Should we discontinue EVMs?

[Dileep]

Well, why aren't we surprised!!

RM doesn't dare to show up with the EC, because he knows that his arguments are not valid. He can go on posting here in BR, or claim to be doing EVM meetings. that is easy to do.

I wonder how many people attended his "EVM" meet!!

I wonder how many hits he gets on his website. Can you put a hit counter there RM? For everyone to see!!

[Dileep]

For 20 years, assorted experts have been claiming that a rigged code in EVM will not benefit any party, and thus indirectly stating that no party will be interested in putting such a rigged code. It took me days to come up with algorithm of how rigged code with some ground action can add 100-150 seats to Congress and UPA. It was not a matter of minutes.

And that algorithm is totally unworkable, because of the difficulties in:

1. Managing 5 different versions.
2. Managing logistics of sending them to the constituencies
3. Managing the nCandidate.

I have explained those difficulties in details, but as usual RM weasels out of them.

Now Dileep can propose a process (which may not be what BEL is following). Say I spend days and then find holes in it. Next Tanaji will propose a process. Another week in finding holes in that process. Next Raja Bose will propose process. Like that, I will be spending 6 months here.

If you want to prove your point, you got to.

If pro-EVM people are at serious in claiming that BEL CEO simply cant put the code I described, they should get list of chips, compilers, ROM burners and process BEL's EVM unit follows. Use RTI or whatever you like. For now, we dont even know how many programmers were in BEL's EVM unit. If there are are just 2-4 coders, then BEL CEO only needs to replace these 4 coders with someone who is pro-Congress and/or corrupt and willing to ring EVMs. Now that code is "confidential" and hence no one in QI, QE etc know if the code is set to favor ((n + k) mod 5 +1 ). This is not possible if there are 40 coders each having full view over code (which happens in monolithic coding). So unless all this information is given, I see no point spending time in finding holes in process which may not even exist in BEL to begin with.

You conveniently ignore the little detail of five different versions. You will need compromise from the whole production facility to manage that.

You have NEVER explained that part. Please do.

I have received email from ECI on Aug-1 inviting me to come on between Aug3 to Aug8. I will post my reply on my website and give a small AD in newspaper with just URL of that reply. I dont have money to paste whole reply. I have attended many such "complain hearings" for citizens problems in municipalities, police etc. I request you all to attend similar such "complain hearing" meetings conducted by police, municipalities and even Central Govt depts (like Income Tax). And you will yourself understand what eye wash they are. The EC has not given ANY details about inside of EVM. What would a complainer go and do? For one, I want to prove that the source in code 10% EVMs is rigged. Do I have randomly selected 100 EVMs? Do I have source code in EVM? Is there any tool to verify that source code given by EC is what is inside chips? NO , NO , NO. So if code cant be read, the only next option is reading hash. Will EC allow anyone to read hash of even 0.1% of randomly chose EVMs? Essentially, EC is calling this meeting to say "we heard all, and we 'proved' that all were wrong". I will post my reply on web, asking EC to post the reply on their website. Lets see where it goes from there.

The EC is asking for demonstrations.

You yourself have claimed that it is NOT an allegation, but a "way by which it can be done". So, the whole point of having access to EVMs doesn't arise.

You tell them how it can be done, and let us all see what their response is!!

[Dileep]

OK, here is the Rube Goldberg machine of Rahul Mehta:

1. Steal the chip design files for the microcontroller from BEL
2. Put a VLSI design team to work, to make five types of 'rigged' chip.
3. Give the five outputs files to the fab, asking them to use these files instead of the original files, one per each lot.
4. Tell the Incoming QC at BEL to ignore the mask ids and date codes.
5. Tell the BEL IQC to ignore the test data discrepancy.
6. Tell the BEL stores to track the types, so that they are kitted in lots.
7. Call a meeting of the entire software team (5-10 people), bribe, intimidate, threaten and blackmail them into putting the five trojans in the code.
8. Call a meeting of the entire team that does the programming of the chips, bribe, intimidate, threaten and blackmail them into ignoring five different hashes.
9. Carefully co-ordinate the issue of chips for programming and the type of binary used.
10. Call a meeting of the entire functional test team, bribe, intimidate, threaten and blackmail them into ignoring five different hashes.
11. Bribe, intimidate, threaten and blackmail the logistics managers and supervisors into managing the serial numbers of the CUs with each type program, and shipping them into different constituencies.

Phew!!! First part is over.

12. Bribe, intimidate, threaten and blackmail the district collector, and his 10 staff into tracking the rigged EVMS, and ensuring their dispatch to the specific constituencies.
13. Monitor the nomination scrutiny and withdrawal process, to make sure the exact candidate number.

Whole bunch of lies.

EXACTLY!!! You can't do any of it, so your scheme is not viable.

The possible rigging scheme is explained in http://rahulmehta.com/evm.htm

I read that already. You have conveniently ignored the small details that kills your scheme.

You don't mention how FIVE DIFFERENT versions will be inserted and managed. You don't mention the involvement of production staff at BEL.

I am indeed assuming that Japanese chip was rigged.

And manage 5 different versions.

But above steps Dileep claims on my behalf are not in the possible plan I proposed, as we dont know what process BEL actually follows from coding to chip receiving to EVM box.

