Okay, I thought I could edit this into my old post to update my frame mapping, but either I'm blind and can't find the edit link, or it doesn't exist. Either way, I'm just going to dump my updated text here for anybody else who would like to look at it or make corrections or suggestions.
Understanding EDACS 9600 ESK Extended Adressing Frames
(September 8, 2020)
SR_0=[555557125555 5C07]
MASK=[000000000000 FFFF]
SR_1=[EEB239 A3F8114DC6]
MASK=[FFFFFF 0000000000]
SR_2=[5C07EEB239 C3CC1C]
MASK=[FFFFFFFFFF 000000]
SR_3=[12DC 3C33E3ED23 C3]
MASK=[0000 FFFFFFFFFF 00]
SR_4=[CC1C12DC 55555712]
MASK=[00000000 FFFFFFFF]
555557125555 - Frame Sync
Messages are send in triples:
5C07EEB239 - First Time
A3F8114DC6 - Second Time is inverted from first
5C07EEB239 - Third Time
Two Messages per Frame:
C3CC1C12DC - First
3C33E3ED23 - Second (inverted)
C3CC1C12DC - Third
55555712 begins new frame sync (or is overflow from loading up the shift register)
New Human Readable Output for Pattern Finding/Debugging:
Time: 01:29:06 AFC=2150 IDLE Site ID=[ 0]
FR_1=[5C07EEB239]
FR_2=[A3F8114DC6] Inverse of 1 and 3
FR_3=[5C07EEB239]
FR_4=[C3CC1C12DC]
FR_5=[3C33E3ED23] Inverse of 4 and 6
FR_6=[C3CC1C12DC]
This strips away the sync portion on the beginning and end, and
organizes it into 40 bit (10 Hex) message groupings.
This readout removes the frame sync and groups messages
into 40bit (10 hex) groupings for easy reading.
Time: 07:39:26 AFC=2343 VOICE LCN=2
Sender=[ 264978i] <- 0x40B12
Group=[ 870g] <- 0x0366
FR_1=[B8403661CD]
FR_2=[47BFC99E32]
FR_3=[B8403661CD]
FR_4=[BA40B122CC]
FR_5=[45BF4EDD33]
FR_6=[BA40B122CC]
Command:
MASK=[FF 00000000]
FR_1=[B8 403661CD] <- B8 is voice command in ESK (0xB8 xor 0xA0 = 0x18)
Group:
MASK:[000 FFFF 000] Mask is FFFF 16 bit group values
FR_1=[B84 0366 1CD]
Sender:
MASK=[00 FFFFF 000] FFFFF 20 bit sender values
FR_4=[BA 40B12 2CC]
MT-1 and MT-2
MT-1:
00001 - TDMA Group Voice Channel Assignment
00010 - Group Data Channel Assignment
000ll - Digital Group Voice Channel Assignment
11111 - Use MT-2
MT-2:
0000 - Initiate Test Call Command
1101 - Serial Number Request (would this be a join?)
1111 - Undefined
NEW MT-2 INFO (unverified)
1010 - Site ID Relay??
0001 - Peer/Neighbor Site Relay??
1011 -- Unknown? Kick?
1100 -- ADD
Time: 16:28:37 AFC=1751 ACTIVE MT-1=[0x 3] MT-2=[0x0] LCN=3
Sender=[ 197864i]
Group=[ 1123g]
Digital Group Voice Channel Assignment
MT-1 Binary = [0] [0] [0] [1] [1] <-- 00011 or 0x03; Digital Group Voice
FR_1=[B870463003] <-- MT-1 = (((fr_1 & 0xFF00000000) >> 32)^0xA0)>>3
MASK=[F800000000] |-- or simply take the command B8^A0 (xor for esk) and shift 3 right
FR_2=[478FB9CFFC] |-- 0xB8^A0 = 0x18 = (0001 1)000
FR_3=[B870463003] |-- 5 bits in parenthesis tells us MT-1, which is a Digital Group Call
FR_4=[BA304E8FD9]
FR_5=[45CFB17026]
FR_6=[BA304E8FD9]
Time: 16:29:06 AFC=1632 IDLE MT-1=[0x1F] MT-2=[0xA] Site ID=[243]
MT-1 Binary = [1] [1] [1] [1] [1] <--if MT-1 is 11111, use MT-2;
MT-2 Binary = [1] [0] [1] [0]
FR_1=[5D07133193] <--MT-2 = (fr_1&0x780000000)>>31;
MASK=[0780000000] |--0xD0 & 0x78 = 0x50 = 0(101 0)000
FR_2=[A2F8ECCE6C] |--Desired 4 bits are in parenthesis; 1010 could signify Site ID in message (unverified)
FR_3=[5D07133193]
FR_4=[5D07133193]
FR_5=[A2F8ECCE6C]
FR_6=[5D07133193]
Peers:
command=F8
MASK=[00000 FF 000]
FR_1=[58821 DB 73C] <-- if fr_1 == fr_4, then fr_1&FF000>>12 while result is not equal to zero
FR_4=[58821 DB 73C] |--most likely not the exact rule, but probably more to do with a status bit
command=[F8]
MT-1=[0x1F]
MT-1 Binary = [1] [1] [1] [1] [1]
MT-2=[0x1]
MT-2 Binary = [0] [0] [0] [1] <--MT-2 Status is 0001 for Peer/Neighbor Site??
