0 x000 preface

In this article, the process of using TensorFlow automatic verification code recognition is briefly understood and written. So today this article will modify the code in the previous article to achieve the mainstream CMS verification code cracking.

0x001 Cracking Step

Let’s review tensorFlow’s steps to automatically recognize captchas

  • The sampling

  • Create an identification model

  • Training recognition model

  • Save recognition model

  • validation

Since the last three steps are basically done automatically by TensorFlow, our main work is the first two steps. So the steps are mainly as follows:

  • Look for captcha modules in open source systems

  • Modify and test the captcha module

  • The captcha module ADAPTS to the sampling code

  • Modify identification model parameters

0x002 Finding the verification code module in the open Source system

Find the CMS you want to crack (open source doesn’t matter, most importantly you have the source code). Here we use XXXCMS (=. We first login administrator, OK, as expected there is a verification code.

Open the editor and look for the class checkcode.class.php that generates the verification code

<? $checkCode = new checkCode (); $checkCode = new checkCode (); * $checkcode->doimage(); * * / / has been validated $_SESSION [' code '] = $checkcode - > get_code (); Public $width= 100; Public $height=50; Private $font; Public $font_color; / / set randomly generated factor public $charset = 'abcdefghkmnprstuvwyzABCDEFGHKLMNPRSTUVWYZ23456789'; Public $background = '#EDF7FF'; Public $code_len = 4; Public $font_size = 20; Private $code; Private $img; Private $x_start; Function __construct() {$rand = rand(0,1); if($rand==0) { $this->font = PC_PATH.'libs'.DIRECTORY_SEPARATOR.'data'.DIRECTORY_SEPARATOR.'font'.DIRECTORY_SEPARATOR.'elephant.ttf'; } else { $this->font = PC_PATH.'libs'.DIRECTORY_SEPARATOR.'data'.DIRECTORY_SEPARATOR.'font'.DIRECTORY_SEPARATOR.'Vineta.ttf'; }} /** * Generates a random verification code. */ protected function creat_code() { $code = ''; $charset_len = strlen($this->charset)-1; for ($i=0; $i<$this->code_len; $i++) { $code .= $this->charset[rand(1, $charset_len)]; } $this->code = $code; Public function get_code() {return strtolower($this->code); Public function doImage () {$code = $this->creat_code(); $this->img = imagecreatetruecolor($this->width, $this->height); if (! $this->font_color) {$this->font_color = imagecolorallocate($this->img, rand(0,156), rand(0,156)); Else {$this->font_color = imagecolorallocate($this->img, hexdec($this->font_color, 1,2)); The hexdec (substr ($this - > font_color, 3, 2)), hexdec (substr ($this - > font_color, 5, 2))); $this->background = imagecolorallocate($this->img,hexdec($this->background, $this->background) 1, 2)), the hexdec (substr ($this - > background, 3, 2)), hexdec (substr ($this - > background, 5, 2))); // Draw a cabinet shape and set the background color. imagefilledrectangle($this->img,0, $this->height, $this->width, 0, $background); $this->creat_font(); $this->creat_line(); $this->output(); Private function creat_font() {$x = $this->width/$this->code_len; for ($i=0; $i<$this->code_len; $i++) {imagettftext ($this - > img, $this - > font_size, rand (30, 30), $x * $I + rand (0, 5), $this - > height / 1.4, $this - > font_color, $this->font, $this->code[$i]); if($i==0)$this->x_start=$x*$i+5; Private function creat_line() {imagesetthickness($this->img, 3); $xpos = ($this->font_size * 2) + rand(-5, 5); $this->width = $this->width / 2.66 + rand(3, 10); $this->font_size = $this->font_size; If (rand(0,100) % 2 == 0) {$start = rand(0,66); $ypos = $this->height / 2 - rand(10, 30); $xpos += rand(5, 15); } else { $start = rand(180, 246); $ypos = $this->height / 2 + rand(10, 30); } $end = $start + rand(75, 110); imagearc($this->img, $xpos, $ypos, $width, $height, $start, $end, $this->font_color); If (rand(1,75) % 2 == 0) {$start = rand(45, 111); $ypos = $this->height / 2 - rand(10, 30); $xpos += rand(5, 15); } else { $start = rand(200, 250); $ypos = $this->height / 2 + rand(10, 30); } $end = $start + rand(75, 100); imagearc($this->img, $this->width * .75, $ypos, $width, $height, $start, $end, $this->font_color); Private function output() {header("content-type:image/ PNG \r\n"); private function output() {header("content-type:image/ PNG \r\n"); imagepng($this->img); imagedestroy($this->img); }}Copy the code

Preliminary preparations have been basically completed. Next, modify and test the captcha module

0x003 Modify and Test the Verification Code module

Since the system’s captchas are randomly generated and uncontrollable, we need to change the above code to look like create_img.php? Code =XXXX so that we can control the generation of captchas by randomly generating parameters from the code py last time to generate samples. It is worth noting that the system uses two fonts to generate its captcha and we have removed one of them to reduce the burden of recognition.

