Click for homepage
← Philips
Aroflex II →
Aroflex   UA-8116
Rapid offline encryption device

Aroflex was an electronic off-line cipher machine, developed between 1976 and 1982 by Philips Usfa in Eindhoven (Netherlands) for NATO and government organisations. Aroflex is also known as UA-8116 and BID/1100, and features a highly secure dedicated cryptologic. A less-secure version was known as T-1000/CA or Beroflex. In all, more than 4500 machines were produced.

The device consists of a Siemens T-1000 tele­printer, with a Crypto Module mounted at the bottom. In the image on the right, the crypto unit is visible as a low-profile black cabinet, with a red push-button and two physical locks. One lock is used for the INSERT key whilst the other one is for the SPECAT key (both inserted here).

The red push-button, in between the keys, is the so-called ZEROIZE-button. It should be pressed when security is compromised, and ensures that all cryptographic keys are purged. It renders the machine useless until new keys are loaded.
Philips Aroflex

Aroflex was a highly automated encryption/decryption machine for rapid, reliable and efficient off-line operation. It could also be used as a stand-alone message tape preparation unit. Some machines were equiped with appropriate interfaces to allow them to be connected directly to the line. The T-1000 could be operated at 50, 75 and 100 baud on-line, and 100 baud off-line.

The NATO version of Aroflex is crypto compatible with other NATO CEROFF equipment, such as RACE and Picoflex. It complies with the the symmetrical ACP 127 standard [8]. The plaintext is converted into 5-letter groups, with 10 such groups on each line. Aroflex can store upto 6 pages (with 120 lines of 10 crypto groups each) in its internal RAM. The name Aroflex is derived from Automatic Rapid Offline Encryption Device. In 1993, it was succeeded by Aroflex II (T-1285/CA).

Philips Aroflex seen from the front Philips Aroflex Philips Aroflex Security keys Keyboard with tape reader and Crypto Module Tape puncher
1 / 6
Philips Aroflex seen from the front
2 / 6
Philips Aroflex
3 / 6
Philips Aroflex
4 / 6
Security keys
5 / 6
Keyboard with tape reader and Crypto Module
6 / 6
Tape puncher

The diagram below provides an overview of the features of the Aroflex. The machine is based on a standard Siemens T-1000 teleprinter, which is used here as an input/output device, and for connection to the teleprinter line. The actual Crypto Module that was added by Philips, is housed in the black tray at the bottom. It is powered by, and interfaced directly to, the T-1000 circuitry.

Click to see more

The Crypto Module has only one switch – the red ZEROISE button – that should be pressed in case of an emergency. It purges all keys and renders the machine useless until new keys are loaded. In addition there are two physical locks that protect the cryptographic key compartments. All other functions of the Crypto Module are controlled via the function buttons above the keyboard.

  • Aroflex
    The primary version of the machine is known as Aroflex. It was developed especially for NATO and offers the highest possible security. This version was marketed by Philips.

  • Beroflex
    This is the same device as Aroflex, but with a lower security grade and has a different cryptoheart. It was intended for diplomatic traffic, and was marketed by Philips. With the right means, it was possible to break this version.

  • T-1000/CA
    This version the same as Beroflex, but intended for the civil market. This version was marketed by Siemens as the T-1000/CA. Like Beroflex, it is exploitable.

  • Turkey
    This is basically a Beroflex, but with enhanced security. It was made by Philips, especially for Turkish diplomatic traffic. It was exploitable with a special device.

  • Chinaflex
    This version was made expecially for China. It is basically a Beroflex, but has the signature of an Aroflex. It was never taken into production.
Furthermore, there were numerous variants of some versions (Aroflex, Beroflex and T-1000/CA). For example: each country received a slightly different cryptographic algorithm for its diplomatic traffic. This way, a country could not read the traffic from another country, even when the keys were known. Within NATO, all members had access to the same Aroflex version. The differences are determined by the choice of crypto heart, the mixer board and the firmware (in EPROMs).

