains coded information symbols and the MP block contains known training symbols to be used by the equaliser. The Mini Probes symbols, prior to scrambling, are all symbols number 0. Since the 270 symbols of the Media Code Frame, regardless the used Traffic Waveform, it's ACF has a value of 112.5 ms.<br />Figures 2 & 3 show that the two Link-22 channels use two different Traffic Waveforms to arrange the 112.5-ms/270-symbol length of the media code frame; also notice that they use the same time slot duration since both send 15 media code frames per time slot.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipwLD9_YXPbdmzheL0I3RGIU8ckcRxrHifMzLhB_zJGfa6w0qA8E0kyNczsQyOMIEucO-QN_xFwly3U07tlj2FOHQLijY0G6DJ7DscVgQh-KUAtdYB4Bt4QDPEopVhsTTliM3DMu-qh5-9023timNbUhyphenhyphenFAiXEFhyphenhyphen1cwVcoMK2ZDZ16aXyXq88TZORcE0/s894/100.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="519" data-original-width="894" height="372" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipwLD9_YXPbdmzheL0I3RGIU8ckcRxrHifMzLhB_zJGfa6w0qA8E0kyNczsQyOMIEucO-QN_xFwly3U07tlj2FOHQLijY0G6DJ7DscVgQh-KUAtdYB4Bt4QDPEopVhsTTliM3DMu-qh5-9023timNbUhyphenhyphenFAiXEFhyphenhyphen1cwVcoMK2ZDZ16aXyXq88TZORcE0/w640-h372/100.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 </td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUlt_WTKJ1llBXdfQMddgGZMsrT5HhCkETShnrRLV6dCH5OE9iBdo7tPrecV7gr0ip_X-yJ7ewLvW8KYa98zKc1s9cBTx0WvjTyPfVuCVfKMS5LltmiH0arXasJft3HQonU2YUYxdf8r90vxUplXQJpcWVr5EHKXotSImyKpN4I9rFkRehx9dfsxHdKio/s900/200.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="519" data-original-width="900" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUlt_WTKJ1llBXdfQMddgGZMsrT5HhCkETShnrRLV6dCH5OE9iBdo7tPrecV7gr0ip_X-yJ7ewLvW8KYa98zKc1s9cBTx0WvjTyPfVuCVfKMS5LltmiH0arXasJft3HQonU2YUYxdf8r90vxUplXQJpcWVr5EHKXotSImyKpN4I9rFkRehx9dfsxHdKio/w640-h370/200.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Given the poor SNR of the signals I was unable to find clear constellations and therefore identify the type of the Traffic Waveforms that were used; attempts suggest the use of QAM modulations (Figure 4).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPlTLpR5G5Sts0Fs-R6OL-8VTUX-W1meeYaBFZV0kl_qVT6LG-jMbRSObjVv2GFwF41sciiA4GQGvxfCIA1a-xbCa2KIK7Ew9kekc_pIdQkOxwjkEguLbZvB9jiczgm8ZBsHL6kA8ir2qp9jGiXJZG_vdzuFsNbbGajNlQ_qTRIC-1EnYblZhPoC8bkdY/s870/qam.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="189" data-original-width="870" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPlTLpR5G5Sts0Fs-R6OL-8VTUX-W1meeYaBFZV0kl_qVT6LG-jMbRSObjVv2GFwF41sciiA4GQGvxfCIA1a-xbCa2KIK7Ew9kekc_pIdQkOxwjkEguLbZvB9jiczgm8ZBsHL6kA8ir2qp9jGiXJZG_vdzuFsNbbGajNlQ_qTRIC-1EnYblZhPoC8bkdY/w640-h140/qam.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 <br /></td></tr></tbody></table><p style="text-align: justify;"></p><p style="text-align: justify;">Unfortunately I don't have the 2019 edition of Stanag-4539 but only the first edition dated 2005 which specified only three waveforms (QPSK & PSK8): as you may see, the framings resulting in figures 2,3 do not correspond.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFj9ujCR16T06egopTW6MXNB5ss9cPUodBZ_KQzBuJmSROtTZ7C6tptYnRb3jQdqLQW1r_1Htvb8URjIpp-HK77Z-Mq7Qw7JmaenBw8_Hh942-zXTjpkiWFMwGigOC2p_qwtREapuI-HeqHLcoacvf7BmC5aSYfIOehoq8bJjQOx9mf2bCbgC8QhsCbzI/s628/wfs.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFj9ujCR16T06egopTW6MXNB5ss9cPUodBZ_KQzBuJmSROtTZ7C6tptYnRb3jQdqLQW1r_1Htvb8URjIpp-HK77Z-Mq7Qw7JmaenBw8_Hh942-zXTjpkiWFMwGigOC2p_qwtREapuI-HeqHLcoacvf7BmC5aSYfIOehoq8bJjQOx9mf2bCbgC8QhsCbzI/s16000/wfs.PNG" /></a></div><br /><p style="text-align: justify;"><a href="https://disk.yandex.com/d/xPhBz07F5Oh5tg" target="_blank">https://disk.yandex.com/d/xPhBz07F5Oh5tg</a></p><p style="text-align: justify;"><i>(1) separation among users is performed in the time domain <a href="https://en.wikipedia.org/wiki/Time-division_multiple_access" target="_blank">https://en.wikipedia.org/wiki/Time-division_multiple_access</a></i></p><p style="text-align: justify;">[1] <a href="sdr://79.118.167.161:5556" target="_blank">sdr://79.118.167.161:5556</a> <i> </i> <br /></p><p></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-29791518273665012332023-10-24T18:04:00.003+02:002023-11-07T15:46:07.255+01:00CIS VFT 12-FSK async channels system (P-327-12)<p style="text-align: justify;">Very interesting and rather rare capture sent me by my friend <i>AngazU</i>, of a CIS VFT (Voice-Frequency Telegraphy) waveform which uses twelve independent FSK channels multiplexed onto a single 3 KHz wide HF channel. The transmission was recorded on 4567 Khz USB , just while monitoring the close well-known "buzzer". Regardless of the nickname we would like to give to these signals, the name of the equipmnet is P-327-12, or in Russian language П-327-12 (thanks to <i>Cryptomaster </i>for the info).<br />The P-327-12 equipment provides up to 12 channels of Voice-Frequency Telegraphy with a speed of up to 100 baud in one HF channel or 6 channels in wo standard HF channels. The occupied band of each VFT channel is 160Hz. The characteristic (upper and lower) frequencies of a single channel are determined by the formulas:<br /><i>f1 = 180 + 240n Hz<br />f2 = 300 + 240n Hz</i><br />where <i>f1</i> and <i>f2</i> are the lower and upper characteristic frequencies (ie the FSK shift) of the nth channel. If there is no traffic onthe nth input channel, only the higher frequency (<i>f2</i>) is transmitted. The "pilot tone", as usual, is transmitted on 3300 Hz.<br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjufQq9viWjd98HSYi9DzYZL7NOmHgUL3qwcvYrZckk4H7A3la5oAl8lIM9lqsDMuBoVMdRkgfcumL5igGaxfTAQGbYtm2GcrmcJKEcR3furu3jadijuELnzpZPhP4KXEScieKpW8rWjMHWIm_2yk7OhfjnwbgGFLMW1Zq-bx1hkaD_gtVcTTu088QHk_Y/s929/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="767" data-original-width="929" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjufQq9viWjd98HSYi9DzYZL7NOmHgUL3qwcvYrZckk4H7A3la5oAl8lIM9lqsDMuBoVMdRkgfcumL5igGaxfTAQGbYtm2GcrmcJKEcR3furu3jadijuELnzpZPhP4KXEScieKpW8rWjMHWIm_2yk7OhfjnwbgGFLMW1Zq-bx1hkaD_gtVcTTu088QHk_Y/w640-h528/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1 - CIS 12-FSK spectrum<br /></td></tr></tbody></table><br /><div style="text-align: justify;">It's worth noting that the P-327 system is asynchronous(!), i.e. the transmission speed of each channel can be any in the range of 0-100 or 200 Baud. For example, in this sample channels 1 and 3 have a speed of 50 Baud while channel 6 is keyed at the speed of 100 Baud (Figs. 2,3).</div><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPBbS1r0MTnZUkKQRNqygjStX33WOtfv1fkYhyphenhyphenYQMraQVQwWWDfJkNEFwjTDJxeXVuj6B995IJxUE0anTdjC9xcACvsQRQpJyQ_e1tHiteXrFxunRM-8IIbkvY_ooAZWvamFouETPwbZablkWshkDEJcMKdkLFoIPArfhTWfDNGdql83TKS0k4CpkfHlA/s883/2a.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="310" data-original-width="883" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPBbS1r0MTnZUkKQRNqygjStX33WOtfv1fkYhyphenhyphenYQMraQVQwWWDfJkNEFwjTDJxeXVuj6B995IJxUE0anTdjC9xcACvsQRQpJyQ_e1tHiteXrFxunRM-8IIbkvY_ooAZWvamFouETPwbZablkWshkDEJcMKdkLFoIPArfhTWfDNGdql83TKS0k4CpkfHlA/w640-h224/2a.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2a<br /></td></tr></tbody></table><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-mTIgq3AC5sJetLIxcm8HDfVw14WatlcYixUdXYIcyYX0fY2__k3nEldS_XZEzE7fyeazTVkvvLwrsbOclrV3bp3v-FqitTPrsZI1N1wDvbskD8ODi6jkAy21tYz3WmALvOq8buwnfgz8MHcBTFQ6xx9gj2tKbcNDn4mgaee__OfFDrz0iM4kIetBJrg/s933/2b.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="858" data-original-width="933" height="588" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-mTIgq3AC5sJetLIxcm8HDfVw14WatlcYixUdXYIcyYX0fY2__k3nEldS_XZEzE7fyeazTVkvvLwrsbOclrV3bp3v-FqitTPrsZI1N1wDvbskD8ODi6jkAy21tYz3WmALvOq8buwnfgz8MHcBTFQ6xx9gj2tKbcNDn4mgaee__OfFDrz0iM4kIetBJrg/w640-h588/2b.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2b<br /></td></tr></tbody></table><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> </span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Be careful not to confuse the CIS-12 (AT-3400D equipment) and CIS VFT-12 (P-327-12 equipment) waveforms: although "at first sight" on the waterfall they look like the same signal, they sound different and have a</span></span> <span class="jCAhz ChMk0b"><span class="ryNqvb">slight difference in the occupied bandwidth; furthermore, while CIS-12 consists of 12 continuous PSK channels, the T-237-12 signal consists of twelve not simultaneous FSK channels (Figure 3).</span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> </span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvN8047PrncLYpKzKHLu_kTtTi1SHj36KjB-UlP1z-fEwR_Cr-THGRTbkxVbx1HQ-rcrWyWgvEd_PbD0WPW4O0ywaaOALmllKN-I4uGo0UMuNQ5MgKjWvW55Mb-ffDFblMsWUE9bW0kdFkVf_o9KDdjvLxXDdFbJAc8zdGCpdKippQkWSVeWFJgrhFMMQ/s937/4.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="503" data-original-width="937" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvN8047PrncLYpKzKHLu_kTtTi1SHj36KjB-UlP1z-fEwR_Cr-THGRTbkxVbx1HQ-rcrWyWgvEd_PbD0WPW4O0ywaaOALmllKN-I4uGo0UMuNQ5MgKjWvW55Mb-ffDFblMsWUE9bW0kdFkVf_o9KDdjvLxXDdFbJAc8zdGCpdKippQkWSVeWFJgrhFMMQ/w640-h344/4.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3 -comparison of the spectra of VFT-12 and CIS-12 signals<br /></td><td class="tr-caption" style="text-align: center;"></td></tr></tbody></table><br /><span class="ryNqvb"></span></span></span><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"></span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">At least in this sample, the data do not appear to be formatted according to the Russian CIS-11 and/or CIS-14 standards (Figure 4).</span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> </span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6Olbju8-tTt3XLx0axoXkNjRCMky9vUEC8atyw770tN_yYb9YOJEjAXtx6lM8Mref0eHb8zi4dHyMo2PCM8V_X9VKbkGB5qK7ZechVOk507n4xzjHtDTViiHsP5LZzT4-Kl9JSxGuGrpF5lKaJOWaWyHWd0EhOj6oNHyg6MxbSXcQ24SoyixyAJGckjM/s1051/3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="800" data-original-width="1051" height="488" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6Olbju8-tTt3XLx0axoXkNjRCMky9vUEC8atyw770tN_yYb9YOJEjAXtx6lM8Mref0eHb8zi4dHyMo2PCM8V_X9VKbkGB5qK7ZechVOk507n4xzjHtDTViiHsP5LZzT4-Kl9JSxGuGrpF5lKaJOWaWyHWd0EhOj6oNHyg6MxbSXcQ24SoyixyAJGckjM/w640-h488/3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 - CIS-11 & CIS-14 test results<br /></td></tr></tbody></table><span class="ryNqvb"> </span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">P-327 system was adopted as weapons to replace the P-318M voice-frequency telegraphy equipment. Thanks to the use of modern digital components and new technical solutions, it was possible to improve the quality of telegraph communications, simplify the process of operating equipment, and reduce weight and size indicators.</span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"><br /><br /></span><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcsS2wCZH6oPd4lJLJmAoAP3vaR5d4-17aQvZnDdSDqwB_Z8ebt-3MlDOUEHXpPAvXnAyWcjaWWwelTuv9Codvigm45zqGpxL6ly9Ov5wgSK-1ytSMoWDw1j1TlPNe3r-dG4gQ9t3c3TRFBcaOmog0vodm0v37-neNBu2YwlDCnw_9CulSo8ptpWFCq6w/s509/foto.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="374" data-original-width="509" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcsS2wCZH6oPd4lJLJmAoAP3vaR5d4-17aQvZnDdSDqwB_Z8ebt-3MlDOUEHXpPAvXnAyWcjaWWwelTuv9Codvigm45zqGpxL6ly9Ov5wgSK-1ytSMoWDw1j1TlPNe3r-dG4gQ9t3c3TRFBcaOmog0vodm0v37-neNBu2YwlDCnw_9CulSo8ptpWFCq6w/s16000/foto.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5 - P327-12 system: note the 12 "slots" of the modem <a href="(https://infopedia.su/18xc490.html?ysclid=lo41wlbhdo570983862)" target="_blank">(https://infopedia.su/18xc490.html?ysclid=lo41wlbhdo570983862)</a><br /></td></tr></tbody></table><br /></span></span></div><p><a href="https://disk.yandex.com/d/uD1tKwWOX3CN8A" target="_blank">https://disk.yandex.com/d/uD1tKwWOX3CN8A</a></p><p>references:<br /><a href="http://www.newreferat.com/ref-9052-15.html?ysclid=lo42dv39yj543186787" target="_blank">http://www.newreferat.com/ref-9052-15.html?ysclid=lo42dv39yj543186787</a> <br /><a href="https://www.myfreedom.ru/articles/tekhnika-svyaz/tekhnika-telegrafnoj-svyazi/apparatura-T-327-12.html" target="_blank">https://www.myfreedom.ru/articles/tekhnika-svyaz/tekhnika-telegrafnoj-svyazi/apparatura-T-327-12.html</a><br /><a href="https://studfile.net/preview/7270398/page:28/" target="_blank">https://studfile.net/preview/7270398/page:28/</a> </p>
Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-78395000338433871492023-10-09T11:34:00.001+02:002023-10-09T11:34:21.492+02:00Chinese Air Force/Air Defense (PLAAF) async M39<div><div><p style="text-align: justify;">These transmissions were recorded on the 10 MHz band (10388.30, 10401.0, 10348, 10436.0, ... all KHz/USB) mostly after 1100UTC by means of the FlyDog SDR located in Oita, Japan [1]. Usually, op-chats and data transfers follow the link setup by MS 188-141 handshakes: <span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">some observed ALE IDs are:</span></span></span></p><p style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">111 164 166 184<br />212 219 220 222 223 231 236 254 257 273 283 290<br />320 347 383 <br />428 438 455 476 485 490 498<br />513 526 552 583 595<br />603 609 612 620 653 658 696<br />738 747 758 775 778 781<br />839<br />910 966 <br /></span></span></span></p><p style="text-align: justify;">According to a friend of mine, the op-chats are in Mandarin Chinese with a northern accent.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzF__iIEfSGjgZBHGezYnHqI6g0-JxqzSsFUi72BNhJQJ591m6_zDHKQ-oBYrL7UVxRH-UHrRj77c6J0Drm2da0YTQDTXRjuwhWHq3qy81OSIq0btY99dGuj3sTgLIMgQagUx5gZQLXdGFxaHUMS_i1LFsch1hqULo8CMiUCSfeaSXvLNk8o-OB9H-NmU/s881/0.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="334" data-original-width="881" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzF__iIEfSGjgZBHGezYnHqI6g0-JxqzSsFUi72BNhJQJ591m6_zDHKQ-oBYrL7UVxRH-UHrRj77c6J0Drm2da0YTQDTXRjuwhWHq3qy81OSIq0btY99dGuj3sTgLIMgQagUx5gZQLXdGFxaHUMS_i1LFsch1hqULo8CMiUCSfeaSXvLNk8o-OB9H-NmU/w640-h242/0.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1 - one of the recorded transmissions<br /></td></tr></tbody></table><p style="text-align: justify;">The analysis of the traffic waveforms reveals the use of MIL 188-110A Appendix B (also referred to as M39): an OFDM modulation technique using 39 orthogonal subcarriers 56 Hz spaced and an additional unmodulated Doppler reference tone at 393.75Hz. The 39 tones are are PSK4 modulated the way that, although data rates can vary from 75 bit/s to 2400 bit/s, a fixed baud rate of 44.44 Bd arises in any case (see Figs 2,3). In these transmissions, usually, the speed of 150 and 300 bps is used.<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDOzONQFBF7um9nh0XX2ySoonkE-jbrxP0go-PrvxV2Sq4WYA1Mkne4pZwute33yHjywlIJKKDylAjSIUB84G7GvT9HjMfvxBkuptbtpIUVQlyciiC4uMiLtu-fxmR2qbudALHOBUzY-WGM3yLdxadz1_d_Z8Vjf1y6RlzXJfWJ8gmy2MdKJ-eTxOe9fg/s900/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="488" data-original-width="900" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDOzONQFBF7um9nh0XX2ySoonkE-jbrxP0go-PrvxV2Sq4WYA1Mkne4pZwute33yHjywlIJKKDylAjSIUB84G7GvT9HjMfvxBkuptbtpIUVQlyciiC4uMiLtu-fxmR2qbudALHOBUzY-WGM3yLdxadz1_d_Z8Vjf1y6RlzXJfWJ8gmy2MdKJ-eTxOe9fg/w640-h348/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - OFDM analysis<br /></td></tr></tbody></table><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAIvkh95oY_4mvCLojZo5Ixf3DVX-eCeoRYmu5Az9CqRv43peAipPGxGOk5lHS0cPLrHtIkh1W4Cx5j0qYv6tAo0eq88wg-H2LZSK3Z3lmUO38lI8yI8ZQx-wZJ4tpNaY5XRwuN9fR0LupQQmw4mKbimsRKSl8C1PltCCDiRfhUInD-I27TntUvy5fqC8/s935/2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="521" data-original-width="935" height="356" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAIvkh95oY_4mvCLojZo5Ixf3DVX-eCeoRYmu5Az9CqRv43peAipPGxGOk5lHS0cPLrHtIkh1W4Cx5j0qYv6tAo0eq88wg-H2LZSK3Z3lmUO38lI8yI8ZQx-wZJ4tpNaY5XRwuN9fR0LupQQmw4mKbimsRKSl8C1PltCCDiRfhUInD-I27TntUvy5fqC8/w640-h356/2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3 - analysis of a single tone<br /></td></tr></tbody></table><p style="text-align: justify;">Given the operator's language, the ALE IDs and the used mode (188-110 App. B) I'm quite sure that the People's Liberation Army Air Force (PLAAF), also referred to as the Chinese Air Force/Air Defense, is the user of this net: since the signals strength, it could be the Southern Theater Command Air Force... but the latter is just a my guess. </p><p style="text-align: justify;"></p><p style="text-align: justify;">Analyzing in detail the Chinese M39 waveform, however, some differences emerge in the structure of the preamble compared to what is specified in the related MIL-STD #B.5.4.1: "<i>Prior to the transmission of data, a three part preamble shall be transmitted. Part one shall last for 14 signal element periods and consist of four equal amplitude unmodulated data tones of 787.5, 1462.5, 2137.5, and 2812.5 hertz (Hz). Part two shall last for 8 signal element periods and consist of three modulated data tones of 1125.0, 1800.0, and 2475.0 Hz. Part three shall last for one signal element period and consist of all 39 data tones plus the Doppler correction tone</i>". </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik-EIjTUpjOvUiDwF4lZrxiKJ1aPFg_VpbpqgjCHtrOU5irQhbhTPQlVE7DlCqzvJUSZq2ySZ_UD_41k56iWdVDGmI2-H0yWGkcFxck53wRxXr_73Zq13Yc59argHItqvVBA9L6ilJDegQcWq53sjadmepGvfWSDBexNYrapeXUOjpkgR4CfzRv5HuFdc/s651/2.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="185" data-original-width="651" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik-EIjTUpjOvUiDwF4lZrxiKJ1aPFg_VpbpqgjCHtrOU5irQhbhTPQlVE7DlCqzvJUSZq2ySZ_UD_41k56iWdVDGmI2-H0yWGkcFxck53wRxXr_73Zq13Yc59argHItqvVBA9L6ilJDegQcWq53sjadmepGvfWSDBexNYrapeXUOjpkgR4CfzRv5HuFdc/w640-h182/2.PNG" width="640" /></a></div> </div><div>Indeed, as shown in Figure 4, since one signal element period corresponds to 22.5 ms, part one of the Chinese M39 preamble lasts for 11 signal element periods (247.5ms) thus is a bit shorter (I think we may accept an error of about 500µs). Block sync may depend on the speed and interleaver length. Also notice the lower amplitude of the 1462.5 tone, probably <span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">caused by modem malfunction.</span></span></span></div><div> </div><div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt7OdpU3P-ZJ9AHwNloMkwycNUclAazpH1P4Tnnev8dpgSyEzGiSOcLCnJd_bVvBiFcllNHQIrcIgv5m7GvyYmM8-2xsqdbqXR4aCIneHBLUdHAyOi36t0SxEzJheV3zEB5z0S51jh4cVMQR-axPGDQkUTRDyBoktW2EcCaW7bYSku26iNNDCBZ5cO09o/s884/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="589" data-original-width="884" height="426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt7OdpU3P-ZJ9AHwNloMkwycNUclAazpH1P4Tnnev8dpgSyEzGiSOcLCnJd_bVvBiFcllNHQIrcIgv5m7GvyYmM8-2xsqdbqXR4aCIneHBLUdHAyOi36t0SxEzJheV3zEB5z0S51jh4cVMQR-axPGDQkUTRDyBoktW2EcCaW7bYSku26iNNDCBZ5cO09o/w640-h426/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 - plain and Chinese M39 waveforms<br /></td></tr></tbody></table><br /></div><div style="text-align: justify;">Figure 5 shows the two preambles as function of the 22.5ms signal element period: the difference, however marginal, do not affect the demodulation of the signal. </div><div style="text-align: justify;"> </div><div style="text-align: justify;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYncAs8xP03JYPasrhPO9RUImDVGKxorE0wcF5h1fSkcHw853HRdlbyvMpaHBsAnM1DtHbl1BBt71_s_5Qd-W6TtL_5QcD3VHt6ZVApZd_XBOdP4ktWXmZvZDpnY2BPA2fN5c0mBYYszVfbGOWv8goYoKoGbo5cXWFMPxe0Sr98jevPUZdMt8t-r0q30o/s906/3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="623" data-original-width="906" height="440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYncAs8xP03JYPasrhPO9RUImDVGKxorE0wcF5h1fSkcHw853HRdlbyvMpaHBsAnM1DtHbl1BBt71_s_5Qd-W6TtL_5QcD3VHt6ZVApZd_XBOdP4ktWXmZvZDpnY2BPA2fN5c0mBYYszVfbGOWv8goYoKoGbo5cXWFMPxe0Sr98jevPUZdMt8t-r0q30o/w640-h440/3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5<br /></td></tr></tbody></table><br /> </div><div style="text-align: justify;">The demodulated bitstreams have a 8N1 asynchronous start/stop character format and exhibit a quite clear repeated "patterns" as shown in Figure 6. </div><div style="text-align: justify;"><br /></div><div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiutwq78mTpDsBChJgRa0ioNWZbj6y7wHIz4vLSJj5H21K-bnXgOtSRVC1_hoSINvansDRLUhRSRDm8CNP-KmXOhw99LTjLwuyJwi4GBmWIgGxhhUEVZgTq_03l9zIGFmAgIJdKtQIGRJVQh611Dtlw0hjbnmwwFDR2BQ90BNrcUDbqzb5BBm-2AqlO2XU/s907/3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="717" data-original-width="907" height="506" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiutwq78mTpDsBChJgRa0ioNWZbj6y7wHIz4vLSJj5H21K-bnXgOtSRVC1_hoSINvansDRLUhRSRDm8CNP-KmXOhw99LTjLwuyJwi4GBmWIgGxhhUEVZgTq_03l9zIGFmAgIJdKtQIGRJVQh611Dtlw0hjbnmwwFDR2BQ90BNrcUDbqzb5BBm-2AqlO2XU/w640-h506/3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 6 - M39 demodulated bitstream </td></tr></tbody></table><p></p></div><div><p></p><p style="text-align: justify;">After the removal of the start/stop bits, the decoded messages consist of 4-digit codewords (here referred to as 4FGs groups or simply "groups") which are sent 10
per row in enumbered blocks, each block consisting of 100 groups: it's the same format of the messages sent using the Chinese 4x4 waveformt <i>(1)</i> and VC03 (an Air
Defense net). Below a pretty long message consisting of 599 groups: </p><p style="text-align: justify;">3415 3415 3415 XXXXJGJGXXX 11 <br />290 130191209032184 fb0237.txt230902190040 <br />016/JC 599 42 0902 1900<br />6497---1549---1114---1113---1355---1822---3177---<br />1482---1362---4499---1896---1836---1547---6497 <br /></p><p>3421 8994 2267 1703 1963 0520 8446 4305 0147 0033<br />8234 6413 4554 2374 5684 5250 4025 9563 9069 9119<br />6871 0179 4924 0782 9157 6996 9815 4064 4061 5312<br />2104 4338 7161 2751 5486 9607 6046 3198 7947 8450<br />6379 4171 4671 3204 5836 1693 1067 6773 0508 7636<br />1205 2881 8767 2810 4537 8465 9718 7606 8460 8964<br />0973 4238 4192 3252 9602 5332 8917 5801 0870 2025<br />3204 7083 8983 7851 0818 7935 4658 9254 7035 1034<br />3530 2940 3279 5623 8282 9146 5949 9671 3504 3884<br />0424 1297 4832 2723 6395 6248 8661 0136 7304 6189-1<br /><br />4927 2716 4521 6114 3627 2713 7346 0872 0147 0036<br />7124 6002 1205 9793 6873 9063 2598 4553 7238 5230<br />2417 5731 4632 7882 0024 8903 5881 4908 3413 4782<br />1645 9492 2871 2046 4529 8945 1400 3960 1606 6069<br />4536 6500 6930 9438 7990 3048 2317 1048 2194 6794<br />9505 6481 6721 3068 3012 6485 8269 8910 8425 9872<br />3693 3945 6290 5309 3041 8664 5278 2561 5214 1182<br />5026 4037 5737 0198 7194 6875 7871 9574 5860 4351<br />8702 3783 0552 2174 8260 6816 1464 1338 7970 8534<br />5467 5858 3591 9312 3415 9096 6505 1319 6787 9392-2<br /><br />4823 5741 3721 8794 3447 6443 5719 9243 0147 0039<br />9838 2061 1301 7473 4990 2042 7942 9815 2474 4963<br />8575 3541 3992 7510 2596 1213 6767 8287 7648 9442<br />2064 5691 3532 6702 3065 5821 7042 1278 4397 9264<br />8118 1230 0787 2839 0565 8536 7865 5103 0805 2943<br />9596 2852 7545 0681 2070 8275 1526 9851 1009 8505<br />9095 7276 5781 6954 1090 0929 8196 3638 3708 8791<br />0290 4030 5894 8998 0680 1568 2369 6030 7573 1938<br />7423 7581 6426 6841 3667 1462 3290 3034 0557 1661<br />7672 4160 3484 6334 7595 6481 5994 1763 8012 2163-3<br /><br />4591 7885 2907 3230 5731 3794 3807 6064 0147 0042<br />4082 3194 1908 7554 8100 6734 9446 8777 5392 0143<br />8207 5150 2467 2563 8196 4095 5250 5803 2634 3185<br />4328 4183 5618 9824 5841 6432 2939 9793 2964 2793<br />1030 3797 8002 3491 3209 5180 5415 8661 1267 3201<br />3446 9114 5060 0797 7509 9781 8776 6254 2550 8280<br />7621 9429 1627 9467 8105 0280 9032 4173 1002 1590<br />6778 9809 1903 7640 8325 1672 5723 5850 8949 6487<br />9831 6883 3604 6232 6452 0429 2681 8417 4118 9840<br />5771 0509 8367 0194 5170 2763 9449 9796 0303 8130-4<br /><br />5059 5293 9063 2156 9489 9177 7371 9543 0147 0045<br />7017 4024 1685 6761 0236 1671 3746 1446 0023 2320<br />4603 9204 2881 6004 4217 5904 7218 2583 1023 9095<br />8767 1881 8784 6978 7327 7858 4241 9911 7885 3927<br />9182 0598 5797 0941 4513 2231 0530 3698 3551 7237<br />3175 5438 9756 5798 3652 2297 3523 0089 6867 6347<br />8438 8634 9150 7040 7090 4302 2361 9513 3465 6623<br />6548 3582 9066 6074 1874 6228 6708 8918 4925 6506<br />6815 6041 4016 5489 6432 5229 7195 7546 1408 7515<br />3968 3150 5926 4840 0401 5423 8941 3897 6327 0219-5<br /><br />5831 1584 2697 6824 1508 2155 2370 5037 0147 0048<br />0360 6101 8113 1384 1920 7382 9193 2805 8949 8607<br />7008 4942 1396 5484 0425 0336 9724 0384 5954 1456<br />8193 7607 9551 6942 1345 0965 4617 5614 5719 2626<br />3783 8968 1982 7037 9832 9302 0404 4350 3167 5601<br />4670 8131 8104 2693 8978 3425 5780 3908 1954 2061<br />6095 1336 2823 4076 0348 8515 7184 3558 9667 7132<br />2781 3632 9504 7075 1225 5310 5030 8578 9487 9269<br />3616 8278 4240 9210 9764 8274 5963 9837 6049 7041<br />3299 0594 6226 7475 1496 5379 7668 2512 7247 <br /></p><p style="text-align: justify;">Although I don't have a large number of demodulated messages at my disposal, only a few dozen so far, it's nevertheless possible to do some comments and parsings of the messages headers. As an example, Figure7 is an overall view of three complete 201-groups messages sent by the same station (the ALE ident 620) within minutes and on the same frequency (10401.0 KHz/USB), I also added the related ALE calls in the upper part of the messages. At this regard, unlike other protocols such as S-5066, must be noticed that the ALE addresses match those used in the message headers.</p><div style="text-align: justify;"> </div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVa-XydbI3t8oDn-A8CtCypBXTOD_B6WRDgrGBso0NcEk8cUdjK291yo4zSjDBZr9fz7dTPWC9vI_5pPz4QkJ8jeI3yJ3RTtF3qiAARZSLrAR8CpfLG--N7VpMwxG-79RNrqi-3jAwFRtiq6x9wZossk0SAzxR8P06GJQxHqO1IKCdbjqlz6-kSIooDrQ/s812/10.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="812" data-original-width="739" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVa-XydbI3t8oDn-A8CtCypBXTOD_B6WRDgrGBso0NcEk8cUdjK291yo4zSjDBZr9fz7dTPWC9vI_5pPz4QkJ8jeI3yJ3RTtF3qiAARZSLrAR8CpfLG--N7VpMwxG-79RNrqi-3jAwFRtiq6x9wZossk0SAzxR8P06GJQxHqO1IKCdbjqlz6-kSIooDrQ/w582-h640/10.PNG" width="582" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 7<br /></td></tr></tbody></table><div style="text-align: justify;"> </div><div style="text-align: justify;">As a format' example, I took the message #1 of Figure 7: you can check looking at the other two messages. <br /></div></div><p><span style="background-color: #fcff01;">MIL-STD 188-141A ALE:START TIS [620] TO [485]</span><br />the ALE call precceding op-chat and data transfer</p><p style="text-align: justify;"><span style="background-color: #fcff01;">1277 1277 1277 XXXXJGJGXXX 11</span><br /><b>1277 1277 1277</b> type of message? some seed indicator? (always in the format "nnnn") <br /><b>XXXJGJGXXX </b>this string is present in the headers of all the message I've heard, don't know its meaning/purpose. At glance, it looks like the Russian flash "XXX XXX" messages... By the way, in the Chinese 4x4 messages it's possible to see a similar string "JYJYJYJYJYJY"<br /><b>11</b> precedence indicator of the message? (happens to be the length of the preceeding string 'XXXXJGJGXXX')</p></div><div style="text-align: justify;"><span style="background-color: #fcff01;">485 311291609032620 fb6183.txt230906192112</span> <br /><b>485</b> digit ALE ID of the called/destination node (as from the ALE call)<br /><b>311291609032</b>620 timestamp in reverse order (from right to left: ssmmhhddmmyy), ie 23.09.06 19:21:13 <br />311291609032<b>620</b> digit ALE ID of the caller/source node (as from the ALE call)<br /><b>fb6183.txt</b> the file name being sent, "6183" seems to be a sequence number<br /><b>230906192112</b> timestamp in the format ymmddhhmmss, ie 23.09.06 19:21:13, no time zone indicator. Indeed, the transmission was registered at the same date at 11:21:45 UTC (a few seconds after) and that makes sense since the user time zone is UTC+8. In some messages this field is not present.<br />It's worth noting the difference of 1 second between the two times reported in the header, perhaps the earlier time is related to the file (its reception?) and the more recent one is the time related to the formation/sending of the message. Sometimes that interval is longer, as for example 17:50:54 Vs 17:53:22 (223571); probably a timestamp for transmission and another one for saving the .txt file<br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><span style="background-color: #fcff01;">150 201 72 0906 1900</span><br /><b>150</b> likely it's the daily serial number of the message sent by the sender, in these samples, message #151 miss. In certain cases it's reported using the "nnn/CCK" format (see below)<br /><b>201</b> number of the 4FGs groups that make up the message</div><div style="text-align: justify;"><b>72</b> message group identifier? <br /><b>0906</b> date (mmdd)<br /><b>1900</b> rough time (hhmm), maybe for drafting<br /></div><div style="text-align: justify;"></div><p style="text-align: justify;"><span style="background-color: #fcff01;">0712---4771</span><br /><b>0712</b> four digit military address of the originating establishment/unit?