Not logged inRybka Chess Community Forum
Up Topic Rybka Support & Discussion / Rybka Discussion / Rybka 4 protection
1 2 Previous Next  
- - By joule1 (*) Date 2009-10-30 08:11 Edited 2009-10-30 08:14
There is a rumour on the Internet that "Rybka 4"  will have a heavy padlock on its code.
I hope that will not hurt the performance as we then can't find out and compare with the unlocked version.
For a chess program it is very hard to really protect the code from reverse engineering and making the code hard to break, (it makes the engine only slower.)

There is no copy protection the hackers can't break we see this over and over again.
A heavy protection only hurt's the users, not the hackers.
For myself i refuse to buy software that requires that i insert the DVD every time i want to use the program i hope Vas will not use this kind of protection.
Parent - - By Uly (Gold) Date 2009-10-30 14:37

> For myself i refuse to buy software that requires that i insert the DVD every time i want to use the program i hope Vas will not use this kind of protection.


He said he would never do that.
Parent - By joule1 (*) Date 2009-10-30 16:32
That's good news. Thank you!
Parent - - By M ANSARI (*****) Date 2009-10-30 18:20
I think you are refering to one of my posts where I mentioned that I think R4 should have preventetive measures to avoid what happened with first Rybka then Rybka 3.  This has more to do with circumventing hackers from stealing code rather than acivating the software.  Vas has always said he is against using DVD insertion or even dongles as  earlier versions of Chessbase did and still do (DVD insertion).  I hope that doesn't change as it definetely would be a turn off.  I do think that Vas has to seriously think of ways to prevent or at least to make the life of someone who wants to steal the code extremely miserable.  The ideal situation would be that it would take so long to disassemble the code and make sense of it until the new version comes out.  If you are on a one year release cycle then the system you use must be very good indeed, as one year is quite a long time.

I do sometimes wonder if Vas has a good business model with Rybka.  There are just an incredible amount of illegal Rybka 3 copies out there, probably much more than legal.  Maybe some scheme where each person who buys Rybka has a specific code for his program in which he can install it on his computers.  I am not sure how effective that would be and personally I would hate it because I have a zillion computers all over the place and I continuously change and upgrade my computers.  But I also want to see progress in computer chess engines and I think the best way is to have someone work on it full time professionally.  If the rewards of this are not there, the incentive for working on chess engines professionaly will be lost.
Parent - By Mark (****) Date 2009-10-30 20:03
I really think the answer to "stealing the code" is to come out with new versions every six months or so...
Parent - - By Uri Blass (*****) Date 2009-10-30 20:42
I think that most of the people who use the illegal copies are not going to buy Rybka even if it is impossible to get an illegal copy so I think that giving people speific code for the rybka engine is a bad idea.

If you want to see progress in the computer chess engine then maybe it is better if Vas release rybka4 as free source code.
Unlike you I do not think that the best way to get progress in computer chess is to have one person who work on it full time job and it may be better to have some programmers who try to improve free source code(it is already done in the stockfish project)

Uri
Parent - By Aliven (***) Date 2009-10-30 22:37
Vas has to make a living aswell. Plus he has a right to protect his hard work, I know I would feel funny about giving all my blood and sweat out for free.

Sure some people do this, and it's a noble decision, But maybe it isn't for everyone.
Parent - By M ANSARI (*****) Date 2009-10-31 06:35
I think if Rybka 4 source code would be given out free, it would give a temporary boost as everyone catches up and then things will become stagnant.
Parent - - By Highendman (****) Date 2009-10-30 21:10
I doubt run-time code obfuscation (http://en.wikipedia.org/wiki/Obfuscated_code) - which is even available by some compilers / linkers - would pose any serious issue to anyone with enough malice and time to waste on reverse engineering something like this. You don't feed trolls, and you don't waste time worrying about them and how to stop them. I'm sure there are better investments of Vas's time, and he's actions (or lack thereof) demonstrate he's done the same analysis, and reached the same conclusions imho.

However, on the license side  / piracy protection - while dongles, dvd check etc are obnoxious, most users got mentally indoctrinated to accept the concept of 'activation.
Maybe granting 3 or 5 activations per licensee as some buyers would run Rybka 4 on more than one machine.

However, let's analyze this from the buisness prespective - not from how to implement activation.

What would be the benefits for Vas in adding some activation mechanisem vs. the costs of doing that (set up cost and run-rate cost for supporting activation)?

