Mystery 6502 program for the Kim Uno #1kBChallenge

The #1kBChallenge inspired me to dust off the Kim-Uno and write an Enigma Z30 simulator. This is a very rare numbers only Enigma Machine.

Similar projects worth following
A numbers only Enigma Z30 Machine program is created for the Kim-Uno programmable calculator. The Kim Uno is a very basic development platform. It it capable of displaying 6 hexadecimal numbers. It also has a 24 button hexadecimal keyboard with some additional control keys. The Enigma Z30 is a very rare encryption device. Not many articles describing this machine exists.

The Kim Uno was feeling lonely when all of a sudden a new Hackaday.IO challenge came out, create a program in less than 1kB of code. Most of the enigma machine simulators out there use LED displays and buttons mounted in a PCB. I wanted to create my own without rolling out a custom PCB. Thus the idea was born to write a program to simulate an Enigma Machine in 6502 assembly language.

The Kim Uno has a hexadecimal keyboard and 8 control keys. On top, it has a cluster of 7 segment displays where 6 numbers can be displayed, 4 on the left and 2 on the right. This is not enough for a regular enigma machine which encrypts letters A through Z. Fortunately, a very rare numbers only model, called the Enigma Z30 exists.

Enough information was published by Anders Wik to make this reconstruction attempt possible.

"Enigma Z30 retrieved", Anders Wik, Cryptologia Vol. 40 , Iss. 3,2016

The Z30 machine has 4 settable rotors that show the numbers 0 thru 9 one at a time through a window, a keyboard with 10 keys numbered 0..9 and 10 lamps above the keys.

When a key is pushed, the rotors are first advanced, then electricity is sent through the rotor maze and it comes out to illuminate a lamp. The keys are wired to a stationary set of contacts on the right which send electricity in through the right contacts of the rotor and out through its left side contacts into the next rotor.

The leftmost rotor is a reflector, it receives a signal on the right and returns it through another pin on the right. This sends electricity back through a different path through the rotors and out to the lamps.

Each rotor, including the reflector has a ring setting that controls the stepping position for that rotor. When set at 1, a rotor at the 9 position will increment the rotor to its left when the next key is pressed. The rotor on the right always moves one step. This results in the sequences: 0088 0089 0090 0101 0102 and 8888 8889 8890 8901 9002 9003 and is known as the double stepping anomaly.

A key will never encrypt to itself. To decrypt the numbers, the machine is re-set to the same starting position and the encrypted sequence typed. The decrypted numbers will be illuminated in the lamp field.

To use the Kim Uno Enigma Z30 machine, enter and execute the program. The rotors will be shown on the left and 00 on the right. Since 0 can never encrypt to 0, this was chosen to represent the machine is ready to encrypt. To encrypt a number, press a 0..9 key. The rotors will be advanced and the key encrypted. The key and its encrypted result will be shown for 1 second on the right two digits and the screen will then return to 00. On a normal enigma machine, the lamps will be lit for as long as the key is pressed. I did not find a way to read that the key is still pressed, so the result is cleared after one second or if another key is pressed.

The top row of keys start and stop a running program. Those cannot be read within a running program.

The next two rows below that have 4 keys each and are used to move the rotors up and down one step.

The remaining keys, 0..9 when pressed, are encrypted. Keys [A] [B] and [GO] are not used.

The default machine settings, Rotor Types 1,2,3, Ring settings 1,1,1,1 and Starting position 4,3,2,1 are copied to memory location 0050 where they can be examined and changed to encrypt. The left rotor is always a reflector, so its type cannot be set.

The basic program uses 460 bytes of code including the rotor substitution and default value tables. It uses the KIM 1 GETKEY and SCANS routines at $1F6A and $1F1F. Those routines and their dependencies add 150 bytes of code for a total of 610 bytes of our own code and dependencies as per the contest rules. The KIM-1 monitor is an unavoidable bootloader that is necessary to enter the program and get it running.


A full featured user interface was written that allows the user to change the machine settings on the fly without exiting to the KIM-1 monitor....

Read more »


Paper Model now supports stepping and a character encoding scheme.

sheet - 31.14 kB - 12/21/2016 at 01:48


EnigmaZ30 v1.JPG

Hex code and instructions on how to enter and use

JPEG Image - 158.22 kB - 12/11/2016 at 15:17

Preview Download

View all 2 files

  • Going all in...

    Arduino Enigma01/04/2017 at 12:00 0 comments

    Some new code was added to be able to change the machine settings without exiting to the KIM-1 monitor. From within the main screen (00 on the right two digits), push the [B] button and the screen will show 0123 F1. The numbers on the left are the rotor types. There is only one reflector type, so a 0 is shown in its place. The up/down buttons used to change the rotors in the normal view can be used to change the rotor types. To accept the new rotor types, push [B] again. If an invalid rotor combination is selected, EE is shown on the two right digit.

