Last Monday, a Chinese CZ-4B rocket launched the Chinese Earth observation satellite ZY-3 and the Argentinian satellites ÑuSat-1 and 2. These two satellites are the first of the Aleph-1 constellation of Earth observation satellites. ÑuSat-1 carries LUSEX, an Amateur payload which consists of a U/V linear transponder. Also, the two ÑuSat satellites transmit backup telemetry in the 70cm Amateur band, as one can see in the IARU frequency coordination application. In fact, the latest news is that ÑuSat-1 transmits telemetry on 436.445MHz and ÑuSat-2 uses 437.445MHz. According to the public announcements, the telemetry was supposed to be 9200 baud or 19200 baud. However, some people have noticed that, on the contrary, it is 40 kbaud. Although the modulation and coding specifications are not public, I’ve taken a look at an IQ recording of ÑuSat-2 by Mike DK3WN to see if I can decode anything. Here are my findings.
As you can see in the waterfall above, the transmissions from ÑuSat-2 have quite a large bandwidth: about 80kHz. This is the widest signal I’ve ever seen from the Amateur Satellite service in the 70cm band. The modulation is FSK. A look at the FM demodulated data reveals that the baudrate is in fact 40 kbaud. This is also the highest baudrate I’ve ever seen from a satellite in the 70cm band. Other satellites transmit at 19.2 kbaud or slower.
The transmissions occur in bursts of small packets. In the image below, the parts where the amplitude is small correspond to packets, and the rest is background noise. The packets last for about 15ms each. In this burst, the satellite transmits 11 packets within 600ms. However, the number of packets transmitted in each burst varies.
Zooming in the beginning of a packet, we can see a very brief preamble which consists of alternating 0’s and 1’s (its length varies between different packets). Then the binary data comes. I’ve noticed that all the packets start with 0x00F2D566. It seems very likely that this is a 32bit syncword.
Although the length of the preamble can vary, the length of the data is always the same: about 2622 samples (at 192kHz sampling), including the syncword. At 4.8 samples/symbol, this gives 546.25 bits. I think that the packets always consist of the 4 byte syncword followed by 64 bytes of data. This is 544 bits, which leaves two extra bits at the end that I don’t know how to interpret. Perhaps they’re just an artifact while keying the transmitter off. Below you can see the end of the first packet. The shaded region marks the end of the 64 data bytes. After that, the 2 extra bits follow. They are always 0, apparently. Finally, the transmitter goes to the centre frequency for 2 bits time and stops.
The binary data of the 11 packets I’m studying is below. It is interesting that all of them start with 0x1d and that the first bytes are quite similar in all the packets. There are also some minor similarities in further bytes, but apart from that I’ve been unable to see any patterns. It is possible that these packets are scrambled and/or FEC encoded.
This is the small excerpt of IQ recording that I’ve being using. Thanks to Mike DK3WN for kindly recording the data for me. It is 192kHz sampling rate and the centre frequency is 437.446MHz. The GNUradio flowgraph is in Github.
Thanks Dani! You did a very good job 🙂
73 Mike