Still you are 400% sure that it can be compromised.

How are you SO SURE it can be done, when ypu don't know what it is, especially when you can't do nothing about a proposed scheme?

Once I get details on process steps BEL follows and number of people at each point I will try to show how using mere 3-4 people code can be changed and new code can be inserted instead of original one. For that matter, no one even knows if ROM was burned inside BEL. It is possible that due to very tight schedule, BEL asked Japanese to burn the ROM and when chip came, the engineer just verified the hash and nothing else. So if chip was rigged to give a planted hash instead of real one, the engineer would never know that code is not what they sent. Unless we know exact steps BEL took, I dont want to spend time in "how BEL Chiefs can put wrong code in EVM".

Sure, you spend time only in making allegations. Proving them doesn't matter for you.

I read section 9.3 of the data book you posted. It says how "verification" done at the time of burning ROM. My question is : say ROM burning is over and now chip is on EVM. Now how I read hash? And does the chip in EVM support hash reading? Do you know which Japanese company makes the chip? And how do you know it is Japanese and not American, or it is some company in Japan owned by American MNCs?

And from what I read, it looks that way to read "verification bytes" is by giving some control signals. If thats the case, Japanese company *can* make chip which would give wrong verification bytes from the planted hash. There is no technological barrier. So how do you know that chips in EVMs were not rigged to give the wrong hash? Have you scanned the chip and verified it? Or, is there any way one reverse engineer the chip at gate level and say that chip is reporting wrong hash and not the right one AFTER ROM has been burned.

Essentially, you are saying that we should put faith in a Japanese company whose name is not disclosed and whose ownership is not disclosed. How do you know that that Japanese company is not owned by Sonia?

If you want me to continue discussion on any specific chip/process, you must agree to take that as a reference and prove/disprove based on that platform.

Do you want to debate the riggability based upon the hardware platform I proposed, and the production system I proposed, then I am game.

You don't have the platform/process, so you have no base in arguing that the system is vulnerable.

Do you want to debate based on the proposed platform and process?

[Dileep]

Rahul, I have proposed a platform and process that you have not yet been able to prove riggable.

Now, let me turn it around.

Why don't YOU propose a platrform and process, and show how it would be rigged. Use any standard controller, and any rational production system.

Rather than giving blanket statements like "top 10 guys", get into details. Give the process like I did, and show how it will be rigged.

[Raja Bose]

Whaaaattt? Talk to the Corrupt EC, who are going to ignore whatever pearls of wisdom RM is going to give? No. RM trusts only the commoner, remember? Place some commoners in the dias, and then he will present his arguments.

Do you think the 'bought' technical experts will admit that the CEO of the chip fab can walk into their plant, whisper into the ears of the shift supervisor to add a trojan, and get it in? Do you think the 'corrupt to the core' BEL engineers will admit that their CMD came in into their plant and asked them to add the trojan into the code? Do you think that the 'paramount of corruption', the EC, will admit that he gave a list of EVM serial numbers which should go to each district?

No way Jose!! They will never agree!! RM would rather go to the 'commoner' and enlighten them.

Sometimes you do exceed even the exalted levels of N^3 and shiv(in one of his moments).

[Rahul Mehta]

As usual I will ignore sarcasm etc and focus on tech questions etc

You don't mention how FIVE DIFFERENT versions will be inserted and managed. You don't mention the involvement of production staff at BEL.

If the chip has byte which is 0 to 5, and that byte should be so that it becomes 0 after 8 months. 0 means no rigging. 1-5 means rigging with type = that byte. So there is only one rigged program is needed.

You did NOT mention how many programmers are in the team and what is the reporting structure in the team. In many places, I have seen that there are N coders, but final build is made by the team lead only. And the build options are so that the final binary will be different from non-final builds. Now in the name of confidentiality, you can prohibit all other programmers to know what the final build options were used. Hence other programmers will never be able to build FINAL binary on their machine and compare size or hash with final binary. So if the team lead is the FINAL person making the binary, then only he need to be taken care of. So I were BEL chief, I would authorize just 1-2 persons to make final binary and tell them to keep final build options secret so that no other programmer can create such binary.

You give ZERO details about ACTUAL structure BEL follows, actual number of coders, reporting structure etc. If you want answers, pls ask proper questions first with necessary details inside the question itself.


-----

re : going to ECI

Pls read what is going on in MH RS election. This is a proof positive that Chawala is corrupt. And I dont like to speak to corrupt officials, unless someone literally puts a gun on my head. As per media etc, I am explaining modulo-5 rigging to anyone who calls and holding as many meeting as I can. As far as I see, most people understand this (after I show them a long table with 25 rows) that modulo-5 rigging can be used to add 100-150 seats to the UPA tally.

---

Re : writing code

I will post VB code which

1. creates screen with 2 <= N <= 64 buttons
2. has a hardcoded type = k
3. lets user vote for any candidate
4. in the end in nVotes>200 and nHoursOn >7, it would transfer about 60% votes to FavoriteCandidate
5. FavoriteCandidate = (N + k) mod 5 + 1.

Now if something can be done in VB, it can be done in assembly.

Now pls pardon the delay, as I have other work as such translating the write up in Gujarati, going to offset press to get 1000s of copies printed and so forth.