In addition to the variants, there were also a number of options, such as line-connected mode (online), customer-unique key generators and variations in operation. Such options were mostly software-based and required swapping of some of the EPROMs on the memory board.

Some versions of the machine were readable 1 by the intelligence services. This means that, with the appropriate amount of processing power, the cipher could be broken. Generally speaking, all Aroflex models were unreadable, which means they were secure. As far as we know, there are no documentated cases of broken Aroflex traffic. In principle, all Beroflex models were readable.

There were two basic types of cryptoheart: Aroflex and Beroflex. In the Aroflex one, the secure Philips OQ4406 encryption chip is used. But in the Beroflex cryptoheart, the exploitable OQ4407 is used. The algorithm of the latter is substantially weaker than that of the OQ4406 and could be broken with the right means, exploiting redundancy in the encyphered message preamble [13].

The cryptograms produced by the T-1000/CA machines, typically exhibit bias in the enciphered message preamble, an un­necessary shortcoming by design. This was certainly known by the intelligence agencies of other (friendly) countries. It would typically involve solving a set of binary equations, an exponentially large number of times, a task that was not trivial at the time [13].

Special purpose device
In 1977, under the direction of Vice Admiral Frits Kruimink, and with help from Philips Research (NatLab), the Dutch Naval Intelligence Service (MARID) developed a special chip that was capable of solving the binary equations approx. 2500 × faster than a regular computer, by using parallel processing. It allowed them to break the OQ4407-based cryptologic of the T-1000/CA (Beroflex) in minutes rather than months. It typically took around 30 minutes to break a message [14].

The special chip was placed inside a (confidential) special purpose device, that was supplied to a number of partner intelligence organisations, including the United States and the members of the MAXIMATOR allience: the UK, Sweden, Denmark, Germany, France and the Netherlands. It allowed them to monitor the diplomatic traffic of several non-NATO countries for many years.

The Turkish Foreign Office
After Aroflex had been fielded to all NATO countries — around 1983 — the Turkish Government wanted to use the same machines for its Foreign Office — in particular for communication with its embassies — as a replacement for its vulnerable SAGEM CPPM systems. This was not allowed, as Aroflex was a NATO-only machine, so the Siemens T-1000/CA civil version was offered as an alternative. The Turks rejected it as they probably knew (or guessed) that it was weaker.

The CIA asked Siemens – which marketed the T-1000/CA – to create a special version for Turkey that was stronger (but still exploitable), but Siemens declined as they had no control over the cryptologic — that was Philips' responsibility. CIA then turned to Philips and Dutch intelligence, who agreed to cooperate. A special variant of T-1000/CA (Beroflex) was made, that had the signature of a real Aroflex, but was in reality just as weak as any other T-1000/CA (Beroflex).

The Turkish machines were fielded from mid-1988 onwards. Although they could not be exploited with the special purpose device, the increased computing power of the late 1980s allowed it to be solved by other means, as a result of which they were fully readable [12].

CIA arranged that this information was kept from the German intelligence service BND, probably to 'punish' them for not cooperating with their earlier request. For the remainder of the Cold War, the German cipher authority ZfCh was unable to ready the Turkish diplomatic traffic [12].

  1. In this context, readable means that the cipher can be broken with the right means. Also known as friendly or exploitable. In contrast: a cipher that can not be broken, is known as unreadable, unfriendly or secure.

Aroflex and Beroflex crypto hearts

Aroflex   Philips
The basic version of Aroflex was developed especially for NATO, as a replacement for the ageing American TSEC/KL-7 (AFSAM-7). It was introduced in 1982, and offers the highest level of security. It was regarded as unbrekable.

The core cryptographic alogorithm is housed in a so-called cryptoheart that contains custom chips that had been developed by Philips especially for this purpose. A genuine Aroflex cryptoheart has a single 16-pin DIL connector at the edge, by which it is connected to the mixer board.
Genuine Aroflex cryptoheart (cryptologic)

Beroflex   Philips
Beroflex is basically an Aroflex with reduced security. It features the same basic hardware, but has a different cryptoheart and mixer board. A Beroflex cryptoheart can be recognised by the two 16-pin DIL connectors at the edge of the card, whereas a real Aroflex cryptoheart has one.