    Once any combination of 1,2,3 is entered, pushing [B] again will take us to the ring setting screen. The screen will initially show 1111 F2. The numbers on the left are the ring settings for the reflector and the 3 rotors. Again, the up/down buttons can be used to change the settings to any value between 0000 and 9999. Pushing [B] again returns to the main screen (00) and the machine is now ready to encrypt numbers with the current settings.

    While on the F1 or F2 screens, the machine will not accept a numeric input to encrypt. Pushing [GO] in any of the 3 screens will zeroise the encryption key to its default value of 1,2,3,1,1,1,1,4,3,2,1 This use of the [GO] button can be disabled in either screen independently by changing the location of a jump in the code.

    The new program size is 703 bytes. Counting the bytes for the Kim-1 ROM keyboard and display routines adds 150 bytes for a total of 853 bytes. We can now fully configure the machine from within the program. The only time the KIM-1 monitor is needed is to launch the program by typing [AD] 0500 [GO]

  • Arduino UNO Implementation

    Arduino Enigma12/26/2016 at 14:38 0 comments

    Now that the Excel Paper Model and the KIM Uno version are working and producing the same results, here is a third implementation to make experimenting with this machine more accessible to everybody,

    This program is not part of the #1kBChallenge.

    To use it, open a Serial Monitor.

    Send ! and and any combination of 1,2,3 to set the wheel type and their position.

    Send @ and four numbers to set the ring settings

    Send # and four numbers to set the visible wheel position.

    The set commands can be concatenated to set the whole key at once.

    After !,@ or # receive the required digits, the current key will be shown.

    Send a number and it will be encrypted with the current machine settings.

    For example:

    1111 encrypts it with the current machine settings

    !312 sets the wheels to 3,1,2

    @1111 sets the ring settings to 1111

    #6789 sets the wheel positions to 6789

    !312@1111#6789 sets the whole key.

    1111 encrypts it with the key set on the step before.

    $ prints the current key, will print 03+01+02+01+01+01+01+06+07+08+09 the sequence to enter in the KIM Uno at address 0050 to configure the machine

  • The Next Implementation...

    Arduino Enigma12/25/2016 at 05:16 0 comments

  • Using the Excel Paper Model to encrypt a message

    Arduino Enigma12/18/2016 at 15:52 0 comments

    First, get the Excel Paper Model of the Enigma Z30 here: ENIGMA Z ROTOR DEFINITIONS v3.xlsx

    Once the file is opened, find the following section on the left panel of the Enigma tab.

    This is the control panel where the Enigma Z30 model is operated.

    Data can only be entered on the white squares.

    On the Key In row, the number to encode can be entered

    On the Rotor Types row, the left, middle and right rotors can be set, use the 1, 2 an 3 rotors only once. The reflector is fixed to type 4 and cannot be altered.

    Below, on the Ring Setting row, each rotor can have its stepping point and relative position of the contacts altered. When the ring setting is 1, the rotor steps at the 9 -> 0 transition. If the ring setting is 0, the rotor steps at the 8 -> 9 transition, if set to 2, it steps at 0 -> 1. Each rotor, including the reflector can have its own different ring setting.

    The Rotor Vis row sets each rotor position. Every time a new key is encoded, first the rotors advance to the next position, and then the key is encoded. The next rotor position is shown a few lines below in the Next Rotor row. In the example shown, the rotors were originally set to 4 3 2 0 and when the key 5 was pressed, the machine changed the rotors to 4 3 2 1 and then encoded 5 into a 9.

    The encrypted value for the entry key is shown in the Key Out row. In this example, 5 encrypts to 9.

    As an aid to encrypting text, two conversion fields are shown at the bottom, one converts letters A..Z to numerical values 01..26 and the other field converts a number in the range 01..26 to a letter A..Z


    To encode some values with a starting rotor position of 0 0 0 0, set the machine as shown below. The 9 encrypting to 5 is for a starting position of 9 9 9 9, which advances the rotors to 0 0 0 0. Don't use that value. At this point, just set the Rotor Visible position.

    Note the Next Rotor position is 0 0 0 1. Before starting to encrypt anything, copy that rotor position values from the Next Rotor row to the Rotor Vis row.

    Notice that 9 now encrypts to 1. That is the correct encrypted value for a starting position of 0 0 0 0. If the key to encrypt was a 9, note the Key Out value of 1. If the value to encrypt was not a 9, simply change it and the Key Out will show the correct output value. Afterwards, advance the rotors to 0 0 0 2 by copying the Next Rotor values to Rotor Vis.

