PROCITEC go2MONITOR overview

If you follow me on Twitter you’ll see that in the last month or so I’ve been sending out images of classification and decoder software go2MONITOR working with a number of my SDR’s.

go2MONITOR is part of the go2SIGNALS range of software solutions created by PROCITEC GmbH operating from Pforzheim in Germany, themselves part of the PLATH group. PLATH Group is the leading European-based solution provider for communication intelligence and electronic warfare (EW) with worldwide government customers. The group covers all aspects of signal interception and analysis split between a number of companies such as PROCITEC. EW, COMINT/SIGINT, Jamming and Decoding are just a small part of what the group specialises in.

go2MONITOR is advanced high-performance, automatic HF, VHF and UHF monitoring software capable of recording, SDR control, wideband and narrowband classification and multichannel signal decoding.

It isn’t for the faint hearted, but once you get used to using it, it really does make gathering information on networks extremely easy. And it decodes many modes other software can’t.

In a series of blogs I’m going to show you the capabilities of this amazing software, though I must stress now, it is aimed at Professional SIGINT gathering and it comes with a Professional price tag.

Saying that, it doesn’t mean it isn’t available to the non-professional. It is open to all and to cover this it comes in various versions starting with the Standard package progressing to a full Military package – which gives you the full range of HF, VHF and UHF classification and modem recognition decoders available, including PMR and SAT (Inmarsat AERO). The Standard version isn’t to be sniffed at, it still gives you an amazing range of decoders, though you could easily argue that many of these are available in other free – or near to free – decoding software like MultiPSK or Sorcerer. A full list of decoders available can be found here. Note, this list is broken down into the various packages and not all are available with the Standard option. Confirm what belongs to what if you’re thinking of purchasing.

Various signals within the Satellite L-band using an AirSpy R2 and SDR#

So what’s the difference in what go2MONITOR can do with other software available? That’s the idea of these blogs, to answer just that question. It will take quite a few blogs – mainly because there isn’t just one answer.

Here then, is a brief overview of what can be done, what SDR’s it works with – in fact, not just SDR’s but all receivers that can produce a recording – and any other things I can think of.

As, I’ve said then, it can decode pretty much any data signal out there. Obviously, some signals are encrypted so it wouldn’t fully decode unless you had the key, but you can get the encrypted messages. It can also classify voice signals, not just data. So, if you wanted to hunt out various voice networks, go2MONITOR can assist you in doing this.

Here is where it excels. Classification – and doing it very quickly.

Imagine being on your SDR (SDR1) and you can see a whole load of data signals on the waterfall/spectrum and you quickly want to know what they all are. With go2MONITOR operating another SDR (SDR2) you can dial in the centre frequency of the bandwidth shown on SDR1 into the go2MONITOR/SDR2 combo, click one button – Find Emissions – and within seconds the whole bandwidth has been analysed and every signal classified.

I’ll go back a step though here. You don’t need two SDR’s. One will do. SDR1 – as long as it is a compatible SDR – can be controlled through a GUI by go2MONITOR. The software includes a waterfall/spectrum display. Like all SDR software, these displays are fully adaptable to how you like to see the signals.

The previous L-band bandwidth but his time using go2MONITOR and the AirSpy R2 GUI, decoding INMARSAT 3-F2

Either way, you now have a list of every emission that go2MONITOR has received within that bandwidth. This list includes Modulation type, Frequency, Bandwidth, Symbol (Baud) rate and SNR. It also shows which SDR you have used for interception (useful if you’re using go2MONITOR with more than SDR at the same time, but also with other advanced features such as network control), and it also shows if the frequency is already stored within the frequency database – yes, you can create this too; or import ready made databases in a CSV format.

All the emissions within the bandwidth have been analysed and types ascertained.

Already then, you have built up a picture of what these signals are. One thing to note. If the signal type is not one of those included within the package you have, it will be classed as unknown. Example – a STANAG 4285 will show as unknown in the Standard and PMR/SAT package, but will be classified correctly in the MIL package.