The interior of the cryptoheart are different – it uses a different type of chip – but this is invisible to the naked eye, as the cryptoheart is cast in a strong two-component substance.
Aroflex mixer-board and crypto-module

T-1000/CA   Siemens
T-1000/CA is the civil version of Aroflex. It has a Beroflex cryptoheart with matching mixer board, and suitable firmware in EPROMs. This version was marketed exclusively by Siemens in München (Germany). It was approved for export.

With the right means – a special chip that was made by Philips – this version was readable.

The name T-1000/CA is derived from the name of the teleprinter (T-1000) on which it is built, suffixed by 'Cryptographic Application' (CA).

Aroflex mixer-board and crypto-module

Around mid-1988, Turkey started using a special version of the machine for its diplomatic traffic. Although they wanted a genuine Aroflex, this was refused, as Aroflex was for NATO only.

The only option was Beroflex, but Beroflex was readable. At the request of the US intelligence services (CIA, NSA), Philips then made a special variant of the Beroflex cryptoheart that could not be broken by other intelligence services. To read the Turkish traffic, a special device was needed.

Turkish Beroflex cryptoheart

In 1989 the Chinese became interested, and wanted to order Aroflex machines from Philips. But Aroflex was NATO-only, so Philips offered them a Beroflex variant, which was demonstrated to them at the Philips offices in Hong Kong.

But the Chinese immediately recognised, from the signature of its output, that this was not Aroflex, and pressed for the real deal. Engineers at Philips then modified a Beroflex cryptoheart in such a way that it appeared to be a real Aroflex.

More information will be revealed later.
Chinaflex prototype

Genuine Aroflex cryptoheart (cryptologic) Genuine Aroflex mixer board Aroflex and Beroflex crypto hearts Chinaflex cryptoheart aside a Beroflex cryptoheart Chinaflex cryptoheart - top view Chinaflex prototype Modifications on the Chinaflex cryptoheart Memory board
1 / 8
Genuine Aroflex cryptoheart (cryptologic)
2 / 8
Genuine Aroflex mixer board
3 / 8
Aroflex and Beroflex crypto hearts
4 / 8
Chinaflex cryptoheart aside a Beroflex cryptoheart
5 / 8
Chinaflex cryptoheart - top view
6 / 8
Chinaflex prototype
7 / 8
Modifications on the Chinaflex cryptoheart
8 / 8
Memory board

In 1974, NATO wanted to replace the ageing American TSEC/KL-7 cipher machine, also known as AFSAM-7 and by the procedure names ADONIS and POLLUX. Under the evaluation name CEROFF, several manufacturers were invited to enter the bidding contest. Aroflex was Philips' contribution. Another entry was RACE — later: KL-51 — from the Norwegian manufacturer STK (now: Thales).

When designing Aroflex, Philips chose to use an existing teletype machine (telex) as its basis, and expand it with a cryptographic add-on. After dismissing AEG and PTI as possible partners in the project, they finally settled for the Siemens T-1000. It was a modern telex machine which offered unparalleled expansion possibilities.

The disadvantage of the T-1000 was the open construction, which caused unwanted emission of radio signals (EMC). It took an enormous effort by both Siemens and Philips, to make the combined machine EMC and TEMPEST proof [4].
KL-51 (RACE) with open lid and expanded paper holder

The outcome of the NATO CEROFF bidding match was inconclusive and ended in a remittance between Aroflex and the Norwegian RACE. NATO chose for a split-procurement and left it to the end-user to decide what equipment to order. As a result, Philips allowed RACE to use the Aroflex algorithm, making the machines interoperable [4]. Eventually, Aroflex turned out to be the more popular machine in Europe and Canada [5], whilst the more robust RACE was adopted by the US.

