Version 7 (modified by carmie, 15 years ago) (diff)

--

pwntcha logo

PWNtcha - captcha decoder

PWNtcha stands for "Pretend We’re Not a Turing Computer but a Human Antagonist", as well as PWN capTCHAs. This project’s goal is to demonstrate the inefficiency of many captcha implementations.

For an overview on why visual captchas are a bad idea, see Matt May’s excellent presentation, Escape from CAPTCHA, as well as the W3C’s Inaccessibility of Visually-Oriented Anti-Robot Tests working draft.

History

I created PWNtcha in 2004 as a personal research project, but only published my results, not the program itself. Given the number of captcha-breaking software available for sale now, I changed my mind and decided to publish the PWNtcha source code. It can be downloaded from Subversion:

 svn co svn://svn.zoy.org/caca/pwntcha/trunk pwntcha

Note that PWNtcha is now lagging 3 years behind captcha technology and is therefore no longer a very interesting piece of software.

Defeated captchas

PWNtcha is able to detect and decode the following captchas:

Origin Samples PWNtcha efficiency Comments
Authimage source:/pwntcha/testsuite/authimage/authimage_046.jpeg source:/pwntcha/testsuite/authimage/authimage_090.jpeg 100% Vendor site: http://www.gudlyf.com/index.php?p=376
Weaknesses: constant font, aligned glyphs, constant glyph position, constant rotation, no deformation, non-textured background, constant colours, no perturbation.
Clubic source:/pwntcha/testsuite/clubic/clubic_000.png source:/pwntcha/testsuite/clubic/clubic_001.png 100% Weaknesses: constant font, no rotation, no deformation, aligned glyph, constant background, weak colour variation, weak perturbation.
linuxfr.org source:/pwntcha/testsuite/linuxfr/linuxfr_014.png source:/pwntcha/testsuite/linuxfr/linuxfr_022.png source:/pwntcha/testsuite/linuxfr/linuxfr_081.png 100% Weaknesses: constant font, aligned glyphs, no rotation, no deformation, non-textured background, weak colour variation, weak perturbation.
LiveJournal? source:/pwntcha/testsuite/livejournal/livejournal_003.png source:/pwntcha/testsuite/livejournal/livejournal_015.png 99% Weaknesses: constant font, constant character position.
lmt.lv source:/pwntcha/testsuite/lmt/lmt_000.png source:/pwntcha/testsuite/lmt/lmt_001.png source:/pwntcha/testsuite/lmt/lmt_002.png 98% Weaknesses: constant font, almost aligned glyphs, no rotation, no deformation, constant background, no colour variation, weak perturbation.
Ourcolony source:/pwntcha/testsuite/ourcolony/ourcolony_001.gif source:/pwntcha/testsuite/ourcolony/ourcolony_002.gif 100% Weaknesses: constant font, no rotation, no deformation, no colour variation, no perturbation.
Paypal source:/pwntcha/testsuite/paypal/paypal_000.jpeg source:/pwntcha/testsuite/paypal/paypal_001.jpeg 88% Weaknesses: constant font, almost aligned glyphs, no rotation, no deformation, constant background, no colour variation, no additional perturbation.
phpBB source:/pwntcha/testsuite/phpbb/phpbb_015.png 97% Vendor site: http://www.phpbb.com/
Weaknesses: constant font, no rotation, no deformation, constant colours, weak perturbation.
Scode and derivatives source:/pwntcha/testsuite/scode/scode_000.png source:/pwntcha/testsuite/auditor/auditor_022.png source:/pwntcha/testsuite/scode/scode_001.png 100% Vendor site: http://james.seng.cc/archives/000145.html
Weaknesses: at most 3 different fonts, no rotation, no deformation, weak colour variation, useless perturbation (separate colour key).
Slashdot source:/pwntcha/testsuite/slashdot/slashdot_009.jpeg source:/pwntcha/testsuite/slashdot/slashdot_010.jpeg 89% Weaknesses: constant font, no deformation, constant colours, weak perturbation.
vBulletin source:/pwntcha/testsuite/vbulletin/vbulletin_000.jpeg source:/pwntcha/testsuite/vbulletin/vbulletin_001.jpeg 100% Vendor site: http://www.vbulletin.com/
Weaknesses: constant font, fixed glyph position, no rotation, no deformation, almost constant colours, weak perturbation.
Xanga source:/pwntcha/testsuite/xanga2/xanga2_000.jpeg source:/pwntcha/testsuite/xanga2/xanga2_024.jpeg 49% Weaknesses: fixed horizontal glyph position, no rotation, no deformation, constant colours, insufficient perturbation.