OK, those of us that are looking at SDR’s all the time can pretty much tell what the signals are just by looking at them, so there’s no great advantage here is there? Except, now go2MONITOR has logged these in its database which can be searched through at a later date – handy if you’re looking for potential schedules for example.

However, the next step is where things get interesting. By putting one of these emissions into a “Channel” you can carry out an advanced classification, recognition and decode. You have multiple choices here, but I generally start off with a Classification. Whilst the software has already decided what the emission type is, by doing this it double checks just this one channel and produces a choice of decoders that it is likely to be.

go2MONITOR in Classification mode. Here it has calculated that the FSK emission received has a 50 Bd symbol rate with two tones with 859 Hz spacing. From this it has deduced it is likely to be one of four modems – one of which is ALE-400.

By using STANAG 4285 as an example, it will put this into the list of choices, but it may put other PSK signals there too. By clicking on another button, this puts the channel into Recognition mode and it reduces the hundreds of decoders down to just those in the classification list produced. The software then calculates which is the best decoder and starts to decode the signal.

If you think about STANAG 4285 in other software, you generally have to try all the various potential Baud rates – is it Long Interleaving? is it Short? etc etc. Well go2MONITOR does this automatically. It checks the alphabet and protocol and will decode it if known. More often than not it can’t calculate the alphabet, but every now and again it does and it will produce encrypted data – don’t forget, if it’s encrypted it won’t decrypt it without the correct key.

By continuing on the process from the Classification mode into the Recognition & Decode mode, here from another emission go2MONITOR has selected the CIS-50-50 modem and started to decode the message.

This further Recognition and Decoding is also stored in the database for later analysis, along with a recorded wav file for playback and deeper signal analysis.

Seriously, it is harder describing it in text than it is doing it so I’ve created a video that’s at the end of this blog.

I mentioned previously that the software works with receivers that aren’t SDR’s. That’s because, as long as you can create a wav file recording – Narrowband as it’s known in go2MONITOR – it can be analysed. There are things missing, the actual frequency for instance (though this can be typed into a text box so that you can then have the right information – this i’ll show in a later blog). Time stamps aren’t naturally there but again you can add these by telling the software to use the time the recording was started.

I’ve used recordings made on my Icom IC-R8500 as an example of this but it is literally the bandwidth of the mode used by the receiver that is shown on the go2MONITOR spectrogram.

You don’t actually need to own a receiver of your own. Use an online SDR such as a KiwiSDR, record the IQ as a wav file and play it back through go2MONITOR for analysis. I’m doing just that for a Jane’s Intelligence Review magazine article.

If you use SDRConsole, then you may have also tried the File Analyser function that I blogged about in August last year. The File Analyser in SDRC is excellent, there’s no doubt about it, but it has one drawback. Once you’ve carried out your recording you have to create a run through of the recording, making an XML file that effectively joins all the wav files up. If you’ve made a wide and long IQ recording this can take quite some time. With most of my overnight recordings – normally 7 hours long, with a 768 kHz bandwidth – this takes around 45 minutes to complete.

With go2MONITOR you can also record the bandwidth IQ data. With this you can do two things. Firstly you can run it through as a normal playback, classifying and decoding as you go. Secondly though, you can open the Results window which gives you a time based view of the whole recording allowing you to immediately see any transmissions. Unlike SDRC Analyser, the signals have already been classified, and more importantly, this is done straight away without any need to create an XML file first. The Results window will be covered in greater detail in a blog of its own.

Analysing a Wav file made using the IQ recording capabilities with go2MONITOR
Further analysis of a STANAG 4285 emission within the recording.

However, there are no decodings here. With just an IQ recording you need to play it back and run an emission search etc. There are some basic automation tasks available, such as setting up an emissions search every 10 seconds.

But, if you have the Automated Monitoring and Tasking package, you can also have the software automatically record, recognise and decode a single emission type – or all emissions types within the bandwidth, a set frequency, between two frequencies or any other parameters you may wish to set up.

The go2MONITOR results window of a IQ recording that has been set up to automatically run an emissions search every 10 seconds. The blue rectangles are every emission found. By running the mouse of them you can get basic information on each emission. Clicking on them brings further details that can be viewed in the tabbed area to the right.
The red rectangles are emissions that have also been Recognised and Decoded. By clicking on them the decoded data is shown in the tabbed area.

