Monday, January 6, 2020

Some HF radar signals

7500 kHz

A number of similar HF radar signals have recently been observed on KiwiSDRs located in Europe on different frequencies.

The pulse repetition rate is 40 Hz (25 ms/pulse).


Each pulse consists of a linear chirp and of a pause.

FM demodulation

KiwiSDR TDoA multilateration indicates that these signals come from somewhere in Russia.

KiwiSDR TDoA multilateration

Bursts of what seem to be linear FM chirps have been observed on different frequencies around 8050±~50 kHz.

6390 kHz

Like the signal on 7500 kHz the pulse repetition rate is 40 Hz. However the duty cycle is smaller.


FM demodulation

8050 kHz

For this signal, the pulse repetition rate is 96 Hz.

Each pulse consists likely of a linear chirp. The spikes in the instantaneous frequency seen below are probably cause by HF propagation effects. Note that these radar-like signals are narrow-band (±1kHz variation in instantaneous frequency, only)

FM demodulation
KiwiSDR TDoA multilateration indicates a position somewhere in the Atlantic Ocean (compatible with the Azores).

KiwiSDR TDoA multilateration

Monday, November 4, 2019

Update on the OQPSK signal from Chicago

This is an update to this and to this blog post.

(Updated 11/5/19)

While before the offset between the "X" and "Y" bit streams was 458,748 bits, recently this offset has changed (but see below) to 65,536=216 bits, i.e., a non-pseudo-random bit stream can be obtained as follows:

  m = 65536;
  b = bitxor(bY(1:end-m),~bX(1+m:end)); # (*)

Recently this signal was observed on 12190 kHz with quite a lot of selective fading, so the coherent demodulation is not perfect.

12190 kHz QQPSK demodulation

The bit stream obtained by using (*) shows a repeated pattern of 7 bits (0011101):

fixed bit patten

It can be easily verified that this bit pattern is generated by an LFSR:
   bn = bn-1 + bn-3 ,   (**)
where "+" denotes XOR. In fact the offset is the same as before. The fact that a LFSR-generated sequence is left after (**) is an artifact of using 1/7 original offset. This also makes the additional descrambling mentioned below obsolete.

At another time the same type of signal was observed on 10790 kHz, this time carrying data. Again the offset between the "X" and the "Y" bit streams was 216 bits. Using the LFSR (**) the resulting bit stream obtained from (*) can be descrambled, and then closely resembles the one found before: there are "frames" of 48-bits and the bits come in pairs, so in one given frames there are 24 "independent" (but see below) bits.

bit stream in terms of 48-bit frames

Treating each line in the above plot as one "symbol" it was found that 16 symbols occur with (about equally) high frequency and all other symbols with very low frequency:

48-bit symbol frequency
For now let's treat the symbols with low frequency as transmission errors (they might not be that).

The 16 symbols, when arranged in order, show an interesting pattern: in each group of four symbols 1) the last group of three bits is repeating, and 2) the first 7 groups of three bits are the same. In the table below the last number in brackets indicates the number of times a given symbol has occurred.

i= 1: 000_100_000_000_000_100_001_000 (497)
i= 2: 000_100_000_000_000_100_001_010 (494)
i= 3: 000_100_000_000_000_100_001_100 (531)
i= 4: 000_100_000_000_000_100_001_111 (487)

i= 5: 000_101_011_011_000_111_111_000 (470)
i= 6: 000_101_011_011_000_111_111_010 (561)
i= 7: 000_101_011_011_000_111_111_100 (536)
i= 8: 000_101_011_011_000_111_111_111 (506)

i= 9: 001_100_011_101_101_010_011_000 (494)
i=10: 001_100_011_101_101_010_011_010 (522)
i=11: 001_100_011_101_101_010_011_100 (495)
i=12: 001_100_011_101_101_010_011_111 (538)

i=13: 010_011_111_001_111_110_110_000 (508)
i=14: 010_011_111_001_111_110_110_010 (495)
i=15: 010_011_111_001_111_110_110_100 (485)
i=16: 010_011_111_001_111_110_110_111 (482)

The sequence of these symbols is not entirely random: the last three bits determine if the following symbol is in the group 13-16, 9-12, 5-8, or, 1-4:

Distributions of symbols following the one indicated in the subplot title.

This might indicate a form of Trellis coding, because not all possible transitions between symbols are allowed.

Any information about this kind of error correction is very much appreciated.

STANAG 4285 from FUX, Reunion

STANAG 4285 CARB (Channel Availability and Receipt Broadcast) messages from FUX, Reunion received on a KiwiSDR located in India:

gr-digitalhf screenshot








Sunday, October 27, 2019


Recently, some people have observed a DPGS signal on 318 kHz. Existing software displays its location as Shepelevskiy (Leningrad Oblast) ; however KiwiSDR TDoA shows a different likely location.
318 kHz DGPS

Friday, October 11, 2019

4800 symb/sec QPSK signal on 10165 kHz

... noted today on European KiwiSDR. This signal is likely from the same origin as the one described in this blog post and this blog post.

