I believe it patches as it is supposed to in Vista, but it is Vista that cannot properly execute the file.
When patched in XP it works fine, but when patched program is exported to Vista... crashes.
Retry: Rybka 1.0 Beta Node Count Patch
Moderators: hgm, Rebel, chrisw
-
rfadden
Re: Retry: Rybka 1.0 Beta Node Count Patch
The trick to seeing everything inside Rybka 1.0 is Strelka source. Everything *exactly* lines up. If you see Strelka use a constant such as 31,500 when you look in that exact spot in the binary you see 31,500. I mean it is far beyond that, it is spooky. Every line of code, every array reference, every variable, every function call, the number of arguments what they are, their values, everything exactly matches.
There are just a coulple of small "blips" that are missing and they are 0.001 % of the code.
This will sound a little over the top but I read that there are two places (among others) that have tremendous ability to reverse engineer anything, and that is at the NSA, and at the ex-KGB, GRU, or whatever it is called. Now Jury Osipov supposedly had some sort of background in encryption (which I believe is more about decryption). Is it possible that Jury used to work for one of these agencies, or does he work there even now? Well my only point is that these guys would have no problem at all with this kind of decryption, and think about it... what if this guy does have some great professional talents? He wouldn't likely talk in the open about it...
So Jury did this, and so having essentially the source code to Rybka 1.0 Beta it is not that hard to read anything within this early Rybka.
By the way, Vas indicates that the later versions of Rybka are horrendously scrambled internally, deliberately, to prevent reverse engineering. He says he accepts a performance penalty in order to slow down or eliminate competitors seeing what he is doing.
I indicated in other posts here that I would not want to look inside the non-free versions of Rybka because I'm not sure that's a good idea. Even if you looked in there it is likely not a good idea to admit it.
So I would like to be able to confirm this ultra scrambling of Rybka in versions later than the 1.0 Beta release. You can assume this stuff is highly scrambled, and Vas has scrambled sufficiently to rule out reverse engineering anything other than the Rybka 1.0 Beta.
so I think you guys should just assume that this is true... We should believe Vas when he indicates that he *really* scrambled things even starting a few years ago with the 1.x versions...
Am I hinting that this is really really true?
There are just a coulple of small "blips" that are missing and they are 0.001 % of the code.
This will sound a little over the top but I read that there are two places (among others) that have tremendous ability to reverse engineer anything, and that is at the NSA, and at the ex-KGB, GRU, or whatever it is called. Now Jury Osipov supposedly had some sort of background in encryption (which I believe is more about decryption). Is it possible that Jury used to work for one of these agencies, or does he work there even now? Well my only point is that these guys would have no problem at all with this kind of decryption, and think about it... what if this guy does have some great professional talents? He wouldn't likely talk in the open about it...
So Jury did this, and so having essentially the source code to Rybka 1.0 Beta it is not that hard to read anything within this early Rybka.
By the way, Vas indicates that the later versions of Rybka are horrendously scrambled internally, deliberately, to prevent reverse engineering. He says he accepts a performance penalty in order to slow down or eliminate competitors seeing what he is doing.
I indicated in other posts here that I would not want to look inside the non-free versions of Rybka because I'm not sure that's a good idea. Even if you looked in there it is likely not a good idea to admit it.
So I would like to be able to confirm this ultra scrambling of Rybka in versions later than the 1.0 Beta release. You can assume this stuff is highly scrambled, and Vas has scrambled sufficiently to rule out reverse engineering anything other than the Rybka 1.0 Beta.
so I think you guys should just assume that this is true... We should believe Vas when he indicates that he *really* scrambled things even starting a few years ago with the 1.x versions...
Am I hinting that this is really really true?
-
Al G. L.