During the Cold War, Aroflex, or actually the Siemens T-1000CA, was researched extensively by the Russian KGB and the East-German Ministerium für Staatssicherheit (MfS, Stasi). In 1982 or 1983 they managed to get hold of a machine that had mysteriously disappeared from a show. In 1986/1987, Department XI of the Stasi spent 30% of its capacity on targetting the machine. They tried to exploit the machine's unwanted emanations (TEMPEST), but were not successful [6].

Although they didn't manage to break the machine, they had a constant supply of keylists from someone at NATO. It was the same person who had supplied them with the ELCROTEL keylists from 1972 onwards [7]. Although this means that the key was compromised, it does not mean that the machine was compromised as well. As far as we know, Aroflex was never broken.

PSU voltaged checker CPU tester
Punched tapes for testing
Power checker
This small unit was used by Philips and Siemens to quickly test the voltages inside the Aroflex. The unit consists of a small PCB that is potted in epoxy inside a black plastic enclosure, with six red LEDs at one side. Each LED represents a voltage or a signal. The other side has a 16-pin header that plugs into an internal socket.

The diagnostics unit was known by its National Stock Number NSN 6625-12-179-5010. The Siemens designator was S22711-P105 GS1. When unused, it was stored in a wooden box.
Aroflex diagnostics tool

CPU diagnostics kit
For a more comprehensive diagnosis, a large aluminium storage case with a number of tools and spares was avilable. The most important part of the kit, was the special UA-8494/0x Aroflex Tester, shown in the image on the right.

It can be installed on the die-cast frame of the Aroflex Crypto Module, and is connected to all circuit boards by means of short ribbon cables.

 More information

Aroflex Field Set Set

Punched test tape
For maintenance and repair, a series of test tapes was available. It allowed recurring tests, such as printing the alphabet or entering a test key, to be automated.

To ensure that the tapes would not wear out after a while, the were commonly made of mylar rather than paper. The image on the right shows examples of an original Aroflex test tapes.
Two Aroflex test tapes in storage box

Wooden box with Aroflex power test unit Inside the wooden box Aroflex diagnostics tool Aroflex diagnostics tool LED on the Aroflex diagnostics tool Complete Aroflex diagnostics kit in aliminium storage case Aroflex Field Set Set Punched mylar tape with Aroflex test sequence
1 / 8
Wooden box with Aroflex power test unit
2 / 8
Inside the wooden box
3 / 8
Aroflex diagnostics tool
4 / 8
Aroflex diagnostics tool
5 / 8
LED on the Aroflex diagnostics tool
6 / 8
Complete Aroflex diagnostics kit in aliminium storage case
7 / 8
Aroflex Field Set Set
8 / 8
Punched mylar tape with Aroflex test sequence

Key setting
Aroflex can store upto 26 keys:
  • 23 keys for 'ordinary' traffic.
  • 2 SPECAT (Special Category) keys (see note below).
  • 1 for encryption/decryption of the system indicators (i.e. the serial numbers of each key).
A new key is easily entered and takes the following steps:
  • Place the INSERT-key in the leftmost lock and turn it clockwise.
  • Enter the number of the required key store (address).
  • Enter (from key list): serial number of the key, keying variables and check word.
  • Remove the INSERT-key.
The two SPECAT keys can only be entered and/or used if the physical SPECAT-key is entered in the rightmost lock and turned clockwise.

As an alternative to the above procedure, it was also possible to enter the keys via a paper tape that was read by the built-in tape reader. In addition, the crypto unit has a special connector through which the keys can be entered using a 'key filler' or a 'key gun'.

Click to see more

For information about the Siemens T-1000 teleprinter, please refer to the section on telegraphy equipment (telex), elsewhere on this website. The following is about the Aroflex Crypto Module, which is bolted to the bottom of the basic T-1000 teleprinter, by means of eight hex bolts.

Put the Aroflex machine on its left side. Loosen the hex bolts (do not removed them), so that the hinged Crypto Module can be lowered, as shown in the image on the right. The Crypto Module consists of a die-cast aluminium frame with two compartments and an unused square cut-out.

