Captcha Breaking in detail

Status
Not open for further replies.
emp

emp

New member
Jun 29, 2006
7,465
211
0
broken.jpg

Image credit: Ultimateslug


This paper describes in minute detail how to crack a captcha.
Interesting, to say the least. Grab the pdf, enjoy your reading.

::emp::
 


I've often wondered why the captcha makers don't take a tip from the hardcore spammers and carry out a lot of variation in presentation - stuff like breaking the captcha up horizontally as a background image in different box elements while using animated gifs to display it. It's not a foolproof solution, nothing is, but it's an example of the kind of creative thinking that would toss a wrench in existing captcha recognition algorithms (just like it beat image analyzing spam filters for some time). Then again, I don't want captchas in my way when I'm logging in to stuff most of the time anyway, heh.
 
on-on said:
I've often wondered why the captcha makers don't take a tip from the hardcore spammers and carry out a lot of variation in presentation - stuff like breaking the captcha up horizontally as a background image in different box elements while using animated gifs to display it. It's not a foolproof solution, nothing is, but it's an example of the kind of creative thinking that would toss a wrench in existing captcha recognition algorithms (just like it beat image analyzing spam filters for some time). Then again, I don't want captchas in my way when I'm logging in to stuff most of the time anyway, heh.
Click to expand...
Because then they go from needing one strong captcha, to needing 5+ strong captchas.
For example, if they're rotating 5 different types of captcha, and I can nail even one at a decent sucessrate, I'm perfectly fine with having my software refresh the page 5 times till I get one it can handle.
 
xmcp123 said:
Because then they go from needing one strong captcha, to needing 5+ strong captchas.
For example, if they're rotating 5 different types of captcha, and I can nail even one at a decent sucessrate, I'm perfectly fine with having my software refresh the page 5 times till I get one it can handle.
Click to expand...
Interesting - so whatever approach you're taking automatically assembles anything inside a specified semantic container and analyzes it? Or does it use some kind of image manipulation library to grab what the user sees and then subject that to your algorithm?
 
on-on said:
Interesting - so whatever approach you're taking automatically assembles anything inside a specified semantic container and analyzes it? Or does it use some kind of image manipulation library to grab what the user sees and then subject that to your algorithm?
Click to expand...
1)Clean up the background (eliminate colors, lines, dots, etc)
2)Separate the letters
3a)Train the breaker(solve a butt load of them and record stats for each letter)
3b)Compare letters to saved profiles.
4)Profit!
More in depth shit I've written.
XMCP’s How To:Basic Captcha Cracking Techniques Part 1 : Slightly Shady SEO
How To: De-Rotate Captcha Images : Slightly Shady SEO
Exploring and Breaking the Google Captcha : Slightly Shady SEO
 
  • Like
Reactions: LogicFlux
There are also OCR techniques that render scaling and rotation of characters irrelevant. Hell, even shearing isn't much of a match for some of the better algorithms.
 
xmcp123 said:
1)Clean up the background (eliminate colors, lines, dots, etc)
2)Separate the letters
3a)Train the breaker(solve a butt load of them and record stats for each letter)
3b)Compare letters to saved profiles.
4)Profit!
More in depth shit I've written.
XMCP’s How To:Basic Captcha Cracking Techniques Part 1 : Slightly Shady SEO
How To: De-Rotate Captcha Images : Slightly Shady SEO
Exploring and Breaking the Google Captcha : Slightly Shady SEO
Click to expand...
Thanks for the reference, I did read all your entries (interesting content actually) but none of them dealt with what I was referring to. An example might explain it better.

John Graham-Cumming: A spam image that slowly builds to reveal its message

I know these fooled the image recognition filters at the ISPs for quite some time as I kept getting spammed with this garbage for months. Like I said, I know anything that can be built can be broken, but I'm curious how constantly varying up the structure - not just the image - would alter the effectiveness of after market script kiddie tools. It seems to me that's the real ballgame for the captcha makers. If you can limit the problem to the people who write their own algorithms it's gotta be much more manageable than having to deal with every pimply, Tor-loving basement dweller.
 
on-on said:
If you can limit the problem to the people who write their own algorithms it's gotta be much more manageable than having to deal with every pimply, Tor-loving basement dweller.
Click to expand...


Its most likely the "pimply, Tor-loving basement dweller" that has the dedication to write the algorithms in the first place... I sometimes devote hours trying to break a captcha just to see if i can.. but most times my mommy shouts me upstairs to wipe the puss off the mirror so i just flip on tor with a few minibots and leave my computer to it

=)

Bill Gates was a "pimply, Tor-loving basement dweller" once
 
ozonew4m said:
Its most likely the "pimply, Tor-loving basement dweller" that has the dedication to write the algorithms in the first place... I sometimes devote hours trying to break a captcha just to see if i can.. but most times my mommy shouts me upstairs to wipe the puss off the mirror so i just flip on tor with a few minibots and leave my computer to it

=)

Bill Gates was a "pimply, Tor-loving basement dweller" once
Click to expand...
I'm not denying that's some of who's good at writing their own stuff, I was just implying that the vast majority of script kiddies fit that bill. You know the type if you ever read crap like Black Hat World, heh. DUZ NE1 HAV CRACKD XRUMER??!?

On a side note, Bill Gates wasn't really a pimply basement dweller, he was more of a card hustling, aggressive business nerd who went to Harvard. He talks about programming and remembering the code they wrote back in the early New Mexico days by heart, and I'm sure he had a Hell of a mind for creating an entirely new market by applying technology, but I've read over the years that no one back then thought he was a very good programmer. For star pimply basement dwellers I'd go with someone more like Woz.
 
on-on said:
I'm not denying that's some of who's good at writing their own stuff, I was just implying that the vast majority of script kiddies fit that bill. You know the type if you ever read crap like Black Hat World, heh. DUZ NE1 HAV CRACKD XRUMER??!?

On a side note, Bill Gates wasn't really a pimply basement dweller, he was more of a card hustling, aggressive business nerd who went to Harvard. He talks about programming and remembering the code they wrote back in the early New Mexico days by heart, and I'm sure he had a Hell of a mind for creating an entirely new market by applying technology, but I've read over the years that no one back then thought he was a very good programmer. For star pimply basement dwellers I'd go with someone more like Woz.
Click to expand...


touche :D

Yes I know the type you mean.. the ones that batter a piece of once decent software until its no longer effective..

what was the question again?
 
Status
Not open for further replies.
Top Bottom