[Dileep]

As usual I will ignore sarcasm etc and focus on tech questions etc

You don't mention how FIVE DIFFERENT versions will be inserted and managed. You don't mention the involvement of production staff at BEL.

If the chip has byte which is 0 to 5, and that byte should be so that it becomes 0 after 8 months. 0 means no rigging. 1-5 means rigging with type = that byte. So there is only one rigged program is needed.

There is no known semiconductor technology to make a bit 0 after some time. So, it is 1 or 0 in a permanent nature. Of course you can argue that there will be five different types of controllers made by the "corrupt japanese".

Each of those 'types' will be separate individual ICs for the fab. You can't simply tweak a bit in semiconductor fab.

You did NOT mention how many programmers are in the team and what is the reporting structure in the team. In many places, I have seen that there are N coders, but final build is made by the team lead only. And the build options are so that the final binary will be different from non-final builds. Now in the name of confidentiality, you can prohibit all other programmers to know what the final build options were used. Hence other programmers will never be able to build FINAL binary on their machine and compare size or hash with final binary. So if the team lead is the FINAL person making the binary, then only he need to be taken care of. So I were BEL chief, I would authorize just 1-2 persons to make final binary and tell them to keep final build options secret so that no other programmer can create such binary.

I will suggest a better plan. Let BEL chief ask ONE guy, a project leader, to be entrusted for the integration, testing, and continued maintenance of the software. Then he can do whatever he wants with the code and no one is going to question, right?

I guess the same thing can be done about the drawings of the Arihant ATV, and the Mayawi EW suite.

You give ZERO details about ACTUAL structure BEL follows, actual number of coders, reporting structure etc. If you want answers, pls ask proper questions first with necessary details inside the question itself.

I don't have any information on the system BEL follows. What I know is that a system is in place, and that is subject to audits by a lot of sources. If there is an obvious vulnerability (like a single person handling the code), that will be immediately pointed out and rectified.

Unless of course, it is RahulWorld, where everyone is corrupt.

Security is something you achieve by creating a system of checks and balances that counteract the built in unsecurities. When you cash a cheque in the bank, the clerk does the entry, another clerk authorizes it, and the cashier gives out the cash. Multiple people, procedures, and records makes things secure.

So does the paper ballot. Otherwise you could have done with just one polling officer, right? A system makes it difficult to rig.

re : going to ECI

Pls read what is going on in MH RS election. This is a proof positive that Chawala is corrupt. And I dont like to speak to corrupt officials, unless someone literally puts a gun on my head. As per media etc, I am explaining modulo-5 rigging to anyone who calls and holding as many meeting as I can. As far as I see, most people understand this (after I show them a long table with 25 rows) that modulo-5 rigging can be used to add 100-150 seats to the UPA tally.

You are a free citizen of this country, (thought I don't think you are qualified to be one). You have the right to do anything that is not illegal in this country.

You are also free to post any illogical and irrational ideas here on BRF, unless the admins make a rule against that.

Re : writing code

I will post VB code which

1. creates screen with 2 <= N <= 64 buttons
2. has a hardcoded type = k
3. lets user vote for any candidate
4. in the end in nVotes>200 and nHoursOn >7, it would transfer about 60% votes to FavoriteCandidate
5. FavoriteCandidate = (N + k) mod 5 + 1.

Now if something can be done in VB, it can be done in assembly.

Now pls pardon the delay, as I have other work as such translating the write up in Gujarati, going to offset press to get 1000s of copies printed and so forth.

I don't care about screens and other things. I need the code in a form that can be compiled into an embedded system. VB is not one.

[Dileep]

As of now, the following IMPOSSIBILITIES exist in RM's "incredible machine"

1. Processing five different ICs under the same part number/mask id. The semiconductor fab machines will not accept it.
2. Faking the hash. If the hash or checksum is faked, the programming operation will fail. The hash or checksum will be verified after each block is programmed, so a fixed hash will be an error.
3. Programming five different versions of binary on the chips in production. A new version can only be released after an ECO (engineering change order), and that is a lot of paperwork. This will even include change of labels.

[Rahul Mehta]

http://eci.nic.in/faq/evm.asp

Q21. Is it possible to program the EVMs in such a way that initially, say upto 100 votes, votes will be recorded exactly in the same way as the `blue buttons’ are pressed, but thereafter, votes will be recorded only in favor of one particular candidate irrespective of whether the `blue button’ against that candidate or any other candidate is pressed?

Ans. The microchip used in EVMs is sealed at the time of import. It cannot be opened and any rewriting of program can be done by anyone without damaging the chip. There is, therefore, absolutely no chance of programming the EVMs in a particular way to select any particular candidate or political party.

WhatTH? Does this mean that code in chip is written inside the premises of the Japanese company?

Is anyone sure where the chip's ROM is burned? Is it inside BEL or is it in Japan?

---

And now pls look at this

http://www.indian-elections.com/electio ... hines.html

Q21. Is it possible to program the EVMs in such a way that initially, say upto 100 votes, votes will be recorded exactly in the same way as the `blue buttons' are pressed, but thereafter, votes will be recorded only in favor of one particular candidate irrespective of whether the `blue button' against that candidate or any other candidate is pressed?