The small compartment at the front left contains the key-locks, the ZEROISE button, an indicator LED and three DIN sockets. It is connected to the large compartment at the rear, by means of a 16-way ribbon cable. This compartment also holds the backup battery and a tamper switch.
Crypto Module mounted hinged at the bottom of a T-1000

The tamper switch is located at the front right corner of the compartment. It is activated when the Crypto Module is lowered (as shown in the image above) and causes any keys that are held in the machine's RAM, to be purged — actually it cuts the power from the backup battery to the RAM.

The large compartment at the rear, holds the actual encryptor. It consists of 4 printed circuit boards (PCBs) plus a confidential cryptoheart.

At the left is the interface board, part of which is for processing analogue signals. It is connected to the T-1000. At the right is the memory board, which contains 8 EPROMs that hold the firmware. The contents of the EPROMs are confidential. At the centre is the mixer board. It adds each letter from the plaintext with a letter produced by the internal – pseudo – random number generator, using modulo-2 addition, also known as XOR.
Processor board (CPU)

At the far end is the CPU board, which is built around an 8080 microprocessor. It is interfaced to the other boards by means of six short ribbon cables; two for each of the other boards. These cables carry the 8-bit data bus and the 16-bit address bus of the Intel 8080 microprocessor [11].

At the centre of the Crypto Module, just in front of the mixer board, is the actual cryptoheart, or cryptologic. It contains several custom-made chips that together form the cryptographic algo­rithm. Depending on the version of the machine, the cryptoheart is connected to the mixer board via one ribbon cable (Aroflex) or two (Beroflex).

The cryptoheart is in reality a PCB of which the chips have been cast in a strong two-component substance, to hide them from prying eyes. The cryptoheart of a genuine Aroflex contains 12 chips, eight of which are of the type OQ-4406.
Genuine Aroflex cryptoheart (cryptologic)

The cryptoheart of a Beroflex (and T-1000/CA) contains 10 chips, eight of which are of the type OQ-4407. The prefix 'OQ' indicates that these are custom-made chips for internal Philips-use only. They were not available to other customers. The two chips are pin-compatible, but the internal circuits are completely different. The OQ4407 is exploitable, whilst the OQ4406 is not.

But even with the OQ4407 in place (Beroflex), breaking was not straightforward. The exploit was designed in such a way that it was difficult to handle in software, but easier with dedicated hardware. So, Philips developed another special chip that was needed when breaking the cipher.

The functionality of the Aroflex machine, i.e. the firmware, was contained in 8 Erasable Program­mable Read-Only Memory chips, or EPROMs, that are located on the memory board. They are visible in the image on the right. The customer-specific variant is also defined in these EPROMs.
Memory board

The Crypto Module is powered directly by the T-1000 teleprinter, via one of the ribbon cables on the interface board. These ribbon cables also pass data from the teleprinter to the encryptor and vice versa. No other connections are needed. The T-1000 teleprinter itself has a rather 'open' design. Due to the lack of shielding, it was difficult to suppress unwanted emanations (TEMPEST).

Releasing the Crypto Module Crypto Module open Crypto Module mounted hinged at the bottom of a T-1000 Wiring to the T-1000 teleprinter Crypto Module interior Processor board (CPU) Front panel controls, connections and backup battery Tamper switch
Interface board Genuine Aroflex mixer board Memory board Genuine Aroflex cryptoheart (cryptologic) X-ray of Aroflex crypto heart X-ray of Beroflex crypto heart (T-1000/CA)
1 / 14
Releasing the Crypto Module
2 / 14
Crypto Module open
3 / 14
Crypto Module mounted hinged at the bottom of a T-1000
4 / 14
Wiring to the T-1000 teleprinter
5 / 14
Crypto Module interior
6 / 14
Processor board (CPU)
7 / 14
Front panel controls, connections and backup battery
8 / 14
Tamper switch
9 / 14
Interface board
10 / 14
Genuine Aroflex mixer board
11 / 14
Memory board
12 / 14
Genuine Aroflex cryptoheart (cryptologic)
13 / 14
X-ray of Aroflex crypto heart
14 / 14
X-ray of Beroflex crypto heart (T-1000/CA)

