priyom.org

Message Metadata

This page describes metadata elements that appear in various Russian 6 messages, especially on the digital counterparts F01 and F06.

5-group header

The headers are based on the long form header of Russian diplomatic messages, with a number of features unique to Russian 6 links:

  • The content type/priority group is fixed for standard messages, with no apparent concept of message priority. Standard F06 messages always use 11166, while F01 (if a header is present) - 11177. On training/test broadcasts, both modes use 11100.
  • The OTP number group doesn't necessarily refer to a one-time pad. Links with non-OTP features, which constitute the majority of Russian 6 digital links, use a known set of bogus values in null messages, while the known group 36987 appears occasionally in both null and traffic messages.
  • The serial number has only two digits, ranging from 001 to 099 inclusive. After 099, the next serial number used is 001. The serial numbers on diplomatic links go up to 999 instead.
  • The group count always includes all groups, including the 00000 outro group, whereas the diplomatic 5-digit or 5-letter group messages always have their group count one group greater than the actual number of groups.

Serial-GC postamble

The serial-GC postamble is the second common metadata element. It is a small discrete group tucked at the end of messages, containing two unencrypted fields. It is normally followed by one 00000 outro group (or sometimes several for padding).

Postamble Outro
01047 00000
01 047  
Serial number Group count

The serial number follows the same behavior as in the 5-group header. The group count is the number of 5-figure groups inside the message preceding the postamble, and not including itself or the outro. The 5-group header, whether present or not, is not part of the message itself, so it is never included in the postamble group count. The serial-GC postamble uses only 3 digits for the group count, contrary to the 5-header group which uses 4 digits, and in rare messages containing more than 999 groups, it has been observed that the postamble group count wraps around, dropping the thousands digit.

The serial-GC postamble appears in messages sent by F01 and F06. It is also at least reminiscent, if not an analog, of the postamble of their E06, G06, S06 and M14 counterpart stations.

Triple timestamp

The triple timestamp is the third and deepest known common metadata element. It resides inside the encrypted data of the message. This part (at least) of the message is only encrypted with a key that gets reused message after message, producing visibly similar 5-figure groups across messages within schedules where this header appears. This allowed us to figure out its existence and contents.

This header comprises the first 12 5-figure groups of the message. It appears that the same cleartext 20 digits, containing the timestamp of the message, are simply repeated 3 times in succession.

  First copy Second copy Third copy
Encrypted 47749 49093 92903 40530 04816 33608 57196 63673 42964 90189 70902 82228
Cleartext 30261 00026 05174 00000 30261 00026 05174 00000 30261 00026 05174 00000
  15-digit timestamp,
see below
Almost always the same value,
assumed to be 00000.
Occasionally 12345 instead.
Timestamp 00000 or 12345 Timestamp 00000 or 12345

The message timestamp encodes on 15 digits the date and possibly the time of the writing of the message, following a XX-YY-HH-ZZ-dd-mm-yy-w format, where the meaning of XX, YY and ZZ fields are still uncertain: it could be SS:MM:HH ZZ dd-mm-yy w, or XX:YY HH:MM dd-mm-yy w.

15-digit message timestamp
30 26 10 00 26 05 17 4
00-59 value,
possibly seconds
00-59 value,
possibly minutes
Hours,
usually ranging between 09 and 16
Almost always the same value,
assumed to be 00.
Occasionally different, within a big range.
Alternate possibility for minutes.
Day of month Month Year Day of week

The triple timestamp has been seen in several F01 and F06 schedules, and even in the E06 ID 832 replacement of F06 ID 50046.

Layering

Each of the metadata elements described above may or may not be present in a transmission. It depends on the habits and characteristics of the mode used, and can even depend on the particular schedule. When several of these elements are present, they naturally layer on top of one another: from outermost to innermost, 5-group header, serial-GC postamble and triple timestamp. The message date and serial number are the same in the different metadata elements, however the group counts slightly differ.

The payload of a 5-group header is a message which may or may not feature a serial-GC postamble. When both are present, the payload of the serial-GC postamble is only the inner message. So the group count in the 5-group header is always greater than the one in the serial-GC postamble, by a couple groups, to account for the serial-GC postamble and outro groups.

Example

Example F06 message featuring all of 5-group header, serial-GC postamble and triple timestamp:

11166 70147 63294 26057 00509
52605 93102 97678 58128 38271 73989 80470 94306 44065 67310
85734 84902 91173 41859 43065 66564 60299 57864 93228 08612
85432 55311 16512 34995 23980 50211 42834 10893 26924 13369
24193 96424 67191 83939 98695 78643 06343 90805 71813 58085
17286 38424 35603 51866 49878 13945 98213 73551 57048 00000