RADIOCOMMUNICATION
SIGINT
NAVIGATION
SATELLITE

Products > Sigint

SIGINT

SIGINT  | Code 300-32
CODE 300-32

CODE 300-32


SORRAC is an official dealer of code 300-32. (Cf certificat)


The software code 300-32 has been developped by HoKa company, is a professionnal tool to research, decode, demodulate and produce SIGINT.




This software offer the following features :



I. Audio Spectrum Analyzer

II. Phase Spectrum Analyzer

III. Shift and Speed Measurement

IV. Modulation Classifier

V. Straddle

VI. Phase Plane

VII. Phase Constellation

VIII. Oscilloscope

IX. Phase Oscilloscope

X. Amplitude Frequency Phase Scope

XI. MFSK Oscilloscope

XII. Diversity Level Oscilloscope

XIII. EYE Pattern Diagram

XIV. Waterfall

XV. Correlation MOD Signal

XVI. Correlation VHF

XVII. Correlation BIT

XVIII. Speed Bit Analysis

XIX. Waterfall & Sonogram

XX. IF Spectrum

XXI. Character Counter

XXII. ITA2 Analyzer

XXIII. BIT Analysis

XXIV. Demodulator

     A. Coquelet Demodulator

     B. MFSK Demodulator (graphical choice)

     C. PSK Demodulator


XXV. Text and Data Editor

XXVI. Table Editor

XXVII. Message Watcher

XXVIII. FFT Special with Zoom

XXIX. Auto Tuning

XXX. Character Analysis Duplex

XXXI. Character Analysis Simplex

XXXII. SPEED MEASUREMENT Mark - Space





I. Audio Spectrum Analyzer

 


Based on our experience it is highly recommended that this is the first module used when dealing with FSK or MFSK signals. By default, when not using IP files to load the program the screen shown below can be regarded as the main window.

It shows the highly accurate linear audio spectrum being sampled by the soundcard’s AD, from 10 Hz to 5500 Hz. The program when presented with a valid signal will then display an estimated centre frequency and shift. Using the options to the right of the main form you can then zoom in on the audio signal. These are stepped from 0 - 8 (No Zoom - Full Zoom) this allows you to see greater detail about the signal in the spectrum display.

Inside any zoomed display you will notice that the roofing filter (outlined by the yellow over bar or the roofing filter’s bandwidth shown in Hz to the upper left of the audio spectrum) attenuating the adjacent signals, (see example below). Once you are happy with the results displayed, you can then move on to the other modules to decode or analyse the signal further. The FFT in the main form has been AGC controlled to display very weak signals in linear mode as well as strong signals without the need for manual gain setting.

Other functions available include controlling the vertical ‘scaling’ i.e. the Amplitude, by selecting either a Logarithmic or Linear (default) display. You can insert an additional longer time constant for the display by adding a 10:1 decimation or choose to hold the maximum peaks. (This allows very fast signal spikes to be captured in real time). The FFT redraw can be stopped and started at any time using the draw button.




Example of a COQULET 8 signal with D8 P2 selected






Same signal, now with measurement of the total shift with left mouse button pressed...




Example of a ALE signal with D2 P0 selected




Example of a FSK signal with D4 P0 selected, and with measurement of the total shift with left mouse button pressed...



II. Phase Spectrum Analyzer

 


This works in a very similar way to the previously described Audio Spectrum Analyser except when zooming into the signal it introduces an exciting new concept to signal analysis.

Once zoom1, zoom2 or zoom3 is pressed, the display zooms in just as before but with one very important difference. The display is no longer looking purely at the audio frequency but it is also sensitive to the signals phase component. If possible select 4 different phase sensitivities.
[1] is identical to the audio spectrum analyser and shows the signal in an exactly identical way as explained above.
[2] And [4] will analyse the signal’s phase changes by increasing amounts i.e. 1 = nil, 2 = double sensitive and 4 = 4 times as sensitive to phase changes. Phase [0] is different from [2] and [4]. Here, the symbol speed of the PSK signal is turned into a ‘shift’. I.e. if one sees ‘legs’ at ±120 Hz, then the PSK signal has a symbol speed of 120.

With zoom2 and zoom3, it is important to set the roofing filter to a bandwidth just large enough to accommodate the bandwidth of the PSK signal. (Zoom1 uses the maximum bandwidth (±2000 Hz) for analysis of high symbol speed PSK systems on VHF).

With this module, one can thus analyse MFSK, 2DSPK and 4DPSK signals with the greatest of ease.

Bear in mind of course that if the signal is NOT PSK modulated, and you select [2] or [4], the signal will double or quadruple in shift and thus the frequency scaling will be appear to be wrong. It is not the scaling that is wrong of course, but the fact that you have multiplied the shift of the signal when it has no phase components in it, and it is a normal FSK signal.





   This is a simple PSK 31 signal,

Decoder output visible.


Choose zoom mode 3 and Phase Tools ' Phase ^ 1 ' , and re-tune if necessary to the middle.

A Psk signal displayed in [zoom3]



Reduce the shift to 100 Hz ( resulting in a small roofing filter of 100 Hz). Now choose zoom mode 5 and Phase Tools ' Abs Phase Diff. '. The resulting picture shows the symbol rate of this signal, 31 Hz in this case.



The same signal displayed in [zoom5] with additional a 'nonlinear modification'



Analysis of a STANAG 4285 Signal




Phase mode 2 shows a correct tuned signal, this setting allows a fine measurement of the center frequency if necessary.




Same signal, now after a 'nonlinear modification', showing the symbol speed of this signal.



The Zoom functions of the Phase Spectrum Analyser are ideal for tuning into and analysing MFSK signals with very small shift between tones.
Note: it is possible to expand the whole picture to the full width of your monitor, depending the screen resolution!

From version 3.07 nearly all forms of graphical modules can also be resized to increase or decrease the resolution in both vertical and horizontal axis. This module can be resized with mouse in both axles.



III. Shift and Speed Measurement

   Available with [F1] short key


SSM (F1) is the most important tool to enable the auto classification module, it measures shift, necessary bandwidth and symbol speed (baud rate) of the incoming signal continuously. Due to the multi thread design of CODE300-32, one measurement tool for shift width, center frequency and offset is always running in the background of the main form. With Auto Tuning enabled, it will tune nearly all decoding- or analysis tools to the measured values while opening these modules the first time. Once running, no further re-tuning is done in all these modules. Only exception are the two modules SSM [F1] and Auto Classification [F3]. They will follow the input signal continuously. Under normal conditions the automatic setting will do a good job, but in critical situations with a garbled spectrum it may fail.
Help by an operator is needed than, do it in the following way:

1. Press the left upper Auto Tune button to swap to manually tuning. The tuning is possible now by mouse clicking (right button) in the main FFT spectrum. This tunes the SSM demodulators to the correct value.