Benefits:
1. It would give Vas a way to audit the sales figures his resellers (ChessOK and Chessbase) really have
2. It will, at least for a while, increase to some extent the sales revenue by pushing back piracy start date. Probably not for long. However, a key question is how many of the pirates would buy Rybka 4 in the period until the activation is cracked. I'd guess a best case scenario is 10% of the pirates would. The others would wait for the activation to be cracked - which would happen sooner or later.

Now what would be Vas's costs?
Unless he outsources the Activation management to some third-party (forking a percentage of license revenue for each activation), he'll need to deal with building this, running this (cost of server, online processing etc), increased support volume - e.g. I lost my keys bla bla.

And the sad thing is this would continue even after the activation has been cracked - because he will still need to continue supporting the legitimate buyers who would still need to activate.

In addition, it's not clear if Vas really needs to know or audit in real time what are the license figures of his resellers - maybe he's revenue is not based on volume or actual sales, but a retainer? And maybe these resellers would get pissed by this visibility and wouldn't have it?

So to summarize - my quick analysis says Vas is better off, in this sort of product, not introducing activation as once its cracked - and there's no uncrackable activation without an expensive h/w device (not just a dongle but a crypto-device that generates random passwords - and that too can be cracked) - he will still incure the run-rate costs with immediate diminishing return.

Granted, I did this analysis just with my biased common sense and without Excel running volume, demand, pricing, trying to estimate time to crack of activation and estimated revenue increase/decrease based on possible crack date (which btw would be one of the two most important variables that decides the strategy), volume of pirates , estimated percent of pirates that would buy if they can't pirate (which is the second most important variable here) etc to create more of a proof of the above - I could do that too hehe - but based on table top 10 minutes mental exercise- my conclusion is Vas is better off making Rybka 4 as strong as possible to maximize his personal return on investment, and nothing else.

Cheers,
Shahar
Parent - - By Vasik Rajlich (Silver) Date 2009-10-31 05:50
I agree with your statements here pretty much 100%. Some remarks:

1) In general, you win by creating as much value as possible, not by trying to squeeze as much as possible out of limited value. It's better business and it's better psychology.

2) Activation schemes and dvd checks are all easily cracked. The only way to remain safe is to create something not many people want to use, a solution I'd rather avoid. :)

3) Some software developers take an unhealthy view of piracy, thinking that pirates personally steal from them and asking themselves questions like "How rich would I be if piracy were impossible?". In reality, if piracy were impossible, the entire game would be completely different and in particular the level of effort and organization by competitors would be different.

I talked to Stefan Meyer-Kahlen, the longtime #1 in the first half of this decade, about this. There was also a decompiled Shredder, while another competing author would gleefully mention things he'd learned from his own Shredder reverse-engineering (yes, computer chess authors can be more than a little competitive :)). His approach was to diversify his business - he wrote a GUI, made a professional web site (back when it wasn't quite as fashionable), and so on.

When I started with Rybka, I wondered how plausible it would be to catch up with smart guys who had a 10-year full-time head start on me and who were established enough to be able to continue working full-time. As it turned out, after just 2+ years of work and only 3 months after quitting my job to work on Rybka full-time, I was able to set up a functioning business in this field. This would have been much harder had Stefan and other competitors not also had these same hurdles to deal with.

4) As the sports saying goes, don't let an opponent beat you twice - first on the field, and a second time by affecting how you play the next game. Sometimes the best thing you can do is just not let something beat you twice.

Having said all of this - there is in fact a solution to these problems, one which I'll announce fairly soon. It's so good that it would be a no-brainer even if piracy didn't exist - it's a win-win-win for everybody (customers, partners, and Rybka) and I am very optimistic about everything. I'll keep the suspense a bit longer, but let me also mention two other approaches which I considered and rejected:

1) Diversifying - I like working on game-playing algorithms rather than things like GUIs and web stuff, so for me this would have involved going into another game. It's safer to have two games at #1 by 50 Elo than one game at #1 by 150 Elo, the latter makes you more of a target. The problem is that this goes against how I like to work. Some people get bored doing the same thing every day, but I tend to get energized by digging really deep.

2) Hardware (FPGA) Rybka, sold for 500-1000 Euro, in addition to the software version - This would have been an interesting project, and a Rybka-shaped USB stick would have been super-cool :), but while FPGA can deliver performance, I came to see it as more of a business trick than as something which would provide true maximum customer value.

