Saber and astro saber knobs have a history of disingrating over time. they are harder and harder to find unless someone is making them up. The antenna is the same as used on the XTS and Jedi series so OEM are still around if you look.
Astro Saber knobs are very hard to find like you said. Standard Saber knobs are all over eBay and for the most part, fit great. I still have a bag full of them and they are fantastic.Saber and astro saber knobs have a history of disingrating over time. they are harder and harder to find unless someone is making them up. The antenna is the same as used on the XTS and Jedi series so OEM are still around if you look.
There are many more type 1 VINSON encrypted radios in civilian hands so it makes sense to develop a keyloader for that. This would be for all the PRC-148s, PRC-152s and similar radios people seem to come up with.
Most of those devices are designed to meet requirements that make it difficult to reverse engineer.The keys aren't created by the key loaders either. They come from the EKMS (directly controlled by you know who) and are securely transferred to the keyfill/loader devices.There are many more type 1 VINSON encrypted radios in civilian hands so it makes sense to develop a keyloader for that. This would be for all the PRC-148s, PRC-152s and similar radios people seem to come up with.
The challenge is not in duplicating the paper tape process, it is in making a device the radio sees as a valid key-fill device. I have no idea what is on the paper tapes is it just the 128 bit(?) crypto key or does it have a CIK or some other qualifier it (radio) must see? Training tapes might be useful as they probably can be read by eye.Most of those devices are designed to meet requirements that make it difficult to reverse engineer.The keys aren't created by the key loaders either. They come from the EKMS (directly controlled by you know who) and are securely transferred to the keyfill/loader devices.
Finding anything other than useless training tapes, for the older tape keyfill devices, would be even more difficult.
I could be wrong, but the training tapes were just used to train how to pull tape through the device and and go through the procedure. Nothing of any use was on them. The fill tapes would be destroyed once they were no longer needed. How would you create a key that has no specific public knowlege of it's inner workings for the radio to accept as valid?The challenge is not in duplicating the paper tape process, it is in making a device the radio sees as a valid key-fill device. I have no idea what is on the paper tapes is it just the 128 bit(?) crypto key or does it have a CIK or some other qualifier it (radio) must see? Training tapes might be useful as they probably can be read by eye.
I guess one could start here.....I could be wrong, but the training tapes were just used to train how to pull tape through the device and and go through the procedure. Nothing of any use was on them. The fill tapes would be destroyed once they were no longer needed. How would you create a key that has no specific public knowlege of it's inner workings for the radio to accept as valid?
If one had access to a KYK-13 or similar it should be easy these days to monitor the data flow while keyloading and see what a valid key is made of with timing, voltages, etc. Although that would probably be a criminal act if data sniffing on a valid Govt supplied key. I think its just a matter of time before someone, preferably outside the US, experiments and offers a Type 1 keyloader.Most of those devices are designed to meet requirements that make it difficult to reverse engineer.The keys aren't created by the key loaders either. They come from the EKMS (directly controlled by you know who) and are securely transferred to the keyfill/loader devices.
Finding anything other than useless training tapes, for the older tape keyfill devices, would be even more difficult.
I am sure one of our smart adversaries or "allies" has reverse engineered it. When they need cash then there is: TEMU ......If one had access to a KYK-13 or similar it should be easy to monitor the data flow while keyloading and see what a valid key is made of with timing, voltages, etc. Although that would probably be a criminal act if data sniffing on a valid Govt supplied key. I think its just a matter of time before someone, preferably outside the US, experiments and offers a Type 1 keyloader.
The key generation procedure for SAVILLE begins with a 128‑bit master key. This key is passed through a key‑expansion routine that produces 80 round keys of 32 bits each. The routine uses a simple linear feedback shift register (LFSR) to generate the round keys. In the implementation, the LFSR has a 256‑bit state and the first 128 bits are seeded with the user key. Each subsequent round key is derived by shifting the state 4 bits to the left and XORing the output with a constant round counter. The resulting key schedule is considered linear and thus is regarded as a potential weakness in theory, but in practice it does not affect the cipher’s security
Still need the key first. TEMPEST requirements are there to prevent side channel attacks like that on more modern equipment.If one had access to a KYK-13 or similar it should be easy these days to monitor the data flow while keyloading and see what a valid key is made of with timing, voltages, etc. Although that would probably be a criminal act if data sniffing on a valid Govt supplied key. I think its just a matter of time before someone, preferably outside the US, experiments and offers a Type 1 keyloader.
I am confused. Why can't you create your own key and make the encryption useful? Nobody is suggesting decrypting an agencies communications.Still need the key first. TEMPEST requirements are there to prevent side channel attacks like that on more modern equipment.
Do you have that instructor's phone #; I need to call him to run the process by me again. lol!!!More here plus a mission simulator near bottom of page
That video is a whole lotta complicated. The STU-II was quite a bodge.Do you have that instructor's phone #; I need to call him to run the process by me again. lol!!!
Once a valid key delivery to the radio is analyzed I would think with today's technology it would not be difficult to emulate. The problem is getting your hands on a KYK-13 which is rare and even rarer would be a valid paper punched key and reader for that to load the KYK-13. And in the US there would be serious legal issues doing that.I am confused. Why can't you create your own key and make the encryption useful? Nobody is suggesting decrypting an agencies communications.
| Pin [1, 3, 5, 6, 7] | Signal Name | Direction | Function |
|---|---|---|---|
| A | GND | N/A | Common Ground reference. |
| C | ACK (Acknowledgment) | Target → KYK-13 | Target crypto device pulls this line to request or confirm data readiness. |
| D | DATA (Fill Data) | KYK-13 → Target | Serial key data stream (128 bits total). |
| E or F | CLK (Clock) | Handshake-dependent | Synchronizes bit transitions between devices. |
| Step [2, 5, 8, 9, 10] | State / Phase | Switch / Button Status | Signal States (Logic Level) | Communication Behavior |
|---|---|---|---|---|
| 1 | Idle / Standby | KYK-13 ON, Address Selected | ACK: HIGH (Logic 1) DATA: LOW (Logic 0) CLK: Idle | Both devices are connected but resting. Target equipment is waiting in "Load" or "Fill" mode. |
| 2 | Initiation | Operator presses "Initiate" button on KYK-13 | ACK: Drops to LOW (Logic 0) DATA: LOW (Logic 0) CLK: Idle | Target device senses the connection hook/pull and drops the ACK line to signal it is ready to receive data. |
| 3 | Clock Sync | Automatic Hardware Control | ACK: LOW (Logic 0) DATA: LOW (Logic 0) CLK: Active Square Wave | The clock line begins pulsing to establish transmission speed and timing boundaries. |
| 4 | Data Transfer | Automatic Burst Transmission | ACK: LOW (Logic 0) DATA: Alternating (Data Bits) CLK: Active Synchronous | KYK-13 serializes the 128-bit key packet (120 data bits + 8-bit CRC checksum) onto the DATA pin. Data bits transition on the clock edge. |
| 5 | Validation | Post-Transfer Check | ACK: Transitions to HIGH (Logic 1) DATA: LOW (Logic 0) CLK: Disables | Once all bits are captured, the target device processes the 8-bit checksum. If the CRC matches, the target releases the ACK line back to HIGH. |
| 6 | Success Indicator | LED Feedback Visual | Parity Lamp: Flashes On/Off | KYK-13 registers the HIGH ACK line recovery and flashes its red parity indicator lamp to signal a successful key load. |