2. Select manually the correct, expected baud range by one of the speed buttons, a max measurement range up to 45, 225, 900 and 4.800 bd is possible. Double clicking one of these buttons switch off the range automatic and a 'fixed range' message appears.
Double click again to switch to enable automatic range setting again.

3. Same situation with a special PSK demodulator for some (B)PSK signals: normally the automatic should select another demodulator, the PSK demod button is highlighted then. With crowded signals press this button or double click for a fixed PSK demodulator setting.





This module will allows you to measure the system’s baud rate, shift and centre frequency offset and offers a highly accurate continuous baud speed measurement sub-function.





Note on exiting this module the software will take note of any measured baud speed and use it as the default setting whenever n the baud rate label or shift label is clicked inside a module with the mouse. It also stores the displayed baud speed measured for inclusion in the choices available from the pre-set baud speeds (accessed by using the [+] and [-] keys). This is handy for non standard FSK systems that would need the baud speed adjusting on entry to the module. Taking another baud speed measurement will override the first speed stored.




An ALE signal is measured here



The value of miss-tuning by the receiver and the emission’s approximate shift is continuously calculated and displayed in the top window of the screen. The computed Baud rate is shown separately for synchronous and asynchronous signals to account for possible half elements in the keying system (particularly 7½ unit ITA-2 systems).





Pressing button [Precision] activates the high resolution baud speed measurement. It will take some time to get a high degree of accuracy; to improve the speed of this computation the normal baud measurement will window not be refreshed.

The Baud rate should be steady in the 1/10,000th Baud position after about 10 seconds but this will vary on Baud rate and signal quality. If it still not reading a constant value then the signal element timing is probably varying wildly in some way. Note that propagation / multi-path / noise / corruption / unstable mark-space timing etc will have an adverse effect on this module’s ability to provide baud speed fingerprinting.

High resolution measurement up to 0.0001 baud is a very helpful tool for ‘fingerprint’ type identification of some transmissions as there is often a little difference in speed in most cases. The amount of variation of the read-out figure over the measurement time will give you an idea of the quality of this measurement. Noisy or fading signals may continuously alter this figure, thus negating this ‘fingerprinting’ technique or reducing the resolution of accuracy.
It is obviously best used on strong, steady or undistorted signals. It is also very important that the Interrupt Clock Frequency setting is correct for this be 100% accurate. (Covered in the program’s setup instructions)

If you notice that the readings are poor and/or fluctuating a lot on what sounds like a clean signal, this may be the roofing filter. Check that it is not set too wide and that the module not is ‘seeing’ other signals. Use the right top window ‘Roofing Filter’ to reduce the bandwidth until a good quality FSK signal is observed. This will also ensure the baud speed and shift measurements will be accurate.





This sample shows one of 16 PSK signals in a CODAN 16 signal, note the reduced roofing filter. The center frequency was set manually to tone nr. 12 in this sample.

This module is necessary to enable the next step in ‘semi automatic’ classification, the module ‘Auto Classification’. It requires that the baud rate be measured BEFORE it is activated to enable a logical classification. Button [Auto Class] or function key [F3] will activate this module. The function of this module is explained in another chapter.




This sample shows classification of a STANAG 4285 signal



IV. Modulation Classifier

 


A new module MODULATION CLASSIFIER has been included in this beta version. The functions and modes found in this module will be increased overtime. Currently two commands are available: StartReceiverScan and StopReceiverScan these are sent by the LAN for further custom purposes. This option will be improved in a later version with a full description of commands.

Audio recording is always activated when this module is running, but with ‘temp hold’ on by default.

The calculation and output of this module can also be sent by LAN to allow further processing in a customer application.




CW or Carrier

  
CW Traffic


FSK
  
PSK 4



If a FSK2 or FSK4 signal is detected, the estimated shift is also shown. Activating the AutoClass module will measure the baud speed also and will further classify the signal. If activated, a jump into the recognized signal is possible.



V. Straddle

 


This module analyses and displays the mark and space frequencies in a vector format. Pure audio tones with no amplitude, frequency or phase modulation will merely create a steady, unmoving dot of pixels at the centre of the screen.

Any amplitude modulation of the Mark frequency will cause these “dots” to move in the horizontal axis in both directions from the centre point of the display.

Any amplitude modulation of the Space frequency will cause the “dots” to move in the vertical axis in both directions from the centre point of the display.

The larger the amplitude the greater the deflection for both vertical and horizontal axis.

Any frequency offset of the incoming Mark frequency with respect to the centre frequency of the matched Mark filter will cause a deflection of the dots in the vertical axis. This gives the appearance that the line is rotated from the horizontal axis.

Any frequency offset of the incoming Space frequency with respect to the centre frequency of the matched Space filter will cause a deflection of the dots in the horizontal axis. This gives the appearance that the line is rotated from the vertical axis.

Because the Straddle function is based on measuring the amplitude and frequency with respect to the Mark and Space matched filter positions, it is very important that the shift is correctly set. If measuring an unknown signal, use the Shift Speed Measurement ([F1]) module and set the shift and centre frequency correctly before entering the Straddle module.





Correctly tuned in signal which also matches the set
parameters of centre frequency and shift.
  
Notice that both the horizontal and vertical components
are rotated clockwise. This is due to the signal being
lower in centre frequency than programs centre
frequency has been set to.




VI. Phase Plane

 


This display is also sometimes called a vector scope. It analyses and displays any frequency or phase modulation as a rotary vector. Pure audio tones with no amplitude, frequency or phase modulation will create a steady, unmoving dot of pixels at one location on the screen.

Amplitude variations will cause the ‘dot’ to move away or towards the centre point of the display. The larger the amplitude the further away it moves. If amplitude variations are making it difficult to detect any phase modulation the amplitude value can be fixed by pressing button [Erect Carrier].
Any frequency offset of the demodulated carrier from the set centre frequency will cause the dot to move in a rotary manner. The speed increases if the difference increases. If the signal is continually moving in frequency either because of a slow drift in the signal or due to a slight amount of miss-tuning, then pressing [A] will auto-lock the centre frequency to that of the incoming carrier. The signal must be tuned very closely to the centre frequency in some phase constellations.