<br /><b>4771</b> four digit military addresse(s) of destination establishment(s)/unit(s)?<br />(it's interesting to notice that there is a one-to-one matching between the mil address of the originating unit and the ALE ID of the caller/sender node: in Figure 7, for example, 0712 refers to the ALE ID 620, as well as 4771 to 485, 4321 to 476, 4351 to 747). Only the node with the ALE ID 111 seems to use more than one military address (I noted 6497, 7234, 8759).<br />If I'm right about the meaning of these fields, then the nodes seem to act like a forwarder, for example in the headers below the destination addresses are more than one. Note also the different format of the (supposed) daily serial number of the message:</p><p style="text-align: justify;">3415 3415 3415 XXXXJGJGXXX 11 <br />290 130191209032184 fb0237.txt230902190040 <br />016/JC 599 42 0902 1900<br /><b>6497---1549---1114---1113---1355---1822---3177---<br />1482---1362---4499---1896---1836---1547---6497</b><br /></p><p style="text-align: justify;"></p><div style="text-align: justify;">The same for the ALE global call issued by the node 198 (Figure 8):<br />[2023-09-14 11:17:04] MIL-STD 188-141A ALE: TIS [198] <b>TO [@?@]</b></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">indeed this call was then followed by the transmission of a message originating from node 111 (not 198!) and addressed to node 222 (all ALE IDs)</span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> </span></span></span></div><div style="text-align: justify;"></div><div style="text-align: justify;">1274 1274 1274 XXXXJGJGXXX 11 <br /><b>222</b> 957191419032<b>111</b> fb5042.txt230914191456 <br /></div><div style="text-align: justify;"> </div><div style="text-align: justify;"></div><div style="text-align: justify;"></div><div style="text-align: justify;"></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">The same message was transmitted three consecutive times using three M39 segments and leaving the headers unchanged.</span></span></span></div><div style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"> </span></span></span><br />By the way, the 8660 ms duration of the global ALE call (ie a "scanning call") provides some indications about the number of the available channels in the 10 MHz band: assuming full compatibility with MS-141, the scan list should consist of approximately 10 channels <i>(2)</i>. As shown in Figure 8, in order to be sure to reach all the stations, the global call is five times transmitted (the first four global calls are followed by a TWAS).</div><div style="text-align: justify;"><br /></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR9dxzegOvQNOfBG3rB7AA6zJQsO5sh-00N90fW6FR16M031XNQpjbXSl12uQ4qiiohLzaWN5VrPeD0_J01aRCWWl8A4GN2-0BGXCpsQ6944EivLgZ285K13uCyppyBu9bABigZIzSM54ddwoyBRWgZZsOOw-xm9uRW--E3rJesviy0In9bq2pR6CgkDc/s885/global_call.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="309" data-original-width="885" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgR9dxzegOvQNOfBG3rB7AA6zJQsO5sh-00N90fW6FR16M031XNQpjbXSl12uQ4qiiohLzaWN5VrPeD0_J01aRCWWl8A4GN2-0BGXCpsQ6944EivLgZ285K13uCyppyBu9bABigZIzSM54ddwoyBRWgZZsOOw-xm9uRW--E3rJesviy0In9bq2pR6CgkDc/w640-h224/global_call.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 8<br /></td></tr></tbody></table><div><p style="text-align: justify;"></p><p style="text-align: justify;"></p><p style="text-align: justify;"></p><p></p><p style="text-align: justify;">The number of the 4FGs groups in a message is always odd and message lengths seem to be standardized (199, 201, 499, 599 groups). Could this be due to the messages being stadardized reports or does it indicate fillers? Anyway, I do not know - and I don't care(!) - contents/purposes of these messages, however out of curiosity I did some research on the web and found some interesting articles and documents, even if they are historical [2][3][4].<br />Given that the Chinese writing system is by nature nonalphabetic and thus noncipherable, Chinese cryptography was bound to the use of codebooks rather than ciphers [2]. Therefore the use of 4FGs groups indicate either the use of the Chinese Telgraph Code (CTC, Mainland ed. 1983) <i>(3)</i>, the Chinese Standard character table (GB 2312-83) or another unknown military codebook containing a max of 10000 characters (0000-9999). <br /></p><p style="text-align: justify;">It's interesting to study the values of the <span style="background-color: #01ffff;">9th</span> and <span style="background-color: #fff2cc;">10th</span> groups of the first row of each block of the messages: as you see in Figure 7, the 9th has a costant value (0177) while the value of 10th is incremented by 1, also passing from one transmission to another (say a "transversal" increment): I noticed this feature in many messages: <br /></p><p style="text-align: justify;">message 1 <br />4387 1271 8451 5086 9408 2928 9293 8639 <span style="background-color: #01ffff;">0177</span> <span style="background-color: #fff2cc;">0029</span><br />9795 3224 4617 5389 5581 8337 9987 9763 <span style="background-color: #01ffff;">0177</span> <span style="background-color: #fff2cc;">0030</span><br /></p><p style="text-align: justify;">message 2<br />9687 8557 2807 4801 5091 8197 5497 5683 <span style="background-color: #01ffff;">0177</span> <span style="background-color: #fff2cc;">0031</span><br />8070 5341 9351 8807 3837 9663 0992 9425 <span style="background-color: #01ffff;">0177</span> <span style="background-color: #fff2cc;">0032</span><br /></p><p style="text-align: justify;">message 3<br />5031 2635 3964 6880 5961 0957 0937 0613 <span style="background-color: #01ffff;">0177</span> <span style="background-color: #fff2cc;">0033</span><br />8091 4724 1223 4879 8728 2646 4051 6061 <span style="background-color: #01ffff;">0177</span> <span style="background-color: #fff2cc;">0034</span></p><p style="text-align: justify;">In some messages, as the 599-group one reported before, while the <span style="background-color: white;">9th</span> group does not change (0147) the <span style="background-color: white;">10th</span> is incremented by 3</p><p style="text-align: justify;">3421 8994 2267 1703 1963 0520 8446 4305 <span style="background-color: #01ffff;">0147</span> <span style="background-color: #fff2cc;">0033</span><br />4927 2716 4521 6114 3627 2713 7346 0872 <span style="background-color: #01ffff;">0147</span> <span style="background-color: #fff2cc;">0036</span><br />4823 5741 3721 8794 3447 6443 5719 9243 <span style="background-color: #01ffff;">0147</span> <span style="background-color: #fff2cc;">0039</span><br />4591 7885 2907 3230 5731 3794 3807 6064 <span style="background-color: #01ffff;">0147</span> <span style="background-color: #fff2cc;">0042</span><br />5059 5293 9063 2156 9489 9177 7371 9543 <span style="background-color: #01ffff;">0147</span> <span style="background-color: #fff2cc;">0045</span><br />5831 1584 2697 6824 1508 2155 2370 5037 <span style="background-color: #01ffff;">0147</span> <span style="background-color: #fff2cc;">0048</span></p><p style="text-align: justify;">But this is not the only strangeness. Indeed, there are messages as the one shown below where both the 9th and 10th groups have always the value <span style="background-color: white;">0000: in these cases </span>the message serial number has always the <span style="background-color: white;">"<i>nnn/CCK</i></span>" format. </p><p style="text-align: justify;">1274 1274 1274 XXXXJGJGXXX 11 <br />111 100371509032222 fb1945.txt230905170941 <br />052/CCK 199 96 0905 1700<br />1836---6497<br /><br />9385 5023 9762 6394 3051 5012 4576 2836 <span style="background-color: #fff2cc;">0000 0000</span><br />4682 2013 5471 1602 0749 9482 6073 6938 3182 4198<br />9674 9465 4075 5974 5437 4689 2043 3586 1498 7951<br />3561 1763 8105 4706 5087 4025 4387 9784 6470 8036<br />8039 8067 9135 1573 2765 2764 5196 0781 9056 9037<br />7308 4862 3194 4728 2381 6901 1556 5814 5162 3021<br />8075 9104 9536 8937 2560 9261 7032 9371 4825 9712<br />9682 3104 4190 1492 2981 2069 7853 4273 9156 1583<br />4728 1584 8609 3528 7249 9236 3961 4672 5104 6379<br />2016 6104 8910 9601 2037 2754 8357 2958 4285 3490-1<br /><br />6485 9832 5902 7802 4504 7591 4973 9182 <span style="background-color: #fff2cc;">0000 0000</span><br />8501 2063 3872 6187 1398 5784 6482 6348 2637 6293<br />5674 2403 4865 9760 9406 1806 2651 1261 5670 3245<br />6591 2546 6851 2075 9304 7284 3729 1289 9674 3664<br />8140 3176 7392 4508 6072 6927 8592 8705 6053 8159<br />0549 5037 2681 3106 6334 0437 8014 6175 2091 9827<br />1603 7451 9134 7156 6546 5982 1379 5198 0159 9530<br />5632 7402 2087 7849 7545 4057 2160 4912 3284 4917<br />1793 1386 3418 8591 9603 9018 9256 3689 2879 4316<br />6018 7453 2097 9310 6513 8542 3247 5321 4758<br /></p><p style="text-align: justify;">Likely the 9th and 10th groups of the first row of each block have some "special" meaning and are not coded. At glance, the 9th seems related to the sender and the 10th seems something like a "block counter" ...but we have just seen that the value of 10th codeword maybe incremented by 3 or be "0000".<br /></p><p style="text-align: justify;">Some messages end with strings consisting of typical telegraphic abbreviations, as for example:<br />QSL ? = confirm?<br />HR NR 1271 TKS = here (I'm going to send) (message number) 1271 thanks<br />HR WK NR 1113 = here working/worked (message number) 1113<br />and a final sequence of " <i>(unprintable) b Kvj</i>" (hex 0862 4b766a) which could be the break and End-of-Message indicator.</p><p style="text-align: justify;">Short messages (199, 201 groups) have 1-5 repeating groups while longer messages (499,599 groups) have 20-30 groups which repeat two or three times within the same message (except the group "0000"), common and usual characters such as space and linebreak don't seem emerge. It would be interesting to do a cross-checking of the messages in order to find the shared groups and their number, but to do this many other recordings are needed and therefore the opportunity to have a parked SDR and IQ recordings of that portion of the 10 MHz band.</p><p style="text-align: right;"><i>(to be continued)</i><br /></p><p style="text-align: justify;"></p><p style="text-align: justify;"></p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/ZvK55ZQMdTR4xQ" target="_blank">https://disk.yandex.com/d/ZvK55ZQMdTR4xQ</a></p><p style="text-align: justify;"><i>(1) example of a 4-digit message sent using the Chinese 4x4 waveform</i></p><p style="text-align: justify;"><i>JYJYJYJYJYJY MGA G<br />348 50 75 0919 1600<br />2519---3721<br />1380 2784 1560 6490 5167 3572 6517 2356 5819 0238<br />4983 8097 4781 1264 7198 8976 8753 4123 1839 0873<br />5421 1569 0891 3051 1256 1468 0278 7436 7493 1320<br />0531 6387 9354 6738 0954 7301 8521 1237 3801 7586<br />1789 5041 4231 1504 3926 5403 9421 7301 2316 0186<br />QSL?QSL?QSL?QSL? NR213 <br /></i></p><p style="text-align: justify;"><i>(2) 188-141 A.5.5.3.1 "If the called station (JOE) is known to be listening on the chosen channel (not scanning), the calling station (SAM) shall transmit a single-channel call that contains only a leading call and a conclusion (see upper frame in figure A-29). Otherwise, it (SAM) shall send a longer calling cycle that precedes the leading call with a scanning call of sufficient length to capture the called station’s receiver as it scans (lower frame in figure A-29). The duration of this scanning call shall be 2 Trw (784ms) for each channel that the called station is scanning". </i></p><p style="text-align: justify;"><i></i></p><div class="separator" style="clear: both; text-align: center;"><i><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNrlFQQMMRtSqjECqkQmAll83FUTKWBdq2mhhkBk0jDmbn-k-SBP6kt0jmGyobw6mHmKs8UMnlA0ttj32JyKIGveewi-Rpu6v_5Q1wrZRSoaaq69jUNpfx9JFsT548z_jymZC6v8y8o_5XBO2IH87DBNg4XYjRqNmBKV0qd6csZpoziIaIg1PL7AqmrC8/s403/A29.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="192" data-original-width="403" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNrlFQQMMRtSqjECqkQmAll83FUTKWBdq2mhhkBk0jDmbn-k-SBP6kt0jmGyobw6mHmKs8UMnlA0ttj32JyKIGveewi-Rpu6v_5Q1wrZRSoaaq69jUNpfx9JFsT548z_jymZC6v8y8o_5XBO2IH87DBNg4XYjRqNmBKV0qd6csZpoziIaIg1PL7AqmrC8/w400-h190/A29.PNG" width="400" /></a></i></div><i> </i></div><div style="text-align: justify;"><i>(3) The CTC is organised as 100 (1-100) pages each contaning 10 (0-9) lines of 10 characters (0-9). The 4 digits words in the message text are thus indices into the CTC and is interpreted as follows: two first digits = page, third digit = line and fourth digit = character position on line. CTC contains both simplified Chinese characters as well as Japanese kanji, cyrillic and latin characters and interpuncuation signs.<br /></i></div><div><i> </i> <br /><p></p><div><p style="text-align: justify;"> </p><p style="text-align: justify;"></p><p style="text-align: justify;">[1] <a href="http://flydog.web-sdr.net/?f=10388.30usnz11" target="_blank">http://flydog.web-sdr.net/?f=10388.30usnz11</a><br />[2] Ulug Kuzuoglu (2018): Chinese cryptography: The Chinese Nationalist Party and intelligence management, 1927–1949, Cryptologia <a href="https://disk.yandex.com/i/SbCtQ-Q02u8Slw" target="_blank">https://disk.yandex.com/i/SbCtQ-Q02u8Slw</a><br />[3] <a href="http://cryptiana.web.fc2.com/code/chinesecrypto_e.htm" target="_blank">http://cryptiana.web.fc2.com/code/chinesecrypto_e.htm</a><br />[4] <a href="https://en.m.wiktionary.org/wiki/Appendix:Chinese_telegraph_code/Mainland_1983" target="_blank">https://en.m.wiktionary.org/wiki/Appendix:Chinese_telegraph_code/Mainland_1983</a> <br /></p></div></div>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com1tag:blogger.com,1999:blog-2805107305752377693.post-57328022137984072272023-10-03T17:48:00.000+02:002023-10-03T17:48:12.107+02:00QPSK 2400Bd unid waveform (Chinese modem?)<p style="text-align: justify;">QPSK 2400Bd waveform heard on 10221.0 KHz USB around 1400 UTC, probably a Chinese modem. <br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheaOaTV_lb79ZrUjGXuaWbH55S8jrrLGUohNTIIygGovhikr7kJbp1Ev-HSHGMIDzM0jDEfZ7xKuRUKtzt7ryrZ7_4ElPmSW3XRZQQ8pl70KD0ywCyVWkPBbWKGNGRugGxCap-67yaBe9BuVXY6YHbeg2sDa-xEPgy5-Tjv9WYLpz68b7c9hqWtUzFDSA/s879/f1.