Captcha...

in
69 posts, 29 voices

« Previous 1 2 3 Next »

Dec 18, 2008 1:14am Tyrant6669 User	I am looking at the http headers when you are presented with a Captcha and I see something interesting, but I am unable to figure out the algorithm they are using for the seed. The rand and the hash have to are tied to each other some how in the header, if you change the rand and leave the hash the same you get bad hash returned from the server. If you correct the rand and change the hash you also get bad hash returned, but that one I expected :) I wonder if they are doing an MD5 hash on the string with the rand as the seed?!?!? I also tried making a SHA1 hash of the captcha image but that got me nowhere as well, that hash was 510669EFB4EABD6FB1E55290E6335BE17CD55E87. I also noticed in the post they attach the parameter code=(char's entered) user_id = Your facebook account ID rand = ? hash = ? Get The Captcha from: http://75.101.250.165/img/captcha_image.php?ran... Post Captcah reply To: http://fbmwp.freehostia.com/ http://75.101.250.165/img/captcha_image.php?ran... hhm MD5 hash is B4427B1CBAADB73573AEC9542C288552 no where near 19d1645b80ddb6e2e68303a2ddd48b13...

Dec 18, 2008 4:01am Pea Cracker Script's Author	Originally the CAPTCHA db were being posted to http://fbmwp.freehostia.com, the first free hosting company I tried. Somehow they halted my server-side scripts after 400KB of bandwidth usage, though I am suppose to have 5GB of that in the entire month. Not to mention that I only used about 0.001% WWW space and 0.1% sql db space. I was forced to try another hosting company, the current one as well, so it is now fbmwp.site90.net So far the traffic has been okay and service has been up, but there was the unfavorable insertion of scripts (for their own stat keeping).

Dec 18, 2008 4:19am Zenith User	PC - first off I would like to thank you for the great amount of time you have spent developing this script. I could possibly offer you a free hosting account. Please tell me the expected bandwidth and disk space usage you are expecting and I can have my team setup an account tonight (provided you wont kill our services with a huge bandwidth demand as that is our most costly expense).

Dec 18, 2008 5:12am Pea Cracker Script's Author	Thanks Zenith, please see my response to Heretic: http://userscripts.org/topics/19162 You guys asked the same things! lol.

Dec 20, 2008 3:08pm Computer Killer User	I have an idea to get around the CAPTCHA. Instead of trying to reverse engineer the hash algorithm, calculate the CRC32 of the picture and store it with the correct response in a database. Would this work? Would CRC32 of the picture be a large enough hash space, or would stepping it up to MD5 be better?

Dec 20, 2008 3:15pm Chris D User	First greasemonkey captcha autofill script was made Pea Cracker you should check this out. http://userscripts.org/scripts/show/38736 discussion http://userscripts.org/topics/18922?page=1 Edit: here is a link for a megaupload page to check out the captcha solving in progress. http://www.megaupload.com/?d=Q5GYFTAE It works very well for megaupload.

Dec 20, 2008 8:00pm Phazoni User	Chris, I've loaded the captcha script but it doesn't appear to work. Any suggestions?

Dec 20, 2008 8:35pm Keleas User	Phazoni - that captcha script is for MegaUpload I believe.

Dec 20, 2008 10:47pm Chris D User	Its for megaupload yes, but it works and doesnt need an external program to read the captchas. It does all of it through javascript.

Dec 20, 2008 11:43pm Chrisos User	Quite impressive, JavaScript is not the first language I would think of for coding up a neural network. It should be reasonably easy to retrain it for an alternate font if we have enough correct answers and images saved.

Dec 21, 2008 8:13am ferrari5 User	So, i downloaded the megaupload captcha script and set it for use on the same websites under FBMW+. I'll see if this works.

Dec 21, 2008 12:08pm Chris D User	ferrari5 it doesnt work for mobwars. Here is a link for a random download page on megaupload to try it on. http://www.megaupload.com/?d=Q5GYFTAE It works very well for megaupload.

Dec 21, 2008 1:25pm TheRASGuy User	Look under FEATURES : If the captcha image appears, it will open the window up allowing you to enter the code manually. Note. For REGISTERED users, you have the option to manually enter the captcha image, or the code will be entered for you. The code entered automatically will vary from 30 seconds to hours depending on certain factors.

Dec 21, 2008 3:42pm Chris D User	vary from 30 seconds to hours wow that is a long time for mobwarsbot to read a captcha image.

Dec 21, 2008 5:00pm ferrari5 User	@Chris: Ya... i realized that after I posted...

Dec 21, 2008 6:22pm outofideas52 User	@underground I tried it but it was really buggy, it wouldnt even start up right.. and im guessing it costs to be a member?

Dec 21, 2008 10:18pm holymoly User	I came back from a break with the captcha screen up. I had minimized the browser before I left, so I couldn't guess at the letters intelligently. I just typed the wrong letters in. It gave me the message that the letters were not correct, and that the user had already been killed. Then the script started running again. Would it be a bad idea to respond to the captcha with a 1 minute wait, then reply with anything at all, and switch to normal refresh. This would at least keep jobs running.

Dec 21, 2008 11:49pm outofideas52 User	I got that other bot to work now. Its pretty wierd, im think it steals your facebook user and pass and doesnt actually use the internet browser, because it made me use ie and then made me make sure i had checked the remember me option. If i didnt, it would say cookie expired, please remember to check Remember me at login. and i would never see ie refresh. anyway, im decompiling it to see what i can find on the captcha thing. (basically me downloading programs that say their going to decompile it, and then me looking at things, having no idea what im doing, and then turn around and my computer is infected with something similar to aids)

Dec 21, 2008 11:54pm Chrisos User	A fine example of optimism. :)

Dec 22, 2008 12:35am Pea Cracker Script's Author	"The maximum wait time should be no longer than 6 hours." According to the programmer, who refused to reveal the "method" used. But I can guess the answer -- it is done not by you, but by another human. Basically, you run the program, go off to work. The program runs, get stuck, sends a "captcha911" to one of predefined host that the programmer himself (or associates, colleagues, workers, etc. of the programmer) will periodically check and enter the codes by reading the image that you were supposed to read, the codes will be saved on to the host and waiting for the program to call back again to find it, pick it up, and "enter it" to the game. Well, that's one guess, because I know there is an actual business that hires a bunch of people to sit in the office all day and do the CAPTCHA entries, so that the business can provide that service to other entities. Who knows... maybe the same business now OWNS Facebook Mob Wars and is actually redirecting its clients' requests to the players... which means we're doing work for him, free. He gets the dough, we get to play the game... I suppose that's fair. lol.

Dec 22, 2008 12:51am meyerje User	That'd be insane pc, but brilliant.

Dec 22, 2008 1:14am outofideas52 User	well.. all i know is that delphi 7 was used to compile it. now i have a headache, ill try some more later.

Dec 22, 2008 4:39am Nozama User	You could do this with MTurk pretty easily. A penny a captcha or whatever.

Dec 22, 2008 5:12am Nozama User	Even better, just find a way to submit captchas to a third party with the abilty to respond to the request and you got it whipped for $1/1000 http://ha.ckers.org/blog/20070427/solving-captc...

Dec 22, 2008 5:56am ccl28 User	I'm fairly confident that I can write a solver for the MW captchas. Is there a db of these anywhere? All I have is a few dozen that I have personally saved. All of the captchas that I have seen are 3 letters. Has anyone seen anything more complicated from MW?