If your receiver will not tune in 1Hz steps, this also enables one to accurately measure the exact audio tone frequency to at least decimal place (i.e. 1/10th Hz).

To demodulate and thus display 2DPSK or 4DPSK signals more clearly, select the correct demodulator as appropriate by activating the demodulator window, then choose from the pop up menu 2-DPSK or 4-DPSK.

Then select [Auto] for auto-tune to lock the PSK signal into a steady, non-rotating display.
The left mouse button activates a cursor for measurements of the phase difference in degrees.







Un modulated carrier, slowly rotating round display

  
Same signal, but now auto tune. Therefore remains
station frequency locked by selecting [Automatic
Speed] at the 0° axis.



A typical QPSK PSK31 signal
  
A PSK31 signal in BPSKmode



VII. Phase Constellation

 


This display shows the phase constellation of complex PSK signal, similar to Phase Plane module mentioned before, but in a complete different way.

Any phase state will create a steady, unmoving dot of pixels at one or more locations on the screen.
The baud speed and the centre frequency have to be known und must be measured before as good and exact as possible. Depend on the phase constellation and the type of a psk signal the tuning must be correct within 20 Hz to enable automatic ‘locking’ into the signal. The symbol speed must be measured also within appr.1% of the correct value.

These measurements can be done with the Phase Spectrum module before.

The Auto Tuning button will tune the center frequency around the chosen center frequency in small steps of 0.01 Hz up to 50 Hz higher and lower to find a locking point.

To demodulate and thus display 2DPSK or 4DPSK signals more clearly, select the correct demodulator as appropriate by activating the demodulator window, then choose from the pop up menu 2-DPSK or 4-DPSK.

The left mouse button activates a cursor for measurements of the phase difference in degrees.




This sample shows the phase constellation of a MIL110 serial signal




This picture shows the symbol speed as measured with Phase Spectrum module before.





VIII. Oscilloscope

 


The display is divided into two halves. The bottom half of the display is real-time data sampled from the soundcards AD. This works like a normal oscilloscope except the vertical domain is audio frequency and not voltage. The top display is the same but with long time storage enabled. This allows over time a picture of the signal to 'build' up.

The information displayed around the two ‘scope displays state the various timing parameters in use. Set a properly baud speed.
The top half of the display may become very corrupted or full of what seems random data. Normally this is caused by the block synchronising time being incorrect. Adjust the block timing to the desired amount by use of the scrolling bar on the lower placed on the lower part to adjust the number of bits displayed per block.

For example a SITOR has a timing cycle of 450mS so at 100 Baud, one element is 10mS and to display a steady picture one must set 45 bits/block (45*10mS=450mS). When satisfied that the bottom ‘scope display is reasonably steady, press the appropriate icon to clear the display. This will reset the top display and begin the storage process again.

Obviously this storage facility is really at its best on repetitive signals, like SITOR or ARQ-E (E3). But the bottom display will work for all signals as long as you have the timing synchronised. Pressing [H] will pause the display if you wish to look at something in more detail.

Examples;

  • SITOR ARQ (CCIR 476-4) has a 450mS cycle at 100 Baud. Setting the ‘scope to 450mS block length displays the ARQ signal quite clearly.
  • 96 Baud TDM56 (CCIR 342-2) is 56 bits/block. Set speed to 96.00 Baud and block length to 56. Whenever the system is idling the signal will be clearly seen in the long time storage display.

The vertical scaling can also be adjusted to assist in looking more closely at narrow shift signals.

Select from Shift list an appropriate value and will select different vertical axis scales. It will also reduce the roofing filter at the same time. This is therefore ideal for looking at narrow shift signals.






Example of a 4 frequency Twinplex signal




Example of a ARQ 6-98 FSK signal, with cursor enabled



IX. Phase Oscilloscope

 


This 'scope looks very similar to the above Oscilloscope display but with one major difference. Instead of displaying audio frequency in the vertical domain, it displays phasor angle.

Again, the display is divided into two halves. The bottom half of the display is the real-time display of the sampled data. The top display is the same but with long time storage, i.e. once a pixel is illuminated on screen, it remains on. The information displayed around the two 'scope displays state the various timing parameters in use.

Because it is nearly impossible to set the receiver EXACTLY on to the centre frequency of the emission, there will always be some vertical drift of the waveform. This can be seen in the example below, with the long-term storage screen on the top half showing how it is slowly drifting downwards.




Display of slow PSK signal placed onto BBC 198 kHz broadcast signal





X. Amplitude Frequency Phase Scope

 


The module is similar in layout to the normal Analogue Oscilloscope display. However there are two further function screens added, these being Amplitude and Phase.

The top display is sensitive only to the amplitude components of the signal. Comparing this display to either of the other two will clearly show if any components of the signal are varying in amplitude. With PSK systems theoretically there should be no amplitude component present, however this screen will allow one to assess the amount of amplitude variation that occurs either during a symbol period or more often at the moment the phase state is changed.

Selective fading of FSK signals is also clearly visible. While comparing the Mark and Space frequencies displayed in the Frequency Screen with that in the lower Amplitude screen you can see them alternate in power level. If either the Mark or the Space frequency was consistently greater in amplitude than the other then this would be a sign that the transmitter output was biased to one frequency range.

A good signal would be one that did not vary in any amplitude with the keying.

The centre screen shows any frequency components of the signal. It is identical in nature to the normal Oscilloscope module. Any FSK type signals will be clearly visible here.

The bottom screen is sensitive only to Phase changes in the signal. By comparing all three screens it is easy to identify if the signal has amplitude, frequency or phase modulation components (either by design, by fault or caused by signal path distortion).





   Example of a single carrier, Amplitude show the
intensity. Note any variations on Frequency and Phase




Example of a 50 baud RTTY FSK signal. Note Space frequency distortion, fast amplitude
variations and difference in amplitude for mark and Space frequencies
(most probably due to selective fading).