Ans. The microchip used in EVMs is manufactured in USA and it is sealed at the time of import. It cannot be opened and any rewriting of program can be done by anyone without damaging the chip. There is, therefore, absolutely no chance of programming the EVMs in a particular way to select any particular candidate or political party.

The above seems to be copy paste from EC's website. So the original website of EC must be having word USA. And then someone from EC removed it. And then, why didnt they write the word Japan?

So two questions.

1. Is the chip made in Japan or US?
2. Is the chip programmed inside BEL or comes programmed from US or Japan?

[Tanaji]

Pls read what is going on in MH RS election. This is a proof positive that Chawala is corrupt. And I dont like to speak to corrupt officials, unless someone literally puts a gun on my head. As per media etc, I am explaining modulo-5 rigging to anyone who calls and holding as many meeting as I can. As far as I see, most people understand this (after I show them a long table with 25 rows) that modulo-5 rigging can be used to add 100-150 seats to the UPA tally.

So basically you are wimping out and not going to Delhi. Typical... when it comes time to actually prove something, you put tail between your legs and run. You have been given an opportunity to present your case to the relevant authorities but you refuse to go because as per you they are "corrupt"? So who made you the judge and jury?

Every accused has the right to face their accuser, you sitting on your high and mighty horse deem the EC (whom you accuse of impropriety) even that basic right! Why is that Rahul? Aren't you the one who is big on judicial reform and want a jury system? The corner stone of that very same system is allowing the accused to face their accuser and being judged by their peers. You tom tom the jury system, yet to deny EC the very same right! Why? because as per you they are corrupt? Or is the real reason that you know deep down in your heart that you have no case, no proof and no evidence. Your theories are impractical, violate basic mathematical and physical laws....

You are a Grade 1 hypocrite!

[Tanaji]

So two questions.

1. Is the chip made in Japan or US?
2. Is the chip programmed inside BEL or comes programmed from US or Japan?

#1: What difference does that make? As per you CIA has bought the US foundry and Sonia controls the Japanese fab. So where the chip is made is really immaterial in your theory.

#2: No idea, but I would strongly suspect its in BEL. Again what difference does it make? As per you Chawla, BEL is corrupt and they put trojans and the fabs are bought by CIA and Sonia. So it does not matter

[Tanaji]

Rahul

You have 3 options now:

1. Show us the code. By code we mean the assembly code that can be inserted in the main program in such a way that the checksum is not violated. A lame VB implementation of the even lamer pseudocode you posted some posts ago proves nothing... we all can write functions that add and subtract. We want something that proves your theory that trojans can be inserted in an assembly code block in such a way that checksums are not violated

2. Go to Delhi and lay your case in front of EC

3. Stop posting

There is a 4th option which is to accept you are wrong and apologize but that would be asking too much,

[Muppalla]

Chawla being corrupt has nothing to do with EVM hacking. There are several ways to subvert the elections and there are several "small ways" to do favoritism to a particular party. Election rigging/subversion is not just hacking EVMs. Yes, Chawla is open INC-Helper and that is beyond doubt. He may have helped them by the following:

1) Allowing the favorable officials transferred in INC states and rejecting such things from NON-INC states
2) Making Varun's issue as extremely big while similar things by other parties as negligible
3) When INC/DMK openly ditributed tons of money to voters couple of hours before the election in TN, he ignored
4) He may have facilitated scientific rigging - Allowing favorable castes to vote and those are not favorable may not see their registrations and hence not able to vote.

Yes he helped INC tremondously but that is not EVM related. Let us not confuse ourselves by mixing up things.

[Dileep]

The FAQ21 seem to be written by a non-technical person for non-technical audience. The "seal" thing is likely the "security bit" setting.

OTPs are never programmed by the supplier. Some very large volume systems have 'mask-rom' where the rom is made in the mask itself. It doesn't make sense in getting it done by another source, because it is going to be way more expensive to do that.

[Dileep]

Well, it is clear what Rahul wants.

He want to make the maximum mileage to his own party with this. Nothing else matters. He knows that he is not going to gain anything to that end by going to EC. Instead, making noise locally in his area, and keeping high visibility will immensely help his party's presence. He want to hoodwink the "commoners" with his jargons and ride them to advance his party.

He has very cleverly used all of us in that end. We did his research, and built knowledge base. Read the document he posted on his site. A lot of the information comes from these pages.

I really don't have a problem with that. I had fun. As long as his party doesn't come to my place and start operating, I am fine.

Well, to be honest, I shouldn't even worry about that. I live in the midst of the followers of Abdunasser Madani, compared with whom Rahul Mehta is a dove.

[derkonig]

http://ibnlive.in.com/news/evms-can-be- ... 425-3.html

EVM manipulation has been demonstrated now, I wonder how will NC & his cronies in Nirvachan Sadan spin this. With time it is increasingly becoming clear that 2009 was a case of stolen elections.

[Dileep]

The Net India people came on news earlier as well. I tried to get the contact info of Mr. Hari Prasad, but his website is all screwed up. I sure would like to debate him on the technical matters.

Anyone can design an EVM, write a program and show that votes can be made to go to anyone. This is equal to someone printing a ballot paper, stamping it and placing it in a box, and claiming that the ballot can be rigged.