As discussed in the previous section, there were two basic versions of the cryptoheart — the part that contains the cryptographic algorithm in hardware. Note that in some documents, this part is referred to as cryptologic, or key generator. As the contents of this unit are normally invisible — the cryptoheart is potted in a strong cream substance — we have provided some x-ray images:

The Aroflex cryptoheart can be recognised by the single 16-pin DIL socket at the upper edge. Via a short ribbon cable, this socket is connected to the mixer board at the centre of the device.

Inside the potted section, are 12 integrated circuits (ICs). The rightmost eight of these (the ones with the dark centre) 1 are the OQ4406.

At the time, this chip was assumed to be secure (unreadable). This version of the cryptoheart is used in all NATO machines and in some country-specific versions. It was also used in the Aroflex machines of the Dutch police and of the German intelligence service BND.
X-ray of Aroflex crypto heart

The Beroflex cryptoheart can be recognised by the two 16-pin DIL sockets at the upper edge. It is connected to the mixer board by means of two short ribbon cables, which implies that the mixer board is different from the Aroflex one.

Inside the potted section are 10 ICs, the leftmost eight of which (the dark ones) 1 are the OQ4407. This is the exploitable version of the chip.

The Beroflex cryptoheart is used in machines that were listed in internal Philips documents as 'Beroflex machines'. It is also used in the civil Siemens T-1000/CA. The cryptohearts of the Turkish and Chinese machines, are also based on a (modified) Beroflex cryptoheart.

X-ray of Beroflex crypto heart (T-1000/CA)

  1. Note that the substrate of the special crypto chips can not be penetrated by x-rays, which is why they are darker than the rest. This was done to make it less easy to explore (and compare) their contents.

In 2009 we discovered a series of black & white photographs that were considered to have been lost when Philips Crypto BV was dissolved in 2003. The pictures show detailed images of the various assembly stages of the Aroflex. They were probably created for the service manual.

The image on the right shows an exploded view of the Aroflex' crypto add-on. It consists of four PCBs and a crypto-unit. The narrow board at the top left is the processor board. It contains an 8080 microprocessor and connects to the other boards via 6 flat-cables with 16 lines each.

The three boards in the middle are (from top to bottom) the memory-board, the mixer-board and the interface-board. The latter also contains the switched-mode power supply unit. All the voltages needed for the electronics are derived from a single 24V source inside the T-1000.
Exploded view of the critial Aroflex components

The small grey rectangle at the right is the crypto-module, also known as the crypto-heart. It contains a number of custom chips and was classified as confidential at the time. All units are connected together by means of a series of short flatcables, with plugs that fit into an IC socket.

Compatible machines
Race   KL-51
Aroflex was not the only machine that took part in the NATO bidding for CEROFF. In fact, the evaluation was inconclusive and listed both Aroflex and the Norwegian RACE as winners.

As a result, Philips made the Aroflex algorithm available to STK, who subsequently implemented it in RACE. Although in practice Aroflex was the real winner, with most machine sold, RACE was adopted by the US as the KL-51.

 More information

KL-51 (RACE) with open lid and expanded paper holder

Picoflex   UA-8035
For other NATO bidding races in 1976, known as MERCS and CALL SIGN, Philips developed the portable and modular Picoflex in co-operation with Telefunken. It was crypto compatible with Aroflex and could be used over standard PSTN telephone lines and via radio.

Picoflex was introduced in 1982, but only modest quantities were built over the years.

 More information

Pico flex with acoustic coupler

Similar machines
The Siemens T-1000 teleprinter that was used as the basis for the Aroflex design, was arguably one of the most popular and flexible teleprinters ever. Compared to contemporary competitors, it was relatively compact and service-friendly. Furthermore, it had provision for using it as an input/output (I/O) device for other systems. Apart from Aroflex, it was used as the basis for:

Crypto AG — HC-550
In 1983, shortly after the introduction of the Aroflex, Siemens allowed Crypto AG (Hagelin) in Switzerland to use the T-1000 teleprinter as the basis for their new cipher machine, the HC-550.