Example of a simple PSK signal. Note any variations on Frequency



XI. MFSK Oscilloscope

 


The MFSK Oscilloscope uses a graphical display in two dimensions, frequency (y axis) and time (x axis). Both values may be preset with baudrate respect centre frequency buttons. This tool was developed for the analysis of MFSK systems, but is also very useful for analogue tone selcall systems in order to measure the element duration and the frequency position of each tone. For signals with very small frequency differences it is possible to zoom into the frequency axis, this will increase the resolution of the cursor.

For some MFSK signals with more than 8 tones it could be helpfully to have more than two cursors available., so with the button 'Temp Cursors' one can activate additional 12, horizontally frequency cursors. All these cursors can be used independently, the value of each cursor is shown in Hz.




Analysis of a MFSK 16 Signal





XII. Diversity Level Oscilloscope

 


The same display as the analogue oscilloscope, but divided into three halves. This is just like an ordinary digital ‘scope. The vertical domain is the amplitude of incoming audio signal. This is scaled in db.

In the upper part are shown in real-time the incoming input signal from the Left channel of the sound card
In the middle part are shown in real-time the incoming input signal from the Right channel of the sound card
In the lower part are shown in real-time the sum of the diversity input (L and R) if it’s in use

Main reason for this module is control of incoming signal amplitude. You are advised that during audio level setup to use this module first to check for any overload. If you notice that during strong signal inputs that the lower status bar changes the input level to ‘red’ then this is a sign that the onboard audio card’s AD stage is being overloaded and it is advised to reduce the input level.

The average signal level is continuously calculated and displayed in dB in the bottom right hand corner to help with more accurate receiver line level adjustments.

Add the chosen sensitivity of the interface to this value to get absolute values. Do NOT increase the input level to > 0 db. This avoids distortion in the AD converter.

If your audio source is a constant level line output use the Windows ® audio mixer to adjust the input level. It is highly recommended to select a 6dB step too low. Using a higher level than needed can cause signal peaks to overload the AD temporarily.





  

  
input level too high, note
clipped sinus in storage screen

Right input level

input level too low





XIII. EYE Pattern Diagram

 


This module is designed to measure and show the distortion of an incoming signal, and with some diagnostics the reason for the signal corruption. Any distortion in the signal path (or in the receiver) will result in a higher quantity of symbol errors. Also any ‘jitter’ in decoder (AD) timing will result in errors. In the EYE diagram these two reasons for signal errors can be clearly seen. The longer the ‘open’ eye is visible the better the signal’s quality. Any change in the horizontal axis depicts amplitude errors in the demodulated output. In this example shown below a too smaller receiver bandwidth is distorting a FSK signal.

TIP: Multi path transmissions and selective fading will force the ‘eye’ to close in a short time.




IF filter too small, some signal distortion is visible




IF filter nearly correct, a little bit of signal distortion is still visible





XIV. Waterfall

 


Similar in operation to the Audio Spectrum display. The display is moved up to the top of the screen and each sample of spectrum is analysed and its amplitude tested for discrete steps. Each of these amplitude steps is then allocated a colour. These colours are graded from the lowest amplitude (blue), through green, red and yellow finally to the strongest amplitude which is depicted by white.

The signal’s sample is then displayed in a scrolling window beneath the real-time display just like a real waterfall cascading down. It clearly shows the various audio components of a system over a long time period. Variations in amplitude can be clearly seen over time.



   HFDL Signal

   FSK Signal






Mil 188 110 39 Tone signal



XV. Correlation MOD Signal

 


This module can not only be used to measure the keying system’s baud speed but it is also useful for revealing other timing repetitions in the keying system being viewed. The incoming data is first of all ‘software scanned’ for valid mark/space transition points. The period between these points is then displayed along the horizontal axis with the number of occurrences along the vertical axis. If the displayed data exceeds a certain amount, the vertical axis is re-scaled so as to stop the data exceeding too higher value in the vertical domain.

After a short period of time the display will appear to be simply moving up then being cut back again. But with very little variation in the actual displayed data. This is the best time to perform a FFT (Fast Fourier Transform) on this accumulated data and thus calculate the fundamental properties of the keying waveform.
The FFT function will give you the fundamental frequency spectrum that makes up this complex waveform. This is especially useful with burst type signals like SITOR. On completing the FFT spectrum generation the largest peak is searched for and the baud speed calculated and displayed. This measured baud rate will then be stored amongst the pre-set values used in other modules.




Module has calculated the spectrum and shows the largest baud rate peak at approx. 200 baud.




Module has calculated the spectrum and shows the largest baud rate peak at approx. 600 baud.





XVI. Correlation VHF

 


This works the same as the normal correlation module, but has increased ranges to cope with the speeds that VHF and UHF data signals can work at.




Module has calculated the spectrum and shows the largest baud rate peak at appr. 1200 baud.





XVII. Correlation BIT

 


The incoming data is again ‘software scanned’ for valid mark/space transition points just as for the previous module. Then the data is arranged into bit occurrences against time up to 512 bits. The bottom display is a zoomed-in view of the first 100 bits. As this module references itself to ‘bit-time’ one MUST first know the baud speed of the emission. This analysis module will show you when certain bit patterns occur regularly.

For example ARQ systems will quite often regularly invert bits every 28 or 56 bit(s). This will show up very clearly with this module and allows one to work out what kind of basic keying system the data is probably based upon.





   This correlation shows a
ACF of 15 bit, Baudot, the
lower screen shows the
zoomed part of the upper full
display. This correlation
shows an ACF of 15 bit
(Baudot). The lower screen
shows the zoomed part of the
upper full display.



The correlation bit module may also be used to quickly determine if a particular modem under analysis is a STANAG 4285 serial modem or a MIL 188-110 A serial modem.

To determine common MIL systems, once a modem is correctly tuned, you only have to choose a multiple of the known speed combinations to be able to quickly show the system’s ACF.

Open source documentation states that the modem is keyed at 2400 bps. In the following sample picture 300 baud was input as the speed (8x300=2400) and clearly shows a timing cycle of 64. This timing cycle is known as the signal’s autocorrelation frequency or autocorrelation bit (ACF / ACB). This 64-bit-timing cycle is indicative of a STANAG 4529 or MIL188-110 serial modem. When this type of modem enters an idle state the ACF will become 20 and be clearly shown on the screen.




This picture shows a MIL188-110 serial modem in traffic



The next screenshot shows the modem properly tuned, again 300 baud was input as the speed. As this is the published keying speed of the STANAG 4285 modem. On this occasion however the timing cycle revealed was 32 bit. This now clearly shows an ACF of 32 bits. Again this is indicative of a STANAG 4285 modem.




