How to Break/Crack online CAPTCHA

      Visual CAPTCHA (Completely Automated Turing Test To Tell Computers and Humans Apart) are used in most of the websites which allow users to sign up/register.  They are used to allow only humans inside the system and deny access to any automated robot. In this post, I give an overview of CAPTCHA security and methods to break it.

Domain change

This content may be out of date. Visit updated content at http://www.diovo.com/?p=12


This blog is being moved to http://www.diovo.com Please visit diovo.com hereafter. Thank you for visiting.  

Working      When there is a need to differentiate between a bot and a human, the website/system that is interacting with the user will present him/her with an image containing some text. The user should enter the text shown in the image into a text field and then the server will allow the user into the system. The basic assumption here is that the recognition of textual information from images is difficult for a computer, while it is easy for human beings.

eg: CAPTCHA image from google “Add your URL” Page (http://www.google.com/addurl)

Google Add URL CAPTCHA

Strength of a CAPTCHA

Strength of any particular CAPTCHA depends on the algorithms and parameters used for generating the CAPTCHA image. The different characters in the image are rendered in different ways in a CAPTCHA. Some methods used are:

  • Translation of Characters(Changing Position)
  • Scaling of Characters
  • Rotation of Characters
  • Adding Background Clutter
  • Adding Foreground Clutter
  • Local Warp
  • Glabal Warp
  • Intersecting Random Arcs
  • Non-intersecting Random Arcs etc.

All these methods are used to make recognition difficult for an automated bot. But generally, all these methods increases the difficulty in recognition for humans also.

Breaking a CAPTCHA

A very interesting thing to note is that computers are far better than humans in single character recognition. See the research paper “State of single Character Recognition” [by Kumar Chellapilla, Kevin Larson, Patrice Simard and Mary Czerwinski of Microsoft Research] for details. According to this research, computer based system can recognise characters in any CAPTCHA system better than humans. The only problem is that it is about single character recognition. Humans are better than computers in segmentation (breaking up an image into smaller segments containing single characters). But this too may change by advancement in technology.

So this means that if we can do segmentation (Retrieve portions of image containg single characters) in an image, we can say that we have succesfully cracked a CAPTCHA. For recognising the characters, we can use conventional neural networks. Contrary to general belief, neural networks are not that difficult to master. They are very simple to implement too. Thus, breaking a CAPTCHA essentially boils down to the problem of segmentation.

In my following posts, I intend to find methods to break CAPTCHAs from some popular websites.

Tags: , , , , , ,

11 Responses to “How to Break/Crack online CAPTCHA”

  1. How to Break Google,Gmail or Orkut CAPTCHA « Says:

    […] « How to Break/Crack online CAPTCHA […]

  2. Anto Says:

    gud…..

  3. How to Break Rediff CAPTCHA « Says:

    […] it will be easy for an automated machine to recognize the characters. Read my first post “How to Break/Crack online CAPTCHA” for […]

  4. SlightlyShadySEO Says:

    Not a bad article!
    If you ever feel like trying to nail down a captcha together, hit me up. We might be able to swing something. Between my articles and yours, some damn good info out there!

  5. Capri Says:

    I’ll keep coming back to this blog, because I’d like to be able to crack those stupid captcha codes that are everywhere on web sites. Captcha has got to be one of the worst inventions on the legit part of the internet. They don’t stop spam, they discriminate against the blind and visually impaired.

  6. Niyaz PK Says:

    Anto,
    Thanks for visiting.

    SlightlyShadySEO,
    I read your article. I never thought Captcha cracking is dificult. Your article makes it easirer. I still can’t understand why these big companies are using Captchas. Spammers have ways to crack captcha. Only legitimate users suffer solving captcha.

    Capri,
    I agree. Captcha can never stop spam. They are just “In-accessible” and “Non-friendly”

  7. Binny V A Says:

    Try to break some simpler captchas first – Google captcha is in the ‘very difficult to break‘ section. But if you have experiance with other captchas, then go for it!

  8. Microsoft uses Python; not .NET !!! « Niyaz’s Says:

    […] November 26, 2007 Microsoft researchers are using Python to develop their Asirra web service. Asirra is a “technology” developed to distinguish between humans and automated bots. (like CAPTCHA) […]

  9. Diovo » How to Break Rediff CAPTCHA Says:

    […] it will be easy for an automated machine to recognize the characters. Read my first post “How to Break/Crack online CAPTCHA” for […]

  10. Diovo » How to Break Google,Gmail or Orkut CAPTCHA Says:

    […] As I discussed in my prevoius post “How to Break/Crack online CAPTCHA” we just need to segment the image into different characters. Let us look whether this can be […]

  11. Nother Says:

    Hello,
    I found this method to break CAPTCHA, it is nice but a bit stange :D
    http://ardoino.com/41-online-social-and-unaware-captcha-cracking/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: