2013 20th Working Conference on Reverse Engineering (WCRE) (2008)
Oct. 15, 2008 to Oct. 18, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/WCRE.2008.35
CAPTCHAs are automated Turing tests used to determine if the end-user is human and not an automated program. Users are asked to read and answer Visual CAPTCHAs, which often appear as bitmaps of text characters, in order to gain access to a low-cost resource such as webmail or a blog. CAPTCHAs are generated by software and the structure of a CAPTCHA gives hints to its implementation. Thus due to these properties of image processing and image composition, the process that creates CAPTCHAs can often be reverse engineered. Once the implementation strategy of a family of CAPTCHAs has been reverse engineered the CAPTCHA instances may be solved automatically by leveraging weaknesses in the creation process or by comparing a CAPTCHA's output against itself. In this paper, we present a case study where we reverse engineer and solve real-world CAPTCHAs using simple image processing techniques such as bitmap comparison, thresholding, fill-flood segmentation, dilation, and erosion. We present black-box and white-box methodologies for reverse engineering and solving CAPTCHAs. As well we provide an open source toolkit for solving CAPTCHAs that we have used with a success rates of 99, 95, 61, 30%, and 27% on hundreds of CAPTCHAs from five real-world examples.
Reverse Engineering, CAPTCHA, image processing
Abram Hindle, Michael W. Godfrey, Richard C. Holt, "Reverse Engineering CAPTCHAs", 2013 20th Working Conference on Reverse Engineering (WCRE), vol. 00, no. , pp. 59-68, 2008, doi:10.1109/WCRE.2008.35