Breaking “The Next Big Thing in CAPTCHAs”

Posted on by

I just stumbled upon this article (since taken down, see google cache) by Catch My Fame, and figured I would take him up on the challenge to break it. It was a good opportunity to play around with canvas and bookmarklets, neither of which I had tried before.

I won’t bore you with too many details, but the gist of it all is to transfer the image into canvas, then do some edge matching and figure out the best solution.

Without further ado, here are the solutions as a bookmarklet (follow the link to see it, WordPress wouldn’t let me link directly) and as a Ubiquity command

It does have it’s limits, but I’ve only seen it fail once, so it has a success rate of about 98% (which is better than my success rate when using Facebook’s CAPTCHA.) Also, I have only tested in Firefox, so no promises if you’re using something else.

If you want to understand what’s going on, I’d advise you to look at the Ubiquity command first; very little is related to Ubiquity.

Does this mean I caught his fame? :-)

UPDATE: It appears Mr. Catch My Fame didn’t want to display his post touting a broken CAPTCHA system, so he took the post down – the demo is still up, so if you hurry you can still see it in action: http://www.catchmyfame.com/jquery/slider_captcha/

UPDATE 2: I have made a small change in the fitness function, making it much more reliable — you can track changes by looking at the Ubiquity command at github

UPDATE 3: The demo has since also been taken down, but as they say, once burned twice shy, and I made a copy well in advance: sliderCAPTCHA. Also, the original blog post appears in google cache (thanks semanticist/Reddit)

3 thoughts on “Breaking “The Next Big Thing in CAPTCHAs”

  1. Given that the link to “The Next Big Thing in CAPTCHAs” is dead, and under the “recent comments” header, there’s a couple of equally dead links to “Private: The Next Big Thing in CAPTCHAs” apparantly we’re not allowed to know what the next big thing was going to be.

    Oh well. If “edge detection” is enough to break it, then the next big thing must have been “make edges hard to detect” and that’s not new anyway.

  2. Being bold like that and then proved wrong can be a embarrassing situation, but he could have updated his post to reflect the new situation, and acknowledge the fact that geekbynature.tk did break his CAPTCHA.

    I think there’s no problem being bold if you have commensurable humility in you. That actually gives you more street cred.

    Ironically, it says in http://www.catchmyfame.com/about/ : “The no jerk rule is in effect (i.e. if you don’t have something constructive to add, don’t bother)”. I wonder if “answering successfully to his challenge” qualifies as “being a jerk”. LOL

  3. I read the comments yesterday and some of them were stupidly harsh. Mostly reddit hypernerds trashing the idea. God forbid.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>