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="801" data-original-width="879" height="584" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheaOaTV_lb79ZrUjGXuaWbH55S8jrrLGUohNTIIygGovhikr7kJbp1Ev-HSHGMIDzM0jDEfZ7xKuRUKtzt7ryrZ7_4ElPmSW3XRZQQ8pl70KD0ywCyVWkPBbWKGNGRugGxCap-67yaBe9BuVXY6YHbeg2sDa-xEPgy5-Tjv9WYLpz68b7c9hqWtUzFDSA/w640-h584/f1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table><p style="text-align: justify;">Autocorrelation of the signal produces sharp 16.6 ms spikes tnat makes 80 bit or 40 dibit symbols (QPSK modulation) period at the rate of 2400 symbols/sec. Indeed, after demodulation the resulting bitstream has a framing of 40 symbols length consisting of 20 known symbols (probe) <br /></p><p style="text-align: center;">33031002310112003303<br /></p><p style="text-align: justify;">followed by 20 unknown symbols (data): obviously, since QPSK, 1 symbol = 2 bit. </p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9jsNt5S9Tgimhc8-C_K2vKIj7zAtCQJ0xFbT0Crh0AF1gfRLhlTELRCWxE5oxKvSPfssakgRx4N9VBS18G28QkiTV0IRqMNea7s7AHLyCgzhQDzbdp-VckLOQusK45E95ogCHMEYE9YgMrVcpcV2bplpIznVFc09D3fFu2Stue5uF5OaFVrsUbYOZOMg/s925/f4.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="752" data-original-width="925" height="520" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9jsNt5S9Tgimhc8-C_K2vKIj7zAtCQJ0xFbT0Crh0AF1gfRLhlTELRCWxE5oxKvSPfssakgRx4N9VBS18G28QkiTV0IRqMNea7s7AHLyCgzhQDzbdp-VckLOQusK45E95ogCHMEYE9YgMrVcpcV2bplpIznVFc09D3fFu2Stue5uF5OaFVrsUbYOZOMg/w640-h520/f4.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - autocorrelation and bitstream<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">After the removal of the 20 known symbols, the initial & ending data blocks show 64-symbols/128-bit patterns even if - actually - the ending blocks consist of a 32-symbols/64-bit pattern (as it was already visibile in Figure 2).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1q9-AYO9Mr7lgSYr4woUmtKVdtXjyZd8XLiwsAe1RCGIEMT94o-bYvlXBYHIi6IhSampPqnZ-2dULjdw5AfyouHCtKlqS3A8-ZVphWNEjMejcl_LHfpxwcJ3fB-U6NXs2QnwcCPSmfK2TD4c8lWGoSGftDitd7S7EyQaq423gpR0seqqIcqDA0wKbkgY/s967/f5.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="534" data-original-width="967" height="354" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1q9-AYO9Mr7lgSYr4woUmtKVdtXjyZd8XLiwsAe1RCGIEMT94o-bYvlXBYHIi6IhSampPqnZ-2dULjdw5AfyouHCtKlqS3A8-ZVphWNEjMejcl_LHfpxwcJ3fB-U6NXs2QnwcCPSmfK2TD4c8lWGoSGftDitd7S7EyQaq423gpR0seqqIcqDA0wKbkgY/w640-h354/f5.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSbo9JmxroFKNNt-4PWxMExbiEk-zlRUDhKgQ-HCq8MRa7yV1b3gPLSZPQsBqn_q_MhXteGQegWhps235UaM_wtKre3h4pGtwN5GMhoRfiHq_W8hpH2KSaVFJAFEoeu9p8gnfXe5fF0n-ZX3aAe0Hx569EKEKwJb8zzZZLNXfF2sMwiPth7vXiyp2xrUE/s967/f6.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="524" data-original-width="967" height="346" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSbo9JmxroFKNNt-4PWxMExbiEk-zlRUDhKgQ-HCq8MRa7yV1b3gPLSZPQsBqn_q_MhXteGQegWhps235UaM_wtKre3h4pGtwN5GMhoRfiHq_W8hpH2KSaVFJAFEoeu9p8gnfXe5fF0n-ZX3aAe0Hx569EKEKwJb8zzZZLNXfF2sMwiPth7vXiyp2xrUE/w640-h346/f6.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4<br /></td></tr></tbody></table><p></p><p> As usually, comments are welcome.<br /></p><p>[1] <a href="https://disk.yandex.com/d/5g-pEgBTLIxSmg" target="_blank">https://disk.yandex.com/d/5g-pEgBTLIxSmg</a></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-46406648105205683702023-09-15T18:35:00.001+02:002023-09-15T18:47:28.717+02:00Chinese Navy (PLA Ny) MFSK-8 125Bd & PSK2 2400Bd mixed mode<div><p style="text-align: justify;">Complete and good quality data transfer session recorded on 10346.0 KHz/USB at 2153 UTC thanks to a KiwiSDR located in Oita, Japan [1].<br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvfk8lvvCX3PKnK8tIcQB6T70E4cr5QnoSaFE0XZcC1K1TNRmFH3U1QIwIiqnqaMKGt_C_BXa_-f6-2BIE9Rog4B10R1gcEv1o3frDJFEpckYYp9SJOC7HgS_SCGxBZzhJlkSBgRW1GLdIGGpddesU5BzfNH3AC87sSZNuIutmVvSEo2uQxTvSlNaNSlo/s907/f1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="361" data-original-width="907" height="254" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvfk8lvvCX3PKnK8tIcQB6T70E4cr5QnoSaFE0XZcC1K1TNRmFH3U1QIwIiqnqaMKGt_C_BXa_-f6-2BIE9Rog4B10R1gcEv1o3frDJFEpckYYp9SJOC7HgS_SCGxBZzhJlkSBgRW1GLdIGGpddesU5BzfNH3AC87sSZNuIutmVvSEo2uQxTvSlNaNSlo/w640-h254/f1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1 - Complete data transfer session</td></tr></tbody></table><br /></div><div style="text-align: justify;">In the first part of the recording, the one related to the link setup, we can see standard MS 188-141 exchanges preceeded by bursts which use short MFSK-8 125Bd 250Hz segments (just the same tones of MS-141 but w/out the 6th tone). <span face=""trebuchet ms" , sans-serif"><span class="short_text" id="result_box" lang="en"><span class="hps">Perhaps
they do not use this MFSK waveform as an ALE resource since they just
use the standard 188-141.</span></span></span> The involved ALE callsigns are AN1 & BN2, according to UDXF logs these IDs belong to the China's Navy (PLA Navy, People's Liberation Army Navy).</div><p></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5UQmGP6_INJc2MbVab7mCAzP_vikZHIaZhPuoKbuOMmQvh84aPA9lYJR0SblL21oMQvfuzhmsSyo_-NIO0vAUDSCF9Yh5_Ycq46ZZzRw7xDmqAo_w_DpkneBvYVpNo8tCuWHEsI5vBWKxBMPKThfTMbddEbcBjVXhhJ2WuQoaZaKXsCkx18CehsQxtuQ/s901/f2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="859" data-original-width="901" height="610" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5UQmGP6_INJc2MbVab7mCAzP_vikZHIaZhPuoKbuOMmQvh84aPA9lYJR0SblL21oMQvfuzhmsSyo_-NIO0vAUDSCF9Yh5_Ycq46ZZzRw7xDmqAo_w_DpkneBvYVpNo8tCuWHEsI5vBWKxBMPKThfTMbddEbcBjVXhhJ2WuQoaZaKXsCkx18CehsQxtuQ/w640-h610/f2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2<br /></td></tr></tbody></table><br />The most interesting part is the one related to the data transfer. In my opinion, although constellation and state's transitions indicate a PSK4 modulation, the trajectories and the phase detector indicate that the main transmission mode is PSK2 (Figs. 3,4).<p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg0b8vgaMqp2BNDm67kThrXcQF3d3uKH1d9v77P-sVCwgQTDY2V3rHjplVEiMClGMhrJiMi88C5UI2MAHLrIAzS-1E0EhYQaz5lByqCZJ4rb_0j6vyOl9UBv_aKHPxtL1URCOQdNM-lqhxRT-HKIDGmI62O0GK0CuMdG-LbKSlb8q0HxdaEmSr4YIL4Rc/s883/f3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="866" data-original-width="883" height="628" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg0b8vgaMqp2BNDm67kThrXcQF3d3uKH1d9v77P-sVCwgQTDY2V3rHjplVEiMClGMhrJiMi88C5UI2MAHLrIAzS-1E0EhYQaz5lByqCZJ4rb_0j6vyOl9UBv_aKHPxtL1URCOQdNM-lqhxRT-HKIDGmI62O0GK0CuMdG-LbKSlb8q0HxdaEmSr4YIL4Rc/w640-h628/f3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcwcmS_j_xrZuFS2fBaMeOqrgrg03v2f_vfYriigQ29VMkiktzlyQX_jTJKEzQPln4Npt8LGyGFdg1Mq_ishc-W5Z5_woo8Rio6X-3d_wYtPTl1XW_TyeeYTak0Oc62KP4LAn-chWU5-TMJK8mC6B3KBUCsvzA3yycDGxywVeaLRHQ3O-jq_U17jN6rM0/s874/f4.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="467" data-original-width="874" height="342" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcwcmS_j_xrZuFS2fBaMeOqrgrg03v2f_vfYriigQ29VMkiktzlyQX_jTJKEzQPln4Npt8LGyGFdg1Mq_ishc-W5Z5_woo8Rio6X-3d_wYtPTl1XW_TyeeYTak0Oc62KP4LAn-chWU5-TMJK8mC6B3KBUCsvzA3yycDGxywVeaLRHQ3O-jq_U17jN6rM0/w640-h342/f4.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4<br /></td></tr></tbody></table><p></p><p>Probably, the four-state constellation is due to the inserts you may see below in Figure 5 (Figure 6).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpkZVEdyHY5uEitMNryWmB5RZVfklqIZrOTRoZ2r4JEIbF-9kkEpI-OJv_EF5DjR7G5ExsNFz_SdgYAFWQ9_x0FVyfnplLnqDsHsAhVrBujkHMfVDgv0mKMpm9ul0FhqzL_v_WCVLDdzD1TTwznytTeRJznFWfCEmBVR6ZuGKfMFzcOS7lHh1WGjA_XHc/s880/f5.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="333" data-original-width="880" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpkZVEdyHY5uEitMNryWmB5RZVfklqIZrOTRoZ2r4JEIbF-9kkEpI-OJv_EF5DjR7G5ExsNFz_SdgYAFWQ9_x0FVyfnplLnqDsHsAhVrBujkHMfVDgv0mKMpm9ul0FhqzL_v_WCVLDdzD1TTwznytTeRJznFWfCEmBVR6ZuGKfMFzcOS7lHh1WGjA_XHc/w640-h242/f5.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">After PSK4 demdoulation, the resulting bitstream shows a well-defined 8-bit format.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsHEkM9ArmpAl7PCg-noV03u1AlKD_9mChJY-tpCPQ0bBXNTyFIb37XS1PuhcSrulUX_-ZE3ohf5DkRwQSOZcCsZ6DDEuN3DnlGV9E7XEZTRGTGYcu7i9rDb_f8bD8HwC_wmUicGajHqk78hBV8_PFsAVK8kazdKGHZKl_29oCGLJ3JHB0ZmaooDCr5-E/s955/f7.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="717" data-original-width="955" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsHEkM9ArmpAl7PCg-noV03u1AlKD_9mChJY-tpCPQ0bBXNTyFIb37XS1PuhcSrulUX_-ZE3ohf5DkRwQSOZcCsZ6DDEuN3DnlGV9E7XEZTRGTGYcu7i9rDb_f8bD8HwC_wmUicGajHqk78hBV8_PFsAVK8kazdKGHZKl_29oCGLJ3JHB0ZmaooDCr5-E/w640-h480/f7.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 6<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">A Chinese PSK2 2400Bd serial waveform was already commented <a href="http://i56578-swl.blogspot.com/2021/12/chinese-psk2-2400bd-serial-waveform.html" target="_blank">here</a>: unfortunately, the bitstreams have different structure and patterns. <br /></p><p><a href="https://disk.yandex.com/d/IGweBYIwpB4dtg" target="_blank">https://disk.yandex.com/d/IGweBYIwpB4dtg</a></p><p>[1] <a href="https://flydog.web-sdr.net/?f=10346.00usbz8" target="_blank">https://flydog.web-sdr.net/?f=10346.00usbz8</a></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-87165230209714647232023-08-26T11:22:00.000+02:002023-08-26T11:22:50.315+02:00 CIS FSK scanning SelCall (ACS/C)<div><p style="text-align: justify;">This is an example of a CIS ACS/C (Automatic Channel Selection/Control) scanning SelCall [1], in this case a scan set of seven channels is used. The signal was recorded by my friend <i>AngazU</i> in two occasions and presents some interesting aspects. As shown in Figure 1, the call consists of five scanning cycles: the 3 centrals ones, each consisting of all the seven channels of the scan list (1-7), plus the first and the latter ones consisting respectively of the four upper channels (4-7) and the three lower ones (1-3): this way each channel of the scan list is "worked" four times. Since the scanning mode, the call (and probably the system) is asynchronous.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCiE6KgcxZd4uCmdSnXl9HRi0GLqHGz01d0TjT7xbHsmgbsnwFQ5mWvAewVxetPJIhTu65QEcgLVkfsWcLntvHETDu-J2MA8-xzJkjMPdedXGnaPn2l4VRTf2IZDdfv22J4Osl9aS6ZsPUf6SRk7kUBv7OI6jO9DVq0Ldp0_WIhfS_e-_pNCFzBh2mpkc/s980/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="386" data-original-width="980" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCiE6KgcxZd4uCmdSnXl9HRi0GLqHGz01d0TjT7xbHsmgbsnwFQ5mWvAewVxetPJIhTu65QEcgLVkfsWcLntvHETDu-J2MA8-xzJkjMPdedXGnaPn2l4VRTf2IZDdfv22J4Osl9aS6ZsPUf6SRk7kUBv7OI6jO9DVq0Ldp0_WIhfS_e-_pNCFzBh2mpkc/w640-h252/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1 - the five CIS ACS/C cycles</td></tr></tbody></table><p style="text-align: justify;">The main parameters are (Figure 2):</p><p style="text-align: justify;">- used modulation in channels is FSK at 150 bps with a shift of 200 Hz;<i><br /></i>- separation between channels is 4 Khz, for a total bandwidth of ~24 KHz<i> </i>*<i><br /></i>- each FSK segment has a duration of 4000ms <i>(see below)</i> or 600 bits, which makes a 28s duration for a complete scanning cycle;<i> <br />- </i>the scanning call lasts 1m 50s;<br />- transition time between two consecutive channels is pratically zero. </p><p style="text-align: justify;">* the occupied bandwidth in Hz may be computed as ~[(N-1) × 4000 + 2×Br], in this sample N=7</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMdqq7cdXyh_pJIWbBZr_LxUGw3cNHmO61_WuoRaFniLaBn7gvR7Zlm2WCt5gGxRyjFjjxsncl6K05VYJ5sM2ZScKgHLqIjTTT9rrYHuW_R7sC2yWlf9mLc_jxndKdyyD-GzmXGYcwjz_sbPWwLkJDUKRdM8IY_c1e-PIbnTWA4Tilmi67gcJKb_Z5HDM/s982/3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="641" data-original-width="982" height="418" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMdqq7cdXyh_pJIWbBZr_LxUGw3cNHmO61_WuoRaFniLaBn7gvR7Zlm2WCt5gGxRyjFjjxsncl6K05VYJ5sM2ZScKgHLqIjTTT9rrYHuW_R7sC2yWlf9mLc_jxndKdyyD-GzmXGYcwjz_sbPWwLkJDUKRdM8IY_c1e-PIbnTWA4Tilmi67gcJKb_Z5HDM/w640-h418/3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - main parameters<br /></td></tr></tbody></table><p style="text-align: justify;">The FSK segments exhibit a 300 ms ACF and consist of a 45-bit repeated sequence (Figure 3), obviously all the segments transmit the same data.<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz2X7K7DiSJLVIhpGxQ6uwK-rsGbjaWG6flA0PzhpisRpW2rjPA2KFt4jOI2qQxJVGDZhXB3-Zyj6vG001q04HAE4bhg7fmsseRmEitEQpau_MjEZM82n70aaOBSomwaG_1_AAfjA9tVHh1HBFB-mxeVxwAm8fJTDdL0dJKxgAJ9d7rNPkeu1SdKCpvsA/s904/5.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="794" data-original-width="904" height="562" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz2X7K7DiSJLVIhpGxQ6uwK-rsGbjaWG6flA0PzhpisRpW2rjPA2KFt4jOI2qQxJVGDZhXB3-Zyj6vG001q04HAE4bhg7fmsseRmEitEQpau_MjEZM82n70aaOBSomwaG_1_AAfjA9tVHh1HBFB-mxeVxwAm8fJTDdL0dJKxgAJ9d7rNPkeu1SdKCpvsA/w640-h562/5.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3 - a demodulated bitstream<br /></td></tr></tbody></table><p></p><p style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">It's worth noting that a 15-bit encoding would make sense.<br /></span></span></span></p><p style="text-align: justify;"><span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb"></span></span></span></p><p style="text-align: justify;">As from Figure 1, the last FSK segment is shorter (~ 2240ms instead of 4000ms): the sequence before the trailing "1s" seems to be 1 bit off from the previous pattern, maybe it's a streaming failure (Figure 4).<br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQfnpoc1NipFNBjFfdE3gMAzCWMRurHYU3kRbZTARXidM74cIVfi0sKFNeD5ZHRyreetHizeZpUnixMe7FALEjm6ngru8wbagcjkMTtj6098kPRy2q0eZLUgKO7oRtn6WmBaKUvZgDsWpHz0VmiHEw1inB3Bz78QGVulPOJKD6elfsk9_pzCS67QIQ8ys/s749/last.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="249" data-original-width="749" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQfnpoc1NipFNBjFfdE3gMAzCWMRurHYU3kRbZTARXidM74cIVfi0sKFNeD5ZHRyreetHizeZpUnixMe7FALEjm6ngru8wbagcjkMTtj6098kPRy2q0eZLUgKO7oRtn6WmBaKUvZgDsWpHz0VmiHEw1inB3Bz78QGVulPOJKD6elfsk9_pzCS67QIQ8ys/w640-h213/last.