The list of SDR’s that can be used with go2MONITOR is pretty good, though due to the target audience, many of them are high end, “government/military” receivers. But, it does work with Perseus, SDRplay RSP1 & RSP2, RFSpace NetSDR and SDR-14, and of course AirSpy R2 – and now the AirSpy HF+ and AirSpy HF+ Discovery.

Supported receiver list:

ReceiverMax. Rx bandwidthSpectrum overviewScanRemark
AirSpy2 MHz  Experimental support
CommsAudit CA78515 MHz  VITA 49
Grintek GRX Lan1 MHz   
IZT R3xxx series20 MHzXXUp to 3 channels  spectrum
IZT R4000 (SignalSuite)1 MHz  1 channel only
Microtelecom PERSEUS800 kHz  Limited USB 3.0 compatibility
narda® NRA-3000 RX320 kHz   
narda® NRA-6000 RX320 kHz   
narda® IDA 2320 kHz   
narda® SignalShark®331020 MHz  VITA 49 support. Only 1 MHz and no receiver control at LINUX
PLATH SIR 211020 MHz  LINUX recommended. External receiver control only
PLATH SIR 21154×20 MHz  External receiver control only
PLATH SIR 511012 MHz  16×768 kHz subbands External receiver control only
PLATH SIR 5115Full HF  40×768 kHz subbands External receiver control only
R&S EB5005 MHzX No gain control available
R&S EM100 / PR100500 kHzXX 
R&S ESMD15 MHz  External receiver control only
RFSPACE NetSDR2 MHz   
RFSPACE SDR-14190 kHz   
RTLSDR/Noxon USB-sticks3.2 MHz  Experimental support. Continuous signal up to 2.4 MHz
SDRplay RSP1 & RSP26 MHz  Experimental support
ThinkRF R5500-4086.25 MHz  VITA 49
ThinkRF R5500-4276.25 MHz  VITA 49
ThinkRF WSA5000-408780 kHz  VITA 49
ThinkRF WSA5000-427780 kHz  VITA 49
WiNRADiO G31DDC800 kHz   
WiNRADiO G33DDC4 MHzX  
WiNRADiO G35DDC4 MHzX  
WiNRADiO G39DDC4 MHzX Up to 2 channels + spectrum
Generic VITA 49 receiver supportMax. receiver bandwidth  Can be configured in a wide range for different receiver types
Other generic “Winrad ExtIO” supported receiversMax. receiver bandwidth  Experimental support

As you can see, there is a huge difference in bandwidth capabilities for each receiver. I use my WinRadio G31DDC quite often with go2MONITOR, but the AirSpy HF+ Discovery (not listed as i’ve only just got it working) isn’t much worse with it’s full 610 kHz bandwidth.

When you think that the G31 has a much better operational bandwidth than 800 kHz when you use it on its own, it’s obvious which is better value if you were buying an SDR solely for using it with go2MONITOR. It is this kind of thing that many Government agencies are looking at when it comes to funding operations aimed at large scale monitoring.

That then is a very basic overview of go2MONITOR. The quick video and images have hopefully shown you a little of what is possible.

Outside of a Professional SIGINT operation, why would an amateur radio monitor need something like go2MONITOR? And would they pay the price?

I think they would. After all, most of us have spent a fair amount on radio monitoring over the years, so why not on software that would make their monitoring not only quicker and easier, but potentially open up new areas of monitoring.

Many of us specialise in certain monitoring areas – Russian military, particular the Navy and Strategic aviation for me for example. With go2MONITOR I have already used it to hunt out potential Russian Northern Fleet frequencies by running an automated 10 second CW emission scan overnight within a bandwidth block. By doing this, and then analysing data found in the results window, I was able to target certain frequencies to see what activity there was on subsequent nights.

Whilst there are other decoders available – some of which are plugins in software such as SDR#; some of which are free – it is the quickness and ease with which it can be done that makes go2MONITOR attractive. The big question is, would you pay for this?

