Saturday, July 12, 2014

Break Google recaptcha in 2 Hours!

Hi in this article I'm going to show how break Google Recaptcha in less than two hours!
I don't want to encourage you to use this method, I only want to show how to do.
Anybody can break the last type of captcha in less than two hours without too much effort !

History of Google Captcha:

The first version of Google captcha were like these:



After Google bought Recaptcha :


Today the new captcha are like these:
Version before 05/12/2014:


Version After 05/12/2014:

The last type of captcha are shown only when Google has high degree of confidence that there is a human on the other end, otherwise they show the strongest captcha (First version of recaptcha)


Ok that is History !


How I break last version

I read on this article, J. Yah and A.S. El Ahmad "A low-Cost Attack on Microsoft Captcha", that automated attacks shouldn't achieve a success rate of higher than 1% but I am able to solve almost 20% with a automated program, not bad!

Step (1)
I write a program in c# to download a lot of captcha (see picture).
I need only 30 lines to do thousand of downloads.
Step (2)
Download and compile Tessercat.
Tesseract is probably the most accurate open source OCR engine available, It is developed by Google itself.

Step (3)
Test Tesseract with the images downloaded.
                                  Surprise it was able to resolve almost 4% of all captcha.


Step (4)
To improve results you have to do these steps:
 -> Give the right parameters to Tesseract (for linux are "tesseract nobatch digits")
 -> Crop Images to highlight numbers (Original size 300-56px after 100-56px)
 -> Switch from RGB to black and white
 -> Use an unsharp mask 

Now you can solve almost 20% of all captcha!!!!!!!!!!!!!!

A bot using these easy steps can spam thousand of email accounts or register thousand of Google accounts!
Maybe they need a restyle :D

For more detail send me an email pippomarinella@gmail.com

No comments:

Post a Comment