The analysis is related to a 3G-HF STANAG-4538 transmission in which the traffic service is “Circuit Mode” and spotted on 7961 KHz/USB, 188-110A Serial is used as the traffic waveform. After demodulation of 188-110A, the stream obtained shows a series of data blocks, corresponding to the transmitted bursts, characterized by a 32-bit length period which is due to the headers of each block (Fig. 1). Comparing the headers gives a common structure of 120 bytes that differs by 32 bytes (Fig. 2).
 |
| Fig. 1 |
 |
| Fig. 2 |
A proposed byte-framing (LSB-> MSB) is presented below:
initial 176-bit length sequence of "0" followed by 2-byte sequence (SYN sequence?)
0x81 0x18 (10000001 00011000)
0x81 0x18 (10000001 00011000)
23-byte idle pattern 0x55 starting with 0x27
21-byte (preamble?):
0xD5 0x68 0xF1 0x90 0x70 0xEF 0x96 0x8E 0x70 0x11 0x0F 0x09 0xF7 0x6E 0xE9 0x68 0x17 0xF1 0x90 0x70 0xEF
21-byte (preamble?):
0xD5 0x68 0xF1 0x90 0x70 0xEF 0x96 0x8E 0x70 0x11 0x0F 0x09 0xF7 0x6E 0xE9 0x68 0x17 0xF1 0x90 0x70 0xEF
32-byte block, this block is different in each burst as shown in Figure 2 (message identifier?, data CRC?)
3-byte sequence 0x68 0xF1 0x90 followed by 4-byte sequence repeated four times (encoder key?)
0xF0 0x68 0xF1 0x90 (00001111 00010110 10001111 00001001)
user-data follow
user-data follow
it is interesting to note that the sequence 0x68 0xF1 0x90 (00010110 10001111 00001001) is repeated several times (also starting from byte fourty-nine).
This is an hand-made mapping since I do not own a protocol analyzer/dissector tool: comments are welcome.