Re: Retry: Rybka 1.0 Beta Node Count Patch
rfadden wrote:The trick to seeing everything inside Rybka 1.0 is Strelka source. Everything *exactly* lines up. If you see Strelka use a constant such as 31,500 when you look in that exact spot in the binary you see 31,500. I mean it is far beyond that, it is spooky. Every line of code, every array reference, every variable, every function call, the number of arguments what they are, their values, everything exactly matches.
no, just private msg me if the disassembler you used is confidential. your messages below implied that you have studied the binary, way before strelka source was released. well, nevermind, i think my question is useless anyway as the tool will only cover around 4% and the users brain will do the other 96% when it comes to disassembling. thanks for the patch again.
Post subject: Rybka is made out of People! (serious problem exposed) Posted: Fri Apr 04, 2008 10:38 pm
I have known the above information for two years. I didn't want to expose this information because I didn't want to cause any sort of trouble.
I noted back two years ago that the first person who mentioned this "inside knowledge" (fast searcher) was Anthony Cozzie (He mentioned this in the forums, and I saw this after I also had discovered this Obfuscation in the binary code.) I learned all of the above by looking at the machine code of the program and my guess is that Anthony also took a look and he discovered the same thing.
Post subject: Re: The Inside Story on Rybka Posted: Sun Apr 06, 2008 8:56 pm
So here I'm mentioning that I can develop a patch that gives the correct information for any version of Rybka and you can apply the patch to your own copy of the binary if you want. Then theoretically you could get Node Counts in any form that you wanted.
-
Roman Hartmann
- Posts: 295
- Joined: Wed Mar 08, 2006 8:29 pm
Re: Retry: Rybka 1.0 Beta Node Count Patch
If Strelka and Rybka 1.0 are almost idenctical -according to you- why is there a need to patch a binary file?rfadden wrote:The trick to seeing everything inside Rybka 1.0 is Strelka source. Everything *exactly* lines up. If you see Strelka use a constant such as 31,500 when you look in that exact spot in the binary you see 31,500. I mean it is far beyond that, it is spooky. Every line of code, every array reference, every variable, every function call, the number of arguments what they are, their values, everything exactly matches.
There are just a coulple of small "blips" that are missing and they are 0.001 % of the code.
...
Why not just replace some strings in Strelka and create a clean binary from the sources?
Sounds easier and more logical to me than this patching business.
best regards
Roman
-
rfadden
Re: Retry: Rybka 1.0 Beta Node Count Patch
Al you're right. Yes, at the time of Rybka 1.01a or something like that I *did* use IDA Pro and yes that is when I found the Node Count Obfuscation.
At that time without the help of Strelka source I found this by simply cracking into a little corner of the program. I started with one of the output strings. Now it is actually an amazing coincidence that the first little piece of Rybka that I figured out was the infamous scrambling of Node Count. That makes you start thinking "Rybka is made out of People!" (in the spirit of the movie Soylvent Green.)
So now after coming out with this information and yes, letting peole know that I sat on the info for two+ years... now that I have the Node Count Patch... I was writing about how I developed the Patch.
So in the intervening years I wanted to know what other obfuscation is in the program, and I didn't know. Most of the system was a total mystery.
Also up until recently I didn't know what Vas was counting. I knew all along that he was fudging the numbers but I didn't know that he was also fudging what he was counting.
So when I mentioned a patch, here, I then wanted to track down all of this information, and that is where the story of using Strelka source comes in. So very recently I was able to lay open the program and see everything, and then most importantly I then saw that Rybka doesn't even count nodes, it counts calls to Trans_Max_Store.
Summary: Yes I disassembled and looked, over two years ago, but this was a very slow and difficult effort, and then as I said, recently everything got really easy since Strelka serves as "primer."
My tools have been SoftICE (old), IDA Pro, and PE Explorer...
My main thing all along was curiosity. I just *had* to know... what is the secret to a great chess program. Also note I used to feel the same way about other great programs. A while back I found it fascinating, rewarding, and fun to read Ed Schroeder's exposing of what is inside Rebel for example. That was amazing!
Seeing the secrets to Rybka it is a little disappointing. Just a little. Actually I need to stop myself right here because I suspect I am looking right at things that are great and I am not yet seeing their significance. I need to continue learning more.
