Since some days me and my friend Cryptomaster are discussing an FSK signal detected on 6511.50 Khz (CF). Transmissions starts (and ends) with a long reversals sending at 150 baud speed, messages are repeated and are sent at 300 baud; since the measurement of the shift varies slightly from 507 Hz in traffic mode to 513 Hz in idle (figure 1) we decided to fix it in 509 Hz.
 |
| Fig. 1 - FSK main parameters |
The bitstream shows a 24-bit lenght period, one of which is the phasing bit (the last column of "0s"); data are preceeded by a 168-bit sequence generated by the polynomial x^12+x^10+x^9+x^3+1.
 |
| Fig. 2 - the resulting bitstream after demodulation |
Speaking with some of his friends, Cryptomaster was able to use their particular program capable of detecting the presence of any CRC sequences in bitstreams: as a result, after inverting the 9th column of the stream, a clear H(24,16) coding was found, ie 16-bit data followed by 8-bit CRC. We then found and verified the relative (24,8) check matrix
1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0 0 0 0
0 1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0 0 0
0 0 1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0 0
0 0 0 1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0
0 0 1 1 1 0 0 1 1 1 0 1 0 1 1 1 0 0 0 0 1 0 0 0
1 0 1 0 1 1 1 0 0 0 0 1 0 0 1 1 0 0 0 0 0 1 0 0
0 1 1 0 0 1 0 1 1 1 1 1 0 0 0 1 0 0 0 0 0 0 1 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
 |
| Fig. 3 - the resulting CRC (on the right) computed using the (16,8) check sub-matrix |
The program that generated the matrix, during the flow check, "fixed the error" in the 9th column of the bitstream, the correction consists of the reversal of the ninth column, perhaps this is done during signal formation. Something similar has been observed in some CIS signals and in Finnish NOKIA. We also found that the check matrix is generated with the polynomial x^7+x^3+x^2+x+1 (figure 4).
 |
| Fig. 4 |
The message data is therefore made up of 202 bytes, organized in a 16 x 101 bit matrix; statistical analysis does not seem to indicate the use of cryptography (figure 5)
 |
| Fig. 5 |
For the sake of completeness, I add that in the first instance we tried to de-interlace the stream thinking that it was previously undergoing a block interleaver: then we get a stream arranged as a (24,101) bit matrix. As a result, a (101,84) check matrix was obtained which really encodes the information. But we were puzzled by the fact that only 101-84 = 17 bits of information remain in each codeword (51 bytes of data transferred) with a Hamming distance of 48: quite irrealistic in our opinion.
 |
| Fig. 6 |
https://disk.yandex.com/d/7JHDI9np2IXR3Q
[1] https://i56578-swl.blogspot.com/2021/12/chinese-psk2-2400bd-serial-waveform.html
[2] https://i56578-swl.blogspot.com/2022/06/akula-almost-always-holds-surprises.html