FR_1=[58811DBE20]
FR_4=[58811DBE20]
Site ID
command=[FD]
MT-1=[0x1F]
MT-1 Binary = [1] [1] [1] [1] [1] <--if MT-1 is 11111, use MT-2;
MT-2=[0xA]
MT-2 Binary = [1] [0] [1] [0] <-- if MT-2 == 1010 or 0xA; (not sure if this status correlates to Site ID)
FR_1=[5D07133193] <--((fr_1 & 0x1F000)>>12) | ((fr_1 & 0x1F000000)>>19);
FR_4=[5D07133193] <-- Duplicate Message on this type
LCN:
BITS= 10(00 010)0 |--Take First 5 bits of this set, then shift right to make 00010 = LCN 2
MASK=[0 3E 0000000] <- All 2 binary bits of first, 3 binary bits of second
FR_1=[B 84 03661CD] |
Time: 04:15:26 AFC=2308 VOICE LCN=2
Sender=[ 333909i]
Group=[ 1123g]
FR_1=[B850463581] <--85 & 3E >> 1 = 00010 = LCN 2
MASK=[03E0000000]
Time: 04:15:30 AFC=2372 VOICE LCN=3
Sender=[ 333909i]
Group=[ 1123g]
FR_1=[B8604632C2] <--86 & 3E >> 1 = 00011 = LCN 3
Time: 04:15:37 AFC=2202 VOICE LCN=4
Sender=[ 197864i]
Group=[ 1123g]
FR_1=[B880463F75] <-- 88 & 3E >> 1 = 00100 = LCN 4
Time: 16:37:06 AFC=1740 ACTIVE MT-1=[0x 3] MT-2=[0x1] LCN=4
Sender=[ 197864i]
Group=[ 1123g]
Digital Group Voice Channel Assignment
MT-1 Binary = [0] [0] [0] [1] [1]
FR_1=[B890463DB4] <-- (fr_1&0x3E0000000)>>29; (5 bits for LCN channel, 0-31 Decimal)
MASK=[03E0000000] |--0x89 & 0x3E = 00(00 010)0 LCN bits in parenthesis, then shift right one
Patch (ADD):
command=[FE]
MT-1=[0x1F]
MT-1 Binary = [1] [1] [1] [1] [1]
MT-2=[0xC]
MT-2 Binary = [1] [1] [0] [0]
FR_1=[5E700B5D02] <--00B5 Source
MASK=[000FFFF000]
FR_4=[4000522911] <--0522 Target
MASK=[000FFFF000]
Error Detection Polynomial:
MASK=[0000000 FFF]
FR_1=[5C07EEB 239] <--Last 12 bits (3 hex) are error detection; not entirely useful for tracking.
FR_2=[A3F8114 DC6] --There may be a way to figure out proper calculation for polynomial
FR_3=[5C07EEB 239]
FR_4=[C3CC1C1 2DC]
FR_5=[3C33E3E D23]
FR_6=[C3CC1C1 2DC]
-----------------------------------------
There is always more information to find out/discover on these types of frames, but at this point, I'm not sure what all is completely useful in terms of tracking and tuning into channels to listen. The next step would probably be to re-write this mess into a more user readable and more user friendly format.
I've also made enough progress on my programming project that I'll take this opportunity to shamelessly self-plug it for anybody interested in using it or looking over the source code.
Linux EDACS ESK Trunk Tracking using rtl_fm and rtl_udp. - lwvmobile/ledacs-esk
github.com