Oct 24 2007
How to Break/Crack online CAPTCHA
Visual CAPTCHA (Completely Automated Turing Test To Tell Computers and Humans Apart) are used in most of the websites which allow users to sign up/register. They are used to allow only humans inside the system and deny access to any automated robot. In this post, I give an overview of CAPTCHA security and methods to break it.
Working
When there is a need to differentiate between a bot and a human, the website/system that is interacting with the user will present him/her with an image containing some text. The user should enter the text shown in the image into a text field and then the server will allow the user into the system. The basic assumption here is that the recognition of textual information from images is difficult for a computer, while it is easy for human beings.
eg: CAPTCHA image from google “Add your URL” Page (http://www.google.com/addurl)
Strength of a CAPTCHA
Strength of any particular CAPTCHA depends on the algorithms and parameters used for generating the CAPTCHA image. The different characters in the image are rendered in different ways in a CAPTCHA. Some methods used are:
-
Translation of Characters(Changing Position)
-
Scaling of Characters
-
Rotation of Characters
-
Adding Background Clutter
-
Adding Foreground Clutter
-
Local Warp
-
Glabal Warp
-
Intersecting Random Arcs
-
Non-intersecting Random Arcs etc.
All these methods are used to make recognition difficult for an automated bot. But generally, all these methods increases the difficulty in recognition for humans also.
Breaking a CAPTCHA
A very interesting thing to note is that computers are far better than humans in single character recognition. See the research paper “State of single Character Recognition” [by Kumar Chellapilla, Kevin Larson, Patrice Simard and Mary Czerwinski of Microsoft Research] for details. According to this research, computer based system can recognise characters in any CAPTCHA system better than humans. The only problem is that it is about single character recognition. Humans are better than computers in segmentation (breaking up an image into smaller segments containing single characters). But this too may change by advancement in technology.
So this means that if we can do segmentation (Retrieve portions of image containg single characters) in an image, we can say that we have succesfully cracked a CAPTCHA. For recognising the characters, we can use conventional neural networks. Contrary to general belief, neural networks are not that difficult to master. They are very simple to implement too. Thus, breaking a CAPTCHA essentially boils down to the problem of segmentation.
In my following posts, I intend to find methods to break CAPTCHAs from some popular websites.
Subscribe
on 24 Oct 2007 at 9:23 am
gud…..
on 06 Nov 2007 at 1:29 pm
Not a bad article!
If you ever feel like trying to nail down a captcha together, hit me up. We might be able to swing something. Between my articles and yours, some damn good info out there!
on 06 Nov 2007 at 11:21 pm
I’ll keep coming back to this blog, because I’d like to be able to crack those stupid captcha codes that are everywhere on web sites. Captcha has got to be one of the worst inventions on the legit part of the internet. They don’t stop spam, they discriminate against the blind and visually impaired.
on 07 Nov 2007 at 2:55 am
Anto,
Thanks for visiting.
SlightlyShadySEO,
I read your article. I never thought Captcha cracking is dificult. Your article makes it easirer. I still can’t understand why these big companies are using Captchas. Spammers have ways to crack captcha. Only legitimate users suffer solving captcha.
Capri,
I agree. Captcha can never stop spam. They are just “In-accessible” and “Non-friendly”
on 21 Nov 2007 at 12:41 pm
Try to break some simpler captchas first – Google captcha is in the ‘very difficult to break‘ section. But if you have experiance with other captchas, then go for it!
on 26 Nov 2007 at 5:19 am
[...] November 26, 2007 Microsoft researchers are using Python to develop their Asirra web service. Asirra is a “technology” developed to distinguish between humans and automated bots. (like CAPTCHA) [...]
on 05 Feb 2008 at 3:37 pm
need help breaking a captcha like in the website i post
http://frenetic.hellwars.com/recruit.php?uniqid=em1175120815
note the admin of game entered a second caoptcha
so refresh the page a few time
1 looks easier to break
if possible talk to me on
chris.collier@hotmail.com
on 06 Mar 2008 at 6:18 pm
[...] the community. (2) A lot of people are ditching the captcha idea. I have written about this a lot of times before and was criticized by many. (3) Hyderabad is a very good place with great people. [...]
on 26 Jul 2008 at 5:59 pm
[...] it will be easy for an automated machine to recognize the characters. Read my first post “How to Break/Crack online
on 26 Jul 2008 at 5:59 pm
[...] I discussed in my prevoius post “How to Break/Crack online
on 19 Dec 2008 at 6:27 am
hello,
i want to brake a captcha code ( http://doizece.neogen.ro/?1=1&dz_nl_m=login_reg&lr_wtd=register&error=9&istring=prenume%3D%26nume_%3D%26sex_%3D1%26datan_%3D-01-03&next_url= ) – how i do ?