However this time the data stream seems to be pure pseudo-random, at least for all methods of analysis I have tried.

Update 10/12: The signal still carries pseudo-random data

Using GNURadio a perfect constellation diagram can be obtained:

QPSK constellation diagram

... except during times when the signal fades:

QPSK symbols vs. time

The used GNURadio flowgraph, adapted from this tutorial, is shown below.

GNURadio flowgraph

Wednesday, September 18, 2019

>3 kHz wide bursts around 6300 kHz

This morning, a number of >3kHz wide bursts were noticed around 6300 kHz on a KiwiSDR in Europe. 

Below, one such burst is shown in terms of 576 symbol frames (5 samples/symbol sampled at 24 kHz -> 4800 symb/sec). The color indicates abs(z): (1) there are 6 individual bursts grouped together, and (2) a repeating sequences of symbols is present in each burst.

one 4800 symb/sec burst consisting of 6 individual bursts

The repeating sequence of symbols, extracted from multiple bursts, is shown below. This sequence consists of 64 BPSK symbols

It can be verified that the first 63 of these bits are generated by an LFSR and that the last bit balances the number of 0s and 1s, i.e., including the last bit there are 32 0s and 32 1s.

Top: the color indicates arg(z); bottom arg(symb) for a few of the frames shown on top.
Each burst starts with the same, 64 symbol long preamble that is immediately followed by the known sequence of symbols described above.

Unfortunately, the signal suffered from selective fading, so the modulation of the other parts of the bursts could not be determined.

Sunday, September 8, 2019

8-ary constellation bursts at 12800 bps data rate (2)

This is a follow-up to this blog post.

With the help of a number of bursts were recorded (the -T option helps to save disk space) and then decoded using gr-digitalhf.

3-channel mode

At the time of observation, the signals were active on fA=3320 kHz, fB=3314 kHz, and fC=3329 kHz only, and the schedule was [(A,B,C), (A,B,C), ...]. On each frequency two consecutive bursts were observed, with the preambles exactly 2 seconds apart.

Shortened preamble for the 1st burst

The preamble for the 1st burst on each frequency is shortened w.r.t. nominal STANAG 4539 preamble:
S4539 preambles for the 1st and 2nd burst

The payload data is mostly the same within each (A,B,C) cycle

Arranging the 104 WALSH-encoded payload di-bits in frames of size 13×16, the plots below were obtained and the following observations can be made:
  • Except for the 2nd frame (marked in red) all other bits are the same within each (A,B,C) cycle
  • The parity of the 1st frame (marked in magenta) and of the 2nd frame is even
  • The parity of the 11×16 bits in frames 3-13 is even
  • Analyzing the bit stream obtained by concatenating 1st frames (omitting repetitions) it can be found that the rank deficiency for k=16 is 5, i.e, besides the one parity bit there are four more bits being used for error correction
  • Similarly the rank deficiency for concatenated 2nd frames at k=16 is 7. As the 1st two bits of each 2nd frame seem to be zero this might indicate a similar error correction for the 1st and the 2nd frame.

1st (A,B,C) cycle

2nd (A,B,C) cycle

Content of the 2nd frame

The 1st 8 bits of the 2nd frame seem to contain a (6-bit wide) counter:
  • the period of this counter is 30, i.e., after 5 (A,B,C) cycles, corresponding to 100 seconds, the sequence of count values repeats
  • the start times for the bursts mod 100 seconds repeat after 30 bursts as well
  • this counter is related to mod(number of the current UTC second, 100), see the plots below
  • the following is pure speculation: the current difference between TAI (International Atomic Time) and UTC (Coordinated Universal Time) is 37 seconds, so this counter×2 may be related to mod(TAI seconds, 100)

1st 8 bits of the second frame; the black areas indicate missing data

6-channel mode

The same observations are true when the system is using 6 HF channels, e.g.,
     fA1=4024 kHz, fB1=4030 kHz, and fC1=4039 kHz and
     fA2=4784 kHz, fB2=4790 kHz, and fC2=4799 kHz
The sequence of transmissions in this case was
     [(A2+C2), (A1+B1), (A2+B2), (B1+C1), (B2+C2), (A1+C1)], ...
i.e., two signals were active at the same time. The channels A1,B1,C1 were broadcasting two bursts each and A2,B2,C2 one burst. Also here the same payload data is used for all 12+6 bursts in one cycle, and the 2nd frame in each packet carries a number related to the time of transmission as shown above.