Monday, November 4, 2019

Update on the OQPSK signal from Chicago

This is an update to this and to this blog post.

(Updated 11/5/19)

While before the offset between the "X" and "Y" bit streams was 458,748 bits, recently this offset has changed (but see below) to 65,536=216 bits, i.e., a non-pseudo-random bit stream can be obtained as follows:

  m = 65536;
  b = bitxor(bY(1:end-m),~bX(1+m:end)); # (*)

Recently this signal was observed on 12190 kHz with quite a lot of selective fading, so the coherent demodulation is not perfect.

12190 kHz QQPSK demodulation

The bit stream obtained by using (*) shows a repeated pattern of 7 bits (0011101):

fixed bit patten

It can be easily verified that this bit pattern is generated by an LFSR:
   bn = bn-1 + bn-3 ,   (**)
where "+" denotes XOR. In fact the offset is the same as before. The fact that a LFSR-generated sequence is left after (**) is an artifact of using 1/7 original offset. This also makes the additional descrambling mentioned below obsolete.

At another time the same type of signal was observed on 10790 kHz, this time carrying data. Again the offset between the "X" and the "Y" bit streams was 216 bits. Using the LFSR (**) the resulting bit stream obtained from (*) can be descrambled, and then closely resembles the one found before: there are "frames" of 48-bits and the bits come in pairs, so in one given frames there are 24 "independent" (but see below) bits.

bit stream in terms of 48-bit frames

Treating each line in the above plot as one "symbol" it was found that 16 symbols occur with (about equally) high frequency and all other symbols with very low frequency:

48-bit symbol frequency
For now let's treat the symbols with low frequency as transmission errors (they might not be that).

The 16 symbols, when arranged in order, show an interesting pattern: in each group of four symbols 1) the last group of three bits is repeating, and 2) the first 7 groups of three bits are the same. In the table below the last number in brackets indicates the number of times a given symbol has occurred.


i= 1: 000_100_000_000_000_100_001_000 (497)
i= 2: 000_100_000_000_000_100_001_010 (494)
i= 3: 000_100_000_000_000_100_001_100 (531)
i= 4: 000_100_000_000_000_100_001_111 (487)

i= 5: 000_101_011_011_000_111_111_000 (470)
i= 6: 000_101_011_011_000_111_111_010 (561)
i= 7: 000_101_011_011_000_111_111_100 (536)
i= 8: 000_101_011_011_000_111_111_111 (506)

i= 9: 001_100_011_101_101_010_011_000 (494)
i=10: 001_100_011_101_101_010_011_010 (522)
i=11: 001_100_011_101_101_010_011_100 (495)
i=12: 001_100_011_101_101_010_011_111 (538)

i=13: 010_011_111_001_111_110_110_000 (508)
i=14: 010_011_111_001_111_110_110_010 (495)
i=15: 010_011_111_001_111_110_110_100 (485)
i=16: 010_011_111_001_111_110_110_111 (482)



The sequence of these symbols is not entirely random: the last three bits determine if the following symbol is in the group 13-16, 9-12, 5-8, or, 1-4:

Distributions of symbols following the one indicated in the subplot title.

This might indicate a form of Trellis coding, because not all possible transitions between symbols are allowed.

Any information about this kind of error correction is very much appreciated.




STANAG 4285 from FUX, Reunion

STANAG 4285 CARB (Channel Availability and Receipt Broadcast) messages from FUX, Reunion received on a KiwiSDR located in India:

gr-digitalhf screenshot


ALL DE FUX

VV TESTING

RYRYRYRYRYRYRYRYRYRYRYRY

SGSGSGSGSGSGSGSGSGSGSGS

0 9 8 7 6 5 4 3 2 1   VOYEZ VOUS LE BRICK GEANT QUE J EXAMINE PRES DU GRAND WHARF

INT ZBZ

KKKK

Sunday, October 27, 2019

DGPS TDoA

Recently, some people have observed a DPGS signal on 318 kHz. Existing software displays its location as Shepelevskiy (Leningrad Oblast) ; however KiwiSDR TDoA shows a different likely location.
318 kHz DGPS

Friday, October 11, 2019

4800 symb/sec QPSK signal on 10165 kHz

... noted today on European KiwiSDR. This signal is likely from the same origin as the one described in this blog post and this blog post.

However this time the data stream seems to be pure pseudo-random, at least for all methods of analysis I have tried.

Update 10/12: The signal still carries pseudo-random data

Using GNURadio a perfect constellation diagram can be obtained:

QPSK constellation diagram

... except during times when the signal fades:

QPSK symbols vs. time



The used GNURadio flowgraph, adapted from this tutorial, is shown below.

GNURadio flowgraph





Wednesday, September 18, 2019

>3 kHz wide bursts around 6300 kHz

This morning, a number of >3kHz wide bursts were noticed around 6300 kHz on a KiwiSDR in Europe. 

Below, one such burst is shown in terms of 576 symbol frames (5 samples/symbol sampled at 24 kHz -> 4800 symb/sec). The color indicates abs(z): (1) there are 6 individual bursts grouped together, and (2) a repeating sequences of symbols is present in each burst.

one 4800 symb/sec burst consisting of 6 individual bursts

The repeating sequence of symbols, extracted from multiple bursts, is shown below. This sequence consists of 64 BPSK symbols
  0110111100011011110000000000010010100111001110111110001111001001

It can be verified that the first 63 of these bits are generated by an LFSR and that the last bit balances the number of 0s and 1s, i.e., including the last bit there are 32 0s and 32 1s.

