Results 1 to 3 of 3

Thread: Let's talk about CAPTCHA - humans vs. robots/encoding vs. decoding

  1. #1
    Join Date
    Aug 2006
    Rep Power

    Let's talk about CAPTCHA - humans vs. robots/encoding vs. decoding

    This is a place to talk about CAPTCHA.

    CAPTCHA - Wikipedia, the free encyclopedia
    CAPTCHA: Telling Humans and Computers Apart Automatically

    A CAPTCHA is a program that can generate and grade tests that humans can pass but current computer programs cannot. For example, humans can read distorted text as the one shown below, but current computer programs can't:
    CAPTCHA example

    The term CAPTCHA (for Completely Automated Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University. At the time, they developed the first CAPTCHA to be used by Yahoo.
    (Highly recommended to read) Escape from CAPTCHA by Matt May

    (Highly recommended to read)
    Inaccessibility of CAPTCHA
    Alternatives to Visual Turing Tests on the Web
    W3C Working Group Note 23 November 2005

    Spam-bot tests flunk the blind

    PWNtcha - captcha decoder
    PWNtcha stands for "Pretend We’re Not a Turing Computer but a Human Antagonist", as well as PWN capTCHAs. This project’s goal is to demonstrate the inefficiency of many captcha implementations.
    phpBB CATCHA is easily decoded by PWNtcha.

    vBulletin CATCHA is easily decoded by PWNtcha.

    Decoding EZ-Gimpy
    High Level Description
    1. EZ-Gimpy
    Our algorithm for breaking EZ-Gimpy consists of 3 main steps:
    1. Locate possible letters at various locations
    2. Construct graph of consistent letters
    3. Look for plausible words in the graph
    Using AI to beat CAPTCHA and post comment spam

    Breaking CAPTCHAs Without Using OCR
    *** Through the Session ID
    Breaking CAPTCHAs Without Using OCR
    For my own PHP CAPTCHA implementation, click here:

    This article details a method I have discovered to bypass CAPTCHA security, without having to use Optical Character Recognition software.

    Most CAPTCHAs don't destroy the session when the correct phrase is entered. So by reusing the session id of a known CAPTCHA image, it is possible to automate requests to a CAPTCHA-protected page.

    I have tested a number of free and commercial CAPTCHA scripts, and most of them are vulnerable to this method of exploitation. This includes the popular humanVerify solution, and many others.

    manual steps:
    connect to captcha page
    record session ID and captcha plaintext

    automated steps:
    resend session ID and CAPTCHA plaintext any number of times, changing the user data, eg:
    POST /vuln_script.php HTTP/1.0
    Cookie: PHPSESSID=329847239847238947;
    ^^^ this is the session id of the page you looked at manually
    Content-Length: 49
    Connection: close;

    ^^^ this includes the captcha string for the page you looked at manually

    the other user data can change on each request

    you can then automate hundreds, if not thousands of requests, until the session expires, at which point you just repeat the manual steps and then reconnect with a new session id and captcha text.

    This is -easy- to fix, here's the vulnerable pseudocode:

    if form_submitted and captcha_stored!="" and captcha_sent=captcha_stored then

    fixed psuedocode:

    if form_submitted and captcha_stored!="" and
    captcha_sent=captcha_stored then

    - it's a one line fix!
    Cool new CAPTCHA hack

    The CAPTCHA Project at CMU defines CAPTCHAs as a program that can generate and grade tests that most humans can pass but current computer programs cannot. CAPTCHAs are used to protect things from programmatic abuse (think spam). Not a bad idea, but I just got a note from Bryce Jasmer describing a cool new way to defeat them:

    I just heard a story about some system that someone has created in order to pass the turing tests and create thousands of spam launching email addresses at,, etc.

    You create a website with a bunch of porn on it. You serve up an image at the same time you try to try to create a yahoo email account. You snag the touring test image, put it on your page of porn and have the user type in the results in order to see the next porn image. You take the result and feed it back to yahoo, and you have your automatically created account.
    Spammers hack captcha to post blog spam comments?