Vas
Parent - - By M ANSARI (*****) Date 2009-10-31 06:28 Edited 2009-10-31 06:30
I guess a good compromise would be a hardware solution on top of a software solution.  You get a choice of buying a Rybka that is as strong as a Rybka can be but with code that is heavily optimized for security and thus a little slower, and then FPGA card that would remove all the protection and thus make code much quicker as well as give additional advantage available on the hardware that doubles to improve performance by hardware.  One idea would be to have a hook to allow usage of bitbases on card thus dramatically accelerating EGTB improving play and analysis.  Maybe it is also possible to have some card that also increases search dramatically via hardware. So the hardware would actually serve as a double function, added security and added performance ... while the original software would still work as a stand alone product just as it did before.  I think that would work and most would be happy with that as it is a win win situation for all.  The chess nuts would have the option of added performance for an added fee that would require some sort of hardware, while the average Rybka buyer would still be able to use Rybka as he has always done before.  Already quite a few people are improving EGTB access for Rybka by using USB sticks and SSD drives, so this idea would not be too alien.
Parent - By Vasik Rajlich (Silver) Date 2009-10-31 18:33
The problem is that an FPGA Rybka would be a significant detour for me. It would need to be much stronger than the software version, and it would need to sell in reasonable quantities.

Anyway, this will all be periodically revisited.

Vas
Parent - - By Highendman (****) Date 2009-10-31 07:19
"I agree with your statements here pretty much 100%.

It's cool I reached your own analysis on this. I'm honoured :)

"...there is in fact a solution to these problems, one which I'll announce fairly soon. It's so good that it would be a no-brainer even if piracy didn't exist - it's a win-win-win for everybody (customers, partners, and Rybka) and I am very optimistic about everything. I'll keep the suspense a bit longer..."

Regarding your suspense building statement - I'm going into deep though now :) I guess it's no secret I'm a highly competitive person myself as well, and you've now presented a few clues and a challenge I can't resist. As the terminator says - I'll be back. However I'll keep silent irrespective of my guess work to not accidentally hurt your thunder ;)
Parent - - By Highendman (****) Date 2009-10-31 09:38
Okay, so after a few cigarettes - Vas - any objection from your side about me throwing some guesses on what your idea / announcement might be?
Parent - - By irulats (****) Date 2009-10-31 12:09
We all thrive on speculation here.

I can't wait to hear what you'll guess...

then I won't be able to wait to find out if you're right!!  :)
Parent - - By Highendman (****) Date 2009-10-31 12:13
I sent Vas and Lukas a quick email with one of the wild ideas I came up with ;) so if it's that they'll be able to confirm. Though it may have been too wild.
I'll send another note with few more ideas that Vas's post triggered in me later this weekend after I work out their commercial viability.
It's kind of funny how the source of many ideas is pure curiosity on what the other guy / company may be planning :)
Parent - By irulats (****) Date 2009-10-31 18:20
Let us know what becomes of it and if your haunch was on target!
Parent - - By Vasik Rajlich (Silver) Date 2009-10-31 18:34
I got your email -- ummm, what are your rates for business consulting? :)

Vas
Parent - - By Highendman (****) Date 2009-10-31 19:26
I'm really honoured to see I've hit a home run ;)
I'm actually very (very) expensive but for you my best rate is free of charge lol. I'm having so much fun with this reestablished hobby that I'd be more than happy to help.
Just sent another email :)
Parent - - By Vasik Rajlich (Silver) Date 2009-10-31 19:29

> I'm actually very (very) expensive but for you my best rate is free of charge lol.


That's a reasonable offer, let me think about it. :)

Vas
Parent - By Sesse (****) Date 2009-10-31 19:45
Come on, if you have any business sense you'll make him pay for it... =)

/* Steinar */
Parent - By Ricky (***) Date 2009-10-31 17:29
My guess would be that Rybka 4 price will be so cheap that even the hackers can't resist to buy it!!! Also, the value/price for the customers is so great that he will take over the competition.

Let me come back to reality, I guess, we all will have to wait.

Ricky
Parent - - By yanquis1972 (****) Date 2009-10-31 07:37
any particular reason fpga rybka would have to cost so much? i think many people here would buy it, at least eventually, if the hardware boost was massive, even at that price (id like it to be a lot lower myself, obviously).

anyway regardless like m ansari i really like the idea. people who have fully functional computers but are thinking about ugprading for chess (i realize thats a very small #, but at this forum it happens all the time) could just purchase & pop in a usb stick & instantly get a big upgrade...and i dont get what you mean about business tricks & customer value, providing a fair price & real gains - doesnt the customer decide that for himself?
Parent - - By GCP (***) Date 2009-10-31 08:48
I wouldn't expect a massive hardware boost from an FPGA. The problem is that common, mass produced CPUs are too advanced and have large advantages in numbers (driving price down a lot) and process and design engineering. It is a lot for an FPGA to overcome.

