Click for homepage
USSR
Cipher
Rotor
  
M-130   KORALL
Meteorologic cipher machine - wanted item

The M-130, codenamed KORALL (Russian: КОРАЛЛ) is an electromechanical rotor-based cipher machine, developed around 1965 at NIIA (Russian: НИИА, now Avtomatika) in Moscow (Russia). The device is a numbers-only machine, and was used in the countries of the former USSR and the Warsaw Pact for the distribution of encrypted weather reports. In East-Germany (DDR) it was known as Koralle. In 2010 and 2011, Crypto Museum was able to investigate a surviving M-130 machine in Austria. This page is based on that research, complemented by other sources [2][3].

The M-130 is built on the chassis of an existing teleprinter, which was also used as the basis for the CM-1 (Vasilek) [4]. Although the original one had an alpha-numeric character set, a modified version — with numbers only — is used here [2]. This was sufficient for encryption and decryption of meteorologic data which is numeric by nature.

The image on the right shows a typical M-130 machine ready for use. It came with a matching 24V PSU. The keyboard contains a single row of keys with the numbers 1 thru 0, plus the letter 'X', a minus-sign (-) and a carriage return key.
  

A space is automatically inserted after each fifth number (the usual 5-number groups). A nice side-effect of using a numbers-only cipher machine, is that it is language-independant. If letters are converted to numbers first, the machine can be used for any language in the world. This is also why the contemporary M-125 (Fialka) machine had a lever to switch between characters (30) or numbers (10). The M-130 was also available in a non-crypto version (i.e. as a bare teleprinter).

M-130 meteorologic cipher machine
M-130 with the front lid open
M-130 without the top lid
M-130 power supply unit
M-130 crypto unit
Patch panel
The five coding wheels
Operating the mode-switch. Here shown in encryption mode.
A
×
A
1 / 8
M-130 meteorologic cipher machine
A
2 / 8
M-130 with the front lid open
A
3 / 8
M-130 without the top lid
A
4 / 8
M-130 power supply unit
A
5 / 8
M-130 crypto unit
A
6 / 8
Patch panel
A
7 / 8
The five coding wheels
A
8 / 8
Operating the mode-switch. Here shown in encryption mode.

Weather service
During the Cold War, the Soviet Union (USSR) and its Warsaw Pact allies used a variety of cipher machines, including the M-125 (Fialka). The use of these devices for direct communication between the Warsaw Pact states however, was strickly forbidden. Each country had its own set of wheels (each wired differently) and the machines were often adapted to the local language.

In case of war, the Warsaw Pact states would need to have quick access to accurate weather reports. For this they did not want to depend on existing (NATO) sources, as these were likely to be unavailable to them. As a solution, a Warsaw Pact-wide network of Meteorologic Services was created. They had the task to independantly collect all necessary meteorologic data from a variety of sources and create a reliable weather prediction from that. Furthermore, they had to develop ways to circumvent possible (radio) interference by the enemy.

Once complete, the weather report would be shared between the contributing states. As it was likely that the meteorologic data was further distributed within each country via other cipher systems – for example with the M-125 Fialka) – it was necessary to encrypt the weather report, or else it could be exploited by an evesdropper as a crib (a piece of known plaintext).

This was done with the M-130 (KORALL), shown here with the front lid open. In order to improve the cryptographic strength, separate pin-wheels were used to control the irregular stepping.
  

In the former DDR (East-Germany), this service was known as the Meteorologischer Dienst (MD) der Luftstreitkräfte/Luchtverteidigung (LSK/LV), abbreviated to MD der LSK/LV [3]. They used the M-130 to share the weather report with the Main Command Post (Hauptgevechtsstand, HGS) and the Air Defence Departments of the other Warsaw Pact countries. As there was another cipher machine that was also called Koralle, the M-130 was sometimes nicknamed the Wetterkoralle. The first DDR cipher operators were trained on the M-130 in Moscow in 1966 [3].

Meteorologic Department bunker. Source: ZFWW website [3]

The image above shows the meteorologic bunker of the East-German command post HGS-14, as it was in 1980. The M-130 cipher machine was located in the so-called K-room ('K' for KORALL or KRIPTO), a small room behind the office of the Weather Information Service of Duty (DWIZ).

Besides the operational M-130, the room also contained a spare M-130 unit. The key-sheets were also stored in this room. A cipher operator with sufficient security clearance could only enter this room after collecting the key from the DWIZ. A more detailed descripton (in German) can be found on the internet site of the former Zentrale Flugwetterwarte (ZFWW) [3].


MODE selector
The M-130 can be used in three different modes: coding, decoding and plain text. The desired mode of operation is selected by means of a large rotary knob at the right front of the machine, known as the MODE-selector. The three settings are marked with the Russian letters О, З and Р.

Label Russian Phonetic English
О Открытый Текст Otkrytyj Tekst Plain text
З ЗашифроватЬ Zashifrovat Cipher
Р РасшифровыватЬ Rasshifrovyvat' Decipher

Interior
The M-130 is build on the chassis of an existing Russian teletype machine, that was modified for the transmission of numbers only. The keyboard at the front only contains the numbers 0 to 9, the letter 'X', a minus-sign (-) and the carriage return key (CR).

The image on the right shows a typical M-130 cipher machine with its top lid removed. At the front of the unit, right behind the keyboard, is the actual cipher unit, which is explained further below. The remaining part is the bare teletype unit, which acts as a host to the cipher unit.

The teletype unit is a marvel of mechanical engineering. As it was developed in the same era as the M-125 (Fialka), it shares some of its characteristics. The entire unit is driven by a 22V motor mounted at the rear right, in combination with a complex system of cog-wheels and axles.
  

The encrypted or decrypted text is printed on a paper roll by means of a set of 12 hammers, much like a typewriter. The hammers are controlled by a set of solenoids at the rear of the machine. When a solenoid is activated, the corresponding hammer is released.

At the rear left is a built-in paper puncher that allows the encrypted output to be stored on a punched paper strip. The paper for the puncher is taken from a drawer at the right. A knob at the right is used to select the output device: printer (К), puncher (П) or both (ПК). Note that the puncher can only be used in encryption or plaintext mode. It is disabled in decryption mode. At the front left is a paper tape reader, which can only be used in decryption and plaintext mode.

M-130 without the top lid
Motor and driving mechanism
Typewriter-style printer
Printer solenoids
Paper puncher
Loading a punch paper reel
Output selector (set to printer and puncher)
Paper tape reader
B
×
B
1 / 8
M-130 without the top lid
B
2 / 8
Motor and driving mechanism
B
3 / 8
Typewriter-style printer
B
4 / 8
Printer solenoids
B
5 / 8
Paper puncher
B
6 / 8
Loading a punch paper reel
B
7 / 8
Output selector (set to printer and puncher)
B
8 / 8
Paper tape reader

Crypto unit
The actual crypto unit is located in the front part of the basic teletype machine. It takes the form of a complete pre-assembled unit, built on a heavy aluminium base plate, which is mounted in an empty space at the front. It can be removed by releasing four bolts at the corners of the unit.

The image on the right shows the bare crypto unit once it is removed from the machine. It connects with the teletype machine by means of a contact block at the rear, which mates with a set of 42 spring-loaded contacts in the base of the teletype unit.

At the heart of the crypto unit are five electrical cipher wheels, each with 30 contacts at either side. They are described in greater detail below. Four additional mechanical pin-wheels control the irregular stepping of the cipher wheels. They are also explained in more detail below.
  

When the unit is running, the middle wheel (3) always makes a single step on every key-press. It always moves upwards (i.e. the numbers move up when viewed from the front). The outer two wheels (1 and 5) also move up, but their stepping may be inhibited by the presence of a pin on one of the stepping wheels. The remaining two wheels (2 and 4) move down on a key-press. Their stepping may also be inhibited by the presence of a pin on the matching stepping wheel.

The cipher wheels are connected to the electric circuit of the cipher unit, by means of a static entry disc at either side. At the far left of the crypto unit are two patch panels, with 10 wires each. A counter, mounted on top of the unit, is used for counting the number of characters entered on the keyboard. It can be reset by operating a lever at its right side. The cipher wheels can be removed by releasing both static discs and pushing them sideways (outwards).