Recently I have started thinking that perhaps with my new knowledge perhaps I could learn from looking inside some of the other classic "monster" chess engines.
Here's an idea: the one "reverse" that would be the easiest is figuring out exactly what is in Fruit 2.2.1. In this case the Fruit 2.1 source acts as this same kind of "primer." With the earlier Fruit source, you could see every area where Fabien improved the program to make further, dramatic improvement. Or did all of Fruit go back to being open source? Hmmm...
What is in Fritz? What is in Shredder, Junior or Hiarcs? I'm still curious...
Thanks.
At that time without the help of Strelka source I found this by simply cracking into a little corner of the program. I started with one of the output strings. Now it is actually an amazing coincidence that the first little piece of Rybka that I figured out was the infamous scrambling of Node Count. That makes you start thinking "Rybka is made out of People!" (in the spirit of the movie Soylvent Green.)
So now after coming out with this information and yes, letting peole know that I sat on the info for two+ years... now that I have the Node Count Patch... I was writing about how I developed the Patch.
So in the intervening years I wanted to know what other obfuscation is in the program, and I didn't know. Most of the system was a total mystery.
Also up until recently I didn't know what Vas was counting. I knew all along that he was fudging the numbers but I didn't know that he was also fudging what he was counting.
So when I mentioned a patch, here, I then wanted to track down all of this information, and that is where the story of using Strelka source comes in. So very recently I was able to lay open the program and see everything, and then most importantly I then saw that Rybka doesn't even count nodes, it counts calls to Trans_Max_Store.
Summary: Yes I disassembled and looked, over two years ago, but this was a very slow and difficult effort, and then as I said, recently everything got really easy since Strelka serves as "primer."
My tools have been SoftICE (old), IDA Pro, and PE Explorer...
My main thing all along was curiosity. I just *had* to know... what is the secret to a great chess program. Also note I used to feel the same way about other great programs. A while back I found it fascinating, rewarding, and fun to read Ed Schroeder's exposing of what is inside Rebel for example. That was amazing!
Seeing the secrets to Rybka it is a little disappointing. Just a little. Actually I need to stop myself right here because I suspect I am looking right at things that are great and I am not yet seeing their significance. I need to continue learning more.
Recently I have started thinking that perhaps with my new knowledge perhaps I could learn from looking inside some of the other classic "monster" chess engines.
Here's an idea: the one "reverse" that would be the easiest is figuring out exactly what is in Fruit 2.2.1. In this case the Fruit 2.1 source acts as this same kind of "primer." With the earlier Fruit source, you could see every area where Fabien improved the program to make further, dramatic improvement. Or did all of Fruit go back to being open source? Hmmm...
What is in Fritz? What is in Shredder, Junior or Hiarcs? I'm still curious...
Thanks.
-
rfadden
Re: Retry: Rybka 1.0 Beta Node Count Patch
Well you are right in a way, but there are a few details that get in the way of this.
Yes, Strelka does not have the node count obfuscation, and it has a proper node count. Notice people have that output now and they are saying it doesn't "look" like Rybka.
Like I mentioned elsewhere I would have to add about 50+ lines of code to Strelka and then do a lot of careful testing to prove that it was exactly lined up with Rybka in every calculation. Then importantly, after that people might not even believe the output was Rybka, so strangely I would have to add Vas's Node Count Obfuscation to Strelka so people could use a switch to turn the obfuscation on or off.
It may not seem so to you, but the Patch of Rybka was less effort, and also there is a fascinating "feel" to doing something like this.
Imagine some guy working on an old MG (a car) in his garage. We've all seen this image a million times. A car like that can be so much fun to work on and the hobby can be working on an old classic car... a vintage car, a car with some character, etc...
Patching Rybka 1.0 Beta is like working on a Classic car. If I could change it so you put an AM radio next to your computer and Rybka when run plays music like "daisy" well that would then be a cool hobby also...