This picture shows a STANAG 4285 modem in traffic



XVIII. Speed Bit Analysis

 


This is basically the same idea as a FAX decoder but it does not scroll and is far more versatile!

Once the correct baud speed is set one can single step up through the number of bits until a distinctive (and to the experienced operator, a recognisable) pattern is seen.

First set the Baud Speed. Then vary the number of bits/line. Fine tune the baud speed to straighten up any sloping in the display or use [Auto lock]. There are two vertical cursor lines available for measuring the timing of any part of the display. Use the mouse’s left button to move the left-most cursor and the mouse’s right button to move the right cursor. The time difference between these two lines is then displayed digitally.




speed bit analysis fec a 144






Speed bit analysis ARQ-E3 192 This system is first idling then into transmission then returns to idle.



XIX. Waterfall & Sonogram

 


This module is similar to the audio spectrogram. However in this module the display is moved up to the top of the screen and each sample of spectrum is analysed and its amplitude tested for discrete steps.

Each of these amplitude steps is then allocated a grey scale. These grey scale are graded from the lowest amplitude (black), through a series of grey level finally to the strongest amplitude which is depicted by white.

The signal’s sample is then displayed in a scrolling window beneath the real-time display just like a real waterfall. It clearly shows the various audio components of a system over a long time period.

The scan rate can be varied within the program to skip samples. The FFT Overlap control can be used to ‘stretch’ the signal in time and thus enable reading of the signals bit pattern.



   Example of an
interleaved 8 tone
signal MIL188-141
ALE

   This picture shows the
same signal, but now
stretched in time to
make the bit pattern of
the signal visible







XX. IF Spectrum

 


This is a excellent tool for analyzing and tuning, it displays the IF spectrum of a 11 kHz receiver IF output. With 'manual gain' it is possible to adjust the amplitude of the display with different receiver IF outputs.

A waterfall mode with a skew of 45 degrees can be enabled, 3 different Zoom modes will decrease the displayed spectrum from + /- 8 KHz to +/- 2 KHz around the center frequency, in full mode the spectrum width is 22 KHz. Lin or log mode, with or without a fixed windowing, temp hold and IF to hard disk are the further buttons.







XXI. Character Counter

 


This module works as a universal counter for all the displayed ITA 2 letters and figures. This allows the analist to find an encrypted transmission or a special language. Public language tools show the common letters found in most alphabets. An encrypted transmission should show an even displacement of all letters, languages like English, French and Arabic will be clearly seen by the letter frequency.

Before you can use this module you must open a decoder module first. (Note only text output modules will work) In a multitasking environment do NOT open more than one decoder module together with this character counter. The module will take focus from the last opened module; this may not be the transmission you are interested in! A second page can be opened to count ‘custom’ characters, these characters can be chosen by the user.
Some decoding modules have another type of character counter, it shows in a graphical way the result of all 256 ASCII characters. Selecting the counted characters with the mouse will show their ASCII value, a screenshot of this module can be taken to keep it for further processing.




This example shows a Baudot decoder




Showing the same sample, 0X72 letter R, mouse was set to R here.



XXII. ITA2 Analyzer

 


This module is only available to decoding modules based on the ITA2 character set. The module displays all 32 possible character combinations.

Note: Masking of the ITA2 code was an old and cheap way to encipher a message. When using the module the actual chosen bit mask is displayed with a green background. Using the mouse you can click each line in turn until the decoded text is readable, the decoder window then will follow the text stream from the bit mask you have highlighted. Note un encrypted text will have a bit mask of 0.





XXIII. BIT Analysis

 


Using this module one can accurately scan the incoming data for valid Mark and Spaces. This assumes that a baud speed measurement has already been taken of the incoming signal.
The incoming mark and spaces are displayed as “1” and “0” by the module. The line length (which is usually determined by an Auto Correlation Bit measurement of the signal) is usually set to the same figure as the bits per block; this then allows the user to display repetitive patterns. Again this enables one to work out how a totally unknown system is put together. Pressing [Output to Disk] will allow the bit stream to be saved to disc. The row of numbers which is displayed every ten lines are suppressed in the disc file to allow the synchronised demodulated bit-stream to be analysed further by other means without introducing number padding.
The cursor when activated with the left mouse button shows an adjustable vertical line after the selected bit pattern. Adjusting the block length is necessary to get an intelligent bit pattern. This can be done with the block length dropdown box. Note signals that can be seen at an idle condition are much easier to scan than a signal in traffic. Like most tools this module can help to determine a signals makeup it will not decode the signal for you!







XXIV. Demodulator

 


This module can basically be described as a fully featured universal demodulator. All basic system parameters can be varied by the operator. When opened it starts with the following default values:

Baud Rate: 50 Baud, Shift Between Tones: 100 Hz, 2 Tones, Block Length: 56

The incoming mark and spaces are displayed as “1” and “0” by the module. By changing the Alphabet table any other mark - space sign combination is possible.
The line length (which is usually determined by an Auto Correlation Bit measurement of the signal) is usually set to the same figure as the bits per block; this then allows the user to display repetitive patterns.





In this sample we have changed the block length to 45 to display a simple RTTY signal. The shift between the two tones has been set to 500Hz. A cursor (found using the left mouse button) is available to mark any row of special interest.

The universal demodulator input filters can handle up to 64 tones. The output data stream can be saved as a file and then used for offline analysis. Note: To enable further processing of the saved bit pattern from this demodulator using the programs built in Text and Data Editor please set the demodulators output to ‘stream’ mode. The stream mode suppresses all CR and LF’s. A graphical pattern of this output is easily found by changing the width of the editor window to the length of the data words.





The same sample as the screen shot above but now in ‘stream’ mode. You now notice that all CR and LF symbols are suppressed.





A. Coquelet Demodulator


Coquelet 8 uses a ITA 2 combination of two tones in sequence, each tone is one tone of eight possible tones, so it it easy to understand that a ‘normal’ universal 8-tone demodulator can only show this tone and the following tones, but not the combination of this sequence. The demodulator in CODE300-32 got an extension now to decode all these signals in a really universal way.





