Click for homepage
Russia
FSB
GRU
  
M-427   DERVISH
Ofline text encryptor - wanted item

M-427, codenamed DERVISH (Russian: ДЕРВИШ), is an online/offline encryption device for text-based messages, developed around 2000 in Russia. The device allows secure communication over fixed networks, such as analogue PSTN telephone lines and ad-hoc military field lines, as well as mobile radio communication networks. The RAZBEG (РАЗБЕГ) encryption algorithm uses a 512-bit key that is held in a K1634DK4 (К1634ДК4) key storage device that is inserted into the device.

The device is housed in a grey hamerite metal enclosure and consists of two parts: (1) a base unit that contains the electronics, a keyboard, a 5-level tape reader and a receptacle for a key storage device, and (2) a hinged display that can be folded down like on a laptop computer.

The keyboard layout is Cyrillic as well as Latin (QWERTY), whilst the tape reader is suitable for 5-bit punched paper tape in the CCITT-2 (ITA-2) standard, or the Russian variant MTK-2. Behind the tape reader is a recessed receptacle for a key storage device, a.k.a. a Crypto Ignition Key (CIK).
  
Opened M427 device. Photograph via Twitter [1]

The CIK is a K1634DK4 (Russian: К1634ДК4) key storage device in the shape of a plastic key, that is also used with other Russian encryption devices, such as the E-20 and E-20M voice and data terminals (crypto phones). It is very similar (but not identical) to the KSD64 – made by the American manufacturer Datakey 2 – that was used with the American STU-III crypto phones.

The M-427 was developed in parallel with the M-428 (also codenamed DERVISH) in the early 2000s. It is part of a generation of machines that mark the transition from electronic to micro­processor-based encryption devices, influenced by foreign developments in this field. Other machines in this category are the M-207 (АРТИСТ), M-280 (ЮРИСТ), M-227 (ЗАСЕКА) and M-229 (ШПАГА), plus a miniature device for the FSB and GRU. According to Vasily Kristoforov of the Institute of Russian History in Moscow, the above devices were still in use in May 2021 [8].

Devices like the M-427 may seem old school in the era of the internet and personal computers (PCs), but have many advantages over commercial off-the-shelf (COTS) equipment. They cannot be hacked and are more resilient against electromagnetic pulse (EMP) attacks. On 10 March 2022, photographs of an M-427 unit with an M-211 printer surfaced on the internet, allegedly seized by Ukrainian Forces from a Russian command post near Kiev (Ukraine) [1][2]. It is not clear whether this is indeed the case, or whether this is misinformation, but it is certainly possible.

  1. In Islam, Dervish – also written as Derwish, Derwisj, Darvesh and Darwïsh – refers to members of a Sufi fraternity.  Wikipedia
  2. In an earlier version of this page, it was suggested that the K1634DK4 was manufacturerd by the American manufacturer Datakey, based on a description of the E-20 crypto phone on the website of supplier BNTI in Moscow [9]. According to the US company Datakey however, the K1634DK4 was not supplied by them [10].

PLEASE HELP — We are currently looking for additional information about this device, such as manufacturer, year of manufacturing, specifications, accessories, operating instructions and technical documentation, as well as the actual device. If you can provide any of these, please contact us.
Opened M427 device. Photograph via Twitter [1]
Rear view of M427. Photograph via Twitter [1]
M-211 dot matrix printer in storage case. Photograph via Twitter [1]
UD-M211 impact printer [7]
A
×
A
1 / 4
Opened M427 device. Photograph via Twitter [1]
A
2 / 4
Rear view of M427. Photograph via Twitter [1]
A
3 / 4
M-211 dot matrix printer in storage case. Photograph via Twitter [1]
A
4 / 4
UD-M211 impact printer [7]

Setup
The block diagram below shows how the M-427 is used in practice. The device consists of a core unit (CPU), keyboard, display, tape reader, power supply unit (PSU) and several interfaces. At the left are the external inputs: (1) the key tape and (2) the CIK. At the right are the connections to the outside world: (1) the M-211 for printing to paper and (2) the analogue telephone line.



Display panel
The display is part of the hinged top lid of the device. It is currently unknown whether the device has a Liquid Crystal Display (LCD) or a plasma display. Apart from the display, the top lid holds several messages below and to the right of the display. They are translated as follows:

(1) Below the display:

   ВЕЗ ЗАЗЕМЛЕНИЯ НЕ ВКЛЮЧАТЬ !      WITHOUT GROUND, DO NOT POWER ON

(2) Right of the display (top):
      Conversion from punched tape to numbers

(3) Right of the display (centre):

   ВИМАНИЕ !                         ATTENTION !
   СМЕНУ ПАРОЛЯ И КЛЮЧА ДОСТУПА      CHANGE PASSWORD AND ACCESS KEY
   ПРОИЗВОДОТЬ ТОЛЬКО ПРИ            ONLY WHEN ON
   БКЛЫЧЕННОМ АККУМУЛЯТОРЕ           BATTERY POWER

