1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How a trio of hackers brought Google's reCAPTCHA to its knees

Discussion in 'BlackHat Lounge' started by pyronaut, Jun 1, 2012.

  1. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/

    A nice interesting read, if you follow the links you get to where they did their presentation (It is at times hard to watch I have to say).

    It's amazing to me that such a simple technique took it out, analyzing the frequencies itself seems like such a simple move, so I'm surprised it has only just happened.
     
    • Thanks Thanks x 4
  2. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    That does seem really simple! I read a post on here about a small group of people trying a bypass recaptcha by an "audio version exploit" like a year ago and never heard more. They probably were along the same lines and realized mass release = fix and a small group willing to pay premium for a near perfect success rate without chances of getting fixes was the route to take.
     
  3. silentthunder

    silentthunder Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 6, 2009
    Messages:
    525
    Likes Received:
    1,342
    Occupation:
    cpa
    Location:
    In the pink
    Amazing read. No one is invulnerable in in the internets and you can't beat a planned attack.
     
  4. timothywcrane

    timothywcrane Power Member

    Joined:
    Apr 25, 2009
    Messages:
    590
    Likes Received:
    236
    Occupation:
    Internet Promotion Management
    Location:
    USA
    Home Page:
    So funny. I even tried to do something based on audio captcha (though more garage band style) with dragon nat speaking and sikuli in real time (no algos or database nonsense), but I never got it over 10-15% with major flaws in DNS input mostly. Never really took any of it seriously, 99% is amazing (and the real deal, unlike my playing)!
     
  5. phatzilla

    phatzilla Supreme Member

    Joined:
    Apr 9, 2009
    Messages:
    1,365
    Likes Received:
    1,017
    Wonder how google found out
     
  6. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    What happens when you try to expand on capitalize on something :(
     
  7. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    I'm not sure if you are referring to me, but at one point there was a thread created by me talking about trying to work out recaptcha (Or captchas in general), including things like ASIRRA etc. I think audio captchas did come up, but for me atleast, I put it into the too hard basket. Hold on lemme find a pic of what I got up to.

    [​IMG]

    Never really got passed there, but it was identifying SMF captchas reasonably well.
     
    • Thanks Thanks x 1
  8. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    I know I remember that thread, image looks 100% familiar. Might be what I was thinking of but I thought there was a lot of conversation about an "audio exploit" so may have been in that thread or another. I followed a lot closely for a while, was kind of a dream to figure out by watching someone's really good idea at how to crack them and start a captcha service for extra income but I wasn't creative enough to come up with my own unique solution.
     
  9. LakeForest

    LakeForest Supreme Member

    Joined:
    Nov 11, 2009
    Messages:
    1,269
    Likes Received:
    1,802
    Location:
    Location Location
    Image capture and recognition.

    It's the fuuutuuuure
     
  10. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    I was intent on creating a captcha solving service aswell, and then pass on words you aren't confident onto a third party. IMO to start a service like this, you have to try and do NON-text captchas (Like sound) as to create a unique service. I still think a brute force on ASIRRA is possible.
     
  11. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    100%. I was waiting for someone who lacked follow through to feed me a brilliant and unique solution to attacking it (which would be a high success rate with a cheaper solving cost, I thought for sure some sort of audio recognition). Has probably been 1-2 years since I've even played with it though.
     
  12. manny521

    manny521 Supreme Member

    Joined:
    Sep 15, 2011
    Messages:
    1,448
    Likes Received:
    367
    very technical read...my head hurts now...
     
  13. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    Why not do a feasibility study on ASIRRA? It is estimated that 10% of the ASIRRA database is available on PetFinder. For the rest you can have workers on the other end identifying if the animal is a cat or a dog. Store the image hash so should it ever come again, you don't need a human solving it.

    Microsoft claims there is over 3 million images in the database, so let's say you pay someone 0.01 per IMAGE identified. That's 30K to complete the entire database, which in the long run is not that much, especially considering that you only need to identify an image once someone sends it in. You do have to remember though that you need to charge the user for 12 images sent in (Since there is 12 images to an ASIRRA image). So at 12 cents per captcha, you're unlikely to find many takers. That works out to $120 per 1000.

    It all depends on what you pay a backend worker? I assume that it is less than 0.01 per captcha for words, and to identify whether a picture is a cat or dog is simply mouse clicking. Nothing more.
     
  14. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    Basically because the cat captcha might be used by third party captcha solvers already out there and added in but I wanted to break recaptcha, wanted to do it big so I never even focuesed on ASIRRA. Wanted to be a one stop shop that most programs would add the option for (which a high %age recaptcha solver would've done easily). The cat captcha is annoying but is not enough of a market base IMO especially as it was clear more and more people were migrating to recaptcha, this is the reason that I often fail and also the reason that when I succeed it supports me for a long time, like to shoot for the stars lol!
     
  15. Fxbob

    Fxbob Junior Member

    Joined:
    Feb 21, 2011
    Messages:
    154
    Likes Received:
    342
    Digitally produced noise is a really bad idea if they're trying to mask a message, naturally produced sounds have random overtones that vibrate on higher frequencies and are much harder to isolate. It's also a childish mistake to not cover the entire spectrum with noise, regardless of its source. Assuming the article is not oversimplifying the hack, it's a mystery that something like that has been left undetected until now.
     
  16. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    Yeah true true.

    I think ASIRRA may be bigger than you think, Since it's a "Microsoft" project, on alot of their own properties (e.g. those bing game things that you could win xboxs on a while back, Chicktionary etc) it is out and about. I think if you found enough of the small little niche captchas (How about just image captchas?) you could build a huge business out of it. Trying to compete against something like DeathByCaptcha or Decaptcher with text captchas would be very difficult to start now IMO.
     
  17. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    AFAIK I thought it was ex radio noises (With voices) with static, played in reverse.
     
  18. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    It most certainly would be difficult, why I gave up :)

    I thought for a while that there was a solution (and as always there was but I couldn't figure it out) to accurately and without human intervention breaking recaptcha. And yes cat captchas are everywhere, I do a lot of wiki apps and they pop up all the time, but their rate in generally is so much lower on the more popular platforms. I wanted to blow someone like deathbycaptcha out of the water. Anyways going to sleep now, but thanks for the article and the replies brought me back a ways there!
     
  19. backontrack

    backontrack Power Member

    Joined:
    Jun 5, 2011
    Messages:
    517
    Likes Received:
    430
    Occupation:
    Father, Web development
    Location:
    I Love Apricot
    Interesting read, Now its time too move my eyes away from the monitor lol.