When I did the numbers the cluster version came out as more promising :)
Parent - - By M ANSARI (*****) Date 2009-10-31 09:34
Maybe something different than FPGA cards, maybe something using CUDA or some Physics card.  Even if CPU's would be a better option, at least with this you can have some sort of software protection from piracy.  Also a tiny change in performance in a certain area can make a huge difference in performance of a chess machine.  I remember when testing my Octa Skulltrail, I managed to reduce the performance of the machine by 300 ELO by simply going from 16mb in cache size in the GUI to 1mb.  Ofcourse this was at fast time controls, but the point is that a small drop in performance in one tiny area can have a huge impact on chess playing strength that is only observable under some circustances.  In that case it was due to a larger cache being extremely important with regards to endgame play with little time left.
Parent - By GCP (***) Date 2009-10-31 09:45

>Maybe something different than FPGA cards, maybe something using CUDA or some Physics card.  Even if CPU's would be a better option, at least
>with this you can have some sort of software protection from piracy.


Using CUDA or Physics cards doesn't provide any protection.
Parent - - By Vasik Rajlich (Silver) Date 2009-10-31 18:36
There is no question that without the advantage that FPGA is 100% protectible, it doesn't make sense at all.

Vas
Parent - - By GCP (***) Date 2009-10-31 18:41

> FPGA is 100% protectible


I'm sure I know at least one person who'd disagree with the above, from professional experience :)
Parent - - By Vasik Rajlich (Silver) Date 2009-10-31 19:25
Really?

One of my friends from MIT works at Xilinx and he assured me otherwise.

Vas
Parent - - By GCP (***) Date 2009-10-31 19:41

>One of my friends from MIT works at Xilinx and he assured me otherwise.


Did you expect any other reply? :) He can hardly tell you that the security features in their latest designs are broken, can he? And the person succeeding in breaking it isn't going to announce it, either. So I'm sure that, to the best of their knowledge, it hasn't been broken yet :)

The question is just how much dedication, money, resources and knowledge you can bring to bear.
Parent - - By Vasik Rajlich (Silver) Date 2009-10-31 20:08
This wasn't a sales job (yes, I'm sure). :) Can I ask roughly how complex the broken logic was and/or how much harder FPGA is to crack than a windows executable?

Vas
Parent - - By GCP (***) Date 2009-10-31 20:18

>This wasn't a sales job (yes, I'm sure).


I can believe that, but I wouldn't trust anyone to be objective about his own company or products, even when trying.

The problem I mentioned in the previous post still exists - if it happens, they won't know about it for a while.

>how much harder FPGA is to crack than a windows executable?


Oh, different orders of magnitude, no question about that. But 100%? I'd bet money on the opposite.
Parent - By Vasik Rajlich (Silver) Date 2009-11-01 06:16
Ok, thanks for the comments. For something as complex as a chess engine, this sounds like only a theoretical problem.

Vas
Parent - - By GCP (***) Date 2009-10-31 19:49
Actually, the real advantage is that the FPGA is an extra item you would have to buy, even if it gets hacked. People already have graphics cards, so a hacked Rybka-CUDA would be free. The FPGA version would never be free, and if you're going to spend money, I think you'd rather have the real thing.
Parent - - By Vasik Rajlich (Silver) Date 2009-10-31 20:13
Sure, even if the raw FPGA is 10x cheaper, most users wouldn't be able to do this themselves. The problem is that the cracked verilog could be converted to C and then we're back to square 1.

Vas
Parent - - By GCP (***) Date 2009-10-31 20:20
If it came from a C-to-verilog translator, yes.

If it was a proper hardware design, I wouldn't worry about it. Performance would suck.
Parent - - By Sesse (****) Date 2009-10-31 20:43
And of course, if you drop the whole fanciness of FPGA and just make custom silicon instead, you can a) clock it a _lot_ higher without worrying too much, and b) gain another order of magnitude (or two, or three) to the cost of reverse-engineering it.

Of course, the prices stack up quite differently, so you'd need to count on economies of scale, which perhaps doesn't work so well for this market... :-)

/* Steinar */
Parent - - By GCP (***) Date 2009-10-31 20:49

>b) gain another order of magnitude (or two, or three) to the cost of reverse-engineering it.


Are you sure that reversing a real chip is harder than reversing an FPGA?
Parent - - By Sesse (****) Date 2009-10-31 20:58
With an FPGA, at least you have a theoretical option of breaking the protection and getting the chip to reveal its contents directly to you. With custom silicon, you don't have many options short of getting out the (possibly electron) microscope. Of course, it depends on the relative complexity of the chips -- an FPGA needs more gates to do the same thing, but you can build much larger and more complex chips with custom silicon.

