Dark SEO Programming » Blog Archive » PHPBB3 Captcha is super easy

PHPBB3 Captcha is super easy

A while back I presented a long-winded algorithm that would crack phpBB3 captchas. However I cracked it a while back and it’s even simpler than I said before. My floodfill routine returns the size of the area it colours in. Soooo… I flood fill background coloured pixels and if it’s a small area we assume it must be part of a letter and keep it. That gives us lots of small segments to join together.

Incidentally we find the background colour by reading the pixels along the top and finding the most regularly occuring colour.

Now we have some small segments we make them touch each other by blurring them and then we force the picture into only two colours. Then using the average density of vertical lines in each letter we rotate them to an approximately correct position. It may throw a few upside down but as long as that letter always comes out that way up the computer doesn’t care.

Now just train Gocr or a neural network or <<insert cunning program here>> to read those letters. Simple. And surprisingly accurate too. We could further improve it with colour checking routines etc but hey, it works.

This entry was posted on Monday, May 12th, 2008 at 9:42 am and is filed under captcha. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Joe Splogs Says:
May 12th, 2008 at 5:53 pm

I have spent today porting your phpBB2 captcha code into my ‘web content creation framework’ ;). The accuracy is excellent and I had never thought of using a dual human and machine approach to captcha cracking. I noticed a lot of phpBB sites are using alternative captchas, so the human side is very useful to get these out of the way.

One thing I found that was useful to add to your code is something that selects the first option of all select elements (I use a wrapper of the XML DOM and XPath functions to do this). There are quite a lot of mods to phpBB that add extra required fields to the registration form. Using the above solution you can still sign up to these site

Right now I am just getting the registration confirmation text in every language so I can get confirmation. I guess a smart guy would have instantly realised this is probably all in the phpBB distro

Right now I have a few terminal windows ripping up phpBB2 dorks (gotta love those open source programmers) from Yahoo. DB already has 3,589 confirmeed installs :>. Thanks for sharing your phpBB2 code. Is the 3 code going to be made available?

Harry Says:
May 13th, 2008 at 4:29 am

I plan to release it eventually in a GTK wrapper as a desktop application.

Anyway it sounds like you’ve added quite a few things I haven’t thought about. And the whole part of failing a captcha and then showing it to the user idea (At least that what I assume you mean). I didn’t plan it to be used like that , but that idea kinda rocks except I bore easily typing in captchas. I did wonder if in Linux you could background run a process that pops the captcha up in some image preview program so that you can still see it from the command line.