Visual Confirmation

Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here.
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Post Reply
User avatar
damnian
Registered User
Posts: 14
Joined: Fri Jan 06, 2006 8:36 pm
Contact:

Re: Visual Confirmation

Post by damnian »

I've been directed to this topic by an anonymous comment on my site. The author claims to be a member of the phpBB development team. I've got his/her email address, but I don't know who this person is.

I replied asking about the current CAPTCHA development status. I hope it's OK to continue the discussion here.
It is an active project, but it's developement is closed currently (mainly due to the fact that in the CVS is code to crack some of the earlier CAPTCHA's we made and a few public CAPTCHA's (like freecap, which is easy as pie)
I don't think FreeCAP is that easy. Has anybody managed to break it already?

User avatar
damnian
Registered User
Posts: 14
Joined: Fri Jan 06, 2006 8:36 pm
Contact:

Breaking the phpBB CAPTCHA

Post by damnian »

I have updated the article in question to contain more detailed description. I believe it's still too vague for somebody to implement.

Have a look!

NeoThermic
Registered User
Posts: 198
Joined: Fri Jan 02, 2004 3:44 pm
Location: United Kingdom
Contact:

Re: Visual Confirmation

Post by NeoThermic »

damnian wrote: I don't think FreeCAP is that easy. Has anybody managed to break it already?
Well, based on a similar implementation problem, freecap can be broken.

You can request the same code to be done in a diffrent way by extracting the freecap image URL, and then re-calling the image.

Take, for example, this freecap example image (that I plucked off a site):
Image

We can now try extract just the letters. This is a trivial task, since any background can be seperated rather easally with one pass:
Image

Using a second pass, you can clean the image up enough to get rid of stray pixels:
Image

Next, you can manipulate the image to find points that match the letter. The smaller the red, the less confident the process is that the point it is creating is one that should be used (and can be ignored by the next step);
Image

After that, the points are created in a new image, and linked. Here you can see that a small red dot was ignored because it wasn't confident enough to use it:
Image

Finally, the red dots are removed, and the process turns to attempting to identify the letters. Any letters that it is unsure of will be double tagged (i.e. {first guess}|{second guess}[|{...}]). Only letters which are 85% matched or higher are considered sucessfull and printed:
Image

Trivial ;)

NeoThermic
phpBB release date pool!
The NeoThermic.com... a well of information. Ask me for the bit bucket so you can drink its goodness. ||新熱です

User avatar
SHS`
Registered User
Posts: 1628
Joined: Wed Jul 04, 2001 9:13 am
Location: The Boonies, Hong Kong
Contact:

Re: Visual Confirmation

Post by SHS` »

NeoThermic wrote: Trivial ;)
Go you girl! ;) & :P
Jonathan “SHS`” Stanley • 史德信
phpBB™ 3.1.x, Bug/Security trackers
phpBB™ Bertie Bear 3.0 — prosilver Edition!Asking Questions The Smart Way

User avatar
Cheater512
Registered User
Posts: 245
Joined: Thu Mar 23, 2006 1:29 am
Location: Brisbane, Australia
Contact:

Re: Visual Confirmation

Post by Cheater512 »

I never got the hang of how the points are generated.
Could you pm me the technique used?

NeoThermic
Registered User
Posts: 198
Joined: Fri Jan 02, 2004 3:44 pm
Location: United Kingdom
Contact:

Re: Visual Confirmation

Post by NeoThermic »

Cheater512 wrote: I never got the hang of how the points are generated.
Could you pm me the technique used?

Serge Belongie, Jitendra Malik and Jan Puzicha did a paper on such techniques in July 2001 which was presented at the Eighth IEEE International Conference on Computer Vision. You might be able to find this paper; it details the techniques behind implementation of such point generation. Do note that the maths are a bit on the wild side, so you'll have to understand them to make good use of the paper.

NeoThermic
phpBB release date pool!
The NeoThermic.com... a well of information. Ask me for the bit bucket so you can drink its goodness. ||新熱です

User avatar
damnian
Registered User
Posts: 14
Joined: Fri Jan 06, 2006 8:36 pm
Contact:

Re: Visual Confirmation

Post by damnian »

NeoThermic wrote: You can request the same code to be done in a diffrent way by extracting the freecap image URL, and then re-calling the image.
Sure, this needs to be changed.
NeoThermic wrote: Trivial ;)
Indeed, any 1st grader can do this. :lol:

Even if it is breakable, it's a lot harder than what phpBB currently has.

User avatar
{o}
Registered User
Posts: 90
Joined: Wed Mar 31, 2004 1:26 pm
Contact:

Re: Visual Confirmation

Post by {o} »

Lets animate!
Image
:mrgreen:

itunes66
Registered User
Posts: 169
Joined: Tue Feb 08, 2005 12:28 am

Re: Visual Confirmation

Post by itunes66 »

caych

piece of cake
2 things i like about you hmm.. ill have to get back to you on that one

User avatar
{o}
Registered User
Posts: 90
Joined: Wed Mar 31, 2004 1:26 pm
Contact:

Re: Visual Confirmation

Post by {o} »

WRONG :twisted:
What caych means?

catch...

Post Reply