M-130 crypto unit
Contact block at the rear of the crypto unit
Spring-loaded contacts in the basic teletype unit
Crypto unit of the M-130 with the coding wheels removed
Unlocking the leftmost static wheel
The five coding wheels
Close-up of the left static wheel
Close-up of the right static wheel
C
×
C
1 / 8
M-130 crypto unit
C
2 / 8
Contact block at the rear of the crypto unit
C
3 / 8
Spring-loaded contacts in the basic teletype unit
C
4 / 8
Crypto unit of the M-130 with the coding wheels removed
C
5 / 8
Unlocking the leftmost static wheel
C
6 / 8
The five coding wheels
C
7 / 8
Close-up of the left static wheel
C
8 / 8
Close-up of the right static wheel

Operating principle
Although the construction of the crypto unit might look similar to that of the German Enigma machine of WWII, or the contemporary M-125 (Fialka), its operation is quite different. Both Enigma and Fialka have an entry wheel at one end, and a reflector at the other end. The M-130 however, does not have a reflector. Instead, a character comes in at one end and leaves the crypto unit at the other end. The double patch panel (at the left) can be used to alter the order of the lines to both static discs (ED1, ED2). The simplified block diagram of the M-130 is as follows:


The 10 lines from the keyboard (0-9) are first scrambled by the the leftmost patch panel (plug board) and then fed to the leftmost entry disc (ED1). The current then passes the 5 cipher wheels, until it hits the rightmost entry disc (ED2). As each wheel has 30 contacts (rather than just 10), 20 contacts are looped back (much like a reflector). This principle is known as re-entry or re-injection. Eventually, after one or more passes, the current leaves the rightmost static disc (ED2), passes the second patch panel (PB2) and activates the printer and/or the tape puncher.


In order to allow the same rotor-settings to be used for decryption, the entire unit can be reversed (electrically), by operating the large MODE-selector at the right front of the machine. This switch has three settings: encrypt (З), plaintext (О) and decrypt (Р). In plaintext mode (О), The input is connected directly to the output. In encryption mode (З), the system works as described above. In decryption mode (Р), the input and output wires are swapped.

 Download the complete circuit diagram



Patch panel
In order to add extra complexity to the system, a double patch panel is present. This works much like the plug board (Steckerbrett) of an Enigma machine. However, unlike the enigma, where the wires were swapped in pairs, the M-103 is single-ended and allows any cross-connection. This increases the number of permutations and avoids the self-reciprocity of the Enigma Steckerbrett.

In addition, the M-103 has in two plug boards instead of one, which allows the entry and exit wires to be swapped independently. This adds another layer of complexity, and increases the cryptographic strength of the cipher.

The image on the right shows the double patch panel, which is mounted to the left of the cipher unit. It is wired to the rest of the unit at the bottom. A white line divides the patch panel in two. The left half controls the wiring to the leftmost static disc (ED1), whilst the right half is connected to the rightmost static disc (ED2).
  

The patch panel is configured by 20 short blue patch cables, each with a plug at either end. All 10 cables must be present on each half of the patch panel, and the cable may not be connected between the two halves. Configuring the patch panel was part of setting the cryptographic key.

M-130 crypto unit
Patch panel
20 patch cables for the plug-board
D
×
D
1 / 3
M-130 crypto unit
D
2 / 3
Patch panel
D
3 / 3
20 patch cables for the plug-board

Cipher wheels
The M-130 has five cipher wheels, each with 30 contacts at either side. The 30 flat-faced contacts at the left side are wired in a randomized manner to the 30 spring-loaded contacts at the right. The reason why each wheel has 30 contacts rather than just 10, is that the same wheels were also used with other Russian cipher machines of the era, like the CM-1 Vasilek [4].

As we only need 10 contacts (for the numbers 0-9), the remaining contacts of both static discs are wired as a reflector, much like the UKW, or Umkehrwalze, of an Enigma machine. As a result, the electric current may be reflected several times until it finally leaves the static disc at the other end (see the block diagram above).

The image on the right shows the five cipher wheels after removing them from the crypto unit. Wheels 1, 2 and 3 are still on the shaft, with wheels 4 and 5 in front of them. Wheel number 5 is showing its flat-faced contacts.
  

A coding disc can be at any position on the shaft, allowing a total of 120 different wheel orders. Just like the starting position of each wheel, this was part of the daily key settings (see below). As an extra encryption layer, it was also possible to rewire the cipher wheels in the field.


Wheel wiring


Pin-wheels
Two pin-wheels are mounted at either side of the coding discs. They all have a different number of steps and their pins are at different positions. As the mechanical parts of the crypto module have been carefully aligned, each pin-wheel can only be used in one position. The order of the wheels should be: 1 and 2 on the left, 3 and 4 on the right. Pin-wheel 1 looks like this:


Note that the black numbering at the circumference of the wheel is different from the red numbering on the disc at the right. A sharp cut-out in the circumfere is used when setting the wheels to their neutral position (00). A notch on the zeroize axle will catch this cut-out when the reset lever is engaged (see below).