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 - last FSK segment </td></tr></tbody></table><p></p><p style="text-align: justify;">The second recording (Figure 5) shows the same scan set arrangement (4-7, 1-7, 1-7, 1-7, 1-3) except for a short FSK segment in the third scan cycle (Figure 6): it's not possible to know if it is intentional or is a malfunction or maybe - as assumed for the last segment - a streaming failure.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIKr_gDPHFEoplsikQBMOVFSbHJNZDKGR0wM7VnlVr60kkS72nDPCkF2yM0uRm9q66O_cwB-jiOUBkT4vsVEBhjugODmTIdA1RHSmYOnP2QtM8YTA84nnU_Tuo0N7Aitp-lmjsqOW4svEBHh4eWcfmL2Egc-6v1BtNDBMPxngk0cInxv_cq8Fan36RL_Y/s887/11.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="310" data-original-width="887" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIKr_gDPHFEoplsikQBMOVFSbHJNZDKGR0wM7VnlVr60kkS72nDPCkF2yM0uRm9q66O_cwB-jiOUBkT4vsVEBhjugODmTIdA1RHSmYOnP2QtM8YTA84nnU_Tuo0N7Aitp-lmjsqOW4svEBHh4eWcfmL2Egc-6v1BtNDBMPxngk0cInxv_cq8Fan36RL_Y/w640-h224/11.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5<br /></td></tr></tbody></table><p></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD_3tOb_gGbzHRlLBSutkM48HDTCQu-B-pIOSmH7f43gydVi8wWdumSCPnW5Ek-aN_J3PbNCp8qfCa0BTszBjzfZxJV4iHdNmxcJ-B5u2f5Bx55m-NKtp1fpqoB1V_5mFRbdI0N7BxgAzUcg9RsRM29lo1L9iZuq8VVaUS2PzcDvrAhzb23Ax_5BJqb40/s745/33.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="198" data-original-width="745" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD_3tOb_gGbzHRlLBSutkM48HDTCQu-B-pIOSmH7f43gydVi8wWdumSCPnW5Ek-aN_J3PbNCp8qfCa0BTszBjzfZxJV4iHdNmxcJ-B5u2f5Bx55m-NKtp1fpqoB1V_5mFRbdI0N7BxgAzUcg9RsRM29lo1L9iZuq8VVaUS2PzcDvrAhzb23Ax_5BJqb40/w640-h170/33.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 6<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">About the length of the FSK segments it's interesting to notice in Figure 7 that the very first segment, and only this, lasts 4040ms and consists of an initial preamble consisting of a 460ms "01"s sequence followed by a ~ 3580ms length data of the selcall: probably the preamble signals the start of the scanning cycles. <br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBmQogC6MbvNv8nH9yTn3kPpIVjxAp60shvibPrV2zsV8x5mlO7UfaOUIwntJKUYPX5v0Lc2S4hj6gRD7bnFfsX0RG6SUOKGrLCx85wfjF3ajIb0ypld-jcBJFRLCQ-OAYlWiDZ1VnrK1dlZ-FkUk3LfoXtsuG7MpwIHsoGFt4rbom8bMiOQMefeE1kVI/s947/30.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="767" data-original-width="947" height="518" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBmQogC6MbvNv8nH9yTn3kPpIVjxAp60shvibPrV2zsV8x5mlO7UfaOUIwntJKUYPX5v0Lc2S4hj6gRD7bnFfsX0RG6SUOKGrLCx85wfjF3ajIb0ypld-jcBJFRLCQ-OAYlWiDZ1VnrK1dlZ-FkUk3LfoXtsuG7MpwIHsoGFt4rbom8bMiOQMefeE1kVI/w640-h518/30.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 7 - "01"s preamble in the first FSK segment<br /></td></tr></tbody></table><br /></div><div style="text-align: justify;">Even more interesting is that the preamble seems to be keyed at the speed of 160 bps and thus consisting of 73-bit length reversals: Figures 8, 9 clearly indicate the different speeds.</div><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2HIuOx1hEgN4l9Drx27ulpF_J6n2MEl9ECgS0rzLOBbaBTm03a2fyx9cfXpe5sj_RyOvV8Ug7tb4KN8GcYuKNUU1BbHNPT9m7s1yBa-v5vYVRQz9X2S2Lhbg5r9QMvR8AQXHTIr6J9e_sGLwAL-PN_ypsdeLYds-cXPzoTURXbwwvau6yK5-ERbCeHRs/s903/31.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="444" data-original-width="903" height="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2HIuOx1hEgN4l9Drx27ulpF_J6n2MEl9ECgS0rzLOBbaBTm03a2fyx9cfXpe5sj_RyOvV8Ug7tb4KN8GcYuKNUU1BbHNPT9m7s1yBa-v5vYVRQz9X2S2Lhbg5r9QMvR8AQXHTIr6J9e_sGLwAL-PN_ypsdeLYds-cXPzoTURXbwwvau6yK5-ERbCeHRs/w640-h314/31.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 8 - different modulation speeds detected with the "zero-crossing" method<br /></td></tr></tbody></table><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtpfVzBiIdGuKDtuWiUK7Rqb1qdWtU8eQ4-WBFHpCoEVydj5CxOE4imclrb-uH6PBOBYq37lc7cV6dU7mvutvyj9cA5Cu6TYPMcs_-gidbrYcYSJGDEcXYmO1n13iXSCzUWBrY-8IrsxTzqrA00E0FUTOniabd8lnlVy4lztLl3bp2VtWKZc5IfgAVgOk/s947/32.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="614" data-original-width="947" height="414" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtpfVzBiIdGuKDtuWiUK7Rqb1qdWtU8eQ4-WBFHpCoEVydj5CxOE4imclrb-uH6PBOBYq37lc7cV6dU7mvutvyj9cA5Cu6TYPMcs_-gidbrYcYSJGDEcXYmO1n13iXSCzUWBrY-8IrsxTzqrA00E0FUTOniabd8lnlVy4lztLl3bp2VtWKZc5IfgAVgOk/w640-h414/32.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 9 - 160 and 150 bps FSK demodulations<br /></td></tr></tbody></table><br /><p></p><p style="text-align: justify;">The scanning system makes probably use of the CIS Selcall waveform [2] "<i>Vishnya</i>" (from the name of the R-016V "Вишня" radio equipment): indeed modulation, bps, shift and ACF match. It must be said, however, that although I referred to the transmission as a "call" it could also be an LQA or other type of message/signaling. Apparently - at least in this portion of band - there is nor reply from the called station.<br /></p><p style="text-align: justify;">By the way, also this (quite rare and old) signal was heard using a remote SDR located in Ukraine... unfortunately, many interesting signals are on-air in that unfortunate area.<br /></p><p style="text-align: justify;"></p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/MuMLNeTCkb4npg" target="_blank">https://disk.yandex.com/d/MuMLNeTCkb4npg</a></p><p style="text-align: justify;">[1] <a href="http://signals.radioscanner.ru/base/signal251/" target="_blank">http://signals.radioscanner.ru/base/signal251/</a><br />[2] <a href="http://signals.radioscanner.ru/base/signal106/" target="_blank">http://signals.radioscanner.ru/base/signal106/</a></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com2tag:blogger.com,1999:blog-2805107305752377693.post-13639342814343382282023-08-19T11:25:00.000+02:002023-08-19T11:25:18.304+02:00yet another unidentified "embroidery"<p style="text-align: justify;"><b><span style="background-color: #fcff01;"><i>updated</i></span> </b><br /></p><p style="text-align: justify;">Unid signal noted on 7005 KHz/USB, "patterns" are sent each 1328 ms and have a duration of 672 ms (2000 ms cycle). Transmissions occur during the afternoon, not all the days, and last 2 hours. As per Kiwis and some observations, this new waveform could be from Russia.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6Kr1Euo2zUx2n6Pd68G7EL_3_1YA48si-C3CWpiT2zLRpdnvoN0u9gJPmvuP3DAQsSXEVU0wQPHkFeK0UxhiZ9RdPly9ziPsnZtL0gixOeid5fynQmLxOKBECyzC2mwO0gT4hHqwrWtZECZijGOpxWNoojsbOLYUtGENI4UlIwbkZsmuMtSKoEudUKt4/s883/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="616" data-original-width="883" height="446" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6Kr1Euo2zUx2n6Pd68G7EL_3_1YA48si-C3CWpiT2zLRpdnvoN0u9gJPmvuP3DAQsSXEVU0wQPHkFeK0UxhiZ9RdPly9ziPsnZtL0gixOeid5fynQmLxOKBECyzC2mwO0gT4hHqwrWtZECZijGOpxWNoojsbOLYUtGENI4UlIwbkZsmuMtSKoEudUKt4/w640-h446/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table><p style="text-align: justify;">Could be a kind of "image" formed by the array of multiple frequencies, just like the HAM calls sent in SSTV broadcasts, but it's only a my guess and further recordings could clarify source and users. Comments are welcome.</p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/Kvog7RX83oppFA" target="_blank">https://disk.yandex.com/d/Kvog7RX83oppFA</a> </p><p style="text-align: justify;"><b><i><span style="background-color: #fcff01;">19th August update</span></i></b> <br />I want to thank my dear friend <i>cryptomaster</i> who suggested that this signal could be an "evolution" or a modified version of the Turkish waveform shown here:<br /><a href="http://i56578-swl.blogspot.com/2023/05/a-strange-as-unid-signal-appeared-last.html" target="_blank">http://i56578-swl.blogspot.com/2023/05/a-strange-as-unid-signal-appeared-last.html</a></p><p style="text-align: justify;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYqsJMweOACZg9s9vAHdu2omG64ey6931hGqD9SWwAosVsAVWdQjB-u5rruoLOpqgDh1CkFVPay7UKWlFASLvqETZyhxdMctlcjDF2mbQ2j3uNZ6x9C_G3_Kg0PBZ9eu02WW3jJ8qhs0eYsGAzuG_BWEYrnwjLpqUj_srsrIIjbDkTSwImJG1vOOr-Jlg/s886/unid-turkish.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="334" data-original-width="886" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYqsJMweOACZg9s9vAHdu2omG64ey6931hGqD9SWwAosVsAVWdQjB-u5rruoLOpqgDh1CkFVPay7UKWlFASLvqETZyhxdMctlcjDF2mbQ2j3uNZ6x9C_G3_Kg0PBZ9eu02WW3jJ8qhs0eYsGAzuG_BWEYrnwjLpqUj_srsrIIjbDkTSwImJG1vOOr-Jlg/w640-h242/unid-turkish.PNG" width="640" /></a></div><p></p><p>If he's right, as I think, this would be a good step forward.<br /> <br /></p><p></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com2tag:blogger.com,1999:blog-2805107305752377693.post-84733425992647299272023-08-14T17:12:00.001+02:002023-08-15T11:05:01.369+02:00ECCM Frequency Hopping Spread-Spectrum (FHSS) example<p style="text-align: justify;">Looking at the spectrum of the receivable signals around 7 MHz in the UKR skyes, as well as numerous and very frequent STANAG-4538 and L3Harris WHARQ waveforms, it may happen that we observe transmissions in frequency hopping mode (FHSS, or Frequency Hopping Spread-Spectrum) as shown in Figure 1.<br />Frequency hopping (also known as ECCM, Electronic counter-countermeasures) is the most commonly used Transmission Security (TRANSEC) technique. The frequency hopping capability provides advanced anti jam protection for communications. In HOP radio mode, the transmitter frequency changes so rapidly that it is difficult to intercept or jam the signal. For additional security, hopping data and digital voice data can be encrypted. </p><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: left;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMNVAo-trxWSFzPkK8ea_8KS-IizFwLYi9gpR1fEFauQo_Dd80wZU6IzZPcKfYX9_S6hxE7lQwFJoqRCh03ihDNE1xfgaLEpAGafgppPnZYMrE6SbNGQLeJJK5BGYsekefJIF59GqZtPEDlOoOt_5N5wG5q7XsEucA2TJPAIYg3RqZbjY9dkqu3Rvv0pY/s686/f0.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="541" data-original-width="686" height="504" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMNVAo-trxWSFzPkK8ea_8KS-IizFwLYi9gpR1fEFauQo_Dd80wZU6IzZPcKfYX9_S6hxE7lQwFJoqRCh03ihDNE1xfgaLEpAGafgppPnZYMrE6SbNGQLeJJK5BGYsekefJIF59GqZtPEDlOoOt_5N5wG5q7XsEucA2TJPAIYg3RqZbjY9dkqu3Rvv0pY/w640-h504/f0.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig.1 - FHSS transmission<br /></td></tr></tbody></table><p style="text-align: center;"></p><p style="text-align: justify;">Me and my friend <i>ANgazu</i> from <a href="http://radiofrecuencias.es" target="_blank">radiofrecuencias.es</a> had the chance the analyze these signals and share the results. We observed transmissions which use 26 or 27 channels and occupy a bandwidth of 81 KHz, since each channel is 3 KHz wide (2700 + 300 Hz separation). Hopping rate is 8.88 sps with an hop time of ~112.5 ms (say 102 ms ON, 10.5 ms OFF).</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc8lTPJMsa_LofWHf_vfvVPnbFGRYt0eIf7vhib9GbwHFT3iReZ6LKvrry8952Tm9zOCGuOCIUmROdVI7-Xk23DLbNUEMLqa-Dc7gFlvva9N6XEJOAwEAfoLtRTjoesZAIgJgtJAe17Bf5MjX-2GYyHD-R36lanOO4pfYrT4sObQzWXeXCoF1mX0W7TrM/s1007/f1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="563" data-original-width="1007" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc8lTPJMsa_LofWHf_vfvVPnbFGRYt0eIf7vhib9GbwHFT3iReZ6LKvrry8952Tm9zOCGuOCIUmROdVI7-Xk23DLbNUEMLqa-Dc7gFlvva9N6XEJOAwEAfoLtRTjoesZAIgJgtJAe17Bf5MjX-2GYyHD-R36lanOO4pfYrT4sObQzWXeXCoF1mX0W7TrM/w640-h358/f1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - FHSS single channel frequency occupation<br /></td></tr></tbody></table><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRBcQJu7jCne-psaoDuXxfPasV9zSMzP0R5h2RE5j_W3ozNNYzxpDxj4H9jPR_ew9nx9f8_0n7ISc6RPbvVKnqumx6XqGUCCqVoQmbeB7Clcq259fC33GOaFS2ePgnVf_XUk0UcyjjkK_hGi_j6oim6CAP1oKc6nhpiwc3vf057RLhX7veQLY12vxYFyI/s1014/f2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="559" data-original-width="1014" height="352" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRBcQJu7jCne-psaoDuXxfPasV9zSMzP0R5h2RE5j_W3ozNNYzxpDxj4H9jPR_ew9nx9f8_0n7ISc6RPbvVKnqumx6XqGUCCqVoQmbeB7Clcq259fC33GOaFS2ePgnVf_XUk0UcyjjkK_hGi_j6oim6CAP1oKc6nhpiwc3vf057RLhX7veQLY12vxYFyI/w640-h352/f2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3 - FHSS timing<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Like a single-channel serial tone waveform, the modulation used is 2400 Bd PSK8 for both voice and data (Fig. 4).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiG827f2aRdqq9NX9Z3fkWAt6FW6WC52JtUC4B1znU1uOpmHTl2ixOHnvZRcw97hZfZCN6PycAGUmsyq2DCAJ1lLouSDC0r3jzTLLYboAACGfNXHa4y3aA81d4rbMd2K_Q0rFIkR7DKkR8wRMVxF6tWOFAdzelnceYkPXZ-ffAclavlF25X9_CvVoHk2NA/s933/f3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="445" data-original-width="933" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiG827f2aRdqq9NX9Z3fkWAt6FW6WC52JtUC4B1znU1uOpmHTl2ixOHnvZRcw97hZfZCN6PycAGUmsyq2DCAJ1lLouSDC0r3jzTLLYboAACGfNXHa4y3aA81d4rbMd2K_Q0rFIkR7DKkR8wRMVxF6tWOFAdzelnceYkPXZ-ffAclavlF25X9_CvVoHk2NA/w640-h306/f3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 - FHSS modulation<br /></td></tr></tbody></table><p style="text-align: justify;">This waveform is fielded in AN/PRC-150(C) radios by L3Harris. Wideband hopping covers a frequency band that is bounded by a lower and upper frequency specified in multiples of 100 Hz, frequency exclusion bands may also be programmed. AN/PRC-150 narrow band hopping uses frequencies within a defined bandwidth of the center frequency (Fc) as in the Table below: notice the reported 81 KHz bandwidth in case of 3.5 MHz <= Fc < 9.995 MHz.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwyTS20oqpdI32qbytaaSkGPTXKnvvxEVJJ-tAN-mY-vN_8YfsA1gio88bAcL_HALi8S5jBUvEe_ssNAfNlF-DA2WYWK_ZMCyF-bUWWyke-r6AaNsTCuB_J7fI6nBKllZy8vZYs7e7-4a0OU4hi3rrfmPoARuFnmMiWPs4OJ5Yl6W_tcfbjK9iZ037irQ/s495/tabella.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="221" data-original-width="495" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwyTS20oqpdI32qbytaaSkGPTXKnvvxEVJJ-tAN-mY-vN_8YfsA1gio88bAcL_HALi8S5jBUvEe_ssNAfNlF-DA2WYWK_ZMCyF-bUWWyke-r6AaNsTCuB_J7fI6nBKllZy8vZYs7e7-4a0OU4hi3rrfmPoARuFnmMiWPs4OJ5Yl6W_tcfbjK9iZ037irQ/s16000/tabella.png" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Table 3.16 - L3Harris AN/PRC-150 operation manual</td></tr></tbody></table><p style="text-align: justify;">An important aspect of hopping is synchronization, ie all radios in a net shall use the same frequency at the same time intervall: that alignment may be accomplished with the use of GPS, but is some in cases (very very rare) it uses the manual 3x4 sync sequences as shown in Figure 5. <br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJfnrItzI36ex1L8Y1Wp9ZLU_zKmfuWB_wt030gbOzr6j1SqVL2UktnAyBQRylTayjZxXHNyz8YfjmN4s1tHE60axbCI1Xudarkzmwu4MeRCBt6hv1QHsnzhXe0JM0J1glGcyMU8EXcBqieIJMY_0Zaa3iXjgOBc48GJb7nfTSyfwiKZOvtf5Hc6EG8gQ/s677/dum.