We used to do that with our Altair 8800 computers, and I started out on an Altair and I still have it. See one of my hobbies is messing with antique computers. We actually have to *invent* reasons to go mess with these old machine (and we do...)
So messing with antique Rybka is fun! Next I will make it sing a song...
Yes, Strelka does not have the node count obfuscation, and it has a proper node count. Notice people have that output now and they are saying it doesn't "look" like Rybka.
Like I mentioned elsewhere I would have to add about 50+ lines of code to Strelka and then do a lot of careful testing to prove that it was exactly lined up with Rybka in every calculation. Then importantly, after that people might not even believe the output was Rybka, so strangely I would have to add Vas's Node Count Obfuscation to Strelka so people could use a switch to turn the obfuscation on or off.
It may not seem so to you, but the Patch of Rybka was less effort, and also there is a fascinating "feel" to doing something like this.
Imagine some guy working on an old MG (a car) in his garage. We've all seen this image a million times. A car like that can be so much fun to work on and the hobby can be working on an old classic car... a vintage car, a car with some character, etc...
Patching Rybka 1.0 Beta is like working on a Classic car. If I could change it so you put an AM radio next to your computer and Rybka when run plays music like "daisy" well that would then be a cool hobby also...
We used to do that with our Altair 8800 computers, and I started out on an Altair and I still have it. See one of my hobbies is messing with antique computers. We actually have to *invent* reasons to go mess with these old machine (and we do...)
So messing with antique Rybka is fun! Next I will make it sing a song...
-
rfadden
Re: Retry: Rybka 1.0 Beta Node Count Patch
Here is my guess at the Vista problem.
First, I believe that DZA Patcher works as follows: It attaches executable code that does the patching only after the "patched" exe is actually run. I ran into a very interesting "clue" about the function of the patcher.
While developing and testing I had added a few codes to the list of codes and all of a sudden the patched program exhibited "crazy" symptoms. When run my CPU meter would be pegged and yet the program was only partially patched... not all patches were applied.
Eventually I discovered my mistake. I had mistakenly entered the same patch location twice into the list of Patches. This was freaking out DZA Patcher at runtime (not at patch time).
So at runtime, an attached "patcher" process was actually sitting there hung up and running in an infinite loop but shockingly it had created a separate thread at runtime and that separate thread was stuck in the infinite loop. Patching had progressed only to the point where the "repeat patch" occured.
Is this weird or what?
So DZA Patcher adds a small program that only runs when you run the modified .exe
This explains Vista's problem. Vista doesn't like running the payload that is carried along with the .exe.
If you apply the Patch using a Win2k machine and you then move the .exe over to Vista you will recreate the same problem because it's the runtime payload that crashes Vista.
Also just as a minor detail, note that Vista doesn't have a problem in running DZA Patcher to apply the patch. That works...
-----------
I learned about DZA Patchers "payload" technique last week as I was debugging my set of patches. This gave me a great idea. There is a new patch that I now want to add to Rybka and it would be really cool... I'll describe the idea in another thread that I start titled something like "Shared Memory X Y Z"
Thanks
First, I believe that DZA Patcher works as follows: It attaches executable code that does the patching only after the "patched" exe is actually run. I ran into a very interesting "clue" about the function of the patcher.
While developing and testing I had added a few codes to the list of codes and all of a sudden the patched program exhibited "crazy" symptoms. When run my CPU meter would be pegged and yet the program was only partially patched... not all patches were applied.
Eventually I discovered my mistake. I had mistakenly entered the same patch location twice into the list of Patches. This was freaking out DZA Patcher at runtime (not at patch time).
So at runtime, an attached "patcher" process was actually sitting there hung up and running in an infinite loop but shockingly it had created a separate thread at runtime and that separate thread was stuck in the infinite loop. Patching had progressed only to the point where the "repeat patch" occured.
Is this weird or what?
So DZA Patcher adds a small program that only runs when you run the modified .exe
This explains Vista's problem. Vista doesn't like running the payload that is carried along with the .exe.
