11 August 2016

(yet another) email exchange via STANAG-5066 over MS188-110


I report this interesting catch since it's a link setup - forward - link down complete example and because it's formed of a bilateral email exchange between the peers.
The 188-141 2G-ALE setup phase is followed by the data forward phase through 188-110A ST that carries STANAG-5066 at the upper layer. Low data rates, 75-600 bps, are used  since the 66.67ms ACF of the 188-110 waveform (fig. 1). Once decoded, the raw output shows the transfer of two files compressed by STANAG-5066 (H)BFTP protocol (fig. 2).

fig. 1 - 188-110 ST using low data rates waveform
fig. 2 - raw decode window

The timing diagram of the transmission is shown in fig. 3

fig. 3 - timing diagram
STANAG-5066 bistream is obtained after removing the overhead bits added by 188-110 (fig. 4) and after processing the 5066 PDUs we get the two files involved in the transfer (fig. 5).

fig. 4 - part of the STANAG-5066 PDUs
fig. 5
 One can get other informations from the reading of the (unzipped) emails headers (fig. 6):

1) pc clocks seem to be not synced
2) ALE calls "KW7" and "DE1" corresponds to addresses "wmtkw7" and "wmtde1"
3) translation results in "location10" or "place10" and "check"
4) an HMSTP server is running in the IP sub-network 
5) they use the Microsoft email client Outlook Express


https://yadi.sk/d/-oH-XQtMu9umR 





Other info about HBFTP and 5066 are available in the blog, just search for STANAG-5066 tab.

2 comments:

  1. Hello,

    I have analyzed the sample attached with Krypto500, but i can`t analyze the result without a proper Bitstream Editor. What software do you use?

    Thanks,
    MN

    ReplyDelete