Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
PWNTCHA Code
Posted by: rsnake
Date: November 30, 2006 03:30PM

Anyone have any good PWNTCHA code out there? The best I've seen out of the box is JOCR.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: jungsonn
Date: December 01, 2006 11:31AM

I was thinking of building an alternative to regular CAPTCHA's whith many merged & morphed images, like: images of a house, tree, bike. which are randomly merged together

then you u must enter: house tree bike.

it's better then letters, which could be analyzed. Images can not.
Hard to crack that one by a PWNTCHA.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: maluc
Date: December 01, 2006 02:24PM

i don't think that'll work out as well as you would hope.. http://seoblackhat.com/2006/09/02/google-images-labeler-proves-most-people-are-fucktards/

people clearly just don't think alike. what some call a bike, others call bicycle, house/home/building, car/vehicle/automobile/civic/coupe/sedan/auto .. not to mention other languages. maison/arbre/velo for frenchies _-_ .. and those crazy brits with all their retarded nicknames for things. (sorry, but it's true)

and as a side tidbit.. object recognition in images is alive and well .. and a big aspect of Digital Signal Processing. For example: http://www.public.iastate.edu/~knutzonj/ee424projectMain.htm which talks about a couple techniques.

I agree it's significantly harder for computers.. but it's also much harder for humans to pick the right words. You'll need a human to verify that the answers are something a human would guess .-.

-maluc

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: jungsonn
Date: December 01, 2006 08:19PM

Yes your're right maluc, i didn't thought about the "stupidity factor" of people, and moreover i didn't know that something like it existed at all.

but if you take simple images? like: apple, cherry, banana?
and make a rule: shorten the word.

Hmmm. im busy with something i'm not supposed to do i guess, or haven't thought about much to formulate a clear idea.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: jungsonn
Date: December 01, 2006 08:20PM

Quote

and those crazy brits with all their retarded nicknames for things. (sorry, but it's true)

Hahahahaha ROFL... haha... Yeah man.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: WhiteAcid
Date: December 01, 2006 09:36PM

We do not have silly nicknames. We own the damn language, you're the ones bastardising it.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: maluc
Date: December 01, 2006 10:00PM

i think you meant bastardizing* :P

and you don't own the language.. if anything germany owns it. and french/spanish/italian would all be latin bastardizations _-_

and back on topic, i think if you implemented it for your own site it'll work well jungsonn. as long as it's used on a small scale people won't bother to write a decryption for it. Kinda like mac's security via low market share. But, i dunno how much more programming difficulty it presents over letters.

-maluc

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: WhiteAcid
Date: December 01, 2006 10:24PM

I'll admit that we don't own English but "cell phone" still bugs the hell out of me, even though it's technologically slightly more accurate than "mobile". Worse yet is germany's word for it; "handy" *shudder*.

jungsonn, your solution should work, as would creating a custom text image, as long as it's not too similair to an existing popular image. Flying under the radar is a good method to bypass PWNTCHA imo, for now anyway. I know Gadi Evron has put major effort into trying to create a good CAPTCHA with some neat ideas.

I've created a very simple PWNTCHA thing myself, but it really is so bad I'm ebarassed over it. I don't know of a better solution. I've noticed that there is some great OCR software out there, but I never managed to link that into anything. That was a while ago though, before I knew what I know now. Maybe I should give it another crack sometime soon.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: December 03, 2006 07:58PM

It's funny you mention that link, WhiteAcid... one common technique is for people to write robots against online casinos by reading text on the screen. So as a result the online casinos have taken to changing the way the deck looks and the layout of the cards on the screen, etc... It all seems like obfuscation to me, personally. The same premise applies, even if it requires a meta program to identify where the position of the cards are and what they look like.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: eyeced
Date: January 17, 2007 04:34PM

....brits with crazy nicknames for everything, im not going to get into a full scale argument about this but this comes from the nation that speaks 'english' slightly slower and more high pitched, with names like sidewalk, yowg-hurt and pants... we do not have nicknames, we do not speak with an accent, this is just how things are supposed to sound.

Pointless, unprovoked rant? I think so.

It just pains me inside when, clearly intelligent American people come out with shit about British people in that narrow minded way of expressing there every so stereotypical views... come on, please say i should be drinking tea or brushing me teeth if you like, it offends me clearly...

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: January 17, 2007 06:38PM

I love the British... the only thing I noticed when I was there was that not a single British man can tie a tie properly. Not that people from the United States have anything to say about how other people dress, because we all dress like crap for the most part. But you'd expect that with the 10MM guys there who wear ties one of them would understand how to get the length, the knot and the dimple right all at the same time. Alas, only one man in London the whole week I was there had his tie tied right, and he looked like he was from from Italy.

Anyway... nice rant, eyeced, but let's leave the ranting to the OMG Ponies section, shall we?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: WhiteAcid
Date: January 18, 2007 03:11AM

I know how to tie a tie, learned it when I was 13 and it's not something you forget. I think everyone in my family can tie a tie.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: January 21, 2007 09:09PM

I will believe it when I see it. I want a picture of said tie tied properly. No looking it up, no doing anything different, just go pick one out, tie it, get the cam out and take the picture. I need proof of this thing you speak of. If it looks like anything other than this, I'm going to laugh:


That's a pic of the gfnd and me at a x-mas corporate dinner.