If you apply the Patch using a Win2k machine and you then move the .exe over to Vista you will recreate the same problem because it's the runtime payload that crashes Vista.
Also just as a minor detail, note that Vista doesn't have a problem in running DZA Patcher to apply the patch. That works...
-----------
I learned about DZA Patchers "payload" technique last week as I was debugging my set of patches. This gave me a great idea. There is a new patch that I now want to add to Rybka and it would be really cool... I'll describe the idea in another thread that I start titled something like "Shared Memory X Y Z"
Thanks
-
Osipov Jury
- Posts: 186
- Joined: Mon Jan 21, 2008 2:07 pm
- Location: Russia
Re: Retry: Rybka 1.0 Beta Node Count Patch
Rick, danger !
Our KGB has a long hands !
Our KGB has a long hands !
-
rfadden
Re: Retry: Rybka 1.0 Beta Node Count Patch
Well Jury, as I have said elsewhere I think you did a beautiful job of reverse engineering and I'll go ahead and add the fact that I couldn't do it. I do not have your skill.
I can see inside Rybka well only with the help of your source code.
I have said that you deserve some credit for your great effort. Also I think your code is clean and decent. It is easy to read. Your choice of variable names (motivated by Fruit I guess) and the whole package is to me "like a work of art." Yes I said elsewhere that I consider Rybka to be a work of art but note that I also said that your work to me also looks like a work of art.
Honestly what I want is your original source, the Strelka 1.0 source because my guess has been that your first code was a "Pure" reverse engineer effort with all of Rybka decoded, including the few small, missing pieces. Here's some evidence:
Someone on another forum was stating that in your earliest version you used the exact same data tables as Rybka, not generated by subroutines but from the tables of constants supplied in the Rybka .exe. They said you used some faint attempts at hiding this by running an Exclusive Or across the tables to decrypt your own encrypted versions of Vas's constants.
Well let me be clear. I would like your original work, your original pure reverse engineering of Rybka because that to me would be even more beautiful. Pure unaltered Rybka is beautiful, man... (except Vas's own obfuscation logic is sickening, ugly, foul stuff that should be removed).
So notice what's happening. I am finishing taking Strelka 2.0 and turning it into a pure and exact Rybka 1.0 beta and yet you already have this and you took out or deleted these few parts that I'm working on, specifically to avoid getting in trouble.
Ok, now you are fully "in trouble" and that part is over with, so now could you please send me a copy of the original? This would save me a number of days of work, perhaps even a few weeks of work.
For example I have to go extract the tables from the binary, then put this into a file, and I have to write the file save and file load routines, etc. You would have already done this probably over a year ago. Why duplicate this effort?
(My email address is rfadden@rasteroutput.com, and this is forwarded to my own personal email account, so if I get junk mail I can shut off my own forwarding.)
I have already seen that your code is nice and readable, and so yes your Strelka 1.0, and Strelka 1.8 code would be really nice to have and to continue working with.
Oh by the way, I found a free tool for converting your comments from Russian to English, and this whole process is fun (the translations often require further interpretation).
I have just a simple question and I'm not being critical, so please do not be bothered by my question:
"Why are the comments in Russian?"
I mean you write and speak English and your code is perfectly "english" in nature. Your selected variable names are in English, so why not put the comments in English. This would simply save the effort of translation...
In this case I would like to know your thougths. I'm not saying you shouldn't do it that way, I'm just curious to know your thoughts on the subject.
So please... can I have Strelka 1.0, 1.8 source? The original more pure version?
----------
About the ex-KBG, or GRU comments... I am not afraid of the GRU now... but I do plan on being afraid of them in the future after the place goes completely back to the ways of the past. I have read about those ways in many books, and yes that is truly a scary thought.
Someone who works in the back rooms on decoding problems is not scary to me. It's the front-office guys who are scary.
Also, one other thought to your buddies at the agency... Please do not hurt Gary Kasparov. He is my hero and I hope he is left alone. What is your feeling on this subject?
