What is the method of this encoding?

Discussion in 'BlackHat Lounge' started by ImacrosGuy, Jul 19, 2014.

  1. ImacrosGuy

    ImacrosGuy BANNED BANNED

    Joined:
    Apr 20, 2014
    Messages:
    56
    Likes Received:
    43
    Hey,

    I'm trying to figure out how to decode a javascript based captcha.

    Some examples:

    'lAFqxqYHhlkEaZyNPO0NGQGwKjOliIxFMFZMOVgNW%2fg%3d' == '6HCOI'

    'WHwvopiJKG0oKCrhkearTIkWkYl%2fGLcebPNwWODRfBw%3d' == '7JDBK'

    Engine of the captcha:

    Code:
    [COLOR=#000000]<%@ WebHandler Language="C#" Class="GetImgText" %>[/COLOR]/*
    
    Scrambled text generator.
    Developed by: Aref Karimi
    Email: [email protected]
    Last update: 20 October 2009
    
    This code is free to use. 
     
    */
    using System;
    using System.Web;
    using System.Collections.Generic;
    using System.Drawing;
    
    public class GetImgText : IHttpHandler {
        
        public void ProcessRequest (HttpContext context) {
            context.Response.ContentType = "image/jpeg";
            var CaptchaText = SecurityHelper.DecryptString(
                Convert.FromBase64String(context.Request.QueryString["CaptchaText"]));
            if (CaptchaText != null)
            {
                List<Letter> letter = new List<Letter>();
                int TotalWidth = 0;
                int MaxHeight = 0;
                foreach (char c in CaptchaText)
                {
                    var ltr = new Letter(c);
                    letter.Add(ltr);
                    int space = (new Random()).Next(5) + 1;
                    ltr.space = space;
                    System.Threading.Thread.Sleep(1);
                    TotalWidth += ltr.LetterSize.Width+space;
                    if (MaxHeight < ltr.LetterSize.Height)
                        MaxHeight = ltr.LetterSize.Height;
                    System.Threading.Thread.Sleep(1);
                }
                const int HMargin = 5;
                const int VMargin = 3;
    
                Bitmap bmp = new Bitmap(TotalWidth + HMargin, MaxHeight + VMargin);
                var Grph = Graphics.FromImage(bmp);
                Grph.FillRectangle(new SolidBrush(Color.Lavender), 0, 0, bmp.Width, bmp.Height);
                Pixelate(ref bmp);
                Grph.CompositingQuality = System.Drawing.Drawing2D.CompositingQuality.HighQuality;
                Grph.SmoothingMode = System.Drawing.Drawing2D.SmoothingMode.HighQuality;
                int xPos = HMargin;
                foreach (var ltr in letter)
                {
                    Grph.DrawString(ltr.letter.ToString(), ltr.font, new SolidBrush(Color.Navy), xPos, VMargin );
                    xPos += ltr.LetterSize.Width + ltr.space;
                }
                
                bmp.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Jpeg);
            }
        }
     
        public bool IsReusable {
            get {
                return false;
            }
        }
        private void Pixelate(ref Bitmap bmp)
        {
            Color[] Colors = { Color.Gray , Color.Red, Color.Blue, Color.Olive };
            for (int i = 0; i < 200; i++)
            {
                var rnd = new Random(DateTime.Now.Millisecond);
                var grp = Graphics.FromImage(bmp);
                Image background = Image.FromFile(HttpContext.Current.Server.MapPath("~/images/captcha/captcha3.jpg"));
                grp.DrawImage(background, new Rectangle(0, 0, bmp.Width, bmp.Height));
            }
        }
     [COLOR=#000000]}[/COLOR]
     
  2. divok

    divok Senior Member

    Joined:
    Jul 21, 2010
    Messages:
    1,068
    Likes Received:
    648
    Location:
    .IN
  3. Macthetrix

    Macthetrix Regular Member

    Joined:
    Feb 21, 2013
    Messages:
    379
    Likes Received:
    393
    Occupation:
    The Boss
    Location:
    Silicon Valley
    The whole point of a hash is that you cant reverse it.
    A database stores hashed passwords so even if someone gets access to it he wont be able to reverse it and get the passwords.
     
    Last edited: Jul 19, 2014
  4. ImacrosGuy

    ImacrosGuy BANNED BANNED

    Joined:
    Apr 20, 2014
    Messages:
    56
    Likes Received:
    43
    So there is no chance to break the captcha from the codes i guess?
     
  5. Nitin Kumar

    Nitin Kumar BANNED BANNED

    Joined:
    Dec 14, 2016
    Messages:
    4
    Likes Received:
    0
    HTTP protocol uses ASCII for character set for URLs and any character outside the ASCII character set needs to be encoded using a special format so that it does not break the protocol.