Top: the color indicates arg(z); bottom arg(symb) for a few of the frames shown on top.
Each burst starts with the same, 64 symbol long preamble that is immediately followed by the known sequence of symbols described above.

Unfortunately, the signal suffered from selective fading, so the modulation of the other parts of the bursts could not be determined.

Sunday, September 8, 2019

8-ary constellation bursts at 12800 bps data rate (2)

This is a follow-up to this blog post.

With the help of kiwirecorder.py a number of bursts were recorded (the -T option helps to save disk space) and then decoded using gr-digitalhf.

3-channel mode


At the time of observation, the signals were active on fA=3320 kHz, fB=3314 kHz, and fC=3329 kHz only, and the schedule was [(A,B,C), (A,B,C), ...]. On each frequency two consecutive bursts were observed, with the preambles exactly 2 seconds apart.

Shortened preamble for the 1st burst

The preamble for the 1st burst on each frequency is shortened w.r.t. nominal STANAG 4539 preamble:
S4539 preambles for the 1st and 2nd burst

The payload data is mostly the same within each (A,B,C) cycle

Arranging the 104 WALSH-encoded payload di-bits in frames of size 13×16, the plots below were obtained and the following observations can be made:
  • Except for the 2nd frame (marked in red) all other bits are the same within each (A,B,C) cycle
  • The parity of the 1st frame (marked in magenta) and of the 2nd frame is even
  • The parity of the 11×16 bits in frames 3-13 is even
  • Analyzing the bit stream obtained by concatenating 1st frames (omitting repetitions) it can be found that the rank deficiency for k=16 is 5, i.e, besides the one parity bit there are four more bits being used for error correction
  • Similarly the rank deficiency for concatenated 2nd frames at k=16 is 7. As the 1st two bits of each 2nd frame seem to be zero this might indicate a similar error correction for the 1st and the 2nd frame.

1st (A,B,C) cycle

2nd (A,B,C) cycle

Content of the 2nd frame

The 1st 8 bits of the 2nd frame seem to contain a (6-bit wide) counter:
  • the period of this counter is 30, i.e., after 5 (A,B,C) cycles, corresponding to 100 seconds, the sequence of count values repeats
  • the start times for the bursts mod 100 seconds repeat after 30 bursts as well
  • this counter is related to mod(number of the current UTC second, 100), see the plots below
  • the following is pure speculation: the current difference between TAI (International Atomic Time) and UTC (Coordinated Universal Time) is 37 seconds, so this counter×2 may be related to mod(TAI seconds, 100)

1st 8 bits of the second frame; the black areas indicate missing data

6-channel mode

The same observations are true when the system is using 6 HF channels, e.g.,
     fA1=4024 kHz, fB1=4030 kHz, and fC1=4039 kHz and
     fA2=4784 kHz, fB2=4790 kHz, and fC2=4799 kHz
The sequence of transmissions in this case was
     [(A2+C2), (A1+B1), (A2+B2), (B1+C1), (B2+C2), (A1+C1)], ...
i.e., two signals were active at the same time. The channels A1,B1,C1 were broadcasting two bursts each and A2,B2,C2 one burst. Also here the same payload data is used for all 12+6 bursts in one cycle, and the 2nd frame in each packet carries a number related to the time of transmission as shown above.


Chirp sounder measurements with KiwiSDRs (2)

Using the recent work on KiwiSDR waterfall recording (see kiwiclient/kiwiwfrecorder.py) it becomes possible to search for chirp sounder signals in KiwiSDR waterfall data, continuing the topic from this post.

kiwiwfrecorder.py connects both to the 'SND' and the 'W/F' websocket streams. The 'W/F' stream contains sequence numbers for each waterfall line which are used to synchronize the waterfall to the audio data. These sequence numbers can also be used to attach to each waterfall line a corresponding GNSS time tag obtained from the 'SND' stream. As the waterfall data can arrive before or after the audio data, both are combined in a third thread using python Queues for thread-safe communication.

About half an hour of waterfall data was recorded on the AB1LD KiwiSDR using the highest KiwiSDR waterfall speed which turns out to provide waterfall data about for each SND frame, i.e, each 512/12000 seconds. Thanks to the owner for setting up this KiwiSDR and allowing unrestricted access!.

Then the recorded waterfall data (saved in a .npy formatted file) was rebinned in time to 1024/12000 second bins and exported as a .png file. Switching from python to octave, a search for chirp sounders was performed for chirp rates from 80  kHz/s to 130 kHz/sec in steps of 1 kHz/sec: for each chirp rate and for each start time the content of the waterfall bins was summed up along the corresponding line (Hough transform).

Two chirp sounders were found, each having a repetition rate of 720 seconds (12 minutes) with chirp rates of 82 kHz/sec and 100 kHz/sec, respectively. It might be interesting that this list of chirp sounders contains entries for three chirps sounders with 720 second periods located in Norfolk, VA, Kingsville, TX, and in Puerto Rico.

The plots below show zoomed waterfall diagrams around the chirps and on the bottom panel the result of the chirp search, i.e, the sums of waterfall bins along lines with a given slope.


1st chirp sounder detected using the AB1LD KiwiSDR

2nd chirp sounder detected using the AB1LD KiwiSDD