11 thoughts on “PROCITEC go2MONITOR overview

  1. Great post! one of the best ever made about rtty decoding software!Thanks!
    My point is even paying for the basic Go decode software package you will be able to decode systems like : Sitor,Stanag 4481 and 4285 as we know the Stanag systems are obviously encrypted systems so what you get there is just raw encrypted data, Sitor still used on HF, but why pay a huge amount of money when you can get Sitor or CW using free software ? .
    I think that the golden age for us Rtty listeners is over 25 years ago, at that time was easier get messages in clear using the glorious Hoka Code 3 , Baudot /Sitor/ pactor systems were mainly used by Gov agencies /Maritime/press agencies etc. Today everything is changed, proprietary systems are in use on Hf and heavily encrypted, even having enough money to buy the basic version of Go decode you will get access only to raw useless data.

    • This is true. Many of the networks are encrypted, which I think I state, but this isn’t the only thing the go2 range can be used for.
      It is very good at being able to build up a picture of potential networks, schedules and such like in very quick time.
      What I’ve shown here is a basic look at the capabilities, decoding being just a small part of it! After all, if we could just decode everything that was out there, the world wouldn’t be that safe a place! It’s not that safe as it is!
      What you call raw useless data is another man’s raw useful data 😉

      • Excellent post, Tony!

        Go2Monitor will give you much more information besides the encrypted text. There are a lot management data which are transmitted in i.e. a STANAG signal. In some cases you can even monitor id’s or ip addresses.
        Another important issue is the integrated classifier. Today we have the problem that there are not so much experienced operators any more. And a software, which helps to identifier most modems or the parameter for an unknown signal, is of great value.

      • Totally agree Roland. These are things I intend to cover in the future blogs. It is great software for this and the views of “it’s a too expensive decoder” need to be overlooked and the other possibilities thought about.

  2. Where or where to begin?

    Other than the fact that it is full of outdated (55% have been off-air for decades) and incomplete modes (25% lack waveforms), modes that are incorrectly-implemented, and another 20% of nil use to SIGINT (last I checked the Canadian time clock wasn’t a SIGINT target), then I guess it is fine for Amateur use as Mr. Roper suggests. Another 25% are incorrectly named (OK, they use made up names) modes.

    Add to that, that it totally lacks precision classification, cryptographic parsing, advanced analytics like LFSR, network diagramming, cryptanalytic measurement tools and traffic analysis.

    Further, it isn’t compatible with the Allied data protocol standards like XMidas, MidasBlue and TSDF. Doubtful those will ever be shared by NSA, GCHQ et al since the core of these folks was recentlyunder investigation by the Swiss FBI for selling a solution to NATO Link-11 to a non-NATO member – and why they were brought back under the mothership at Plath.

    I am sure Plath wishes it just stuck to making its excellent hardware and not adopting all of the problems the incestuous code from Wavecom (now under Chinese management which must ne great for NATO member!) and Hoka that they licensed.

    If only they just did original work, but they don’t – there is absolutely zero support for any variations – it is clear they buy the specification from Motorola or whomever, and then don’t know what to do when they find a variation of the standard on air in the real world.

    The Krypto500 – Krypto1000 folks (I forget the company name) outpace them in every one of these aspects – and have almost 130-something more decoders. I see that they make more decoders every 24 months than these others have done in their entire histories! Pathetic. With more than 3,000 modes currenlty on air in HF and another 2500+ in VHF-UHF, you’d think they could so some original work at Procitect, Wavecom…but no…

    It seems the big problem is lack of development by people who have actually conducted SIGINT operations.

    • Thanks for your comments Dave.

      You are correct in stating that there are off-air decoders included. These are kept in as legacy decoders and can be removed from any searches, and I’m sure you’re aware that you can create your own search groups if you wish. Many decoding software packages keep legacy decoders within their list – including Krypto500/1000 that you mentioned. More on them later. In the case of amateur decoders they generally do keep them in.