Unlike Rahul, who has no clue on technology, but makes out of the world claims, this guy seems to be a techie, and I sure hope he shows up to do the demo to EC.

[Rahul Mehta]

Muppalla, All,

I have attended many such "complain hearings' hosted by local IPS, Municipal Commissioner, Ministers etc. And it is utter waste of time, particularly when the person in-charge is corrupt. The corrupt ones are never interested in any improvement. They ALWAYS pick other corrupt people around him and it is no point talking to their juniors either. If the IAS in-charge is honest, which rarely does happen, then there is a point in communicating to him. But Chawala is hard core corrupt. I dont mind his pro-Congress bias --- such biases are universal. But he is corrupt and it is now very clear from what he did in MH RS elections. Which is why, from day one, I did not send any email or paper complaint to EC. I never demanded any appointment with CEC. I am only interested in dialog with (sic) commons. I have written a very compact description of how EVMs can be rigged DIRECTLY in newspaper has written full detailed explanation at http://rahulmehta.com/evm1.pdf . ECI is welcome to ignore it or put rebuttal on its website.

For all I see, ECI, MPs and PM have not shown ANY interest in collecting opinions of commons whether they want EVMs to go on. Least they can do is to allow us commons to register our YES/NO on laws passed at Talati's office for Rs 3 fee to cover all expenses, and the name of the person directly comes on PM's website. so that there are minimal chances of fraud. If EC is interested in knowing whether commons want EVM to continue or not, he can request PM to create above mechanism. If PM, EC refuse to create above mechanism, that only shows that they are NOT interested in letting us commons register even our opinions of GoI books. In which case, my attending such meetings with them is waste of my time and money. Instead of spending say Rs 20000 (expenses + time lost), in going to Delhi I am better of spending that money in giving more ads in local newspapers.

-----

Tanaji,

You are asking me to write a rigged code that would create the rigged EVM I mentioned. I am ready to write one. Now do you have assembly language reference of the chip that EVM uses? Can you get me one from BEL or EC? No. No. So your statements like "I cant write the assembly code" have no value.

.

[Rahul Mehta]

As of now, the following IMPOSSIBILITIES exist in RM's "incredible machine"

1. Processing five different ICs under the same part number/mask id. The semiconductor fab machines will not accept it.
2. Faking the hash. If the hash or checksum is faked, the programming operation will fail. The hash or checksum will be verified after each block is programmed, so a fixed hash will be an error.
3. Programming five different versions of binary on the chips in production. A new version can only be released after an ECO (engineering change order), and that is a lot of paperwork. This will even include change of labels.

None of them are tech barriers, One can make fab machines which would accept five different ICs with same part number. And (3) is hilarious. Why would anyone create paperwork when he is creating binaries illegally? As per (2), the processor has to "report" fake hash when asked. There is no tech barrier here.

People in industry dont do such as "in general", this has no commercial value. A company will lose business if anyone ever finds out that they have compromised with fab machines. But if one is given huge sum to create chips that can be used to rig elections of India, then that business is not worth losing.

For all I see, your claims that "EVMs cant have rigged chips" assumes that Japanese company which makes chip is honest. And for that matter, you dont even know whether the company is Japanese or Indian. Or dont know who owns the company. No wonder why you are scared of letting commons register YES/NO on laws etc. Because you know that commons will literally laugh at you if you were to make such baseless claims that "Japanese would never rig a chip and never rig a fab machine".

Now pls answer the following question : Are you sure that Sonia doesnt own the Japanese company which makes the chip?

[niran]

I am only interested in dialog with (sic) commons.

But you are not a common Sire, as you claim you are.
you own 4 Flats in Ahmadabad. That makes you
well off not the commons you so frequently claim you are.

Mayawatti have plenty of wealth, she claims she is a Dalita.
Lallu prasad Yadav have a private helicopter he claims he is a commoner.
Ramvilas Paswan owns a fleet of transport trucks numbering into 100s
and he claims to be a commoner.
Kumari Meera Kumar owns half of Sasaram lands she claims she is a commoner.
need i say anything further?

You are looking to make a name and find a place for your party, this fuss about EVM
ain't gonna fulfill your dreams. you will have to be different from the others, may
i suggest you make "Universal free medical treatment" your party war cry.
Takesin shinwatra former PM of Thailand formed a party 17 months before election
and won a landslide which was unprecedented in Thai history, the main reason was ascribed
to his "Universal free health treatment" enabling every Thai to get free treatment, from Common Cold to any disease you can think off. Try it Sire, if you get it right we may have
a BRFite as a CM of Gujrat

[vera_k]

Hari Prasad is said to be a former BEL employee. It's not clear if he worked on the EVMs while employed at BEL.

[Dileep]

None of them are tech barriers,

Sure. In RahulWorld they are not.

One can make fab machines which would accept five different ICs with same part number.

A fab machine is not your office typewriter, or an automatic lathe. We all are used to your out of the world ideas, but this is a new one.

And (3) is hilarious. Why would anyone create paperwork when he is creating binaries illegally?

Paperwork is needed, unless the entire team is corrupt. Do you allege that the 100+ team that produces the EVMs are corrupt?