Like with Aroflex, the cipher unit is added as a black tray at the bottom. It is not compatible with Aroflex however. At that time, Crypto AG was jointly owned by the CIA and BND, and the machine was aimed at diplomatic users [12].

 More information

Hagelin HC-550 cipher machine

Around 1984, the small German company Tele­Security Timmann (TST), came up with a simpler solution that did not require a cipher unit to be bolted to the bottom of the T-1000 telex.

TST used an adapted version of its universal encryptor TST-9669, to replace the Leitungs-Anpassungs-Teil board (LAT or line adapter) inside the T-1000 teleprinter [9]. At the time, TST was under control of the German BND [12]. The device is not compatible with Aroflex.

 More information

TST-9669 board inside Siemens T-1000. Image from TST company brochure. Click fur further details.

Customer versions and variants
To keep track of the various (incompatible) Aroflex and T-1000/CA versions and variants, Philips used a complex scheme of model numbers, version designators and internal 12NC numbers. Generally speaking, most Aroflex machines were identified as model UA-8116, and the version designator (e.g. '/02') denoted the actual variant and, hence, the crypto-logic. In addition, some machine were given a completely different model number. These models are currently known:

Model Philips ID Customer Remark CL 1
UA-8116/00       A
UA-8116/01       A
UA-8116/02   NATO Ministry of Defense A
UA-8116/03       A
UA-8116/04   Government Austria, Switzerland, Italy, France A
UA-8116/05   GEC    A
UA-8116/06   NATO, SHAPE No SPECAT function A
UA-8116/09 4322 082 71300 Dutch Police Politieflex 2 A
UA-8116/10 4322 082 71500 Turkey Gov. Modified Beroflex UA-8489/01 T
UA-8116/50   Austria   A
UA-8116/51   BND   A
UA-8134/00   Civil T-1000/CA B
UA-8138/00 4322 082 72550 Philips Concern T-1000/PC B
UA-8139/00 4322 082 72500 Hong Kong T-1000/PH T
Cryptoheart   Key Generator
UA-8486/00   NATO, etc. Aroflex Crypto Module A
UA-8489/00   Siemens Beroflex, T-1000/CA B
UA-8489/01   Turkey Araboflex, T-1000/PH T
UA-8489/02   DBP DBPflex (Deutsche Bundespost) D
?   China Modified Beroflex cryptoheart C
UA-8473/00 4322 081 79740 NATO Battery set (replaced)  
UA-8485/00 4322 081 79740 NATO Key generator  
UA-8494/02   NATO Field Test set  
UA-8498/10 4322 082 71560 Turkey Test set  
UA-8510/09 4322 082 71550 Turkey Key generation program  
UA-8511/10   NATO Case for Test Set  
UA-8513/00 4322 081 82600 NATO Battery set  
UA-8520   NATO Exerciser (depot repair)  
  1. Cryptologic (cryptoheart). A = Aroflex, B = Beroflex, C = Chinaflex, T = Turkey.
  2. Special Aroflex variant for the Dutch Police. Not compatible with the NATO version.


AEG   Algemeine Elektricitäts Gesellschaft
Former German manufacturer of electronic equipment and components. Started co-operation with Telefunken in 1967 and with Siemens in 1969, trading as AEG Telefunken. More...
CEROFF   Cipher Equipment Rapid Off-Line
Code name of a NATO evaluation in 1974 to find a replacement for the ageing KL-7 cipher machine. Examples of CEROFF compatible equipment are Aroflex, RACE (KL-51) and Picoflex.
NATO   North Atlantic Treaty Organization
(Wikipedia) (Website)
PTI   Philips Telecommunicatie Industrie
Former Philips subsidary specializing in telecomminication solutions.
RACE   Rapid Automatic Cryptographic Equipment
Acronym used for the NATO KL-51 cipher machine that was used for NATO CEROFF communication alongside the Philips Aroflex. RACE was manufactured by Standard Telefon og Kabelfabrik A/S in Norway.
SHAPE   Supreme Headquarters Allied Powers Europe
Headquarters of the Allied Command Operations (ACO), one of NATO's two strategic military commands. (Website)
SPECAT   Special Category
ZEROIZE   General expression for deleting the cryptographic keys and other variables from an encryption device in case of a compromise or seizure.