Pressing this COQ button will open a special Coquelet Demodulator that can handle two sequencial tones with the following default values for a normal Coquelet 8 system :

  • Baudrate
  • Shift
  • Demodulator
  • Tones
      26.67 Baud
27.00 Hz
FEK
8

The [Erect] or [Invert] button of the demodulator will reverse the position in frequency domain, i.e. a two tone demodulator will change tone 1 to 0 and tone 0 to 1, (USB / LSB).
With an eight tones combination tone 0 will become tone 7, tone 7 becomes tone 0.
A graphical demonstartion is shown hereafter:




FFT Spectrum - Invert

  
Waterfall Sonogram - Invert


FFT Spectrum - Erect
  
Waterfall Sonogram - Erect



A complete tone combination of eight tones in Erect and Invert mode is shown as follows:

  • 0 1 2 3 4 5 6 7     [Erect]
  • 7 6 5 4 3 2 1 0     [Invert]



   Erect
sequence of tones
0 1 2 3 4 5 6 7

The FFT Spectrum shows
tone (0) at the left (lower) side and tone (7) at the right
(higher) side of the FFT.
Note that tones in Universal demodulator are counted
from 0 to 7 !


   Invert
sequence of tones
7 6 5 4 3 2 1 0

In FFT Spectrum the tones
get an inverted value, tone (7) is at the left (lower) side
of the FFT, tone (0) at the right, higher side now.





The module Coquelet Demodulator offers different presentation of the output of the tone combinations, the value button toggles between both outputs:

  • tone combination
  • ITA 2 value of tone combination
the character button right of this button toggles between character value or ITA output.



   Tone combination

Because we do not know which
tone below to the first and which
belongs to the second group, we
show both possible situations in
two different screens.
The upper screen shows the
combination of first tone for group 1
and second tone for
group 2, the lower screen shows
the combination of tone 2 for
group 1 and tone 3 for group 2.
In fact we ‘shift’ the possible
combination with one tone.


   Value of tone combination

The next step shows the ITA
values of both possible
combinations as described above.
The weight of each tone in both
groups is shown in the right table.
It is the default value of a common
COQ8 system. ‘Forbidden’ tones
are set with ‘99’. This table is
editable, allowing building of a
custom spcified demodulator.



In above example tones 1, 2, 3 and 4 are marked as ‘forbidden’ tones in group 2. Activating these tones also, may give more output of characters, but will show ‘hidden’ combinations also.

A very briefly explanation to understand the following table “value of tone combinations”. These values are fixed on the base of the weight and the assigned position. A couple of examples: the combination 28 - 3 gives the sum of 31 corresponding to the binary sequence 11111. The combination 4 - 3 gives the sum of 7 corresponding to the binary sequence 00111.





   Show character or ITA2 Value

In the last step one can see the ‘real’
text output of both combinations. Only
one of the both screens will show the
‘correct’output of coarse.

In this example the lower screen
shows readable text.


The last step to a real ‘universal’ custom
demodulator is the manipulation or
mapping of the ITA2 table.
Opening this table shows the
default values for ITA 2 with binary and
ITA 2 values and the current and new
characters belonging
to this value. Each character, linefeed,
figure / letter shift etc can be set to
each ITA 2 value.
Even this table is editable, one can save
his own creations and load it
again if necessary.
This custom table is also useable in a
real coquelet decoder to ‘map‘ the text
output in a special way.
show ‘forbidden’ tones, i.e.
    



To show ‘forbidden’ tones, i.e. the combination of tone 5 group 1 - tone 1 group 2, you have to set tone 1 in group 2 (normally forbidden=99) into 32 (28 +4, the next group). The sum of these two tones will be 16 (tone 5 group 1) plus 32 (new value for tone 1 group 2) = 48. In this case you have to change the expected ITA output on position 48 from the standard 'e' into the wanted new character, i.e. 'LF'. The same can be done with the other ‘forbidden’ combinations, add simply value 4 more for each new group. Tone 4 in group 2 could have value 44, the maximal possible value is 28 (tone 8 in group1) plus 44 therefore, beeing value 72 in the ITA 2 table.

Note:
All tones higher than 96 will be suppressed, because they are marked as 'forbidden' tone cominations.



B. MFSK Demodulator (graphical choice)


This universal MFSK demodulator works in most functions like the normal (M) FSK demodulator. Most important function is the ability to choose the requested tones directly in the main form FFT window, only by selecting the requested frequencies with the mouse.



One can open this function in the following way:

1. Select qty of tones your decoder does need.
2. Select 'Shift Choice' and choose the first item, 'Graphical Shift'

Now continue in the same way with all other tones,
each time a new cursor will appear, until the selected tone quantity is reached.
 



In the main form FFT appears a quantity of cursors, same qty as the selected qty of tones. These cursors are blue with a short red end. At same time a small window in the decoders window should appear.





Now select with the mouse, left mouse button pressed, the requested tone frequency in the FFT window and double click to confirm. The blue / red cursors disappear, one new, blue cursor appears at the selected position.





A panel at the right bottom of the FFT window shows the quantity of selected tones. The frequency of each selected tone is written into the small window. There is no need to change the order of tones manually, this is done automatically, select this window with the mouse and the lowest frequency is selected as tone 1, up to tone no. n.
Double click this window will close it, but the decoder will still keep working with these new values.All these settings can be saved into a *.txt file, which is stored in the data directory.




Four tones selected, tone message panel disappeared, center fx adjusted.





Opening the load / save table menu shows the actual default values of the decoder, in this sample a saved table is loaded with all the necessary settings . Buttons 'Shift L' and 'Shift R' will 'shift' the row of characters in horizontal direction, this creates a better bit pattern in some cases. Tool button 'Graphical output of tones' (left of online help button) opens an graphical output of tones.





Each MFSK tone can be selected in a different colour, the totally layout of the screen can be set individually by changing the line (character) height and the space between these lines (skip). in this way many bit patterns become a very clear structure.





C. PSK Demodulator


This universal PSK demodulator works in most functions like the normal Universal (M) FSK demodulator. Most important function is the ability to choose the different type PSK demodulator, available now are :

PSK2 , PSK4, PSK8, DBPSK, DQPSK, BPSK. DPSK, OQPSK, BI-PHASE





In this example : Phase constellation and demodulation of a 600 Baud 8 PSK test signal





XXV. Text and Data Editor

 


This very powerful tool is used to study and analyse the binary data collected from universal demodulator.



  



Note: Varying the width of the editor’s main window will quickly show different bit patterns. This makes it very easy to spot patterns within the signal in a short time period.