Thanks,
Rick
I can see inside Rybka well only with the help of your source code.
I have said that you deserve some credit for your great effort. Also I think your code is clean and decent. It is easy to read. Your choice of variable names (motivated by Fruit I guess) and the whole package is to me "like a work of art." Yes I said elsewhere that I consider Rybka to be a work of art but note that I also said that your work to me also looks like a work of art.
Honestly what I want is your original source, the Strelka 1.0 source because my guess has been that your first code was a "Pure" reverse engineer effort with all of Rybka decoded, including the few small, missing pieces. Here's some evidence:
Someone on another forum was stating that in your earliest version you used the exact same data tables as Rybka, not generated by subroutines but from the tables of constants supplied in the Rybka .exe. They said you used some faint attempts at hiding this by running an Exclusive Or across the tables to decrypt your own encrypted versions of Vas's constants.
Well let me be clear. I would like your original work, your original pure reverse engineering of Rybka because that to me would be even more beautiful. Pure unaltered Rybka is beautiful, man... (except Vas's own obfuscation logic is sickening, ugly, foul stuff that should be removed).
So notice what's happening. I am finishing taking Strelka 2.0 and turning it into a pure and exact Rybka 1.0 beta and yet you already have this and you took out or deleted these few parts that I'm working on, specifically to avoid getting in trouble.
Ok, now you are fully "in trouble" and that part is over with, so now could you please send me a copy of the original? This would save me a number of days of work, perhaps even a few weeks of work.
For example I have to go extract the tables from the binary, then put this into a file, and I have to write the file save and file load routines, etc. You would have already done this probably over a year ago. Why duplicate this effort?
(My email address is rfadden@rasteroutput.com, and this is forwarded to my own personal email account, so if I get junk mail I can shut off my own forwarding.)
I have already seen that your code is nice and readable, and so yes your Strelka 1.0, and Strelka 1.8 code would be really nice to have and to continue working with.
Oh by the way, I found a free tool for converting your comments from Russian to English, and this whole process is fun (the translations often require further interpretation).
I have just a simple question and I'm not being critical, so please do not be bothered by my question:
"Why are the comments in Russian?"
I mean you write and speak English and your code is perfectly "english" in nature. Your selected variable names are in English, so why not put the comments in English. This would simply save the effort of translation...
In this case I would like to know your thougths. I'm not saying you shouldn't do it that way, I'm just curious to know your thoughts on the subject.
So please... can I have Strelka 1.0, 1.8 source? The original more pure version?
----------
About the ex-KBG, or GRU comments... I am not afraid of the GRU now... but I do plan on being afraid of them in the future after the place goes completely back to the ways of the past. I have read about those ways in many books, and yes that is truly a scary thought.
Someone who works in the back rooms on decoding problems is not scary to me. It's the front-office guys who are scary.
Also, one other thought to your buddies at the agency... Please do not hurt Gary Kasparov. He is my hero and I hope he is left alone. What is your feeling on this subject?
Thanks,
Rick
-
Matthias Gemuh
- Posts: 3245
- Joined: Thu Mar 09, 2006 9:10 am
Re: Retry: Rybka 1.0 Beta Node Count Patch
rfadden wrote: Yes, Strelka does not have the node count obfuscation, and it has a proper node count. Notice people have that output now and they are saying it doesn't "look" like Rybka.
Like I mentioned elsewhere I would have to add about 50+ lines of code to Strelka and then do a lot of careful testing to prove that it was exactly lined up with Rybka in every calculation. Then importantly, after that people might not even believe the output was Rybka, so strangely I would have to add Vas's Node Count Obfuscation to Strelka so people could use a switch to turn the obfuscation on or off.
Even then, the vast majority will still not believe you
That is human nature. Just see world depopulation issue.
Matthias.
My engine was quite strong till I added knowledge to it.
http://www.chess.hylogic.de
http://www.chess.hylogic.de