  2. #2
    Join Date
    Aug 2006
    Rep Power

    Defeating audio (voice) captchas

    Defeating audio (voice) captchas

    For more details, refer to Jochem van der Vorm - captchas
    SecuriTeam™ - Defeating Voice Captchas
    Source code:


    For some years semi turing tests under the name of "captchas" can be found on the web, to prevent
    bots from filling in forms. When I first saw the visual variant I thought recognizing the characters with a
    computer algoritm should be easy. A bit of surfing and searching on the internet learned me
    that I was right, most were broken already. Reinventing the wheel is not very useful, so I left the
    topic alone.

    Later I found a post about voice captchas. Since there was not too much information about this on
    the net and I was bored (ill at home), I decided to give it a shot. I started easy, willing to
    enhance the used algoritms to those used in speech recognition (like hmm, viterbi, baum-welch,
    entropy coding, etc.) when needed. This proved not to be necessary, the first feature complete
    (segmentation and matching) code worked relatively well on microsofts captchas. Later I tweaked it a
    bit to also work on google captchas.

    On this page you can find proof of concept code to break voice captchas. Do not expect advanced
    software (pattern recnognition science is so much further) or code that can be used in other
    projects, I quitted the project when it worked. Initially (february 2006) I kept the code on my
    harddisk, but later (may 2006) I published it (see disclosure motivation).

    How does it work

    This is not a complete guide, but some pointers to the source (read it luke).
    As a starting point, consider the configtype struct:

    typedef struct {
    int samplerate;
    int byterate;
    int winsize;
    int band_cnt;
    int word_length;
    int word_overlap;
    int threshold_energy;
    int file_offset;
    char trainfile[255];
    } configtype;

    The program starts with reading the audio file (in the header it could read the
    samplerate and byterate, but I am lazy). file_offset bytes are skipped in the
    beginning of the file, because google starts with a bell. The first step is that all samples are
    treated with a hamming window (arbitrary choice, most window types should do). The winsize is in
    samples (eg 512 samples on 8000 Hz provides a 64 ms window). Now the blocks are transformed into the
    frequency domain with a DFT After that the frequencies are put in band_cnt bins. These bins
    are not equally wide, the higher the frequency, the larger the band (this has to do with human
    hearing (mel/bark scale), but I doubt this is actually useful at the current incarnation of the

    Now the program looks at the highest frequency bin. Every block that has more energy in a window
    than threshold_energy is considered a peak, and these peaks are used the segment the input
    file in the different spoken words. The word_length tells the program how many windows long
    a word is (so all words are considered the same length which is a current weakness of
    devoicecaptcha). word_overlap helps in localizing the peaks. When the locations of the
    words are know all frequency bins are written for word_length windows around the peaks.
    This is called the profile of the word.


  3. #3
    Join Date
    Aug 2006
    Rep Power

    How to decode's captcha

    How to decode's captcha
    This is a uncompleted script, maybe you can help me to finish it.