Search dialog used to find a special binary combination






Same bit pattern but now with only ‘intelligent’ bits present. Start and stop bits are automatically removed.
The search function is set to ‘CR’ in this example and will show all CRs within this pattern.




Extensive editing, search and replace functions are offered by this sophisticated tool.



XXVI. Table Editor

 


WARNING: This module should be used by experienced users only.

It enables the analyst to edit the RTTY table in all available font sets. It is possible to remap any of the ITA2, ITA5, CCIR342, CCIR 476 and Morse character tables.




This example shows an ITA2 table.
   The left column shows all values from 1 to 255 the
second column shows the binary value.

The third column is the ‘input’ table. This shows the
default value for the chosen alphabet.

The edited table can be saved and used as a custom
table in any module that is working with one of the
RTTY alphabets supported.

To load one of the custom tables press ‘Use Table In
Mode’ to activate it.

The ‘Default Table’ option loads the factory preset
values for the chosen RTTY alphabet to make any
corrections easier.

As soon as the table editor is closed all custom
mappings are re-set to default values.



Each mode has his own RTTY code table that is editable (if there is a technical requirement) with the module Font Editor. The saved custom table gets the extension of the alphabet type that was used in this mode, i.e. *.ITA2_TBL in case of Baudot.

One can load one of these custom tables also by remote control or in the custom menu.
Save the decoding module , i.e Baudot with custom type1..5 choosen in ALPHABET choice.
You should edit and save the necessary RTTY table with the font editor before.

Table files that are used under remote control (loaded by IP) don't need an extension, they must be renamed into CUSTOM TABLE1 ... CUSTOM TABLE5 in the same TABLE directory, otherwise they cannot be loaded, their extension must be removed therefore.

The program will select the correct table type because it is saved in the header of this table file.

All rtty tables are written into directory TABLES. Sub Directory 'TABLES' and 'Freq_Used_Modes' are generated automatically now. This is done automatically if the default data directory not exists. For an update remove or rename the existing data directory before CODE300-32 is started, all directories will be created then.



XXVII. Message Watcher

 


Most modules that support text output have access to the ‘Message Watcher’ tool. This can be found under the menu ‘Tools’ then choose the ‘Text Scanning’ option.

For each decoding module that is opened and the text scanning option enabled will have its own message watcher window created. This allows multiple text outputs to be scanned simultaneously.

In each message watcher module up to eight different search strings can be scanned for independently, each with different reaction options.

Multiple scanning options allows for different text streams to interact with each other. So text option 1 can trigger recording to hard disk of the output text stream and then text option 2 when triggered could stop this recording. So setting OP1 to 'zczc’ and OP2 to 'nnnn’ for most messages would write to disk the contents of the message between the header and footer.

The 'Hit Counter’ shows the number of hits for each line. The button to the right of each counter (RS) will reset each individual counter to zero. The reset all option does as its name suggests and will reset all counters.





This shot shows the text scanner in action. As shown by the settings above the module is watching for 'ddh7' in line1 and then 'nnnn in line 2. When the first line is matched the module will enable the LAN based output, DataStream Recording and Output to Disk for the text data. As soon as the text in line 2 is detected the DataStream recording is disabled.



XXVIII. FFT Special with Zoom

 


The FFT analyzer module shows the input signal of either channel and allows a precision measurement to be taken from either channels audio stream. The left side shows the full audio spectrum .The right side displays the partial spectrum between the two cursors highlighted on the left hand side of the module.

You can move these two cursors individually or at same time using the mouse's left and right buttons. The part of the signal between these two cursors highlighted is shown on the right hand side display and allows precision measurements by two separate cursors. These cursors must be activated with the green and red cursor buttons. The lower delta f window shows the actual difference between the two cursors in Hz. Again these cursors can be controlled by the mouse's left and right buttons.





The FFT starts with a default of 1024 points but allows a choice from 256 up to 8192 points for very close measurements. The window function allows a choice of different FFT methods. Averaging and Peak hold buttons complete the options available to the end use in this module.






Coquelet 13 signal




BR 6028 signal



XXIX. Auto Tuning

 


Software release 1.8 and higher does offer an automatic tuning facility. Simply press the button on the right part of the main form to auto-tune into any FSK signal. Pressing the short key [t] for tuning starts this tool very fast from keyboard. As long as the button is pressed, the auto tuning will be active and correct the center frequency. Please note: this tool cannot work properly under all circumstances, i.e. selective fading, too much noise etc, so it will not stay active while a decoder is running. Loose of data could be caused by this tuning tool. It needs an operator to check his correct working.

In the main menu of CODE300-32 you can find a menu part 'SETUP', submenu 'Preferences'. The first submenu of this Preference menu is called 'Measured center fx as default'. The default value is 'ON', this menu part is checked therefore. All modes and tools where a variable center frequency is necessary or possible, are opened with the measured center frequency and shift. These two measurements are made in main form in background and are valid for most two tone FSK and most MFSK systems. All decoding systems with fixed values for center frequency will therefore not be changed. Also all remote controlled started systems will appear with their IP value.

This auto tuning tool can be very handy under most circumstances and can save a lot of time, on the other side it can startup a decoding module with wrong parameters under bad circumstances, i.e. selective fading, idling signal etc. In this case it is easy to enable this auto tuning tool, simply remove the check mark in the above mentioned menu part. This setting is not saved but can be set after each start of CODE300-32, but in the CODE300W.CFG part one can disable or enable the default setting.



   Automatic tuning is
supported for all 2 and 4 tone
FSK signals.

Fig.1 shows a mis-tuned
RTTY signal with 2541 Hz
CF, simply press the marked
Tuning button to activate
Auto Tuning. The CF will be
measured and the corrected
value is sent to the actual
decoder.

   Fig 2: same signal after auto
tuning, center frequency is
changed to 1776 Hz now...

Please note: the 'Auto Tune'
button is momentary
activated only, otherwise the
auto tuning could mistune a
correctly tuned signal under
some conditions, i.e.
selective fading or during
asymmetrical transmissions,
i.e. mark-only transmitted.



XXX. Character Analysis Duplex

 


The ITU definition says in Radio Regulation 120 :-
"Duplex Operation: perating method in which transmission is made possible simultaneously in both directions of a telecommunication channel. (In general, Duplex Operation and Semi-Duplex Operation require two frequencies in radio communication; simplex operation may use either one or two.)"

