G-WAN is a new free web server. They seem to be very proud of it, or at least just want to make a lot of money. Well anyway, in almost every sentence they write, they claim that they are 20% cooler than anything else. It feels a bit arrogant. I have to admit, I don't know a lot about web servers, so I can't speak to how good they are.
However, then I saw their Captcha example. I also don't know much about machine learning algorithms, OCR, and stuff like that, but I do know how to read pixels. I also know how to compare values with python :P
They say the following about their Captcha:
[...] difficult or even completely impossible for robots.
Wait wat? If this is true, this is something really outstanding and maybe an alternative to reCaptcha...
But then I was like:
So I wrote this basic stupid pixel by pixel reading and comparing code, to decode the captcha.
smrrd$ python crack_captcha.py
GIF Image
---------
R0lGODlhGAAZAJEAAP///9//v4SkZAAAACH5BAEAAAAALAAAAAAYABkAAAJfhI+pGB0rmHuGAmtEPJj7E23VYlmbeDnMB2guu44J2lWqQi/6Drl0k7hlSKwSiHeBgV5BTK2FNOKIsmQVJekIkdzgTEOVIERY4ApDPoczTOvzCbVtq/G6kt4CK+BdRQEAOw==
Captcha Data Matrix
-------------------
1 1 1 1 2 1 1 1 1 1
1 1 2 2 1
1 1 2 2 1
1 1 2 2 1 1 1 1
1 1 2 2 2 2 2 1
1 1 2 1
1 1 1 1 2 1
2 2 2 2 2 1 1 1 1 1 1
2 1 1 1 1
2 1 1
2 2 2 2 1 1 1
2 1 1
2 1 1 1 1
2 1 1 1 1 1 1
1 2 2 2 1
1 1 2 2 1 1
1 1 2 2 1 1
1 2 2 2 2 1 1
1 2 1 1 1 1 1
1 2 2 1
1 2 2 2 1
color | pixel count
-------------------
0 | 472
1 | 81
2 | 44
color 1 | color 2
---------------------
3 | 4
1 | 9
4 |
---------------------
8 | 13
I also don't understand, what they think this means and why they are so excited about it:
The two sums are: 13 and 8... for the same Captcha image!
By just changing the HTML background color [...]
In the end, this was the first time I tried to solve a Captcha. I think this is the best example of how not to implement it.
kind regards,
samuirai
personal Website http://www.smrrd.de
I'm a member of the Stuttgart Hackerspace - shackspace
edit: to see really cool stuff with reCaptcha, check out what they did: http://www.dc949.org/projects/stiltwalker/
Thanks for your response.
I would like to do that, but I think I'm just to stupid to understand, how you can implement something secure with this.
Let's have a look at the facts:
The GIF itself has no background. What my code does is, it extracts the numbers for each color.
So the first fact is, the data (number and characters) in the GIF are very easy readable by a computer. Nothing to discuss here, that's how it is.
Now we have to think about, how can we implement the Captcha securely, even though the computer knows the values (So at this point, it's even not necessary ti have a this stupid background changing thing, because a computer already has this information and it just annoys humans). I think this is what you all try to tell me. So you try to make it difficult through the "task". Possible Tasks are for example:
But this is easy parseable. Beside this, there is a finite possible combination of what you can do. And even if the computer can't parse the task, it can just randomly choose one and maybe is successful with a small percentage.
So I'm very sorry, I can't do that. I'm just too stupid. But you seem to be really smart. Please give me an implementation, and I will break it for you.