From making
By George Hughey
Heart of the machine compiles
Everyone hates captchas. These annoying images contain characters that you have to type in, and we have to fill them out correctly to continue to visit the site. Captchas are designed to confirm whether a visitor is a person or a program, and to protect against malicious programs. However, with advances in deep learning and computer vision, these authentication methods can now be easily cracked.
In this project, the authors cracked the latest version of ReCaptcha and opened source all the code. However, the authors state that “this code addresses the latest version of ReCaptcha, but only for use on their own site and for educational purposes only.”
Project address: github.com/ecthros/unc…
The reCAPTCHA project, a system begun at Carnegie Mellon University, displays text scanned from books that cannot be accurately recognized by OCR in CAPTCHA questions to determine whether visitors are programs or humans. Since 2014, reCAPTCHA completes the check by checking the box “I’m not a robot.”
The project, called unCaptcha, was first created in April 2017 and achieved an 85% ReCaptcha counter rate at that time. Since then, However, Google has released a new version of ReCaptcha, which has two major improvements:
Better browsers automatically detect speech using phrases instead of numbers
These improvements initially successfully defended against the first version of unCaptcha, however by June 2018 these challenges had been largely resolved. The project’s authors were also in touch with the ReCaptcha team, who were fully aware of the attack. In addition, the ReCaptcha team allowed the project authors to publish code for unCaptcha2, although it is still effective at cracking ReCaptcha captchas.
UnCaptcha2 profile
Cracking ReCaptcha is easier than ever, thanks to the addition of captcha recognition in the form of speech. Because all we need to do is call a free speech recognition API, and we can recognize all the captchas with about 90% accuracy. Also because ReCaptcha blocks Selenium, the browser automation engine, unCaptcha2 uses a screen clicker to move to a specific pixel on the screen to navigate the web like a human. Of course, in the simulation of human browsing, the coordinates of each new user need to be updated, which is not very robust at present.
The method of unCaptcha2 is very succinct:
Navigate to the ReCaptcha demo site at Google navigate to the ReCaptcha speech library and download the speech and use the speech recognition API to recognize the parameters and the recognition results that the speech parsing API returns and submit the recognition results and determine if it’s successful
The unCaptcha2 test interface is shown below:
How to use unCaptcha2
Because unCaptcha2 must specify specific coordinates on the screen, we must update the coordinates based on the Settings. The code for these coordinate updates is written at the top of the run.py file. On Linux, the xdotool getMouselocation – shell command line is used to locate the mouse’s position on the screen.
We also need to configure which voice recognition API to use. Domestic BAT, IFlytek and Sogou all provide efficient voice recognition API, and foreign Google, Microsoft and IBM do the same. Google, Microsoft, and IBM’s API structures are already in Queryapi.py, so you just need to configure the username and password. If you are using the Google API, we need to configure the environment variable GOOGLE_APPLICATION_CREDENTIAL using the Google Apps certificate parameter.
Finally, the rest of the dependencies are happily cracked: PIP install -r dependencies. TXT.
To read more
The amazing lightning-powered Java diagnostics tool from Alibaba is finally open source
Here’s how to create a sliding top visual effect
NDK project actual combat – high imitation 360 mobile phone assistant uninstall monitoring
(Android) Interview Questions
Believe in yourself, there is nothing impossible, only unexpected
If you are interested in technology development, welcome to exchange and learn together!
