1. Attacking CAPTCHAs
explained
Ioan – Carol Plangu

2. What's a CAPTCHA
Completely
Automated
Public
Turing test to tell
Computers and
Humans
Apart

4. Three attack methods

Implementation attack

Automated recognition

Manual labor

5. The implementation attack
Scenario 1
the image session id can be reused

6. The implementation attack
Scenario 1
the image session id can be reused
id
Restricted
Captcha
page
form

7. The implementation attack
Scenario 2
the number of captcha tests is limited

8. The implementation attack
Scenario 2
the number of captcha tests is limited
we just need to solve them all and store them in a hash
table

9. The implementation attack
Scenario 3
hash of solution sent to client

10. The implementation attack
Scenario 3
hash of solution sent to client
rainbow tables :)

11. Manual labor
There are two options:

12. Pay a bunch of monkeys

13. Or not...
XXX
Complete this captcha form to continue

14. Automated recognition
We're going to actually reproduce a human
response for the given question

15. Can you understand my voice?

16. The sound sample is usually
generated

17. It's hard to add noise to the
generated speech without making it
hard for the human

18. But can you read?

19. Sort of.....

20. The most common approach

Greedy optimization – reverse engineer
everything

Character segmentation

OCR

21. Possible security measures

22. Possible security measures

Funky background image

23. Possible security measures

Funky background image
− usually can be removed with basic preprocessing

24. Possible security measures

Funky background image
− usually can be removed with basic preprocessing

Text distortions

25. Possible security measures

Funky background image
− usually can be removed with basic preprocessing

Text distortions
− modern OCR techniques can beat it

26. Possible security measures

Funky background image
− usually can be removed with basic preprocessing

Text distortions
− modern OCR techniques can beat it

Anti segmentation measures

27. Beating segmentation

28. Beating segmentation

If a character signature can be extracted from
only the vertical signature, character
segmentation becomes trivial
A Low-cost Attack on a Microsoft CAPTCHA - Jeff Yan, Ahmad Salah El Ahmad
School of Computing Science, Newcastle University, UK

29. Beating segmentation
We can otherwise ignore it!

30. Beating segmentation
We can otherwise ignore it!
The following slides are about an experiment
about this approach

31. A Monte-Carlo experiment

Note: for testing performance, the variance of
the characters has been kept to a minimum
f(x) → y
x in binary( 0 - 2^3000 )
y in 10^6

32. Training:
− Select one character image at random
− Select N black spots
− Sort the points for uniqueness
− Subtract the first point from all others for position
independence
− Assign it a 'weight' for each character using the
following formula:
matched characters count / sample size
− Assign it a 'score' (indicates classification quality)
selected digit weight / (1 + other digit weights)

33. Recognition:
− Make a score map for all points
− Select the most appropriate character for each
column
− Process the resulting string into a 6 digit string

36. An equivalent model
input layer
linear hidden layer
(feature layer)
threshold layers
softmax layer

37. An equivalent model
input layer
OCR
linear hidden layer
(feature layer) without zero
penalty
==
threshold layers No biases for
the first layer
(avoids the
2*binary - 1
effect)
softmax layer

38. Hacking the OCR:
To negate the effect the biases, for each image we
add random noise in the white areas
This will greatly improve the recognition in a noisy
image

39. An more powerful model
input layer
Hacked OCR layer
Score map
output layer

40. Questions?

41. The demo source is hosted at
https://github.com/theshark08/howtobreakacaptcha01