As per (2), the processor has to "report" fake hash when asked. There is no tech barrier here.

I have repeatedly explained how it is not possible. I will make a separate post to lay it to rest.

People in industry dont do such as "in general", this has no commercial value. A company will lose business if anyone ever finds out that they have compromised with fab machines. But if one is given huge sum to create chips that can be used to rig elections of India, then that business is not worth losing.

That includes a 500 million dollar wafer fab line too?

For all I see, your claims that "EVMs cant have rigged chips" assumes that Japanese company which makes chip is honest. And for that matter, you dont even know whether the company is Japanese or Indian. Or dont know who owns the company. No wonder why you are scared of letting commons register YES/NO on laws etc. Because you know that commons will literally laugh at you if you were to make such baseless claims that "Japanese would never rig a chip and never rig a fab machine".

So, you up the ante once again, claiming that the "semiconductor fab machines could be rigged". Sure. Trivial, piece of cake!!

Now pls answer the following question : Are you sure that Sonia doesnt own the Japanese company which makes the chip?

It doesn't matter who owns the company. I am talking about technical impossibilities here.

But laws of time, physics etc doesn't matter in RahulWorld!

[Dileep]

Hari Prasad is said to be a former BEL employee. It's not clear if he worked on the EVMs while employed at BEL.

I would be glad to debate him n the technology and logistics.

[Dileep]

This is a question to any Rahul Supporters.

Do you support/believe his allegation that the "fab machines", ie the series of machines that process a silicon wafers could be "rigged"?

[Stan_Savljevic]

ib4tl, my first one...

[Dileep]

Why you can't have a fixed hash/checksum on a microcontroller.

I am using a 5 bytes program space, and a straight addition checksum (for arithmetic simplicity). The program space is initially blank, all set to 0xFF. The bytes to be programmed are just arbitrary ones, resembling a binary. The left column are the bytes, and the right column are the incremental sums used to calculate the checksum.

Code: Select all

	Addr	Byte	Sums
Step 1: All blank

	01		FF		00FF
	02		FF		01FE
	03		FF		02FD
	04		FF		03FC
	05		FF		04FB
		
Checksum = 	04FB

Step 2: Program the first byte to C8

	01		C8		00C8
	02		FF		01C7
	03		FF		02C6
	04		FF		03C5
	05		FF		04C4

Checksum = 04C4

Step 3: Program the second byte to DD
				
	01		C8		00C8
	02		DD		01A5
	03		FF		02A4
	04		FF		03A3
	05		FF		04A2
			
Checksum = 04A2

Step 4: Program the third byte to 61
				
	01		C8		00C8
	02		DD		01A5
	03		61		0206
	04		FF		0305
	05		FF		0404

Checksum = 0404

Step 5: Program the fourth byte to 1E
				
	01		C8		00C8
	02		DD		01A5
	03		61		0206
	04		1E		0224
	05		FF		0323

Checksum = 0323

Step 6: Program the fifth byte to 64
				
	01		C8		00C8
	02		DD		01A5
	03		61		0206
	04		1E		0224
	05		64		0288

Checksum = 0288

You can see that initially the checksum is 04FB, and then after each byte is programmed, it changes to a different value. In OTP systems, this is verified (as mentioned in the ATMEL datasheet).

The question of fake hash/checksum is thus laid to rest.

[Rahul Mehta]

This is a question to any Rahul Supporters.

Do you support/believe his allegation that the "fab machines", ie the series of machines that process a silicon wafers could be "rigged"?

Dileep,

I dont mind your shouting. But can you pls avoid putting wrong words in claims I make? I did not say if "one can rig fab machines you get in market". I said that if CIA or anyone wants to make chip-making units which can churn out altered chips with same part number, mask id or unique chip numbers etc, they can. CIA is not going to respect "market norms" and "industry norms".

[vera_k]

Considering the security sensitivity of the product, I am sure there will be a system in place for verification (of the checksum). The FAQ21 is for people who are not familiar to the technical details.

Ok, let's grant that there is a system in place for verifying the checksum. But if it is anything like the software posted earlier, that system itself is vulnerable to tampering such that it reports the right checksum regardless of whatever checksum was generated for the program in the microcontroller.

The key problem from my perspective is that the technical committee which went into the security aspects hasn't considered an attack that does not require any knowledge of candidates or their placement on the ballot. And since they did not, then it is likely that the security around manufacturing the devices is not that great as that wasn't seen as an attack vector.

[Dileep]

Ok, let's grant that there is a system in place for verifying the checksum. But if it is anything like the software posted earlier, that system itself is vulnerable to tampering such that it reports the right checksum regardless of whatever checksum was generated for the program in the microcontroller.

Please read my post above proving how faking a checksum is impossible. Refute it if you can.

The key problem from my perspective is that the technical committee which went into the security aspects hasn't considered an attack that does not require any knowledge of candidates or their placement on the ballot. And since they did not, then it is likely that the security around manufacturing the devices is not that great as that wasn't seen as an attack vector.

This is not extra security. What I am trying to prove is that the standard operating procedures in any decent company would defeat the idea of inserting five different programs in a product.

For example, I can bet that it is impossible in the company downstairs (whose system I helped to put together a decade and half ago) can do that without leaks, this being a pvt.ltd. company.