(4) Right of the display (bottom):

   ЗАПРЕШАЕТСЯ ЗАКРПЫВАТЬ ПАНЕЛЬ     DO NOT CLOSE THE DISPLAY
   ДИСПЛЕЯ ПРИ УСТАНОВЛЕНОМ          PANEL WHEN THE K1634DK4
   УСТРОЙСТВЕ К1634ДК4               DEVICE IS INSTALLED

The message under the display (1) indicates that the device must be connected to ground at all times. This is probably an EMC or safety measure. The message at the top right (2) was used to convert the key number – punched into the tape as 5-bit digital data – to decimal numbers. This procedure was also used with the earlier M-205D cipher machine [5].

The message at the centre (3) urges the user to change the password and the basic key only when the device is powered by a battery (rather than a mains PSU). This was probably done to avoid side channel leakage of data (TEMPEST). The message at the bottom right (4) is just a note that the display (i.e. the lid) cannot be closed when the CIK is installed, as it might be damaged.


Tape reader
It may seem strange that a device that was developed in the early 2000s still has a 5-bit tape reader, but this is not unusual for military equipment. Contrary to civil equipment, the life span of a military device is much longer. It is possible, if not likely, that the tape reader was present to maintain backwards compatibility with existing telegraph equipment (i.e. teleprinters or telex).

It is likely that the tape reader was also used for loading the daily cryptographic key. Until recently (2018), punched paper tape was still used for key distribution by Western Forces, in addition to electronic transfer methods. A good example is the American KOI-18. The advantage of a paper tape is that the key can have any length, as it is not restricted by (software) protocols. Devices like the KOI-18 were phased out when it became clear that tape production would cease.

A good example of a Russian key tape procedure can be found here [5]. This procedure is for the less sophisticated M-205 cipher machine from the Soviet era, but the procedure for the M-427 will not be very different. Once the key is loaded, the key tape must be destroyed. The key is then kept in the internal memory, encrypted with a randomly generated Key Encryption Key (KEK).


Crypto Ignition Key   К1634ДК4
To the right of the keyboard – just behind the tape reader – is a receptacle for a K1634DK4 (Russian: К1634ДК4) key storage device [4], also known as DK4 (ДК4); the same one as used with the Russian E-20(M) crypto phone. This is a physical plastic key which has the appearance of a toy key. In reality it holds an EEPROM. Supplier BNTI in Moscow refers to it as the Data Key. 1

This key storage device is very similar, but not identical, to the KSD-64 from Datakey 2 in the United States, that was used with the American STU-III crypto phone. The number of contacts and the shape of the tip are different however.

The DK4 key storage device can be used for a variety of things, but in most cases it will be used for storing the Key Encryption Key (KEK) — a randomly generated key that is used to encrypt the daily key (loaded via the tape reader) before it is stored in memory (see above). This way, the key storage device is paired with the T-427.
  
The similar American KSD-64 key storage device, as used with the American STU-III. Click for further information.

For this reason, the key storage device is also known as a Crypto Ignition Key, or CIK. Without the CIK, the T-427 cannot be used, as the daily key is encrypted with the KEK. In addition, the CIK cannot be used to enable another T-427 device, as it contains a randomly generatored KEK that will be different from the KEK of another T-427. The KEK is truely random, as it is generated by means of a noise diode. In case security is compromised, all the operator has to do, is remove the key and throw it away. In adition, there will be a procedure to destroy the encrypted daily key held inside the T-427. This procedure (usually pressing two buttons) is known as zeroising.

 More about the KSD-64

  1. Not to be confused with the American manufacturer Datakey.
  2. In an earlier version of this page, it was suggested that the K1634DK4 was manufacturerd by the American manufacturer Datakey, based on a description of the E-20 crypto phone on the website of supplier BNTI in Moscow [9]. According to the US company Datakey however, the K1634DK4 was not supplied by them [10].

Printer   УД-М211
When the M-427 was discovered in Ukraine, there was also a box marked УД-М211 (UD-M211) [1], which looks like a relic from the Soviet era. It has a total weight of 22 kg and contains a heavy ruggedised impact printer made by LENPOLYGRAPHMASH (LPM) in St. Petersburg (Russia) [7].

The УД-М printer is designed for use in harsh mechanical and climatic conditions, in particular for use inside wheel & track vehicles and aboard ships, and is guaranteed to work at all times [7].

It is compatible with the EPSON FX-80 dot matrix needle printer and even accepts the FX-80 ink ribbons. 1 It supports the Latin and the Cyrillic alphabet, with the KOI-7 and MTK-2 character sets. This particular version of the printer has a parallel Centronics compatible interface, as well as an RS232 asynchronous RS232 interface. The latter also supports the 5-bit MTK-2 standard.
  