  1. Aroflex Brochure
    Philips Usfa. April 1979. 4 pages.

  2. Aroflex Operating Instructions
    Philips Usfa. 13929-E-0581. May 1981. 50 pages. Restricted.

  3. Aroflex Operating Instructions
    AMSO-762(A). September 1987. 66 pages. NATO Confidential.

  4. Aroflex Crypto Equipment UA8116 series. Narrative Description Part 1: Text
    13928-E-0381. March 1983. 33 pages. Confidential.

  5. Aroflex Illustrated Parts List
    AMSM 765. August 1985. NATO Restricted.

  6. Aroflex Illustrated Parts List for Crypto Module UA-8486/02
    Philips Usfa. January 1987. 56 pages. NATO Restricted.

  7. Algemene beschrijving Aroflex (Global description, Dutch)
    Philips Usfa. Document 13813-N-1182. Date unknown. 10 pages.

  8. Aroflex Extended Functional Test
    Shape Contract SHNMO 80-9017. November 1980. 41 pages. Restricted.

  9. Aroflex, Description of Key Generator
    13928-E-0381. March 1981. 22 pages. Secret.

  10. Aroflex Key Generator description
    Information for interfacing key generator UA-8485/00 as used in UA-8116/02 and UA-8116/06. July 1982. 36 pages. NATO Confidential.

  11. Aroflex Key-Manufacturing Program UA-8510
    Operating instructions. October 1981. Confidential.

  12. Goedkeuringsdocument AROFLEX
    Approval document Aroflex (Dutch). Ongerubriceerd. 1
    CM-303266. VBV 92002(A), Nummer 2.
  1. Unclassified.

  1. Philips Usfa BV, Aroflex promotional photograph
    Crypto Museum Archive.

  2. Philips Usfa BV, Aroflex internal assembly photographs
    Crypto Museum Archive.

  3. Jane's Military Communication 1986
    ISBN: 0-7106-0824-1

  4. Philips Usfa, Internal Memo L/5636/AvdP/JG
    23 August 1982, page 5.

  5. Museum pages of Canada's Foreign Service Communicators
    RACE: Rapid Automatic Cryptographic Equipment

  6. Jörg Drobick, KGB and MfS research of the Siemens T-1000-CA ELCROTEL.
    Website: Der SAS- und Chiffrierdienst (SCD). German. Retreived Augus 2011.

  7. Bode Wegman, Militäraufklärung der NVA, der Geheimdienst der NVA
    ISBN 3-89574-580-4. p. 217-218.

  8. Combined Communication-Electronics Board, Tape Relay Procedures
    ACP-127(G) Standard. November 1988.

  9. Helmut 'Jim' Meyer, HS0ZHK, My way to Ham - Radio and beyond
    Website QRZ.COM. Personal correspondence. March 2015.

  10. H.P. Kraan, Overzicht Aroflex
    Aroflex Overview (Dutch). Internal Memo UNB 20-23- 5180. 7 April 1986.

  11. Wikipedia, Intel 8080
    Retrieved january 2020.

  12. Crypto Museum, Operation RUBICON
    February 2020.

  13. Cees Jansen, Former Philips Cryptographer - Interview at Crypto Museum
    December 2019.

  14. Huib Modderkolk, Nederland luisterde dankzij superchip jarenlang landen af
    De Volkskrant, 20 February 2020.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Wednesday 05 August 2009. Last changed: Friday, 08 May 2020 - 21:04 CET.
Click for homepage