      The sister software to go2MONITOR, go2DECODE, gives you the capability to create your own decoders and classifiers. I haven’t even played with MONITOR fully yet, but as far as I am aware it does give you traffic analysis capabilities, especially when tied into DECODE. Here you can also adapt any variations of what you find on air in the real world. Like I say though, I do not work for Procitec, I’m just testing it out so you would have to consult with them on this.

      The naming of modes is always a tough one, especially non-NATO variants, the Russians in particular 🙂 What can you do?

      Krypto500/1000 is created by Comint Consulting. They tie their “providers” into NDA’s and lynch you into never speaking a word about what you may find when using their software, including mundane CW that anyone can get through a free decoder (if you have to use a decoder for that). This doesn’t work in the amateur world. I, and many others, have first hand experience into their methods and I am fully aware as to how they ascertain some of their data for their databases. Many of us have told them to go away, but some haven’t – drawn in by their software. Then it is too late.

      I will never use Krypto500/1000 so I can’t speak on the differences. But I have tried to access their website to get a comparison list in the past. On every attempt, the website freezes. The website looks nice though!

      Without going into specifics, Procitec do employ people who have carried out military SIGINT operations.

      I see you’re in 30 Commando. I’d love to come and spend some time with you if possible to see how you operate. If nothing else for the work I do for Jane’s Intelligence Review.

      Cheers

      Tony

  3. What can one do? Research, as you well know. There is plenty of information about hardware out there – magazines, the factory websites, etc.

    We do use both Kryptos. The software is ITAR-controlled, so is not intended for amateurs. So, for that I understand their protectiveness. They are based in the US, but employ a lot of Europeans (quite a few here in the UK, actually) – and all of their people we’ve run into these past years have lengthy backgrounds in our field.

    I challenge you to find a single mode in their list that is off-air or otherwise legacy. We had asked about a couple of them, not knowing them, and were shown the light as it were. Some are simply not in our region here in Europe.

    I don’t work for them, either, still being tied to HMG, but having had go2 for a few years, I can tell you it is useless for the production of current intelligence for the reasons previously stated.

    Perhaps Roland (above – you do realize he works for Procitec and used to be the Hoka sales representative for Germany, yes?) could cite an example. He correctly mentions the importance of classifiers, but what they have are barely modulation recognizers and then use a 20+ year old technique based on bit patterns – all of which require an enormously stable channel. There are a few dozen ‘classifiers’ at best…last edition of Krypto we received has over 4,000 – and they work in real-time, not only giving modulation parameters, but an exact modem manufacturer/model. To me, that is classification. The one they have advertised on their News page that is in Krypto1000 is simply amazing since you can click on an endless number of channels for instant precision classification.

    If you’re a hobby monitor, perhaps none of these things make a difference, but if you’re a SIGINT professional, all of these inaccuracies, obsolescent modes and inaccuracies make it useless in our world

    • By, what can you do, I mean what can you do about people misnaming them. CIS variants have numerous names for the same thing because of this, many have evolved from the amateur field.

      Yep, I know who Roland is.

      Like I say, I’d like to check the different decoders at Comint, but having tried opening their list page over half an hour ago and it still hasn’t opened (on two PC’s and a brand new MacBook) I can’t. From what I can see they list old demodulators and seem to remember that this compares their current list to their “competitors”?? If they don’t actually have the legacy decoders available that’s my mistake – but like I say, I’ll never use it.

      I’m sure they’re very nice to people that want to spend millions on their software. Who wouldn’t?? But many have not had that experience with them.

      I’ll contact you outside of here for other discussions if ok? (Jane’s stuff)

  4. Mr. Roper

    You’re welcome to email and we’ll see what we can do on a visit.

    I just checked their website and every page works fine – try comintconsulting.com/sigint (here you just follow the lists of modes – they take the time to explain and list obsolete ones, and why) and comintconsulting.com/resources and comintconsulting.com/news

    I can send you a PDF we did comparing these and others – you’re going to be gobsmacked over how useless go2 is when you read it.

  5. Hi
    there is a way to test this decoding software ( Kripto 500 & Go decode) ? Can a civilian apply for a Sigint job? I’d love to see a Sigint Hf station!Any suggestions?

    Br

    Claudio

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.