| Version 2 (modified by , 17 years ago) (diff) |
|---|
PWNtcha - captcha decoder
PWNtcha stands for "Pretend We’re Not a Turing Computer but a Human Antagonist", as well as PWN capTCHAs. This project’s goal is to demonstrate the inefficiency of many captcha implementations.
For an overview on why visual captchas are a bad idea, see Matt May’s excellent presentation, Escape from CAPTCHA, as well as the W3C’s Inaccessibility of Visually-Oriented Anti-Robot Tests working draft.
History
I created PWNtcha in 2004 as a personal research project, but only published my results, not the program itself. Given the number of captcha-breaking software available for sale now, I changed my mind and decided to publish the PWNtcha source code. It can be downloaded from Subversion:
svn co svn://svn.zoy.org/libcaca/pwntcha/trunk pwntcha
Note that PWNtcha is now lagging 3 years behind captcha technology and is therefore no longer a very interesting piece of software.
Defeated captchas
PWNtcha is able to detect and decode the following captchas:
| Origin | Samples | PWNtcha efficiency | Comments |
| Authimage |   | 100% | Vendor site: http://www.gudlyf.com/index.php?p=376 Weaknesses: constant font, aligned glyphs, constant glyph position, constant rotation, no deformation, non-textured background, constant colours, no perturbation. |
| Clubic |   | 100% | Weaknesses: constant font, no rotation, no deformation, aligned glyph, constant background, weak colour variation, weak perturbation. |
| linuxfr.org |    | 100% | Weaknesses: constant font, aligned glyphs, no rotation, no deformation, non-textured background, weak colour variation, weak perturbation. |
| LiveJournal? |   | 99% | Weaknesses: constant font, constant character position. |
| lmt.lv |    | 98% | Weaknesses: constant font, almost aligned glyphs, no rotation, no deformation, constant background, no colour variation, weak perturbation. |
| Ourcolony |   | 100% | Weaknesses: constant font, no rotation, no deformation, no colour variation, no perturbation. |
| Paypal |   | 88% | Weaknesses: constant font, almost aligned glyphs, no rotation, no deformation, constant background, no colour variation, no additional perturbation. |
| phpBB |  | 97% | Vendor site: http://www.phpbb.com/ Weaknesses: constant font, no rotation, no deformation, constant colours, weak perturbation. |
| Scode and derivatives |    | 100% | Vendor site: http://james.seng.cc/archives/000145.html Weaknesses: at most 3 different fonts, no rotation, no deformation, weak colour variation, useless perturbation (separate colour key). |
| Slashdot |   | 89% | Weaknesses: constant font, no deformation, constant colours, weak perturbation. |
| vBulletin |   | 100% | Vendor site: http://www.vbulletin.com/ Weaknesses: constant font, fixed glyph position, no rotation, no deformation, almost constant colours, weak perturbation. |
| Xanga |   | 49% | Weaknesses: fixed horizontal glyph position, no rotation, no deformation, constant colours, insufficient perturbation. |