ID Steps Notches Notch positions *
1 37 14 02 04 05 08 11 15 16 21 23 24 28 32 33 36
2 31 11 01 04 07 08 11 15 18 19 22 24 28
3 43 14 03 07 10 11 12 15 24 28 30 33 37 38 39 42
4 41 16 01 03 07 09 12 13 14 16 18 19 21 25 29 33 35 38

*) The notch positions are referenced by the numbers on the circumfere of the wheel. This information is likely to change in the future as and when our recorded data has been processed.


Wheel stepping
Unlike the German Enigma machine, the M-130 features irregular wheel stepping, very similar to the M-125 (Fialka). If we number the wheels from left to right (1-5), the middle wheel (3) always makes a single step upwards on each key-press. The outer two wheels (1 and 5) also move up, but the remaining wheels (2 and 4) move down. Irregular stepping is controlled by 2 pin-wheels at either side of the coding discs. This is illustrated by the drawing below:


Stepping of cipher wheel 1 is controlled by pin-wheel 2. Stepping of cipher wheel 2 is controlled by pin-wheel 1, as indicated by the red arrows at the bottom. At the right hand side, pin-wheel 3 controls the stepping of code wheel 5, whilst pin-wheel 4 controls the stepping of code wheel 4. The pin-wheels are sensed by a small lever below the wheel.

The image on the right shows a close-up of the leftmost pin-wheels (1 and 2). They can be removed by unlocking its axle with a pin at the left. Although the order of the pin-wheels was never changed, the position of the pins could be changed by a service technician.

Each pin-wheel has a different number of steps in order to maximize the total period of the machine (i.e. the number of steps before the sequence is repeated). The number of steps on each pin-wheel is always a relative prime to the 30 contacts on each cipher wheel.
  

The four pin-wheels always make a single step on each key-press and they always move up (when viewed from the font). Whenever a pin is present at a certain position on the wheel, the sensing lever at the bottom of the wheel is pushed down. This in turn pushes down a metal arm that disables the wheel stepping of the mating code wheel. Movement of all wheels is controlled by a single axle mounted to the rear of the wheels. The timing of the machine is controlled by the position of a series of cams on that axle, much like the camshaft of a car engine.


The illustration above shows the stepping mechanism viewed from the top of the machine, after removing all wheels. The camshaft (C) is towards the top of the drawing. The position of the cams also controls the stepping direction of each wheel. It is clearly visible in the drawing above that the position of the stepping arms of code wheels 2 and 4 is different from the rest.


The pin-wheels can be reset to their neutral position (00) by pusing a lever (R) to the rear and using the crank (inserted at the right of the machine) until all four wheels have stopped. This process is called zeroizing. Pressing (R) in fact rotates the zeroize axle (Z) by several degrees. As a result, four notches on this axle (N) will move forward and catch a cut-out in the circumfere of the pin-wheels (see above). The crank should be operated until all pin-wheels are at 00.

The five coding wheels on an axle
The five coding wheels on an axle
The five coding wheels
Leftmost stepping wheels
Rightmost stepping wheels
Pin-wheel sensing levers
Crypto unit with the 5 coding wheels
Close-up of the stepping mechanism
The five coding wheels
Crank
Crank
Another view of the stepping levers
M-130 without the top lid
E
×
E
1 / 16
The five coding wheels on an axle
E
2 / 16
The five coding wheels on an axle
E
3 / 16
The five coding wheels
E
4 / 16
Leftmost stepping wheels
E
5 / 16
Rightmost stepping wheels
E
6 / 16
Pin-wheel sensing levers
E
7 / 16
Crypto unit with the 5 coding wheels
E
8 / 16
Close-up of the stepping mechanism
E
9 / 16
9 / 16
E
10 / 16
The five coding wheels
E
11 / 16
11 / 16
E
12 / 16
12 / 16
E
13 / 16
Crank
E
14 / 16
Crank
E
15 / 16
Another view of the stepping levers
E
16 / 16
M-130 without the top lid

Setting the cryptographic key
Setting the cryptographic key was done in several stages, based on the so-called key sheets. These were perforated paper blocks with the key settings for several weeks in advance. Three different types of keys were marked:

  1. Patch key
  2. Weekly key
  3. Daily key
The patch key (1) defined the wiring of both patch panels to the left of the crypto unit. It is currently unknown how often the patch key was changed. The Germans called it the Decade Key, but this only refers to the number of wires on each patch panel (10).