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="677" data-original-width="588" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJfnrItzI36ex1L8Y1Wp9ZLU_zKmfuWB_wt030gbOzr6j1SqVL2UktnAyBQRylTayjZxXHNyz8YfjmN4s1tHE60axbCI1Xudarkzmwu4MeRCBt6hv1QHsnzhXe0JM0J1glGcyMU8EXcBqieIJMY_0Zaa3iXjgOBc48GJb7nfTSyfwiKZOvtf5Hc6EG8gQ/w556-h640/dum.PNG" width="556" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5 - 3x4 sync sequences </td></tr></tbody></table><p></p><p>If our guess is correct, we can assume a large employ of L3Harris equipmente in that (war) theatre.</p><p><a href="https://disk.yandex.com/d/YFFDFIUrTFQ2oA" target="_blank">https://disk.yandex.com/d/YFFDFIUrTFQ2oA</a><br /></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-12510578815575792702023-08-04T18:25:00.001+02:002023-08-04T18:27:46.780+02:00FSK 150Bd/500, prob. RusAF "Chayka" (telecode "Seagull")<p style="text-align: justify;">Interesting catch of some short FSK signals on 6885.5 KHz (cf) with modulation speed of 150 bps and shift of 500 Hz. The FSK parameters and the receiver used, an AirSpy server in Ukraine, are good indications in favor of the Russian Air Force system called "Chayka" ("Чайка", Seagull): a command/signaling message system, encrypted, used for military aircraft-ground communications.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyiuqYmfaFgMklbPF7kOLv2nr6XK5LzGqCVU2xL2gYDhTnxnMpATw8a6RP_jLv8nuXv6YtrNMWPlmj7A_ImGWwVggboh2cj8Q2qz8wzhuddxhy30t1ss6mYpNRqjxXtRh2Z2e3s5VCHtlV-kmEyi2Mif_9q5RED5BbIN3ZX_-PRqYPAQimK3lNDdL87uo/s903/f1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="867" data-original-width="903" height="614" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyiuqYmfaFgMklbPF7kOLv2nr6XK5LzGqCVU2xL2gYDhTnxnMpATw8a6RP_jLv8nuXv6YtrNMWPlmj7A_ImGWwVggboh2cj8Q2qz8wzhuddxhy30t1ss6mYpNRqjxXtRh2Z2e3s5VCHtlV-kmEyi2Mif_9q5RED5BbIN3ZX_-PRqYPAQimK3lNDdL87uo/w640-h614/f1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The used equipment could be Р-095 or Р-099 (R-095 and R-099, if translated), that is "aviation on-board telecode communication equipment" [1][2]: increasing the gain of the spectrum to 65 dB (Figure 2) is also possible to detect the message sent by the corresponding station so that we can see both the air & ground versions (...admitted that I have really heard a Chayka signal).</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiojPVoiU-_EzHGS1UWliWng4zfHlAbBPL2h1d2EvrBI_bfK8dd2SyJ0dfLuU4hLCcmYSWtGPJ4BM5V-9bvLzG5GXjtbAMJ0ctDTZD0B39bOIiLjbj3kiecoJRCPrf8t3Yy4iVpyoH1fFZrWQQLxQ11LtcwkOlvuH8_C6Y2PT2OTvUu1mSulI1eXR8fPdg/s880/f2.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="334" data-original-width="880" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiojPVoiU-_EzHGS1UWliWng4zfHlAbBPL2h1d2EvrBI_bfK8dd2SyJ0dfLuU4hLCcmYSWtGPJ4BM5V-9bvLzG5GXjtbAMJ0ctDTZD0B39bOIiLjbj3kiecoJRCPrf8t3Yy4iVpyoH1fFZrWQQLxQ11LtcwkOlvuH8_C6Y2PT2OTvUu1mSulI1eXR8fPdg/w640-h242/f2.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2<br /></td></tr></tbody></table><p style="text-align: justify;">A "Chayka codegram" may consist of separated segments and/or insertions, as clearly visible in Figure 3 where the signal has been resampled to 3788 KHz.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih3gpv7nCj1e4eVIK5jN6gxE8VtftuZw7zLRZZ7J7HwNlY61KNJxNP7c88LSbrueds8jUGZYxV6XCS4VHMZhWlMqPltG5FlnY8yoaxM1saQaPWYEQOZATvbgL2RY_-dXLlcqCeen29ZaHptB5t2M3QKHOaKmAQkOeYJp2DLVCmzufBnfVOY_ZLs_OEyIk/s882/f3.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="334" data-original-width="882" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih3gpv7nCj1e4eVIK5jN6gxE8VtftuZw7zLRZZ7J7HwNlY61KNJxNP7c88LSbrueds8jUGZYxV6XCS4VHMZhWlMqPltG5FlnY8yoaxM1saQaPWYEQOZATvbgL2RY_-dXLlcqCeen29ZaHptB5t2M3QKHOaKmAQkOeYJp2DLVCmzufBnfVOY_ZLs_OEyIk/w640-h242/f3.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><p style="text-align: justify;">By the way, specialists of the Kaluga Research Institute developed the high-speed communication P-097M, that is the successor of P-099 Chaika: one of the key differences between the new system and its predecessors is the high automation [3].<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicTCUoK47V-PkXsk2vOIGoG6ggEI5IRIOqIFK8zVdorGygN-JkO2Y-mtRSW3YtrCONhHzTp4UVjfDfktknwyfy7_TTTJi1-UkQqa-kbwuH3P0PGjXyuG74J-QNda6iBp2otolgJ4ryPaADa6p5hWzZplevzB_Q7AIBjStn1IMjh-5lUpr3Hc8YF5XUlQQ/s839/f4.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="315" data-original-width="839" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicTCUoK47V-PkXsk2vOIGoG6ggEI5IRIOqIFK8zVdorGygN-JkO2Y-mtRSW3YtrCONhHzTp4UVjfDfktknwyfy7_TTTJi1-UkQqa-kbwuH3P0PGjXyuG74J-QNda6iBp2otolgJ4ryPaADa6p5hWzZplevzB_Q7AIBjStn1IMjh-5lUpr3Hc8YF5XUlQQ/w640-h240/f4.PNG" width="640" /></a></td></tr><tr align="center"><td class="tr-caption"><i>source: (http://wiki.airforce.ru/ - List of airborne radio communications: Data communication equipment)</i><br /></td></tr></tbody></table><p style="text-align: justify;">As a final note, Figure 4 shows that the phases of the two frequencies are not constant and change after every switch: a single oscillator, maybe a VCO, is used (if two distinct generators were used we would see no phase changes). Given that Figure 5 shows the durations of two periods, it's possible to come back to the two tones frequency:</p><p style="text-align: justify;"><i>2: 0.001286 = 1555.20 Hz</i><br /><i>2: 0.001896 = 1054.85 HZ</i></p><p style="text-align: justify;">ie just 500 Hz shift.<br /><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnK6dkjCkGN089UiPg0ja0LPjAIqOW4p_jdi5NBCK5mbbx8f0VmDdYuiyytbKY-K4F2qLwUVpwfbeYQhoqrgA23zr-ceq6qCr_jqcy1P2rVkpNEgXwWgfQB5YuCMwz-mSmzXY1x5sm54s4kMx9nmhan6uPqXtwNfqWfFsrmtopwaV971mzwkgDIOaCj3o/s905/f5.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="596" data-original-width="905" height="422" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnK6dkjCkGN089UiPg0ja0LPjAIqOW4p_jdi5NBCK5mbbx8f0VmDdYuiyytbKY-K4F2qLwUVpwfbeYQhoqrgA23zr-ceq6qCr_jqcy1P2rVkpNEgXwWgfQB5YuCMwz-mSmzXY1x5sm54s4kMx9nmhan6uPqXtwNfqWfFsrmtopwaV971mzwkgDIOaCj3o/w640-h422/f5.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4<br /></td></tr></tbody></table><br /><p style="text-align: justify;"><a href="https://disk.yandex.com/d/toc0K7MpLq94ZQ" target="_blank">https://disk.yandex.com/d/toc0K7MpLq94ZQ</a></p><p style="text-align: justify;">[1] <a href="http://wiki.airforce.ru/" target="_blank">http://wiki.airforce.ru/</a><br />[2] <a href="http://www.rwd-mb3.de/ntechnik/pages/ng_r.htm" target="_blank">http://www.rwd-mb3.de/ntechnik/pages/ng_r.htm</a><br />[3] <a href="https://www.aviaport.ru/digest/2020/07/06/644509.html" target="_blank">https://www.aviaport.ru/digest/2020/07/06/644509.html</a> <br /></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-38242917130990806942023-07-18T12:40:00.001+02:002024-02-02T10:40:42.234+01:00unid 100Bd PSK2<p> Unid 100Bd PSK2 signal recorded on 4844.0 KHz and 6819.5 KHz USB (Figure 1)<br /></p><p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0JYDXGt9JB5_vPR99OxdWFgiLa2d2RHfqSfyCQlL8fgaN6Bz2IDVzq8hFbGRz3c0eTYIV9BeHn3PPoWtuWl5rO1s4fS8w7WFX0UIL3-tSm4-rC_vfnfErAjkPRAxxTfltRK5VKM24k4ev7ewDSxwu7OOEPQyDLKcEphH6i7Px38ZfWBamJrU9zdt1Me4/s935/s.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="656" data-original-width="935" height="450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0JYDXGt9JB5_vPR99OxdWFgiLa2d2RHfqSfyCQlL8fgaN6Bz2IDVzq8hFbGRz3c0eTYIV9BeHn3PPoWtuWl5rO1s4fS8w7WFX0UIL3-tSm4-rC_vfnfErAjkPRAxxTfltRK5VKM24k4ev7ewDSxwu7OOEPQyDLKcEphH6i7Px38ZfWBamJrU9zdt1Me4/w640-h450/s.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table></p><p style="text-align: justify;">The demodulated bistreams, after differential decoding, show two different 133-bit length periods: supposedly, the first one (4844.0 KHz, Figure 2) is a combination of the source and destination address while the second one (6819.5 KHz, Figure 3) seems to refer to sending a message - several times repeated - to the correspondent. It's worth noting in the demodulated bitstream of Figure 2 what seem to be five "sections" following the header (that's the same in the two bitstreams). <br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeCXGXZAM2EqZsDgCc4QjoGgWgXU-hz_-qgKb9ObvjgYV_z5HACRhH1pd6uy7q-63u5ja_W1PeiXTjBGZDv2R8nM1AroRq0FDTqYc1g3HNunXRyQVJADrFPe68AFYOiHX-gkdy3eKjgkJlULnWLenm9l6fUGKsejktJUBvWhArkgtgT1njFLBEJX_2lN4/s978/1.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="564" data-original-width="978" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeCXGXZAM2EqZsDgCc4QjoGgWgXU-hz_-qgKb9ObvjgYV_z5HACRhH1pd6uy7q-63u5ja_W1PeiXTjBGZDv2R8nM1AroRq0FDTqYc1g3HNunXRyQVJADrFPe68AFYOiHX-gkdy3eKjgkJlULnWLenm9l6fUGKsejktJUBvWhArkgtgT1njFLBEJX_2lN4/w640-h370/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1</td><td class="tr-caption" style="text-align: center;"><br /></td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCSpKHxo91kIvFJUURkiNNeqgzgNlm60nXj360WXjIDv8frgHP2xB9Ug9QKCiiweKb4k2j1nr2JiEOKuZStsLpnN7PX2TS_4NHbTRIoLfH7YsNuWUDLFTQSfPMMvUopCdo8fTK4oH7lTe3tbJZbhfVHPBQopWvHXw1arnTHv4NaWtzLRQ8JHYQTnLNJn4/s973/2.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="561" data-original-width="973" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCSpKHxo91kIvFJUURkiNNeqgzgNlm60nXj360WXjIDv8frgHP2xB9Ug9QKCiiweKb4k2j1nr2JiEOKuZStsLpnN7PX2TS_4NHbTRIoLfH7YsNuWUDLFTQSfPMMvUopCdo8fTK4oH7lTe3tbJZbhfVHPBQopWvHXw1arnTHv4NaWtzLRQ8JHYQTnLNJn4/w640-h370/2.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">More material is needed to fully understand the nature of such communications, comments are welcome.</p><p style="text-align: justify;"><a href="https://disk.yandex.com/d/cDnTYrXiGDA1fA" target="_blank">https://disk.yandex.com/d/cDnTYrXiGDA1fA</a><br /></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-13726306209865826772023-07-13T19:34:00.001+02:002023-10-04T17:08:31.279+02:00PolAF, UUCP over RSX.25 to exchange HF email messages <div><p style="text-align: justify;">I have already encountered the Rohde & Schwarz RSX.25 protocol in some transmissions of the German BPOL and Italian GdF, this time (just a few days ago) I spotted such transmissions from the Polish AirForce (Siły Powietrzne - Ministerstwo Obrony Narodowej, MON) on 6884 KHz/USB where they use R&S GM2100 proprietary waveforms as HF bearer and UUCP over RSX.25 to send PostMan II email messages (Figure 1). Transmission were recorded using a Polish KiwiSDR [1].</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA_pfSGTLQUU7SZmxtiTV4bhDHg4R7D2WcHME87qx_yr7o22euS6DoafSuypGOHveCehIiNndOouRWF7BuOl6x2YpAYStQsZt4l1mnYKc4uLPpk85bkIAq0fPrztJbMOlPBUq_ryJ_DQF7I4-odS9XFhKw6Wh5kBaDBxk_ApN5ojJMdPN2vDWnHuFYfE4/s417/8-layers.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="417" data-original-width="363" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA_pfSGTLQUU7SZmxtiTV4bhDHg4R7D2WcHME87qx_yr7o22euS6DoafSuypGOHveCehIiNndOouRWF7BuOl6x2YpAYStQsZt4l1mnYKc4uLPpk85bkIAq0fPrztJbMOlPBUq_ryJ_DQF7I4-odS9XFhKw6Wh5kBaDBxk_ApN5ojJMdPN2vDWnHuFYfE4/w278-h320/8-layers.PNG" width="278" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1</td></tr></tbody></table><p></p><p>Particularly, one of the transmissions being analyzed refers to the nodes with ALE address WARSZAWA2 and BYDGOSZCZ:</p><p style="text-align: justify;">TO WARSZAWA2 TIS BYDGOSZCZ<br />TO BYDGOSZCZ TIS WARSZAWA2<br />TO WARSZAWA2 TIS BYDGOSZCZ User Unique Function 00 07 (CMD USER UNIQUE WORD)<br /><br />The used 2G-ALE protocol is the well-known standard 188-141A: the first thing that catches the eye is the use of a User Unique Function (UUF) [2] with the value 00 07 (14-bit ASCII [nul][bel]) in the third frame of the ALE handshake. User Unique Functions enable the transmission of a manufacturer-specific Unique Index which may be used for controlling the subsequent data transmission protocol; in this case, the value 0007 is most likely the particular "index" that R&S uses to signal UUCP/RSX.25 protocol to the receive node.</p><p style="text-align: justify;">Data are sent using the HF waveform "Signal Format", a so-called R&S proprietary advanced waveform provided by their GM2100/GM2200 HF modem. The used waveform is the quite common 2400Bd PSK8 occupying a 3 KHz bandwidth (Figure 2). With 8PSK the net data rate of the serial modem is 5400 bit/s, errors are at first corrected by FEC, which reduces net data rate to 2700 bit/s. <br /></p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtyGfcphAi26_WmgibGZC_KKFzxRpVySaBnMm5VllRd8d2lOmKS-y5SuE9qqJ149cLY0NOT2SeP1rIo4dAM5Cf9v-j39Pcc3LHjBhGm_S0uDFBXFdLOjBk2LQEqVe-0ufdeKpcT2prPotJf9OVi3-2Ery_jwxp9Mdk8ftLMhshnIxu8mX8d3KA69IO9iA/s884/1.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="531" data-original-width="884" height="384" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtyGfcphAi26_WmgibGZC_KKFzxRpVySaBnMm5VllRd8d2lOmKS-y5SuE9qqJ149cLY0NOT2SeP1rIo4dAM5Cf9v-j39Pcc3LHjBhGm_S0uDFBXFdLOjBk2LQEqVe-0ufdeKpcT2prPotJf9OVi3-2Ery_jwxp9Mdk8ftLMhshnIxu8mX8d3KA69IO9iA/w640-h384/1.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">The framing consists of a 192-symbol sequence preamble followed by one ore more data blocks each consisting of 64-symbols: 48 unknown symbols (coded data) + 16 known symbols ("test sequences"). The postamble terminates the data blocks and consists of a 64-symbol End Of Message sequence. Except for the presence of an initial TLC section(s), the total length is then a multiple of 64 symbols.<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhibMznDA-gemJ0kCEfgPClwyheLagspDrnzC9Ht8GrM6pgJELx2r4FonZqAOlnEKG0mb_9gpfK8WSlpuQyb3AuhWozczI_OhJd_yUknLxJ7J_E1QD7lOVVIY3gvwGAHMIG2_OiuCcXmFNS1U-caXOVGntA9tCDC2xUqAOr3sy4Wtgws0C1blR1II-fbyQ/s963/2-gm2100.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="135" data-original-width="963" height="90" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhibMznDA-gemJ0kCEfgPClwyheLagspDrnzC9Ht8GrM6pgJELx2r4FonZqAOlnEKG0mb_9gpfK8WSlpuQyb3AuhWozczI_OhJd_yUknLxJ7J_E1QD7lOVVIY3gvwGAHMIG2_OiuCcXmFNS1U-caXOVGntA9tCDC2xUqAOr3sy4Wtgws0C1blR1II-fbyQ/w640-h90/2-gm2100.