Sunday, September 8, 2019

8-ary constellation bursts at 12800 bps data rate (2)

This is a follow-up to this blog post.

With the help of kiwirecorder.py a number of bursts were recorded (the -T option helps to save disk space) and then decoded using gr-digitalhf.

3-channel mode


At the time of observation, the signals were active on fA=3320 kHz, fB=3314 kHz, and fC=3329 kHz only, and the schedule was [(A,B,C), (A,B,C), ...]. On each frequency two consecutive bursts were observed, with the preambles exactly 2 seconds apart.

Shortened preamble for the 1st burst

The preamble for the 1st burst on each frequency is shortened w.r.t. nominal STANAG 4539 preamble:
S4539 preambles for the 1st and 2nd burst

The payload data is mostly the same within each (A,B,C) cycle

Arranging the 104 WALSH-encoded payload di-bits in frames of size 13×16, the plots below were obtained and the following observations can be made:
  • Except for the 2nd frame (marked in red) all other bits are the same within each (A,B,C) cycle
  • The parity of the 1st frame (marked in magenta) and of the 2nd frame is even
  • The parity of the 11×16 bits in frames 3-13 is even
  • Analyzing the bit stream obtained by concatenating 1st frames (omitting repetitions) it can be found that the rank deficiency for k=16 is 5, i.e, besides the one parity bit there are four more bits being used for error correction
  • Similarly the rank deficiency for concatenated 2nd frames at k=16 is 7. As the 1st two bits of each 2nd frame seem to be zero this might indicate a similar error correction for the 1st and the 2nd frame.

1st (A,B,C) cycle

2nd (A,B,C) cycle

Content of the 2nd frame

The 1st 8 bits of the 2nd frame seem to contain a (6-bit wide) counter:
  • the period of this counter is 30, i.e., after 5 (A,B,C) cycles, corresponding to 100 seconds, the sequence of count values repeats
  • the start times for the bursts mod 100 seconds repeat after 30 bursts as well
  • this counter is related to mod(number of the current UTC second, 100), see the plots below
  • the following is pure speculation: the current difference between TAI (International Atomic Time) and UTC (Coordinated Universal Time) is 37 seconds, so this counter×2 may be related to mod(TAI seconds, 100)

1st 8 bits of the second frame; the black areas indicate missing data

6-channel mode

The same observations are true when the system is using 6 HF channels, e.g.,
     fA1=4024 kHz, fB1=4030 kHz, and fC1=4039 kHz and
     fA2=4784 kHz, fB2=4790 kHz, and fC2=4799 kHz
The sequence of transmissions in this case was
     [(A2+C2), (A1+B1), (A2+B2), (B1+C1), (B2+C2), (A1+C1)], ...
i.e., two signals were active at the same time. The channels A1,B1,C1 were broadcasting two bursts each and A2,B2,C2 one burst. Also here the same payload data is used for all 12+6 bursts in one cycle, and the 2nd frame in each packet carries a number related to the time of transmission as shown above.


Chirp sounder measurements with KiwiSDRs (2)

Using the recent work on KiwiSDR waterfall recording (see kiwiclient/kiwiwfrecorder.py) it becomes possible to search for chirp sounder signals in KiwiSDR waterfall data, continuing the topic from this post.

kiwiwfrecorder.py connects both to the 'SND' and the 'W/F' websocket streams. The 'W/F' stream contains sequence numbers for each waterfall line which are used to synchronize the waterfall to the audio data. These sequence numbers can also be used to attach to each waterfall line a corresponding GNSS time tag obtained from the 'SND' stream. As the waterfall data can arrive before or after the audio data, both are combined in a third thread using python Queues for thread-safe communication.

About half an hour of waterfall data was recorded on the AB1LD KiwiSDR using the highest KiwiSDR waterfall speed which turns out to provide waterfall data about for each SND frame, i.e, each 512/12000 seconds. Thanks to the owner for setting up this KiwiSDR and allowing unrestricted access!.

Then the recorded waterfall data (saved in a .npy formatted file) was rebinned in time to 1024/12000 second bins and exported as a .png file. Switching from python to octave, a search for chirp sounders was performed for chirp rates from 80  kHz/s to 130 kHz/sec in steps of 1 kHz/sec: for each chirp rate and for each start time the content of the waterfall bins was summed up along the corresponding line (Hough transform).

Two chirp sounders were found, each having a repetition rate of 720 seconds (12 minutes) with chirp rates of 82 kHz/sec and 100 kHz/sec, respectively. It might be interesting that this list of chirp sounders contains entries for three chirps sounders with 720 second periods located in Norfolk, VA, Kingsville, TX, and in Puerto Rico.