UD-M211 impact printer [7]

The UD-M range is still available from the manufacturer today (2022) and can even be supplied with USB and Ethernet interfaces [7]. In addition, the company manufactures inkjet and termal printers for use aboard military vehicles and ships. The printers are supplied to the customers in a wooden crate or in the Soviet-era metal storage case, that is still the same after all these years.

 Download the manual (English)
 Download the manual (Russian)

  1. Also compatible with the EPSON LQ-800.

M-211 dot matrix printer in storage case. Photograph via Twitter [1]
UD-M211 impact printer [7]
UD-M211 impact printer in wooden transport crate [7]
UD-M211 impact printer in metal storage case [7]
B
×
B
1 / 4
M-211 dot matrix printer in storage case. Photograph via Twitter [1]
B
2 / 4
UD-M211 impact printer [7]
B
3 / 4
UD-M211 impact printer in wooden transport crate [7]
B
4 / 4
UD-M211 impact printer in metal storage case [7]

Conversion table
To the right of the display is a conversion table that shows the 10 digits (0-9), the corresponding letters of the Cyrillic alphabet and the matching bit-pattern of the punched paper tape. Strangely, the bit-pattern is printed the wrong way around (compared to the layout of the tape reader). The table conforms to the MTK-2 telegraph standard and is as follows:

Latin Russian Figure Bin Hex
Q Я 1 101·11 17  
W В 2 100·11 13  
E Е 3 000·01 01  
R Р 4 010·10 0A  
T Т 5 100·00 10  
Y Ы 6 101·01 15  
U У 7 001·11 07  
I И 8 001·10 06  
O О 9 110·00 18  
P П 0 101·10 16
This table corresponds to the upper row of keys of a Western (English or American) teleprinter with a QWERTY layout. The reason for using a conversion table is unclear, although it seems likely that it was used for conversion from letters to numbers, in case the figure-shift (FIGS) characters was omitted (or missed) in the received data stream.


Specifications
Encryptor   M427
  • Model
    M-427
  • Type
    Text encryptor for telegraph and telephone networks
  • Country
    Russia
  • Years
    2000 (est.) - ?
  • Mains
    220V AC, 50 Hz
  • Battery
    24-27V DC, external
  • Tape reader
    5-bit ITA-2 (MTK-2)
Printer   UD-M211
  • Model
    UD-M211 (УД-М211)
  • Type
    Impact (dot matrix)
  • Speed
    120 cps
  • Resolution
    240 x 144 dpi
  • Interfaces
    Centronics
    RS232C
    MTK-2
    Ethernet
    USB 2
  • Paper
    A4, 210 mm wide roll
  • Character set
    KOI-7
  • Ribbon
    Epson FX-80
  • Mains
    220V AC
  • Battery
    21 to 34V DC
  • Temperature
    -10°C to +55°C
  • Dimension
    455 x 440 x 235 (storage case)
    355 x 345 x 117 mm (printer)
  • Weight
    22 kg (total)
    < 14.5 kg (printer)
Accessories
Documentation
  1. УД-М Printer handbook (Russian) 1
    40 3270 0416. ДЦ3.043.007 РЭ - ЛУ. 117 pages.

  2. УД-М Printer handbook (English) 1
    13.043.008 РЕ. 88 pages.
  1. Document kindly provided by anonymous donor [6].

References
  1. Broken command post: Armed Forces seized secret equipment of the occupiers
    Odessa8436 (Twitter), 9 March 2022.

  2. Segodnya, Armed Forces of Ukraine seized secret equipment of occupiers
    Segodnya, Ukraine, 9 March 2022.

  3. Ахуеть. Аппаратура шифрования М427
    Livejournal, 10 March 2022 (page suspended later that day).
     Read this page from cache

  4. Roseltorg, Procurement for information carrier type DK-4
    13 April 2011. Retrieved 10 March 2022.

  5. Jörg Drobick, Chiffriermaschine M-205 D
    Website SAS und Chiffrierdienst. Retrieved 11 March 2022.

  6. Anonymous, UD-M211 printer handbooks - THANKS !
    Received 11 march 2022.

  7. Matrix printer UDM series 1
    Lenpolygraphmash (LPM). Retrieved 11 march 2022.

  8. Vasily Khristoforov, The centenary of the Cryptographic service Russian Federation: creation and development during the 20th century (Russian)
    Russian State University for Humanities, Institute of Russian History, RAS.
    Moscow, 7 May 2021. pp. 161-179, §48.

  9. BNTI, Secure speech and data terminal E-20
    7 December 2005. Retrieved 10 March 2022.

  10. Paul Plitzuweit, Senior Product Manager Datakey
    ATEK Access Technologies, LLC. Personal correspondence, April 2022.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Thursday 10 March 2022. Last changed: Monday, 20 June 2022 - 08:24 CET.
Click for homepage