Save to create_img.php

<? PHP class checkCode {$width = 100; Public $height = 50; Private $font; Public $font_color; / / set randomly generated factor public $charset = 'abcdefghkmnprstuvwyzABCDEFGHKLMNPRSTUVWYZ23456789'; Public $background = '#EDF7FF'; Public $code_len = 4; Public $font_size = 20; Private $code; Private $img; Private $x_start; function __construct() { $this->font = './font/elephant.ttf'; } /** * generates a random verification code. */ protected function creat_code() { $this->code = $_GET['code']; Public function get_code() {return strtolower($this->code); Public function doImage () {$code = $this->creat_code(); $this->img = imagecreatetruecolor($this->width, $this->height); if (! $this->font_color) { $this->font_color = imagecolorallocate($this->img, rand(0, 156), rand(0, 156), rand(0, 156)); } else { $this->font_color = imagecolorallocate($this->img, hexdec(substr($this->font_color, 1, 2)), hexdec(substr($this->font_color, 3, 2)), hexdec(substr($this->font_color, 5, 2))); $this->img, hexdec(substr($this->background, 1, 2)), hexdec(substr($this->background, 3, 2)), hexdec(substr($this->background, 5, 2))); // Draw a cabinet shape and set the background color. imagefilledrectangle($this->img, 0, $this->height, $this->width, 0, $background); $this->creat_font(); $this->creat_line(); $this->output(); Private function creat_font() {$x = $this->width / $this->code_len; for ($i = 0; $i < $this->code_len; $i++) {imagettftext ($this - > img, $this - > font_size, rand (30, 30), $x * $I + rand (0, 5), $this - > height / 1.4, $this->font_color, $this->font, $this->code[$i]); if ($i == 0) $this->x_start = $x * $i + 5; Private function creat_line() {imagesetthickness($this->img, 3); $xpos = ($this->font_size * 2) + rand(-5, 5); $this->width = $this->width / 2.66 + rand(3, 10); $this->font_size = $this->font_size; if (rand(0, 100) % 2 == 0) { $start = rand(0, 66); $ypos = $this->height / 2 - rand(10, 30); $xpos += rand(5, 15); } else { $start = rand(180, 246); $ypos = $this->height / 2 + rand(10, 30); } $end = $start + rand(75, 110); imagearc($this->img, $xpos, $ypos, $width, $height, $start, $end, $this->font_color); if (rand(1, 75) % 2 == 0) { $start = rand(45, 111); $ypos = $this->height / 2 - rand(10, 30); $xpos += rand(5, 15); } else { $start = rand(200, 250); $ypos = $this->height / 2 + rand(10, 30); } $end = $start + rand(75, 100); imagearc($this->img, $this->width * .75, $ypos, $width, $height, $start, $end, $this->font_color); Private function output() {header("content-type:image/ PNG \r\n"); private function output() {header("content-type:image/ PNG \r\n"); imagepng($this->img); imagedestroy($this->img); } } $checkcode = new checkcode(); $checkcode->doimage();Copy the code

The next test is to write test.py

import requests as req from PIL import Image from io import BytesIO import numpy as np response = The req. Get (' http://127.0.0.1:8080/xxxcms/create_img.php? Code =1234') image = image.open (BytesIO(response.content)) gray = image.convert('L') # gray = gray. Point (lambda x: 0 if x<128 else 255, '1') # gry.show () img = np.array(gry.getData ()) #Copy the code

Run python test. Py

If you open the console and see the black and white picture then represents the verification code part is ready to complete

0x004 Verification Code Module ADAPTS sampling code

Focus on a few parameters

  • The generation factor of the verification code

  • Length and width of the verification code

  • The bits of the verification code

In the above class we can see that the values of these parameters are in order of

  • Generate factor: abcdefghkmnprstuvwyzABCDEFGHKLMNPRSTUVWYZ23456789

  • Width: 130 x50

  • : 4;

Make a copy of generate_captcha.py as xxxCMS_generate_captcha.py

Add import from IO import BytesIO and import Requests as req

There are two major modifications

The first is the build parameter at the beginning

Char_num =4, char_num=4, char_num=4, char_num=4, char_num=4, char_num=4 = 'abcdefghkmnprstuvwyzABCDEFGHKLMNPRSTUVWYZ23456789' # captcha characters number characters) :Copy the code

The second is to change the method in gen_captcha to get the image in test.py

X = np.zeros([batch_size, self.height, self.width, 1]) img = np.zeros((self.height, self.width), dtype=np.uint8) Y = np.zeros([batch_size, self.char_num, self.classes]) image = ImageCaptcha(width=self.width, height=self.height) while True: for i in range(batch_size): captcha_str = ''.join(random.sample(self.characters, Self. Char_num)) imgurl = 'http://127.0.0.1:8080/xxxcms/create_img.php? code='+captcha_str response = req.get(imgurl) img = Image.open(BytesIO(response.content)).convert('L') img = Np.array (imp.getData ()) X[I] = NP.array (imp.getData ()) X[I] = NP.array (img, [self.height, self.width, 1]) / 255.0 for J, 0 ch in enumerate(captcha_str): Y[i, j, self.characters.find(ch)] = 1 Y = np.reshape(Y, (batch_size, self.char_num * self.classes)) yield X, YCopy the code

Open train_captcha. Py and change import Generate_captcha to import xxxCMS_GENERate_captcha as generate_captcha

Run python train_captcha.py again

The rest of the process is the same as in the first article.

0x005 Some Tips

  • How do I see if my algorithm has worked

    • See if the value of lost gradually decreases

  • Can you crack any captcha

    • Theoretically small letters + numbers and some pictures only a few lines or dots on the basic can be. Probability problem

  • Can accept the crack speed is basically 4 bits. 5,6 and above require large machines to help speed up model generation

  • How to speed up my model generation

    • Adding hardware Devices

    • Adjust model generation parameters

    • Buy Ali Cloud GPU server on Ali Cloud