The plots below show zoomed waterfall diagrams around the chirps and on the bottom panel the result of the chirp search, i.e, the sums of waterfall bins along lines with a given slope.


1st chirp sounder detected using the AB1LD KiwiSDR

2nd chirp sounder detected using the AB1LD KiwiSDD

Saturday, August 24, 2019

M4RI library

This is just a quick note referencing the M4RI library that implements the "Method of four Russians (M4RM)", and the Strassen-Winograd algorithm, see these references.

Among other things, the M4RI library provides matrix inversion in GF(2) and computing the row-echelon form of a given matrix in GF(2) which is relevant for
  • finding the polynomial generating an LFSR sequence (see here and here), and
  • for detecting the presence of convolutional codes in a given bit stream by analyzing rank-deficiencies (see here and here).

M4RI seems to be available on most linux distributions. Although its latest release is from 2014, it looks quite mature and there are recent commits to the M4RI repository.

It is now being used in https://github.com/hcab14/signal-analysis.

ARINC635 HFDL

The demodulated symbols of an ARINC635 HFDL burst are shown below in terms of 180-symbol long frames. Doppler offset correction and symbol timing estimation were done manually using GNU octave.

According to the ICAO ARINC635 HFDL physical layer description (see correction here and here), 30 data symbols alternate with 15 known symbols. The data symbols are scrambled with a 120-bit long scrambling sequence which explains the 180-symbol period. This scrambling sequence is generated by an LFSR, and it can be checked that the sequences A, M1, and T are generated by LFSRs as well.

It should be easy to implement this mode in gr-digitalhf.

HFDL burst
See also DK8OK's excellent posts about ARINC635 HFDL.

Thursday, July 4, 2019

Talk on KiwiSDR TDoA is available on YouTube

This is just a short note that my recent talk on KiwiSDR TDoA at the Software Defined Radio Academy 2019, which took place during the German Ham Convention in Friedrichshafen, Germany, is now available on YouTube.

For other talks from this meeting see http://youtube.sdra.io/.

Tuesday, June 25, 2019

4800 symb/sec QPSK signal on 10160 kHz (2)

This in an update related to the last blog post. As before, all analysis is done in GNU octave.

In order to extract the bit stream from the signal on 10160 kHz we assume that it (D)QPSK modulated and use the gray code mapping [0,1,2,3] -> [0,1,3,2].

Assuming QPSK modulation


The extracted bits are shown below in terms of 894-bit long frames.

bit stream in terms of 24×41 frames (QPSK)


The rank-deficiency analysis of this bit stream indicates the presence of a convolutional code:

rank-deficiency (QPSK)

For obtaining the rank-deficiencies above, the bit stream has been aligned by using an offset for which the R(k)/k is minimal, i.e., at 10+m×24:

alignment of bit stream for the rank-deficiency analysis (QPSK)

As a result, the code rate is n/k=1/4, and the length of the dual code is 41. The latter is quite large and therefore hints at the use of some form of Turbo Code, or something similar to it.

Assuming DQPSK modulation


The extracted bits are shown below in terms of 894-bit long frames. Unlike for QPSK modulation the bits in positions [1,18,19,24]+m×24 are the same in each frame.

zoom of bit stream in terms of 24×41 frames (DQPSK)


Also assuming DQPSK modulation, the presence of a convolutional code is detected; it has code rate 7/12 and the length of the dual code is 41. (This might be a Turbo Code with 14 systematic bits and 5+5 parity bits)

rank deficiency (DQPSK)

alignment of bit stream for the rank-deficiency analysis (DQPSK)

Summary


It is unlikely by coincidence that the frame length is 24×41, the length of the dual code is 41, and the distance between the rank deficiencies is 24.

The fixed bits in each frame when assuming DQPSK modulation are likely being used for frame synchronization: in this case, 4 of the 14 systematic bits are used for frame alignment and there are 5+5 parity bits.

Obviously it would be interesting to figure out the full parameters of the convolutional coding.

Friday, June 14, 2019

4800 symb/sec QPSK signal on 10160 kHz


Currently there is a signal active on 10160 kHz. It is QPSK modulated with 4800 symb/sec. The autocorrelation function for the QPSK symbols has peaks at multiples of 492=12×41 symbols:

symbol autocorrelation

Arranging the QPSK symbols in frames of 492 symbols, some interesting structures can be seen

492 symbols / frame

When the symbols are arranged in terms of 12-symbol long frames, some columns of the resulting matrix have a periodicity of 41 in the squared symbols.

TDoA geo-location indicates a location close to Luxembourg.

TDoA