[Dileep]

This is a question to any Rahul Supporters.

Do you support/believe his allegation that the "fab machines", ie the series of machines that process a silicon wafers could be "rigged"?

Dileep,

I dont mind your shouting. But can you pls avoid putting wrong words in claims I make? I did not say if "one can rig fab machines you get in market". I said that if CIA or anyone wants to make chip-making units which can churn out altered chips with same part number, mask id or unique chip numbers etc, they can. CIA is not going to respect "market norms" and "industry norms".

OK, does anyone here support this claim, in the exact words of Rahul?

Let there be a show of hands! Pranav? Vera? Ravi?

BTW, ALL CAPS is shouting. Large font is not.

[Rahul Mehta]

Why you can't have a fixed hash/checksum on a microcontroller.

I am using a 5 bytes program space, and a straight addition checksum (for arithmetic simplicity). The program space is initially blank, all set to 0xFF. The bytes to be programmed are just arbitrary ones, resembling a binary. The left column are the bytes, and the right column are the incremental sums used to calculate the checksum.

Code: Select all

skipped the code part

You can see that initially the checksum is 04FB, and then after each byte is programmed, it changes to a different value. In OTP systems, this is verified (as mentioned in the ATMEL datasheet).

The question of fake hash/checksum is thus laid to rest.

My question was : Say download and burning is OVER.

After ROM burning is over, how I check the MD5 hash of the contents?

What you have shown is how checksums are checked and verified at the time of ROM burning.

[Dileep]

My question was : Say download and burning is OVER.

After ROM burning is over, how I check the MD5 hash of the contents?

What you have shown is how checksums are checked and verified at the time of ROM burning.

The answer is, you can't do the BURNING, because when the first byte is written, and its verify cycle is made by the programmer equipment, it will see the wrong checksum and error out.

[Pranav]

The situation is even worse than what one had feared - the burning of the program onto the chip is being done in foreign countries.

Looks like foreigners are trusted with the software, but not the people of India.

--------------------------------------------------------------------------

Come and prove your point on EVMs, EC tells petitioners
http://www.hindu.com/2009/08/02/stories ... 521000.htm

Special Correspondent

Demonstration planned this week
--------------------------------------------------------------------------------

Software is one-time programmable and is burnt into chip at the time of manufacture

EVM in India is a fully stand-alone machine
--------------------------------------------------------------------------------

New Delhi: The Election Commission has invited all those who have expressed fears about the possibility of electronic voting machines being tampered with to prove their point. It will hear their views here in the first week of August in the light of the Supreme Court observation, while disposing of a plea by V. V. Rao and three others raising questions about the use of the EVMs, that the petitioners could approach the Commission.

The Commission said, “Those who have made petitions before the courts have been invited for the purpose along with the political parties which have written to the Commission.”

A demonstration, at the headquarters of the Commission, would be held in the presence of a technical experts group as well as engineers representing EVM manufacturers. The Commission expects that the demonstration would once and for all set at rest any misgivings anywhere, “in the interest of the country’s electoral democracy.”

It said: “The Commission remains entirely satisfied that EVMs cannot be tampered with. These are fully tamper-proof. So far, no one has been able to demonstrate that EVMs used by the Election Commission can be tampered [with] or manipulated. EVMs have served the country’s elections well. These were introduced after long ranging political, technical and administrative consultations since 1979. The use of machines has helped to prevent several electoral malpractices and resulted in more efficient conduct of elections.”

The Commission said the petitioners in courts and some others alleged that that the machine could be tampered with during the manufacturing process or while operating it. “It has also been mentioned that some of the Western countries have given up using the EVMs. The fact is that unlike the machines used by other countries, which are based on operating systems, the software in the EVM chip is one-time programmable and is burnt into the chip at the time of manufacture. Nothing can be written on the chip after the manufacture.”

Elaborate checks


It said: “The EVM in India is a fully stand-alone machine without being part of any network and with no provision for any input. In addition, elaborate administrative measures and procedural checks are in place to make the EVM doubly safe against any possible tampering or misuse. So, it is completely tamper-proof. At the same time, the Election Commission is fully alive to its onerous responsibility not to allow even a small shade of doubt about any aspect of its operation. While the Commission completely rejects the contention regarding fallibility of the EVMs, it has now decided to go the extra distance by inviting all those who have expressed reservations about the machine to come and demonstrate the points made in their allegations.”

[Tanaji]

The situation is even worse than what one had feared - it looks like programming is done in foreign countries.

Rahul Mehta says EVM is rigged because BEL is easy to corrupt (assumption being BEL does the programming). You say its worse because the foreign guys are doing it.

You just cant win with these guys.

[Dileep]

Where exactly does it say it is done outside India?

[Rahul Mehta]

My question was : Say download and burning is OVER.

After ROM burning is over, how I check the MD5 hash of the contents?

What you have shown is how checksums are checked and verified at the time of ROM burning.

The answer is, you can't do the BURNING, because when the first byte is written, and its verify cycle is made by the programmer equipment, it will see the wrong checksum and error out.

Dileep,

Instead of twisting questions and giving twisted answers, can you tell me : How would I read MD5 hash of contents of ROM in a chip from existing EVM which is in district warehouse.