    Once a stepping point is reached, the Paper Model will automatically step the appropriate rotor and show the Next Rotor value.

    Different enigma machines models use either a lever or gear stepping mechanism. The gear driven ones behave like a car odometer and advance the numbers correctly. The ones with lever driven stepping mechanism behave a little differently, any rotor at its stepping point, on the next key press will increment itself and the rotor to its left. This is known as the double stepping anomaly. An example is shown below.

    The sequence above shows a starting position of 8 8 8 8 and the number 4 being encrypted 4 times, the output value on the first frame is disregarded, as this frame only sets the starting position of 8 8 8 8 to determine the next position of 8 8 8 9 once the key 4 is pushed. Thus 4444 encrypts to 7600


    To encrypt text. Type something in the text editor of your choice.

    Enter the first letter in the Paper Model to obtain its numeric code of 20.

    Replace all T with 20

    Repeat until all characters have been converted

    then arrange in groups of 4 numbers

    an X (24) can be inserted to pad an incomplete group

    then encrypt as usual.


    To create an actual encrypted message, start by reading the key table for today.

     |Tag |  Walzenlage  |   Ringstellung  |   Kenngruppen   |
     | 18 | 2    3    1  |  3   8   7   1  | 537 183 547 654 |

    The first column is the day of the month. The second column sets the rotor types and order. The next column...

    Read more »

  • Paper Model now Steps. Stepping algorithm optimized. 11 bytes saved.

    Arduino Enigma12/18/2016 at 04:01 0 comments

    I was looking for a way to make the Excel Paper Model for the Z30 calculate the stepping points so it would be a complete model of the machine. The example shown below is for a rotor with a Ring Setting of 4, the 1 mark on the ring is set to the 4 position on the rotor. When this rotor is showing a 2, it is at its stepping point. The 9 is aligned with the 2 and at position 0 of the Entry Rotor.

    This made me realize that I can ask what is the Ring Setting value at position 0 and if it is a 9, then step the next rotor to the right.

    This is the old algorithm, it uses an interesting logic to determine the stepping point.

    0623 STEPRT 
    0623        LDX #$00        A2 00
    0625        LDY #$03        A0 03
    0627 STEPSC 
    0627        LDA *LRRING,X   B5 54
    0629        CLC             18
    062A        ADC #$08        69 08
    062C        CMP #$0A        C9 0A
    062E        BCC STEPS1      90 02
    0630        SBC #$0A        E9 0A
    0632 STEPS1 
    0632        CMP *LROTOR,X   D5 58
    0634        BNE STEPS2      D0 05
    0636        LDA #$01        A9 01
    0638        JMP STEPDN      4C 3D 06
    063B STEPS2 
    063B        LDA #$00        A9 00
    063D STEPDN 
    063D        STA *TMP02,X    95 5F
    063F        INX             E8
    0640        DEY             88
    0641        BNE STEPSC      D0 E4
    0643        STY *TMP01      84 5E

    This is the new algorithm. It calls the ENRING routine with A=0 and Values of X of 1,2 and 3 to see if the three rotors on the right are at the stepping position, indicated by the value of 9.

    To get the shorter algorithm to align with 0643, the beginning of the unchanged part, 11 NOP are used.

    0623 STEPRT 
    0623        LDX #$01        A2 01
    0625        LDY #$03        A0 03
    0627 STEPSC 
    0627        LDA #$00        A9 00
    0629        JSR ENRING      20 67 06
    062C        CMP #$09        C9 09
    062E        BEQ STEPDN      F0 02
    0630        LDA #$00        A9 00
    0632 STEPDN 
    0632        STA *TMP01,X    95 5E
    0634        INX             E8
    0635        DEY             88
    0636        BNE STEPSC      D0 EF
    0638        NOP             EA
    0639        NOP             EA
    063A        NOP             EA
    063B        NOP             EA
    063C        NOP             EA
    063D        NOP             EA
    063E        NOP             EA
    063F        NOP             EA
    0640        NOP             EA
    0641        NOP             EA
    0642        NOP             EA
    0643        STY *TMP01      84 5E

    In the next release of the program, those 11 NOP will be eliminated.

  • Adding functionality without adding bytes...

    Arduino Enigma12/18/2016 at 01:01 0 comments

    There are three keys in the KIM Uno that are not used in the Enigma Z30 program. Those keys are [GO], [A] and [B]. The program has a built in expansion capability. If those keys are pressed, control branches to three vectors, KPUSHA, KPUSHB and KPUSHG. Those addresses contain a jump back to start, but it can be replaced with a jump anywhere. Eventually, control must be restored to the main loop for program execution to continue.

    This is the relevand portion of the original code.