But anyway, even if you do show me a picture I'm still not sure I believe it, because I was there for a week and started noticing on the first day. I never did see one tie tied properly the entire time I was there.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: marko
Date: February 21, 2007 12:49AM

eh, excuse the newb, but the same way people can recognize numbers, wouldn't your stock photos idea be recognizable too? like a house being some kind of box with a triangle on it? the apple's the roundish red thing with a leaf... i'm not a programmer, but logically speaking, fusing them together as mentioned would probably be the essential point, imho.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: February 22, 2007 11:42PM

I wrote something about this idea before: http://ha.ckers.org/blog/20060605/kittenauth-captcha/

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: SW
Date: March 06, 2007 01:00PM

jungsonn Wrote:
-------------------------------------------------------
> I was thinking of building an alternative to
> regular CAPTCHA's whith many merged & morphed
> images, like: images of a house, tree, bike. which
> are randomly merged together
>
> then you u must enter: house tree bike.
>
> it's better then letters, which could be analyzed.
> Images can not.
> Hard to crack that one by a PWNTCHA.

That is a good idea I think.

How about like a matching game -- You can list all the words with numbers and they have to put the numbers in order. Like so:

|pic0||pic1||pic2||pic3||pic4||pic5||pic6||pic7||pic8||pic9|

Enter numbers that correspond with images from left to right: __________

0. penis
1. house
2. car
3. banana
4. apple
5. bike
6. ocean
7. china
8. flower
9. paper

ETC. And then you would just have to combat stupid people who don't know what a banana is.



Edited 1 time(s). Last edit at 03/06/2007 01:02PM by SW.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: March 06, 2007 04:32PM

And those pesky blind people. :)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: SW
Date: March 06, 2007 07:41PM

Do you get many of them reading your blog? :-\

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: March 09, 2007 12:30PM

None that I am aware of. There probably aren't a lot of blind security experts or webmasters out there - that would be a tough job if you could never look at a schematic. Who knows though!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: wi1s0n
Date: July 09, 2007 05:05AM

A merged image could be more difficult for a bot to learn than human, as the complete object outline is not available. But then this is provided if the images are in single color tone, otherwise the objects could be layered thru color filtering too.

Single object is easier to decode as the bot could use outline matching, unless you have a huge variety of object. Say, many different design & shape of houses could make it a little tougher but it is not impossible to train the bot to learn it all.

There are couple of reports published by those "experts" explained pretty well about captcha weakness. Run a search on google, not many sites out there on this.

To me, it is blurring/dotted/light/overlapping/guessing that make the bot dumber than human.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: liquidfish
Date: July 10, 2007 10:08AM

this doesn't solve the "stupidity factor" but what if the images used were something along the lines of a recognizable landmark. Say, show an blurry, offset, and skewed image of the whitehouse, mount rushmore, or taj mahal. Then a bot would not only have to recognize the type of object but what specific object it actually is.

it can work for more than just landmarks. show famous people. show famous paintings and require the name of the artist. etc.

-p



Edited 1 time(s). Last edit at 07/10/2007 10:10AM by liquidfish.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: liquidfish
Date: July 10, 2007 10:19AM

Aw I didn't pay attention to how old this thread is. I believe well after the majority of this thread was written microsoft released some research they conducted on using pictures of animals for captchas. Does anyone know if a system with this implementation has been made available to the public and/or if many people have taken a crack at it?

-p

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: July 10, 2007 05:14PM

I'd love to see that research - do you have a URL? Also, one of the major problems I see with using people's faces is that a lot of people don't work off of visual queues and/or are not clued into popular culture. Hell, a good chunk of the US has no idea who the vice president is right now.

To your question, which system were you referring to? PWNTCha, JOCR, or one of the CAPTCHAs?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: Anonymous User
Date: July 10, 2007 05:35PM

@liquidfish

I say CAPTCHA's are dead now, there isn't one system that is fullproof. It took some time convince myself, but it's true.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: id
Date: July 11, 2007 01:17AM

if it's worth breaking for money you can probably find someone cheap enough to pay to break it (or use pr0n CAPTHCHA's...)

The only place where I can see them being worthwhile at this point is as an anti-annoyance measure. If there isn't much reward you can make the barrier high enough for spammers not to bother.

-id

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: wi1s0n
Date: July 11, 2007 05:11AM

When the captcha become too complicated for bot, it will become too confusing to human to be user friendly. So, it is not easy the maintain the balance. Security Vs User Friendliness

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: July 11, 2007 12:17PM

Wow, Ronald - I never expected you to say that. If you wouldn't mind, could you explain what changed your mind? That's probably more interesting than anything. Was it something specific?

And to id's point, I think CAPTCHAs do provide a service, just not the one that most people think it provides. It's not a security measure, it's obfuscation, and it slows both bots and humans down, but little else.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: Anonymous User
Date: July 11, 2007 01:38PM

The biggest conclusion was the CAPTCHA breaking game, hired asians, and the cleverness of some attacks. A mixture, but they really are broken. The thing that convinced me was the CAPTCHA breaking game. I saw a few last week appearing on "torrent" sites, which ask to type a (fake) CAPTCHA in orde to download stuff.

Think thats the most ingenious way of breaking them.

Options: ReplyQuote
Re: PWNTCHA Code
Posted by: rsnake
Date: July 11, 2007 06:40PM

Yup, pretty sweet! Btw, please post the URL when you see stuff like that, or at minimum grab a screenshot for the rest of us!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.