If the signal is a duplex ARQ type signal then this module will allow one to decipher what kind of system it exactly is. arious alphabets can be selected including ITA-2 with/without bit-inversion (used in TOR-G, AUTOSPEC, ARQ-E), ITA-3 (used in CCIR 242/342-2, ARQ-E3), CCIR 476 (POL-ARQ) and ITA-5.

On entry, module is set to defaults of 96 Baud, 1000 Hz shift, ITA-3 alphabet, Marklevel=1 and with Character interleave (I.e. this would decode CCIR 242 or 342-2 (a.k.a ARQ-M2, ARQ-M4, ARQ-28, ARQ-56, TDM, TOR, Moore or Van Duuren code!!).

The two halves of the display show the two interleaved channels of the system. If the display prints a "~" character in-between each decoded character, then this is a sure sign the system being analysed is single channel, e.g. ARQ-E, ARQ-N, CCIR 342-2 1 Channel etc. In which case try selecting "Not-" interleaved.

Then both displayed screen halves will show the same decode (but be 1 character out of sync with each other). The number of horizontal lines varies according to the number of elements in a character for the alphabet selected (and on user selection, e.g. when [5] to [9] is selected). By selecting various combinations of Erect/Inverse characters, Character-, Bit- or Not-interleaved characters and different alphabets, one will hope to see the sudden emergence of plain text on one of the lines on the screen.

Once plain text is encountered, select the appropriate decoding module which matches these settings. Yet again, if the station is known to be sending Idles, it will be quicker to find the system 'make-up'.








Example of a Sitor B FEC transmission.
Note timing separation between the two character-interleaved channels




Example of a non standard transmission Visel 120.9



XXXI. Character Analysis Simplex

 


The ITU definition says in Radio Regulation 119 :-
"Simplex Operation: Operating method in which transmission is made possible alternately in each direction of a telecommunication channel, for example, by means of manual control. (In general, duplex operation and semi-duplex operation require two frequencies in radiocommunication; simplex operation may use either one or two.)"

If the signal is a simplex signal then this module will allow one to decipher what kind of system it specifically is. Various alphabets can be selected including ITA-2 with/without bit-inversion (used in ARTRAC, HC-ARQ, FEC-A), ITA-3 (used in ARQ6, ARQ-S, FEC-S), CCIR 476 (used in ARQ and FEC modes of SITOR/AMTOR, SW-ARQ, POL-ARQ, F7B1..6) and ITA-5.

On entry, module is set to defaults of 100 Baud, 1000 Hz shift, CCIR 476 alphabet, Marklevel=1 and with 45 bits/block (I.e. this would immediately decode SITOR/AMTOR ARQ signals). Before using this module, one MUST first know the system's Baudrate and its bit repetition cycle. (e.g. as determined from the Autocorrelation Bit Analysis module) On entry to the module set the number of bits/block to the total number of bits in a complete cycle. E.g. with a CCIR 476 SITOR ARQ system, it pulses with a 450mS repetition cycle at 100 Baud. Each element is therefore 10mS in length and 450mS/10mS = 45 bits/block. It may not be on air for all 450mS but the complete timing cycle is such and this is what one must set up.




To understand using this module our suggestion is to try in the first time with a well known signal with a clear
text and open in the same time also the decoding module for a clear output to compare both.



Using the SITOR as an example; because this is a well documented system we already know that it sends 3 character blocks of 7 bits/character followed by a pause during which time the slave station sends its RQ.

That's a transmission of 3 x 7 = 21 bits (or 210mS). The remaining 24 bits will be either noise or the other station replying with its RQ signals during this 240mS pause in transmission. The module however will continue to attempt to decode this noise as if they were characters. Select the CCIR476 alphabet.

Now, looking at the screen display one will begin to see a pattern of three characters of traffic, then rubbish, develop. If one looks carefully one can see that the screen shows a fixed vertical pattern of 3 character block columns. Select with your mouse one of the 7 lines of different possible decodes of the 7 elements that make up a character to correctly print these "3 characters then noise" blocks in the bottom half of the display.

Unknown signals will necessitate flipping around all possible combinations of alphabets, interleaves etc. until one sees clear text suddenly appear. If you can find the station sending idles of some sort, all the better as these patterns are so much easier to spot. There is no easy answer - you just have to have a VAST amount of patience if you want to crack the code!!

A quick word about the expressions we use about character polarity. The signal being monitored 'off-air' is called the aggregate signal and all polarities of channels, sub-channels and characters are always referred to this aggregate signal.

The received aggregate signal can be 'Normal' or 'Reversed' due to the way in which the station decides to transmit it, whether one is receiving it with a USB or LSB filter, or with positive or negative BFO and all of these is catered for by selecting Marklevel to 0 or 1.

The actual channels being sent are usually interleaved in some way and one very common method is to make alternate characters inverted in comparison to the previous one. In this way the receiving apparatus can easily split the two channels apart again. Each channel is either Erect (I.e. same polarity) or Inverted with reference to the aggregate signal. Therefore in the two character analysis modules for example the status window shows "E I" and when highlighted then that particular polarity state is selected, so both highlighted would be the most common state of one channel Erect and one Inverted.





XXXII. SPEED MEASUREMENT Mark - Space

   Aka Sync./Async oscilloscope


The bit distribution of mark and space of the incoming signal is shown. Any difference in the distribution speed is visible on the screen. Very useful for highlighting 1.5 stop bits in Aysnchronous systems and to see the difference between synchronous and asynchronously signals. Preset with 100 baud, so each horizontal tic is 1 msec




This sample shows a 192 Baud ARQ E signal, easy to determine as a synchronously signal




This sample shows an unknown 75 Baud signal, easy to determine as a synchronously signal




This sample shows an asynchronously Baudot signal



SORRAC
1 Rue Brindejonc des Moulinais - parc de la Plaine - 31500 TOULOUSE
Tél : +33 (0)5 67 77 94 41 - Fax: +33 (0)5 67 77 94 42

ALFATRONIX - BARRETT - BUSHCOMM - ICOM - INMARSAT - IRIDIUM - KODEN - MOONRAKER - MOTOROLA - PACIFIC AERIALS LTD - SAILOR - SAMLEX - SORRAC - TCI - THURAYA - WINRADIO

Home - About us - Contact us - Legal Notice - Sitemap - Partners - © SORRAC
Search product
* Use indifferently capital letters or small ones.
* No need to type the beginning of the names (ex: IC-).