Saturday, March 8, 2008

Captcha Hack - Part 1

Captcha is a type of challenge-response test used in computing to determine whether the user is human.

For example:

Does Captcha word can be read by a non-human eyes?

The answer is yes, In this Post I would explain the idea of how this can be done, the algorithm behind it and at last a sample code which implement the algorithm.

Trying to read the letters using image processing is pretty difficult, we would use different technique.

Not all Captcha words can be hack, However the hacking of Captcha code take advantage of the disadvanatges of poor Captcha words.

Many Captcha words are combine of four letters or digits,
Lets assume that it combine both from letters and digits, since abc containts 26 letters and there are 10 digits there are 36 combinations for each letter/digit.

This gives us a total of 36*36*36*36 = 36^4 = 1,679,616 combinations.

If the Captch word is combine only from letter it is even better, this would give us a total of only 26*26*26*26 = 26^4 = 456,976 combinations.

We can then build a DB with all the possible comibnations and give a unique key for each of one of the combinations.

When a Captcha image is displayed we then generate a unique key from this image, and find the matching one in the DB, this would give us an understandable word which can be used to enter the Captcha word.

Some assumptions were done to implement this algorithm:

  • The Captcha word generate must be at the same format, meaning captcha background must have the same pattern, Captch words must be the same font each time.
  • The number of letters/digit can't be over 4 digits, this algorithm wouldn't be able to solve the Captcha word since 36^5=60,466,176 which is too much to store at a simple DB.

The algorithm would be able to solve this special scenarios:

  • If the number of digits is changing between 3 or 4 digits
  • If the backgorund color or the font colors are changing
  • If there are simple lines on the Captch word which intend to interrupt reading the word

In the next posts I would give a more detail algorithm with a solution for the above speical scenarios.

Webmasters - Improve your Captcha words!!!

No comments:


RSS Feeds Submission Directory