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><p style="text-align: justify;">Figure 4 shows the ACF/period of the GM2100 waveform: since the 2400 Baud, the ACF value of 133.33ms corresponds to a 320-symbol period, ie to five 64-symbol data blocks.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHaGq8G3uNvI0zQuerS9p9Ar_P0Bpd87WTo04Ags0cvOW5ZjYbsJss76CKTBtwFqotsTGfHHDYOM3wcwrxwXjlD6nVdhLp9UYjCBhKTwJzWxNUnkhe1h1_2NhL67zHSQYkDrhYiS7e3qm9FdSrKX1mV2nT3pkxJeTCQIG8s4efhNKDArSl6SOqkk95MYk/s902/3-gm2100.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="495" data-original-width="902" height="352" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHaGq8G3uNvI0zQuerS9p9Ar_P0Bpd87WTo04Ags0cvOW5ZjYbsJss76CKTBtwFqotsTGfHHDYOM3wcwrxwXjlD6nVdhLp9UYjCBhKTwJzWxNUnkhe1h1_2NhL67zHSQYkDrhYiS7e3qm9FdSrKX1mV2nT3pkxJeTCQIG8s4efhNKDArSl6SOqkk95MYk/w640-h352/3-gm2100.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4<br /></td></tr></tbody></table><p style="text-align: justify;">The length of 320 symbols is due to the fact that the 16-symbol test sequences are actually "segments" of a longer 80-symbol sequence and so they are five times repeated, as visible in Figure 4 (unless demodulation errors), hence the length of (48+16)×5=320 symbols, or 960 bit since each PSK8 symbol is mapped to a tri-bit sequence (000...111). </p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7Orw-VDBRNKwI5juMG621HY2HCGyujPUzEMbcRRCVG-rOc0oDVrE2aAy-InGW7oG2Mw4qlSWNBE3n4-53Bgxqttnatm4x__IXLinM53G7etkChhT54x8ZcP1zvFOKT6i_348TDdE8VVYxNgJGWKf51h3SE0BOA9hNyQLv2YZBUmer9oRWgJJq_bY2noI/s1020/4-gm2100.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="489" data-original-width="1020" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7Orw-VDBRNKwI5juMG621HY2HCGyujPUzEMbcRRCVG-rOc0oDVrE2aAy-InGW7oG2Mw4qlSWNBE3n4-53Bgxqttnatm4x__IXLinM53G7etkChhT54x8ZcP1zvFOKT6i_348TDdE8VVYxNgJGWKf51h3SE0BOA9hNyQLv2YZBUmer9oRWgJJq_bY2noI/w640-h306/4-gm2100.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5<br /></td></tr></tbody></table><p style="text-align: justify;">After the removal of the HF waveform overhead, the well-known 8-bit patterns of RSX.25 emerge (Figure 6). RSX.25 literally stands for R&S adaptation of wired X.25 protocol to the HF radio channel,ie a modified AX.25 packet radio protocol. <br />Quoting R&S papers: "<i>RSX.25 organizes the data to be transmitted in packets, which are successively transferred to the data modem. The packets contain a variable number of frames, the number per packet depending on radio-link quality and being adapted at regular intervals. The data transmitted in a packet are distributed among the frames. The length of the frame data is variable and also depends on radio-link quality: in channels of very good quality, a frame contains up to 250 data bytes, in strongly disturbed channels 4 bytes. Errors escaping FEC are eliminated by the ARQ procedure of the RSX.25 protocol.</i>" [3] <br /><br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0BHayJKgS42FTWg5Pvw0zKt6JydIpIQV2xj6-1sEs4aD12mkZh7Rbpg8hNchd5gXXr9tvAmX1otoHDqaqtkrdnBwz9sRD4JN_cd4tY41RLXgTSfYisPoq8nlgxE1OS28NaM3N98K27rUtbFJYx8Bbyfx946rFFsF6oKneSf-nzC2XnvzbEeWfO5884A4/s824/5-rsx25.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="711" data-original-width="824" height="552" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0BHayJKgS42FTWg5Pvw0zKt6JydIpIQV2xj6-1sEs4aD12mkZh7Rbpg8hNchd5gXXr9tvAmX1otoHDqaqtkrdnBwz9sRD4JN_cd4tY41RLXgTSfYisPoq8nlgxE1OS28NaM3N98K27rUtbFJYx8Bbyfx946rFFsF6oKneSf-nzC2XnvzbEeWfO5884A4/w640-h552/5-rsx25.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 6<br /></td></tr></tbody></table></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">The transmitted data are obtained after the removal of RSX.25 encapsulation and packets' reassembly, the file (Hex codes and ASCII text) is edited using the XVI32 hex editor [4] and shown in figure 7. Some known "reserved words" and syntax say that's an email transport performed by the use of UUCP: all messages in the initial handshake begin with a `^P' (a byte with the
octal value \020, hex 0x10) and end with a null byte (octal \000, hex
0x00).</div><div style="text-align: justify;"> <br /></div><div style="text-align: justify;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7LD8qXpikf53bz8hzyCGi0NpSI5ln9_k4Vuw2Xr1M0g6Jocv49xW7JzrJ2vo4wIA5ISYoxmFDgwx2tkGF48AtG1XGdfAJs3ob7S_45mDJperO-4Z5JBPss21mrlbL3sjBk9IS8Vj1srieI29x6sywtCrxbg7hAtH70dDUfS84ef1Tpc83OiTHV8c9rsc/s976/6-uucp.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="560" data-original-width="976" height="368" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7LD8qXpikf53bz8hzyCGi0NpSI5ln9_k4Vuw2Xr1M0g6Jocv49xW7JzrJ2vo4wIA5ISYoxmFDgwx2tkGF48AtG1XGdfAJs3ob7S_45mDJperO-4Z5JBPss21mrlbL3sjBk9IS8Vj1srieI29x6sywtCrxbg7hAtH70dDUfS84ef1Tpc83OiTHV8c9rsc/w640-h368/6-uucp.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 7<br /></td></tr></tbody></table><br /></div><div style="text-align: justify;">UUCP (Unix-to-Unix copy) suite is a set of computer programs and protocols that allow for the remote execution of commands and the transfer of email and files between computers, in this scenario it is used over RSX.25. The human-readable version of the UUCP "conversation" (just the initial part) is shown in Figure 8. </div><div style="text-align: justify;"> </div><div style="text-align: justify;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9_GCUZhEisbI4Ae1tEzcLvuFh4LHVXq91U_immbjJ96c1qyZsSdpIpIyIeNY7G7ed0jT6EPJicsXtW5dpOJSVw-Lo4zNOYF9eEgDntx5emAg8FbzV8YjLK7tlecv5BxIXJw0rA0dpWYItf868csk1cGS-HIA-MGz4_yaPa8_49uz2pco3SbsqhAbBpdw/s746/7-uucp.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="299" data-original-width="746" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9_GCUZhEisbI4Ae1tEzcLvuFh4LHVXq91U_immbjJ96c1qyZsSdpIpIyIeNY7G7ed0jT6EPJicsXtW5dpOJSVw-Lo4zNOYF9eEgDntx5emAg8FbzV8YjLK7tlecv5BxIXJw0rA0dpWYItf868csk1cGS-HIA-MGz4_yaPa8_49uz2pco3SbsqhAbBpdw/w640-h256/7-uucp.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 8<br /></td></tr></tbody></table><br />The messages can be parsed according to the UUCP protocol internals [5] so to get some other informations about users, SW/HW equipment... and so on. </div><div style="text-align: justify;"> </div><div style="text-align: justify;"><span style="background-color: #fcff01;">login...Connected...OK </span></div><div style="text-align: justify;"><i>login section</i></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><span style="background-color: #fcff01;">S Bydgoszcz_HF -pz -vgrade=z -R -N07 ROKN07 Pyie Uy</span></div><div style="text-align: justify;"><span style="background-color: white;"><i>UUCP handshake</i> </span><br /><b>S</b> caller hostname = Bydgoszcz_HF<br /><b>-pz -vgrade=z</b> requests the called system to only transfer files of the specified grade or higher = z (grades in UUCP links means 'priorities')<br /><b>-R</b> caller UUCP understands how to restart failed file transmissions. Supported only by System V Release 4 UUCP, so this is a System V release.<br /><b>-N07</b> - caller UUCP understands the Taylor UUCP size negotiation extension (only for UUPlus, so this is UUPlus)<br /><b>ROKN07</b> – called station acknowledgement of ‘R’ options. The caller UUCP is acceptable, it specified `-N', and the called UUCP also understands the Taylor UUCP size limiting extensions <br /><b>Pyie</b> the called station supports the following UUCP protocols y, i, e<br /><b>Uy</b> the calling station selects which protocol to use out of the protocols offered by the called station, in this case the UUCP protocol 'y'</div><div style="text-align: justify;"> </div><div style="text-align: justify;"><span style="background-color: #fcff01;">pm2mrs -CR D.0097 0666 dso22odn@bydgoszcz.airforce.pl 0x3d26</span></div><div style="text-align: justify;"><i>most likely R&S PostMan II messenger <b><br /></b></i></div><div style="text-align: justify;"><b>D.0097</b> file to send<br /><b>0666</b> mode of file, if UUPlus always = 0666 for outgoing files<br /><b>dso22odn@bydgoszcz.airforce.pl</b> file name<br /><b>0x3d26</b> file size (15654 bytes) </div><div style="text-align: justify;"></div><div style="text-align: justify;"></div><div style="text-align: justify;"><br /><span style="background-color: #fcff01;">rsmail -v2 -f dso22odn@bydgoszcz.airforce.pl dsocop@warszawa2.airforce.pl</span></div><div style="text-align: justify;"><span style="background-color: white;"><i>Since PostMan offers e-mail, fax and file transfer, my guess is that the additional command <b>rsmail </b>(most likely R&S mail) following the pm2mrs invocation just specifies the email service</i></span></div><div style="text-align: justify;"><b>dso22odn@bydgoszcz.airforce.pl </b>the caller station (ALE address: BYDGOSZCZ) is the "22 Ośrodek Dowodzenia i Naprowadzania" (22 Command and Guidance Center) [6] located st <span class="HwtZe" lang="en"><span class="jCAhz ChMk0b"><span class="ryNqvb">Bydgoszcz Airport: it's a civilian airport but shared with the Polish Air Force </span></span></span><br /><b>dsocop@warszawa2.airforce.pl</b> it's the called station (ALE address: WARSZAWA2) , "dso cop" is probably the Armed Forces Operational Command in Warzawa (it's a my guess)</div><div style="text-align: justify;">It's interesting to note that in some other recordings the email address are <b>user@warszawa2.airforce.pl</b> and <b>user@bydgoszcz.airforce.pl</b> ("user@" is the common default username as in other message handling systems), although the ALE address remain the same, ie WARSZAWA2 and BYDGOSZCZ.<br /></div><div style="text-align: justify;"> </div><div style="text-align: justify;"></div><div style="text-align: justify;"></div><div style="text-align: justify;"><span style="background-color: #fcff01;">BZh9</span><br /><i>Bzip2 4 bytes header, here starts the file to be sent (Bzip compressed)</i><br /><b>BZ</b> Signature (0x425A magic number)<br /><b>h</b> Bzip2 (h is for Huffman coding)<br /><b>9</b> increments of 100 kB block-size uncompressed<br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">It's really obvious that the two stations belong to the Polish Air Force (indeed "airforce.pl" is the email domain name) as well as the use of R&S hardware/software equipment (STANAG/MIL-STD waveforms cannot be used along with the RSX.25 protocol [7]). </div><div style="text-align: justify;">A bit of OSINT demonstrates the R&S support to the Polish Armed Forces:</div><div style="text-align: justify;"><a href="https://www.epicos.com/article/475115/rohde-schwarz-supports-polish-armed-forces" target="_blank">https://www.epicos.com/article/475115/rohde-schwarz-supports-polish-armed-forces</a></div><div style="text-align: justify;">as well as the use of R&S XK2500L and XK2900L radios (along with Harris RF-5800) at the "Radio Center, Region 4 Air Force ICT Support":</div><div style="text-align: justify;"><a href="http://www.szpzl-zegrze.waw.pl/pdf/k/29/5.pdf" target="_blank">http://www.szpzl-zegrze.waw.pl/pdf/k/29/5.pdf</a> <br /></div><div style="text-align: justify;"><a href="https://archiwum-4rwt.wp.mil.pl/pl/31.html" target="_blank">https://archiwum-4rwt.wp.mil.pl/pl/31.html</a> </div><div style="text-align: justify;"> </div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ4ChGqjbh0UUktNZv4kpuQbXuNIaYrfwaz09C7HC-nOQoPdiT-TSrejc8gLSlBSrowPhM6j8gUarOf-YHPW13sCIfJTYjylu-yYxR4naW-3402ONFE8QwDin7W_5hnVA5X-2-ws6zNQZGcfaO1_YtmcJGOkrzXnS7sN1tAbSzyXSNd5rXc87YwBM4BFk/s468/1.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="365" data-original-width="468" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ4ChGqjbh0UUktNZv4kpuQbXuNIaYrfwaz09C7HC-nOQoPdiT-TSrejc8gLSlBSrowPhM6j8gUarOf-YHPW13sCIfJTYjylu-yYxR4naW-3402ONFE8QwDin7W_5hnVA5X-2-ws6zNQZGcfaO1_YtmcJGOkrzXnS7sN1tAbSzyXSNd5rXc87YwBM4BFk/s16000/1.PNG" /></a></div><br /><div style="text-align: justify;">Must be noted that PostMan II (now superseeded by PostMan III) is a combined R&S hardware & software product running on a Unix-like communication server: hence the use of such OS, at least in the mail server of the local nets. </div><div style="text-align: justify;"><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDUF-C8ZzyOXFMoqwQjahUiz0NYgahNijzZ9C5LoSM1HEu81ZoeTj6Sl7SWHj5BJS4O4fMQ2UtFhbBTqXiCnbwisSIZ55A2lKIA_63JWhuzsRIuMmzbbubn7G7j7TXUIdfpGw-fuEF-1iAuEi73iWjV4ovFcjm2RPAtSUrW3YrCHVXzZSj3z6J_KQDPTc/s602/pippo.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="267" data-original-width="602" height="178" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDUF-C8ZzyOXFMoqwQjahUiz0NYgahNijzZ9C5LoSM1HEu81ZoeTj6Sl7SWHj5BJS4O4fMQ2UtFhbBTqXiCnbwisSIZ55A2lKIA_63JWhuzsRIuMmzbbubn7G7j7TXUIdfpGw-fuEF-1iAuEi73iWjV4ovFcjm2RPAtSUrW3YrCHVXzZSj3z6J_KQDPTc/w400-h178/pippo.PNG" width="400" /></a></div></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Further catches could offer the chance to gather some more intelligence.</div><div style="text-align: justify;"> <br /></div><div style="text-align: justify;"><a href="https://disk.yandex.com/d/ZapUYqs-xgddiQ" target="_blank">https://disk.yandex.com/d/ZapUYqs-xgddiQ</a> </div><div style="text-align: justify;"> </div><div style="text-align: justify;">[1] <a href="http://plonsk3.proxy.kiwisdr.com:8073/" target="_blank">http://plonsk3.proxy.kiwisdr.com:8073/</a><br />[2] <a href="http://hflink.com/standards/MIL_STD_188-141C.pdf" target="_blank">http://hflink.com/standards/MIL_STD_188-141C.pdf</a> (A.5.6.9 User unique functions)<br />[3] <a href="https://cdn.rohde-schwarz.com/pws/dl_downloads/dl_common_library/dl_news_from_rs/155/n155_shortwave.pdf" target="_blank">https://cdn.rohde-schwarz.com/pws/dl_downloads/.../n155.pdf</a></div><div style="text-align: justify;">[4] <a href="http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm" target="_blank">http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm</a><br />[5] <a href="http://www.math.utah.edu/docs/info/uucp_5.html" target="_blank">http://www.math.utah.edu/docs/info/uucp_5.html</a></div><div style="text-align: justify;">[6] <a href="https://22odn.wp.mil.pl/pl/" target="_blank">https://22odn.wp.mil.pl/pl/</a> <br />[7] <a href="https://scdn.rohde-schwarz.com/ur/pws/dl_downloads/dl_common_library/dl_brochures_and_datasheets/pdf_1/Postman_en_.pdf" target="_blank">https://scdn.rohde-schwarz.com/.../Postman_en_.pdf</a></div><div style="text-align: justify;"> </div>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com2tag:blogger.com,1999:blog-2805107305752377693.post-61965826232142205402023-06-29T13:09:00.003+02:002024-02-02T10:42:27.485+01:00unid 2000Bd PSK8 burst transmission (720 symbols frames)<div><div><p style="text-align: justify;">Unid burst transmission recorded on 5330.50 KHz/USB (60 mt HAM band) using a remote KiwiSDR locate at Oita, Japan [1]. The bursts have a duration of about 2606 ms with an interval of 3390 ms, the occupied bandwidth is 2200 Hz (Figure 1). <br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJygZ3PRneyab3CePdDuh1KKykkOBjFeW7L2KuDN8HC6W4SFyOlgrd0uMVVO0QH3pH_mJ6pIce8U1GW77_24XuT1DMkq1GPycWTXOirjMEqEK1eCAYbQfBoYfhrcYcFUY0ucj2UepnkHzCetmPV8ML590b5K7UWgW1HKm11X_rbdYKu8s8jp4SXXBMpls/s1130/1-bursts-train.