    I try to decode the's captcha with the next php script.
       1. <?php  
       2. /* @author */  
       3. class Code {  
       4.     protected $_srcFile;  
       5.     public function __construct($file) {  
       6.         $this->_srcFile = $file;  
       7.     }  
       9.     public function filter() {  
      10.         $size = getimagesize($this->_srcFile);  
      11.         $im   = imagecreatefrompng($this->_srcFile);  
      12.         imagejpeg($im, $this->_srcFile . '.jpg', 100); //convert the png to jpeg  
      13.         $im   = imagecreatefromjpeg($this->_srcFile . '.jpg');  
      14.         for($x=0;$x<$size[0];$x++) {  
      15.             for($y=0;$y<$size[1];$y++) {  
      16.                 $rgb = imagecolorat($im,$x,$y);  
      17.                 $r = ($rgb >> 16) & 0xFF;  
      18.                 if ($r > 100) { // set the light color to white  
      19.                     $rgb =  imagecolorallocate($im, 255, 255, 255);  
      20.                 } else { //javascript:void(0)  
      21. Publish Post set the dark color to black  
      22.                     $rgb =  imagecolorallocate($im, 0, 0, 0);  
      23.                 }  
      24.                 imagesetpixel($im, $x, $y, $rgb);  
      26.                 # remove the "Z" block  
      27.                 // x-1, y-1 black  
      28.                 $rgb = imagecolorat($im,$x-1,$y-1);  
      29.                 $r1  = ($rgb >> 16) & 0xFF;  
      30.                 // x-1, y white  
      31.                 $rgb = @imagecolorat($im,$x-1,$y);  
      32.                 $r2  = ($rgb >> 16) & 0xFF;  
      33.                 // x, y-1 white  
      34.                 $rgb = @imagecolorat($im,$x,$y-1);  
      35.                 $r3  = ($rgb >> 16) & 0xFF;  
      36.                 if (($r3 == 255) && ($r2 == 255) && ($r1 == 0)) {  
      37.                     $rgb = imagecolorallocate($im, 255, 255, 255);  
      38.                     if ($rgb) {  
      39.                     imagesetpixel($im, $x-1, $y-1, $rgb);  
      40.                     }  
      41.                 }  
      42.             }  
      43.         }  
      44.         # remove others  
      45.         for($x=0;$x<$size[0];$x++) {  
      46.             for($y=0;$y<$size[1];$y++) {  
      47.                 $rgb = imagecolorat($im,$x,$y);  
      48.                 $r = ($rgb >> 16) & 0xFF;  
      49.                 $rgb = imagecolorat($im,$x-1,$y);  
      50.                 $r2 = ($rgb >> 16) & 0xFF;  
      51.                 $rgb = imagecolorat($im,$x+1,$y);  
      52.                 $r3 = ($rgb >> 16) & 0xFF;  
      53.                 $rgb = imagecolorat($im,$x,$y-1);  
      54.                 $r4 = ($rgb >> 16) & 0xFF;  
      55.                 $rgb = imagecolorat($im,$x,$y+1);  
      56.                 $r5 = ($rgb >> 16) & 0xFF;  
      57.                 # clean dot  
      58.                 if (($r == 0) && ($r2 == 255) && ($r3 == 255) && ($r4 == 255)   
      59.                     && ($r5 == 255)) {  
      60.                     $rgb = imagecolorallocate($im, 255,255,255);  
      61.                     imagesetpixel($im, $x, $y, $rgb);  
      62.                 }  
      63.                 # clean bottom border  
      64.                 if (($y == $size[1]-1) && ($r == 0) && ($r2 == 255) && ($r3 == 255)  
      65.                      && ($r4 == 255)) {  
      66.                     $rgb = imagecolorallocate($im, 255,255,255);  
      67.                     imagesetpixel($im, $x, $y, $rgb);  
      68.                 }  
      69.                 # clean right border  
      70.                 if (($x == $size[0]-1) && ($r == 0) && ($r2 == 255) && ($r4 == 255)   
      71.                     && ($r5 == 255)) {  
      72.                     $rgb = imagecolorallocate($im, 255,255,255);  
      73.                     imagesetpixel($im, $x, $y, $rgb);  
      74.                 }  
      75.             }  
      76.         }  
      77.         imagejpeg($im, $this->_srcFile . '.new.jpg',100);  
      78.     }  
      79. }  
      81. # demo  
      82. $code = new Code('1986312480.png');  
      83. $code->filter();  
      84. ?>

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. What is Robots.txt
    By tedsewely in forum Search Engine Marketing
    Replies: 19
    Last Post: 18-04-2014, 02:27 PM
  2. What is robots.txt file
    By mimran2k in forum Webmaster Tools
    Replies: 8
    Last Post: 12-04-2008, 03:25 PM
  3. Discussion/Talk On E-commerce
    By baronhawk in forum E-Commerce
    Replies: 0
    Last Post: 04-01-2008, 04:29 PM
  4. Robots.txt
    By masrule in forum Other Internet Marketing Methods
    Replies: 4
    Last Post: 09-06-2005, 06:18 PM
  5. Cool :
    By sportstoto3368 in forum Websites Review and Suggestion
    Replies: 0
    Last Post: 27-06-2004, 11:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Search Engine Optimization by vBSEO 3.5.0 RC1 PL1

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30