Other captchas and hard captchas

These captchas can currently not be defeated by PWNtcha. Note however that this is not an acknowledgement of efficiency; for instance, EZ-Gimpy can be easily defeated by other projects. However, the Passport/Yahoo? and CFXCaptcha captchas are probably going to last for a long time.

Origin Samples Comments
Drupal source:/pwntcha/testsuite/drupal/drupal_024.png source:/pwntcha/testsuite/drupal/drupal_025.png source:/pwntcha/testsuite/drupal/drupal_089.png
Trencaspammers source:/pwntcha/testsuite/trencaspammers/trencaspammers_000.jpeg source:/pwntcha/testsuite/trencaspammers/trencaspammers_025.jpeg source:/pwntcha/testsuite/trencaspammers/trencaspammers_038.jpeg
Xanga (2) source:/pwntcha/testsuite/xanga2/xanga2_000.jpeg source:/pwntcha/testsuite/xanga2/xanga2_024.jpeg
20six source:/pwntcha/testsuite/20six/20six_000.jpeg source:/pwntcha/testsuite/20six/20six_001.jpeg Extremely weak captcha, easily removed perturbation.
Authimage (3) source:/pwntcha/testsuite/authimage3/authimage3_014.png source:/pwntcha/testsuite/authimage3/authimage3_074.png A very good captcha, but not always human-solvable.
CFXCaptcha source:/pwntcha/testsuite/cfxcaptcha/cfxcaptcha_071.jpeg A very good captcha.
Clearscreen source:/pwntcha/testsuite/clearscreen/clearscreen_012.jpeg source:/pwntcha/testsuite/clearscreen/clearscreen_053.jpeg Weak perturbation, but interesting use of non-alphanumeric characters.
Cwazymail source:/pwntcha/testsuite/cwazymail/cwazymail_006.jpeg source:/pwntcha/testsuite/cwazymail/cwazymail_018.jpeg An excellent idea, but a critically buggy implementation.
EZ-Gimpy (eg. Yahoo! Briefcase) source:/pwntcha/testsuite/briefcase/briefcase_084.jpeg Already defeated by another project.
Hoke source:/pwntcha/testsuite/hoke/hoke_000.jpeg source:/pwntcha/testsuite/hoke/hoke_005.jpeg A very weak captcha.
.Mac source:/pwntcha/testsuite/dotmac/dotmac_018.jpeg A weak captcha that is not always human-solvable.
ICQ source:/pwntcha/testsuite/icq/icq_066.jpeg source:/pwntcha/testsuite/icq/icq_087.jpeg A pretty good captcha that uses a wide variety of backgrounds and fonts.
IMDb source:/pwntcha/testsuite/imdb/imdb_065.jpeg source:/pwntcha/testsuite/imdb/imdb_085.jpeg A very good captcha with a very well thought implementation, but a small dictionary.
MS MVPS source:/pwntcha/testsuite/msmvps/msmvps_098.jpeg Already defeated by another project.
MVN Forum source:/pwntcha/testsuite/mvnforum/mvnforum_011.jpeg A pretty good captcha that uses a wide variety of backgrounds and fonts.
Passport source:/pwntcha/testsuite/passport/passport_000.jpeg A very good captcha, but not always human-solvable.
Pichan source:/pwntcha/testsuite/pichan/pichan_000.gif source:/pwntcha/testsuite/pichan/pichan_001.gif source:/pwntcha/testsuite/pichan/pichan_002.gif source:/pwntcha/testsuite/pichan/pichan_003.gif An apparently weak captcha.
Screenname source:/pwntcha/testsuite/screenname/screenname_005.jpeg source:/pwntcha/testsuite/screenname/screenname_054.jpeg A pretty good captcha that uses a wide variety of backgrounds, fonts and deformations.
Yahoo! source:/pwntcha/testsuite/yahoo/yahoo_053.jpeg A very good captcha, but not always human-solvable.

Development

Development happens in a centralised Subversion repository:

There is also a Git repository that mirrors the central one:

If you want to discuss PWNtcha or report bugs, you can write to me at sam@zoy.org or join #libcaca on irc.freenode.net.

Page maintained by Sam Hocevar. Contact me for more information: sam@zoy.org.