The weekly key consisted of rewiring each of the five cipher wheels. For that, each wheel had to be opened and the internal wiring pins had to be reconfigured carefully. This was a difficult task with many chances for making mistakes.

Inside a cipher wheel, each wire is soldered directly to the wheel at one end, whilst the other end has a numbered pin. This pin can be inserted in one of the numbered holes inside the wheel. The image on the right shows the interior of a cipher wheel, with pins 01 and 25 clearly visible. More detailed images below.
  

Once all cipher wheels were rewired, the wheels were closed and were mounted on the shaft in a prescribed order. It is currently unknown whether the wheel order was part of the weekly key or whether it was changed daily. Changing it only once a week, would reduce crypto security.

Before going live with freshly rewired wheels, the operator first had to check whether the wiring was correct. This was done by encrypting two simple five-letter groups (12345 67890) on the main machine and decrypting it on the spare one. If the output matched, the wiring was assumed to be correct. If it failed, all five wheels had to be disassembled again [3].

The daily key consisted of setting the start positions of the five cipher wheels. The numbers on the key-sheet, e.g. 28 22 10 26 07 had to be aligned with a metal ruler in front of the wheels. It is currently unknown whether the pin-wheels at the sides were given a unique starting position as well, or whether they were always restarted at 00.

Patch panel
Coding wheel with the cover loosened
Opening a coding wheel
Revealing the interior of a coding wheel
Top view of the interior of a coding wheel
Fitting a pin
Close-up of the contact pins inside the coding wheel
Raising the ruler
F
×
F
1 / 8
Patch panel
F
2 / 8
Coding wheel with the cover loosened
F
3 / 8
Opening a coding wheel
F
4 / 8
Revealing the interior of a coding wheel
F
5 / 8
Top view of the interior of a coding wheel
F
6 / 8
Fitting a pin
F
7 / 8
Close-up of the contact pins inside the coding wheel
F
8 / 8
Raising the ruler

Summarising, the following cryptographic variables can be set:

  1. Patch panels
  2. Wheel wiring
  3. Wheel order
  4. Start position of the cipher wheels
  5. Start position of the pin-wheels
Non-crypto version
The M-130 was also available as a non-crypto version, which was in fact the simple teleprinter machine it was based on. The exact module number of this teleprinter is currently unknown, because it is not engraved on the type plate of the surviving machines we have seen so far.

The non-crypto version was used for local weather reports (that did not require encryption) and, more importantly, to relay pre-encrypted weather reports over long distances, where the intermediate operator(s) did not need to know the contents or the nature of the message.

In the non-crypto version, the crypto-unit was replaced by a 'dummy' unit, consisting of a metal plate with a connector. The contacts of the connector were wired in such a way that the input to the crypto-unit was connected directly to the output (simulating plaintext mode).
  

A non-crypto version could easily be converted into a full M-130, simply by mounting a suitable crypto-unit instead of the dummy plate. The crypto-unit would connect directly to the forementioned connector, and all data was automatically re-routed through the crypto-unit.


The diagram above shows how relaying via simple non-crypto M-130 machines might have worked for long-distance transmissions. At the left is the originator of the report. The message (P) is encrypted with the daily key and then sent (C) to the first station. As this station has a non-crypto version of the M-130 (called T-130 here), he can not decrypt it but simply passes it on (C) to the next station and so on, until it finally reaches the M-130 at the far end where it is decoded.


Documentation
  1. M-130 (KORALL) circuit diagram
    Paul Reuvers, Crypto Museum, 2014.

  2. Connection block between cipher unit and teleprinter
    Paul Reuvers, Crypto Museum, 2014.
References
  1. Peter Klampferer, Owner of the M-130 featured on this page
    Interview with Crypto Museum, Austria, July 2011.

  2. Jörg Drobick, Wetterchiffriergerät M-130 KORALLE
    Website: Der SAS- und Chiffrierdienst (SCD), German.

  3. Zentrale Flugwetterwarte, Meteorologischer Dienst der LSK/LV
    Website of the Weather Service of the former DDR, German.

  4. Jörg Drobick, CM-1 VASILEK Chiffriergerät
    Website: Der SAS- und Chiffrierdienst (SCD), German.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Wednesday 03 August 2011. Last changed: Monday, 17 April 2023 - 12:22 CET.
Click for homepage