Click for homepage
Data
Crypto AG
Motorola
BND
CIA
  
HC-500 series →
  
Hagelin HC-570
Desktop electronic cipher machine · CRYPTOMATIC

HC-570 is an electronic desktop cipher machine, developed between 1974 and 1977 by Crypto AG in Zug (Switzerland). The cryptologic is developed by Motorola in Phoenix (Arizona, US) and features a backdoored cryptographic algorithm made by the US National Security Agency (NSA). It was the successor to the ill-fated H-460, and was complemented by the portable HC-520 [1].

The device was intended as a desktop machine and resembles an electronic typewriter of the era. It is integrated with a strong black plastic transit case of which the hood can be removed. Accessories, like manual, instruction card, paper tape and print rolls, are stowed inside the hood.

The HC-550 is very complete. It contains a page printer, a high-quality keyboard, a single-line plasma display, a five-level tape reader and a five-level tape puncher, and is suitable for off-line encryption and decryption only. Messages are exported on paper or punched paper tape.
  
HC-570 cipher machine

The device can be powered from the AC mains (90-250V AC) virtually anywhere in the world and was intended for diplomatic use. Setting of the Basic Key (BK) and the mode of operation (C/D) is by means of two highly secure KESO locks at the front panel, to prevent unauthorised use. For transmission of the data via a regular telephone line, an optional acoustic modem was available.

The machine was introduced in 1977, but was never produced in high quantities, probably due to the high production cost. A few years after its introduction it was replaced by the more affordable HC-550, which was based on a low-maintenance Siemens T-1000 teleprinter. Immediately after the introduction of the HC-570, the 500-series was complemented by the portable HC-520 [1].

HC-570 cipher machine
Front view of the HC-570
Controls
KESO keys and locks
Entering a key on the display
Paper tape compartment
Tape cartridge
Feeding in the paper tape
A
×
A
1 / 8
HC-570 cipher machine
A
2 / 8
Front view of the HC-570
A
3 / 8
Controls
A
4 / 8
KESO keys and locks
A
5 / 8
Entering a key on the display
A
6 / 8
Paper tape compartment
A
7 / 8
Tape cartridge
A
8 / 8
Feeding in the paper tape

Features
The diagram below provides an overview of the features of the HC-570. The device is housed in a strong plastic transport case, from which it can not be removed. It resembles an electronic type­writer, and features a full ASCII keyboard and a thermal page printer. Furthermore, a single-line plasma display is present at the front panel. It allows a text to be corrected before being printed.

Click to see more

For operation, two highly secure (physical) keys are needed, that have to be entered in the two locks to the right of the display. The left one is needed for entering the Basic Key (BK) and for opening the cover. The right one allows selection between Ciphering (C) and Deciphering (D).

Compatible machines   Cryptomatic 500
Pocket version, resembling a calculator
Suitcase version
Desktop model, based on Siemens T-1000
Desktop model
Desktop model, based on Siemens T-1000
Rackmount model for serial computer signals
History
The HC-570 was developed at a time when the company – Crypto AG – was jointly owned by the German Bundesnachrichtendienst (BND) and the American Central Intelligence Agency (CIA). The two intelligence services had purchased the company in 1970, with the intention to get control over the cryptographic algorithms and – indirectly – Crypto AG's customers. This secret project was known as Operation RUBICON (also: THESAURUS) and turned out to be extremely effective [1].

The HC-570 was the successor to the ill-fated H-460, that had been introduced just before BND and CIA became the owners of Crypto AG. It used a shiftregister-based cryptologic that had been designed by the NSA in 1965, in such a way that messages were readable 1 to them. When BND and CIA took over, it was decided that Crypto AG should sell high-end cipher machines that could compete with the designs from other manufacturers – like Gretag – that were not under control.

The new machine was initially designated HS-4700 and was (partly) developed at Crypto AG in Zug (Switzerland) between 1970 and 1973. But as the development was progressing too slowly, the partners (BND and CIA) decided in 1974 to bring in the American technology giant Motorola from Phoenix (Arizona), and let them do development of the electronic circuits. Motorola based the design of the circuits on the 6800 microprocessor that they had just introduced in 1974 [2].

At the same time, the US National Security Agency (NSA) developed a cryptographic algorithm, which Motorola had to implement in software on the 6800 processor. It was probably the first time an algorithm was implemented this way. It came in two flavours: readable and unreadable. 1 Unreadable versions were for friends: NATO countries, plus Switzerland and Sweden. Readable versions were sold to all other countries, with very few exceptions. Apart from NSA, they were also readable by the Zentralstelle für das Chiffrierwesen (ZfCh) — the German codebreakers.

Once the design was ready, it was handed over to Crypto AG in Switzerland, where the machine was taken into production as the HC-570. Unfortunately, it did not become very popular and caused Crypto AG to run into red figures. It was overly complicated, difficult to build, expensive and prone to failure. A few years later it was replaced by the HC-550, which was based on a Siemens T-1000 teleprinter to which the cipher unit was bolted at the bottom. Never­theless, small quantities of HC-570 machines were built until the early 1990s for existing customers.