IOW, say we bring an EVM from District warehouse. BEL will say that the source code in EVM's chip is A. I compute MD5 Hash of A. Now can I compare with output from chip RIGHT now? If yes, pls explain how. Which pin should be given what input and what would be the output format from the chip's which pin?

[Rahul Mehta]

The fact is that unlike the machines used by other countries, which are based on operating systems, the software in the EVM chip is one-time programmable and is burnt into the chip at the time of manufacture. Nothing can be written on the chip after the manufacture.

The person in EC deliberately trying to confuse the people..

What does word manufacture mean? Manufacture of EVM or manufacture of chip?

If the word manufacture means manufacture of chip, then that means that the Japanese company is writing the code in the chip.

And if it means manufacture of EVM, then that means that BEL may be writing the code in the chip.

---

I suspect fish because of this confusion he is trying to create. If a person has nothing to hide, he will give very clear answers in simple language. He is not disclosing in clear language who wrote the code, who compiled it and who burned the code in the ROM.

Also, now the claim that chip and PCB does not have RF has capability is should be doubted. Because Indirsen committee says that they had seen demo and manufacture's presentations ONLY. They did NOT rip apart even 10 EVMs and verified if there was and was not any RF reciever. Some 2mm of RF probe will be sifficient to receive 10 bytes from a van sized equipment 100m away. So unless proven otherwise, we should assume that EVM can get data using radio wave. And if that is true, I can send a "media" van fitted with such equipment near booths or collector office, and everyone will think I am just giving election coverage. Hell, even driver wont suspect that he is being used to send candidate number to EVMs. So one can just start a media company as a cover to send vans and rig 10000s of EVMs.

[Rahul Mehta]

Rahul Mehta says EVM is rigged because BEL is easy to corrupt (assumption being BEL does the programming). You say its worse because the foreign guys are doing it.

You just cant win with these guys.

Tanaji,

Your lies apart, you are now making statements which I did not make. I did NOT say that EVERYONE in BEL is corrupt. I only said that 5-8 people in BEL are corrupt and that does include top 2-4 guys. And thats all I need to add rigged code in chip. You are twisting my words and saying "RM says that everyone in BEL is corrupt".

And I always said that foreigner is LESS dependable than persons in India.

---

And you and Dileep are the one who are claiming that made in Japan chip should be assumed as unrigged, even though you dont have faintest clue who owns that chip company. You dont even know whether CIA owns it. You dont even know if Sonia owns it. And yet you go around claiming that the chip is 100% unrigged and even throw bile on people who suspect imported chip and also insult people just because they suspect chip. Please stop this chip bhakti. It is crossing all limits of sanity.

The chip has to be assumed as rigged within all technological possibilities that exist in world. And if the code came with chip, so is code. Unless you can prove that chip in EVERY 700,000 EVM is unrigged and code in every 700,000 chips is unrigged, your case is lame. You might be able to sell your chip bhakti to experts with 4 digit IQ. But we commons have IQ between 95 and 110 (mine is 107). And none of us will agree with chip bhakti.

We started with debate on whether "we commons will agree with EVMs" or not. As if chip bhakti is all you are left with, I dont think even 2% of us commons will agree with EVMs. You may be able to continue with EVMs by diverting commons' attention on useless topics (homosex, communalism, secularism etc) but not otherwise.


.

[Dileep]

Instead of twisting questions and giving twisted answers, can you tell me : How would I read MD5 hash of contents of ROM in a chip from existing EVM which is in district warehouse.

IOW, say we bring an EVM from District warehouse. BEL will say that the source code in EVM's chip is A. I compute MD5 Hash of A. Now can I compare with output from chip RIGHT now? If yes, pls explain how. Which pin should be given what input and what would be the output format from the chip's which pin?

I don't know which chip the EVM uses, hence I can't answer how exactly.
If you use the ATMEL chip I mentioned earlier, the exact access method is given in the data sheet.

[Dileep]

The person in EC deliberately trying to confuse the people..

What does word manufacture mean? Manufacture of EVM or manufacture of chip?

If the word manufacture means manufacture of chip, then that means that the Japanese company is writing the code in the chip.

And if it means manufacture of EVM, then that means that BEL may be writing the code in the chip.

Easy to solve. Appear for the EC meeting and ask the questions.

If you are going, I can giver you some questions I myself am interested to get answers for.

I suspect fish because of this confusion he is trying to create. If a person has nothing to hide, he will give very clear answers in simple language. He is not disclosing in clear language who wrote the code, who compiled it and who burned the code in the ROM.

Also, now the claim that chip and PCB does not have RF has capability is should be doubted. Because Indirsen committee says that they had seen demo and manufacture's presentations ONLY. They did NOT rip apart even 10 EVMs and verified if there was and was not any RF reciever. Some 2mm of RF probe will be sifficient to receive 10 bytes from a van sized equipment 100m away. So unless proven otherwise, we should assume that EVM can get data using radio wave. And if that is true, I can send a "media" van fitted with such equipment near booths or collector office, and everyone will think I am just giving election coverage. Hell, even driver wont suspect that he is being used to send candidate number to EVMs. So one can just start a media company as a cover to send vans and rig 10000s of EVMs.

All these could be answered by going to the meet. Why don't you do it?