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="635" data-original-width="1130" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJygZ3PRneyab3CePdDuh1KKykkOBjFeW7L2KuDN8HC6W4SFyOlgrd0uMVVO0QH3pH_mJ6pIce8U1GW77_24XuT1DMkq1GPycWTXOirjMEqEK1eCAYbQfBoYfhrcYcFUY0ucj2UepnkHzCetmPV8ML590b5K7UWgW1HKm11X_rbdYKu8s8jp4SXXBMpls/w640-h360/1-bursts-train.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table></div><div style="text-align: justify;"> </div><div style="text-align: justify;">The measured symbol rate is 2000 Bd on a 1274 Hz carrier: most likely 1200 Hz is the right value. The transitions diagram and the harmonic spectrum in Figure 2 show the use of PSK2 and PSK8 modulations, in particular PSK2 seems to be used for the initial preamble and for the inserts (miniprobes?) preceding the data blocks, the latter being modulated using PSK8. Obviously, PSK2 dibits are scrambled to appear on air as PSK8 tribit symbols.</div><div style="text-align: justify;"> </div><div style="text-align: justify;"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmZqzZ0IhyrpAsTRpvZIoL8Aauw5c_Q2cpXxJWlkUiSbk9fyFxb1pjGah4w1K0ppOJcxWLDwh5MX1T0FJq3dHF7iUEGMGZmor-29jtpF_bnGVkmK29RBY8kCX8n1ExASsEI9dMnlAcKTkTcZMWesRUHpSWgSFMgWDfOQYuX2_oXcA9dgP_7eAXfPHsgdY/s882/2-analysis.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="524" data-original-width="882" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmZqzZ0IhyrpAsTRpvZIoL8Aauw5c_Q2cpXxJWlkUiSbk9fyFxb1pjGah4w1K0ppOJcxWLDwh5MX1T0FJq3dHF7iUEGMGZmor-29jtpF_bnGVkmK29RBY8kCX8n1ExASsEI9dMnlAcKTkTcZMWesRUHpSWgSFMgWDfOQYuX2_oXcA9dgP_7eAXfPHsgdY/w640-h380/2-analysis.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2 - PSK analysis</td></tr></tbody></table> </div><div style="text-align: justify;">Bitstream analysis of a single burst, after the removal of the preamble, reveals the use of six frames (as indeed visible in the previous Figure 2) each characterized by a length of 2160 bits or 720 symbols. More precisely, each frame consists of a first sequence of 72 known symbols, followed by 72 unknown symbols (use of 720/72 symbols is curious) and finally by another 576 unknown symbols (216+216+1728 bit). Figure 3 clearly shows this frame structure. By the way, the initial 72 symbols sequence can be descrambled by the polynomial x^9+x^6+x^3+1 <i>(1)</i>.</div></div><div style="text-align: justify;"> </div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNUPH-i45JT5Wr94jWuiL0by9M75MZQOcTHcPK2HcanccYXzPlsTCBIt_Zu_BgWntV7AQ1UiCNjSgL-PayA9lNnjNw2s7qxjoHutKlWU7ObOAcW90xbJVG1qiKdgsZljylqpUBVTkSlEkXjCGTUcOMCMN1QdoKHdPq1xVyxuMckO_k_O2_7m2IyyH_3GU/s1127/3-bit-oriented-frames.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="552" data-original-width="1127" height="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNUPH-i45JT5Wr94jWuiL0by9M75MZQOcTHcPK2HcanccYXzPlsTCBIt_Zu_BgWntV7AQ1UiCNjSgL-PayA9lNnjNw2s7qxjoHutKlWU7ObOAcW90xbJVG1qiKdgsZljylqpUBVTkSlEkXjCGTUcOMCMN1QdoKHdPq1xVyxuMckO_k_O2_7m2IyyH_3GU/w640-h314/3-bit-oriented-frames.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3 - bitstream analysis<br /></td></tr></tbody></table><br /><div style="text-align: justify;">Symbols-oriented analysis of Figure 4 helps to better define the composition of the frames and particularly the used modulations. Indeed, looking at the 144 symbols diagram, the first 72 symbols are PSK8 modulated while the following 72 symbols are clearly modulated using PSK2. Thus, each 720 symbols frame consists of an initial 72 known symbols sequence with PSK8 modulation, 72 unknown symbols with PSK2 modulation and 576 unknown symbols with PSK8 modulation.</div><div style="text-align: justify;"> </div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUlPdmbhL9WrOZUXPoigP7U5TBEnpTvH_4i_Sm_OrSez-2KQ--0myF1Y83wOHEwPreXcj_JIiR4jycuKym0r8pdlr6LIhEJ-TFVhrInCHIg3ojTLllldbxeml0-kATt5H6r2vf-3WxmKtSThkl7Lsk0XWeA6mJgOHlnrlSM31V8GF-BWkPJ40G2GXrtFQ/s929/4-symbols-oriented-frame.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="463" data-original-width="929" height="319" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUlPdmbhL9WrOZUXPoigP7U5TBEnpTvH_4i_Sm_OrSez-2KQ--0myF1Y83wOHEwPreXcj_JIiR4jycuKym0r8pdlr6LIhEJ-TFVhrInCHIg3ojTLllldbxeml0-kATt5H6r2vf-3WxmKtSThkl7Lsk0XWeA6mJgOHlnrlSM31V8GF-BWkPJ40G2GXrtFQ/w640-h319/4-symbols-oriented-frame.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4 - symbols analysis<br /></td></tr></tbody></table><br /><div style="text-align: justify;">As from Figure 2, each burst has a duration of 2606 ms that - at the symbol rate of 2000 Bd - makes a total of 5212 symbols. Since each burst consists of six 720 symbols length frames, ie 4320 symbols, it follows that the initial preamble is composed of (5212 - 4320) = 892 symbols. Figure 5 shows the preamble and its symbols analysis, from which it can be seen that PSK2 modulation is used (except for some initial "uncertainties" due the SA generic PSK demodulator I used). Preamble can be descrambled using the polynomial x^6+x^3+1 <i>(1)</i>.</div><div style="text-align: justify;"> </div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5jnQcS3J-jFadHxX-NT-bwOH77QLxwgc-31jMz2YruqezWSGXbKuYqpTx0gTnypnAP6I5PpyAHhAXVHigWQWyORe37QSAWq9naUab4KEH0FEglx8HuhpGZ3OvC_YsmKmPAi1KP-GLf2ru9AexP8C7Fk49ESwCUg-bM_zKR5CcmO4_bY5PCt1h38FN2Xo/s910/5-preamble.PNG" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="600" data-original-width="910" height="422" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5jnQcS3J-jFadHxX-NT-bwOH77QLxwgc-31jMz2YruqezWSGXbKuYqpTx0gTnypnAP6I5PpyAHhAXVHigWQWyORe37QSAWq9naUab4KEH0FEglx8HuhpGZ3OvC_YsmKmPAi1KP-GLf2ru9AexP8C7Fk49ESwCUg-bM_zKR5CcmO4_bY5PCt1h38FN2Xo/w640-h422/5-preamble.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5 - preamble analysis<br /></td></tr></tbody></table><br /><div style="text-align: justify;">Evidence of Direction Finding (TDoA algorithm) indicate an area of the transmission site that could be compatible with Guam Island (Figure 6). However, in evaluating the goodness of such results it must be taken into account that the survey area is not densely populated with KiwiSDR receivers, especially in the East direction, and that the transmission was not continuous but - in fact - a train of bursts (although quite close together).<br /><br /></div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_7VxJ7aUUT3RL-dBvnvGtDwJtlcm4g1PR6IFvn8mtoO9VydvSig31RlU_Rhq9W9Aya4ExJKcRCZu00J_TgfG2iPZWAEaFwp3wKMcYjpmD_eEPlr3pe-UAVa3Ef4HsUvHKFuTXjyAUBa98xXuQpTaFUlvlQXaUc--Ep6rVjLUnl843OehhUDmNG_QVRgI/s913/6-tdoa.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="707" data-original-width="913" height="496" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_7VxJ7aUUT3RL-dBvnvGtDwJtlcm4g1PR6IFvn8mtoO9VydvSig31RlU_Rhq9W9Aya4ExJKcRCZu00J_TgfG2iPZWAEaFwp3wKMcYjpmD_eEPlr3pe-UAVa3Ef4HsUvHKFuTXjyAUBa98xXuQpTaFUlvlQXaUc--Ep6rVjLUnl843OehhUDmNG_QVRgI/w640-h496/6-tdoa.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 6 - some Direction Finding (TDoA algo) results</td><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><p></p><p></p><p> <a href="https://disk.yandex.com/d/zu3AE6Ossjl_gQ" target="_blank">https://disk.yandex.com/d/zu3AE6Ossjl_gQ</a> </p><p style="text-align: justify;"><i>(1) SA is a signal analyzer and not a decoder, therefore its phase-plane demodulator does not sync any particular sequence, as it happens for "suited" decoders, and phase-offset errors are possible. </i></p><p style="text-align: justify;">[1] <a href="http://flydog.web-sdr.net/" target="_blank">http://flydog.web-sdr.net/</a> <br /></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0tag:blogger.com,1999:blog-2805107305752377693.post-68498232182740886432023-06-21T12:06:00.000+02:002023-06-21T12:06:26.820+02:00unid 15.66Bd/120 FSK system<p style="text-align: justify;">This is a new FSK signal for me that can be heard starting mid-morning, at least on that frequency, with a good SNR using a KiwiSDR located in the UK [1]. Coming to the signal' main parameters, the FSK central frequency is 6938.55 KHz, 120 Hz shift and an apparently(!) keying speed of 31 Baud (or bps, since the FSK mode): Figure 1 show these values.</p><p style="text-align: justify;"></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXN7T3Qa3SBTQkGW6JeDarWOXDlb5UMft5Sl2XRiQENVm5RldDvKLuUBjFDIlSQx_Z4wo_CcoYU9x0VViqkZ3V6ci3FL0iWeXADitQSK30EdC7MlRr2otwtrEKiI9Pc7a-H-742PU4_fpttvE0wEXyBHGaQXoE9dXehvEfqo1WE3ShsWbIdIXIueIS9uQ/s880/a.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="866" data-original-width="880" height="630" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXN7T3Qa3SBTQkGW6JeDarWOXDlb5UMft5Sl2XRiQENVm5RldDvKLuUBjFDIlSQx_Z4wo_CcoYU9x0VViqkZ3V6ci3FL0iWeXADitQSK30EdC7MlRr2otwtrEKiI9Pc7a-H-742PU4_fpttvE0wEXyBHGaQXoE9dXehvEfqo1WE3ShsWbIdIXIueIS9uQ/w640-h630/a.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 1<br /></td></tr></tbody></table><p style="text-align: justify;">I wrote "<i>apparent modulation speed</i>" because by demodulating the signal at a speed of 31 Baud, duplicate bit values are obtained, as can be seen in Figure 2: a sign that the real speed is half that detected with a superficial analysis.</p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLAfRYfqR7kWNKQXGLtLo74XzABNeDyntdS3JbPEGfY7i5xXDfD_Jwg__lRaWugxHW6W0vcHJ1KRmDumCTNQgFbIhXy-P4XFsF1Fug2pVmlpaHxWp_yWzRhEG1WAwBTtiPn6lE4-CZCGtNEqtLonFV7u3HIditkKFeN4OFf0OtMqVMvbCJKtryxwpxti0/s903/b.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="334" data-original-width="903" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLAfRYfqR7kWNKQXGLtLo74XzABNeDyntdS3JbPEGfY7i5xXDfD_Jwg__lRaWugxHW6W0vcHJ1KRmDumCTNQgFbIhXy-P4XFsF1Fug2pVmlpaHxWp_yWzRhEG1WAwBTtiPn6lE4-CZCGtNEqtLonFV7u3HIditkKFeN4OFf0OtMqVMvbCJKtryxwpxti0/w640-h236/b.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 2<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Indeed, the duration of a bit of information is about 64 ms, while the "raster" of 8 bits measures 511.4 ms (Figure 3): some very simple calculations indicate a modulation speed of 15.6 Baud. As expected, in this case the obtained bitstream correctly shows the reversals "01"s sequence (Figure 4).</p><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQXQoRCXQ5MylVZeqBMgzwDT1qpiSqyK9WmvgmR1DbrO8hTOVddR0nBdnDr4Trd5pAqPpkHbIukhFD3yPdXyQyPZznTUgP3AyKXjYiFyIi6ylI3gISGT8BmInif6V06gb_yIfuzfzuvTApazyRIU3mGoqBFxP05RRe5Nm_3aLvBLqC4Po5_dg5-5fgEds/s902/c.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="613" data-original-width="902" height="434" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQXQoRCXQ5MylVZeqBMgzwDT1qpiSqyK9WmvgmR1DbrO8hTOVddR0nBdnDr4Trd5pAqPpkHbIukhFD3yPdXyQyPZznTUgP3AyKXjYiFyIi6ylI3gISGT8BmInif6V06gb_yIfuzfzuvTApazyRIU3mGoqBFxP05RRe5Nm_3aLvBLqC4Po5_dg5-5fgEds/w640-h434/c.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 3<br /></td></tr></tbody></table><p></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXvj83ANIJOzquMpqT1sNkfC6rDaDg7RUnPJ0Uo-zRuJQHmF9cKbFnKR--ZIcVsvDKYt0aRremBrBo_c0o4gU3KUgjuQY1oEqxD9ZvLlSeEPuPpp62QcnGxS0BMQCSOMqJR5e7F-QuDP-qblZXTHBOk4RVNsWrpF3189Fzmbc3sdNRbPJEbrjp2-ebqvE/s903/d.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="332" data-original-width="903" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXvj83ANIJOzquMpqT1sNkfC6rDaDg7RUnPJ0Uo-zRuJQHmF9cKbFnKR--ZIcVsvDKYt0aRremBrBo_c0o4gU3KUgjuQY1oEqxD9ZvLlSeEPuPpp62QcnGxS0BMQCSOMqJR5e7F-QuDP-qblZXTHBOk4RVNsWrpF3189Fzmbc3sdNRbPJEbrjp2-ebqvE/w640-h236/d.PNG" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 4<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">Direction Finding attempts (TDoA algorithm) seem to point to an area in South West England as a possible transmitter site (Figure 5). Difficult to say something about the users and the purposes.<br /></p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvqAzDrWDPvM6IzwlMlEf7R6IFcT-airPG6FyzH_MimbIAAxZwkU36HGL-rNrTBCj7OTBLOMmj_3JZOxIcN_Y7K488VIr7CGRwvQ3T1mJ5hiidqrA1Xffiyuhz_BVLhKFd-uFRBbe5xSjCKOq1aPEgzxjSsIJT_1qo51tRlfm0V23d0nz3M9Ovi1CXYTg/s936/df.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="913" data-original-width="936" height="624" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvqAzDrWDPvM6IzwlMlEf7R6IFcT-airPG6FyzH_MimbIAAxZwkU36HGL-rNrTBCj7OTBLOMmj_3JZOxIcN_Y7K488VIr7CGRwvQ3T1mJ5hiidqrA1Xffiyuhz_BVLhKFd-uFRBbe5xSjCKOq1aPEgzxjSsIJT_1qo51tRlfm0V23d0nz3M9Ovi1CXYTg/w640-h624/df.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 5<br /></td></tr></tbody></table><p></p><p style="text-align: justify;">As a final note, Figure 6 shows that the phases of the two frequencies are not constant and change after every switch: sign that a single oscillator, maybe a VCO, is used (if two distinct generators were used we would see no phase changes).<br /></p><p style="text-align: justify;">By the way, since Figure 6 shows the durations of two periods, it's possible to come back to the two tones frequency:<br /></p><p>2: 0.003427 = 583.6 Hz<br />2: 0.004315 = 463.5 HZ</p><p>ie just 120 Hz shift.</p><p><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSGdxtC0Qx3n5rTmOmfQ89WbQUWcAaecmDR0ChUR1rwURDbr2PiwwRXhiGsj_KWVVShfND6jlM4kvRS5GqKhFkmxwakJwPBcVdwfbzTdl0YNcvJWGAFnW0cBpHZt8pvXE2gfXNo79W6aWybKCbs9T4R1KxHDzs8h-nop9se4gpBJyIaCplDnbpA2EFIno/s965/e.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="965" data-original-width="903" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSGdxtC0Qx3n5rTmOmfQ89WbQUWcAaecmDR0ChUR1rwURDbr2PiwwRXhiGsj_KWVVShfND6jlM4kvRS5GqKhFkmxwakJwPBcVdwfbzTdl0YNcvJWGAFnW0cBpHZt8pvXE2gfXNo79W6aWybKCbs9T4R1KxHDzs8h-nop9se4gpBJyIaCplDnbpA2EFIno/w598-h640/e.png" width="598" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Fig. 6<br /></td></tr></tbody></table><br /> <a href="https://disk.yandex.com/d/lAp4MSgpbVRZ7g" target="_blank">https://disk.yandex.com/d/lAp4MSgpbVRZ7g</a></p><p>[1] <a href="http://websdr.uk:8060/" target="_blank">http://websdr.uk:8060/</a></p>Antonio Anselmihttp://www.blogger.com/profile/14223725151195576584noreply@blogger.com0