/* Steinar */
Parent - - By GCP (***) Date 2009-11-01 09:26
I was thinking that if you don't succeed in breaking the bitstream encryption, it's probably easier to slice/photograph the physical circuits of a real ASIC than it is to read out the charge in the SRAM cells of an FPGA.
Parent - - By Sesse (****) Date 2009-11-01 10:55
Oh, so we're actually assuming an FPGA design which is loaded from the PC every time? If so, my money is definitely on the circuit being harder to break; FPGA has two ways in (break the encryption, or reverse-engineer the chip to break the encryption), while the circuit only has one (reverse-engineer the chip).

There are some “program-once” FPGA designs which basically burn fuses on load; I don't know how those would stack up.

/* Steinar */
Parent - - By GCP (***) Date 2009-11-01 11:10

>Oh, so we're actually assuming an FPGA design which is loaded from the PC every time?


Not at all, that would be pretty silly. FPGA's are typically loaded at boot time from an EEPROM (and in this case, it would be a secured one sending out an encrypted bitstream).

>If so, my money is definitely on the circuit being harder to break; FPGA has two ways in (break the encryption, or reverse-engineer the chip to break
>the encryption), while the circuit only has one (reverse-engineer the chip).


The thing is that if you can't break the encryption, reverse engineering a real chip might be easier than reverse engineering an FPGA, because the first involves physical structures while the second involves reading out charges.
Parent - By Sesse (****) Date 2009-11-01 11:34
Depends. One possible mode of attack would involve reverse-engineering the decryption chip...

/* Steinar */
Parent - By Vasik Rajlich (Silver) Date 2009-11-02 07:16
Reading between the lines, I guess that the FPGA crack you mentioned earlier involved cracking the EEPROM.

Vas
Parent - - By Vasik Rajlich (Silver) Date 2009-11-01 06:18

> If it was a proper hardware design, I wouldn't worry about it. Performance would suck.


Even after round after round of cleaning?

I am sure that vast sections of the logic would need to be simple C dumps.

Vas
Parent - - By Sesse (****) Date 2009-11-01 11:01
It really depends on what kind of chess engine you're building. I mean, when you build a chess engine you take lots of choices based on what's fast on a CPU; the bitboard representation is a good example. When in hardware-land, you make different tradeoffs, and it's pretty easy to make something that works just fine in hardware but would be sloooow in software.

Take something as simple as a given permutation of all the bits in a 64-bit word. In software, you have to do tons of masks and shifts and ors, or some sort of series of table lookups; in hardware, you just route the pins where you want them. If you build your chess chip in a way that actually makes use of such things, any software reimplementation would have to either leave them out (losing strength) or face the speed consequences (losing strength again).

/* Steinar */
Parent - - By Vasik Rajlich (Silver) Date 2009-11-02 07:21
Maybe if Rybka started from the beginning as an FPGA project, the entire global design would be different, etc.

In reality, porting existing Rybka to verilog would probably involve a lot of low-level and medium-level transformations, and some new intra-engine interface to divide the work, but no real high-level transformations. The reverse-transformation from verilog to C doesn't seem like a huge fundamental problem (although I am sure it would be tedious as hell).

Vas
Parent - - By Sesse (****) Date 2009-11-02 10:57
Yeah, I think that was what was meant by “a proper hardware design” =)

I'm sure you've read the book about Deep Blue, and thus how it started out as an interesting exercise in how to best model a chess board in a chip. That's starting with the hardware indeed =)

/* Steinar */
Parent - By Vasik Rajlich (Silver) Date 2009-11-03 05:50
Aha. Well, in that case there is a third option between "proper hardware design" and just running through a C-to-verilog translator.

Vas
Parent - - By M ANSARI (*****) Date 2009-10-31 20:47
Wouldn't that be emulation though?  That would not be a problem since all it would do would be give you the performance of the non hardware solution which you already have with non accelerated Rybka.  You would need the hardware to get native performance.  I mean although you can get your computer processor to emulate video decoding to play an HD video movie, a graphics cards would dramatically improve the performance.  A proprietary hardware card would need to be bought to get the true performance, and the only way to steal that would be to physically steal the cards.  I am pretty sure even the most hardcore software pirate apologists would think that would be wrong .... although you never know!
Up Topic Rybka Support & Discussion / Rybka Discussion / Rybka 4 protection
1 2 Previous Next  

Powered by mwForum 2.27.4 © 1999-2012 Markus Wichitill