    CMP #$0A
    CMP #$0B
    CMP #$13

    We are going to add the functionality to zeroise the encryption keys by resetting them to the default values at the push of a key. This functionality is useful in case an adversary barges into the encryption room, at the push of a key, the current encryption key is destroyed.

    When the Z30 program initially starts executing, it checks memory address 0050 for the value 0. If it finds this memory is not initialized, it copies the default encryption key from address DEFVAL in program memory to this RAM address. If we skip the check for 0 and jump to the part of the routine that does the copy, we have effectively implemented a zeroise function. Best of all, we are only changing existing bytes, no code has been added.

    And this is the changed code. A couple of lines were changed to use variable TMP01 to allow the timeout routine to clear the last encoded key automatically after [GO] is pushed. The added label adds no code.

    LDA #$0     
    LDA #$0B    
    LDX #$0
    CMP #$0A
    CMP #$0B
    CMP #$13

    Test your new functionality by executing the program and changing the rotors with the up/down keys. Then press the [GO] button. The display will return to 4321. Change the rotors again and press a key to encrypt it. While the input and output key are still shown on the right and before they are cleared back to 00, press the [GO] button. They rotors will return to 4321, the last input and output key are still shown, but will be cleared soon by the TIMEOUT routine.

  • The Enigma Z30 has been resurrected in 460 bytes (610 total) of 6502 code

    Arduino Enigma12/11/2016 at 15:39 0 comments

    Follow the instructions below to get your very own Enigma Z30 machine.

    The code above uses SCANDS to display numbers and GETKEY to read the keyboard. Those routines and their dependencies have been listed below and clock in at 150 bytes long. Thus the total byte count for this program when we add the program and the ROM routines it uses is 610 bytes, well below the 1024 limit for this contest.

    Title Start End Size
    AK 1EFE 1F02 4
    ONEKEY 1F02 1F19 23
    SCANDS 1F1F 1F48 41
    CONVD 1F48 1F63 27
    GETKEY 1F6A 1F91 39
    TABLE 1FE7 1FF7 16
    Total 150

  • Paper Model Complete and 3 Right Rotors work on Kim Uno

    Arduino Enigma12/10/2016 at 05:05 0 comments

    When writing a program for an encryption machine, a paper model is a must. This allows you to see the correct values of all the intermediate steps for a given input.

    You can download an excel file here that simulates the signal path through the rotors

    The assembly file already implements the signal path through the 3 right rotors. The next step is to write code to go through the reflector and come back the rotors.

  • Enigma Algorithm 100% figured out with Add/Subtract/Lookup

    Arduino Enigma12/08/2016 at 12:00 0 comments

    After a couple of days of struggling to come up with a simple algorithm involving addition, subtraction and one table lookup, the algorithm for one rotor is complete. In comes a 9, out comes a 3. Even better, the steps for the group of instructions at the bottom are the same as the top, just feeding it a fixed input of 0, done with a call to a subroutine, then subjecting the output of another round of (if negative, add 10). Need to investigate byte savings of making a (if negative, add 10) subroutine...

  • Key to Lookup Index Algorithm in 6502 code

    Arduino Enigma12/04/2016 at 13:53 0 comments

    The algorithm shown in the table below ends up being 18 bytes of code...

    Key In 7
    Add Rotor 8
    Add 1 9
    Over 9? Sub 10 9
    Sub RingSt 4
    Negative? Add 10 4

    ;CALL_WITH_A_KEY_TO_ENCODE ;CALL_WITH_X_OFFSET_TO_ROTOR ;REM_SUB_ENRING 0103 ENRING 0103 SEC 38 0104 ADC *ROTORS,X 75 57 0106 CMP #$0A C9 0A 0108 BCC ENRIK1 90 02 010A SBC #$0A E9 0A 010C ENRIK1 010C SEC 38 010D SBC *RINGST,X F5 53 010F BCS ENRIK2 B0 02 0111 ADC #$0A 69 0A 0113 ENRIK2 0113 CLC 18 0114 RTS 60

View all 14 project logs

  • 1

    Procure a KIM Uno programmable calculator.

    Download all the files at and make your own or order a kit.

  • 2

    Follow the instructions on the image below under the "To enter:" section to get the program into EEPROM at position $0500. This is a 1 time only step. After that, to use the machine see the "To run:" section.

  • 3

    To use, move the rotors to the desired starting position and type a sequence of numbers. Write down the sequence of numbers shown in the last digit on the right.

    To decrypt, move the rotors back to the same starting position used to encrypt and type the encrypted sequence of numbers. The decrypted numbers will be shown on the last digit on the right.

View all 3 instructions

Enjoy this project?



Does this project spark your interest?

Become a member to follow this project and never miss any updates