Soon after the introduction of the HC-570 in 1977, a portable variant was developed by Siemens – the HC-520 – which became very popular. It was intended as a competitor to the Gretacoder 905, which had recently been introduced by Gretag, and was unreadable to western intelligence.

  1. The term readable means that the algorithm could be broken by NSA. Also known as friendly or exploitable. In contrast: algorithms that are not breakable by NSA, are called unfriendly or unreadable or secure.

HC-500 Crisis
In February 1979, less than two years after the introduction of the HC-500 series, CAG-employee Jürg Spörndli discovered that it was possible to break the machine with just 100 characters of known plaintext, probably after attending a seminar by American mathematician Martin Hellman.

Although rather theoretical, it proved that the cipher was prone to a known plain-text attack, or KPTA as it was known in the crypto-world. For Crypto AG this was bad news, as the company couldn't afford another debacle after the H-460 crisis. In two years time, the HC-500 series had become Crypto AG's leading product, of which more than 1700 had already been sold worldwide.

The original algorithm had been developed by NSA's Peter Jenks, and was intended to last for at least 20 years. But Jürg Spörndli had now exposed a weakness that urgently needed to be fixed before customers would discover it themselves. At NSA, Dave Frasier designed a drop-in fix that defeated a known plaintext attack, but was considerably more difficult to break by NSA and ZfCh. A few months later, mid-1979, Peter Jenks left the NSA and Dave Frasier committed suicide.

 More about Operation RUBICON


Interior
The machine is housed in a strong plastic transport case, from which is can not be removed. The transport case is in integral part of the machine and acts as a bottom shell. After placing it on a table, the hood of the transport case should be removed, and the machine is ready for operation.

In order to access the interior, the leftmost KESO key must be entered into the lock and turned counterclockwise. This releases two steel cable-operated locks at the sides of the machine. Note that you may have to gently push the cover down somewhat before the side locks will disengage.

The cream plastic cover can now be removed by tilting it towards the rear, but be careful not damage the fragile printer transport mechanism at the left. Once the cover is off, the interior is exposed, as shown in the image on the right. At the rear left is the power supply unit (PSU).
  
HC-570 interior

In front of the PSU is the thermal printer (here shown with a paper roll installed), and in front of that is the keyboard. To the right of the printer is a purpose built paper tape puncher and – at the front right – a matching punched paper tape reader. Both are suitable for standard 5-level tape.

At the rear right is a metal case that contains the electronic circuits. It is divided in three equal compartments, each of which can accomodate 6 plug-in cards, but not all slots are populated.

The middle compartment contains the processor board and the peripheral drivers, all of which were developed by Motorola in Phoenix (USA). Each card has an 64-pin connector at one edge, through which it is fitted to the motherboard at the bottom. The cards contain the peripheral interfaces, the 6800 microprocessor, the display drivers, the printer drivers and the memory.
  
Peripheral interfaces (6820) for the Motorola 6800 microprocesso

Additional details can be found in the photographs below. Note that in the device featured here, the original Motorola processor card has been replaced by an alternative (experimental) one, that is functionally identical. It was probably developed as part of an aftermarket update or upgrade.

HC-570 interior
Cage with electronic plug-in cards
Plug-in cards with electronic circuits
Driver board close-up
Driver board
Periphera interface (Motorola)
Peripheral interfaces (6820) for the Motorola 6800 microprocesso
Alternative processor board
Bottom side of the replacement processor board
Paper tape reader
Paper puncher
PSU
Placing the air filter
Top view of the 15 PCBs
Part of the electronic PCBs
Belt missing from the printer
B
×
B
1 / 16
HC-570 interior
B
2 / 16
Cage with electronic plug-in cards
B
3 / 16
Plug-in cards with electronic circuits
B
4 / 16
Driver board close-up
B
5 / 16
Driver board
B
6 / 16
Periphera interface (Motorola)
B
7 / 16
Peripheral interfaces (6820) for the Motorola 6800 microprocesso
B
8 / 16
Alternative processor board
B
9 / 16
Bottom side of the replacement processor board
B
10 / 16
Paper tape reader
B
11 / 16
Paper puncher
B
12 / 16
PSU
B
13 / 16
Placing the air filter
B
14 / 16
Top view of the 15 PCBs
B
15 / 16
Part of the electronic PCBs
B
16 / 16
Belt missing from the printer

Restoration
Late version
The device shown here is a very late production model. Judging from the date codes on some of the components, it was made in the early 1990s, some 15 years after its introduction. Although the machine is fully operational, and most parts are genuine, the processor board was replaced.

Originally, the middle compartment of the metal cage at the rear right of the machine, contains the microprocessor and its peripheral drivers. There are six slots, five of which are normally populated (one is marked TEST). In the HC-570 featured here, the rearmost three card have been removed, and replaced by a single Eurosize card, that contains an NSC-800 microprocessor with static RAM, plus an EPROM with the firmware.

The alternative processor board was probably developed as part of an aftermarket upgrade which for the firmware had to be redeveloped.
  
Alternative processor board

It is also possible that the machine was built from existing (spare) parts, in order to accomodate aftermarket orders from existing customers, and that by the time this was done – in the early 1990s – the original processor board was no longer available. It is currently unknown where the replacement board was made. It is possible that this was done in-house, but it is also possible that a small external party, such as TST Timmann 1 in Germany, was commissioned to do the job.

  1. Judging from the 'design signature' and the choice of the NSC-800 processor, TST was a likely candidate.

Broken printer
When we obtained the HC-570 shown here, a first inspection showed that the printer was not working. It was printing, but the paper would not advance at the end of a line. It was clear that the transport mechanism was somehow broken. First the cover had to be removed (see below).

The transport belt, that connects the platen to a stepper motor, was completely missing and had probably desintegrated. And, more seriously, a spring was found at the bottom of the machine, with a broken-off plastic tip. This was probably once a part of the (missing) belt tension unit.

As an original belt was not available, the drive mechanism was adapted to accept a standard one (from a printer or flatbed scanner). Such belts are commonly longer, so an adjustable support post was created, and mounted in a free hole in the printer's left side panel, as shown.
  
Click to see more

The part inside the yellow circle is new. it is mounted in an unused oval hole in the side panel, and can be adjusted to obtain the desired tension on the belt. The pully, axle and replacement belt, are all surplus from an old disassembled flatbed scanner. The printer is now working again.

Belt missing from the printer
Belt missing from the printer
Belt missing from the printer
Spring found at the bottom of the machine
Broken spring post
Improvised printer drive belt
C
×
C
1 / 6
Belt missing from the printer
C
2 / 6
Belt missing from the printer
C
3 / 6
Belt missing from the printer
C
4 / 6
Spring found at the bottom of the machine
C
5 / 6
Broken spring post
C
6 / 6
Improvised printer drive belt

KESO key
The HC-570 is protected against unauthorised use, by means of two highly secure KESO locks, to the right of the display. Without suitable KESO keys, the machine can not be operated. When we obtained the machine shown here, in December 2010, the leftmost key was missing, as a result of which the Basic Key (BK) could not be entered and, worse, the top cover could not be removed.

Luckily, lock expert Barry Wels [3], was willing to help us out. Back in 2009, Barry had been able to provide us with a new key for our Enigma M4, without removing or damaging the existing lock.

On 25 March 2011, Barry visited us again and produced a working key from a blank, using a technique known as impressioning. The image on the right shows the resulting key, which in no way resembles a genuine KESO key, but operates nevertheless smoothly. Unlike an original KESO key, the impressioned one is not symmetrical and can only be inserted in one orientation.
  
Close-up of the impressioned KESO key

Starting off with a blank polished key, Barry wiggles it inside the lock. He then searches the key for minor scratches and files away the unwanted parts. This process is repeated numerous times, until the lock finally gives in. Although it sounds easy, it is in fact a tedious job that requires many hours of practice. The video clip below shows the final stage of the creation of our BK-key

Close-up of the impressioned KESO key
Side view of the impressioned KESO key
Both keys present
Using the new KESO key
The rightmost cable-operated case lock, controlled by the primary KESO key, Shown here in closed state.
The rightmost cable-operated case lock, controlled by the primary KESO key, Shown here in opened state.
The new KESO key for the HC-570 created by Barry
The new KESO key for the HC-570 created by Barry
D
×
D
1 / 8
Close-up of the impressioned KESO key
D
2 / 8
Side view of the impressioned KESO key
D
3 / 8
Both keys present
D
4 / 8
Using the new KESO key
D
5 / 8
The rightmost cable-operated case lock, controlled by the primary KESO key, Shown here in closed state.
D
6 / 8
The rightmost cable-operated case lock, controlled by the primary KESO key, Shown here in opened state.
D
7 / 8
The new KESO key for the HC-570 created by Barry
D
8 / 8
The new KESO key for the HC-570 created by Barry

Documentation
  1. HC-570 Short-Form Instructions
    Doc. Nr. 3K 635. Crypto AG. Date unknown. 8 pages.

  2. HC-570 Operating Instructions
    3 B 617. Crypto AG. Date unknown. 66 pages.

  3. Oskar Stürzinger & Peter Frutiger, US Patent 4,350,844
    Enciphering- and deciphering aparatus in the form of a typewriter.
    AEH, 19 November 1976. Priority date 20 November 1975.
References
  1. Crypto Museum, Operation RUBICON
    February 2020.

  2. Wikipedia, Motorola 6800
    Retrieved December 2019.

  3. Barry Wels, lockpicking expert
    Crypto Museum, April 2011.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Thursday 02 December 2010. Last changed: Friday, 04 February 2022 - 10:22 CET.
Click for homepage