CAPTCHA Questions
Well, for the backgrounds, you could use basic hex color codes (000,333,666,999,CCC,FFF) and, for the text, you could alternate randomized color codes composed of digits either above (for 666 down) or below (for 999 up) the background color's single identifier. That should create lighter and darker colors for the text, respectively. Should be legible. Just in case, you'll want to have a link that will allow the user to have another Captcha generated in case they can't read it.
AldarHawk wrote: okay, all good in words. I could have spat that out myself.
Well, then you probably should've done so when asking the question… to avoid getting a response that you weren't happy with.
A few choices: narrow the amount of variation in color scheme by operating on a set amount and particular set of colors, run lines and random debris through the CAPTCHA image that will partially obscure parts of the images but still be recognizable, or use a custom font that has non-convential shapes for the letters.
Or, if you want to get really creative, use image-based captcha techniques instead of letter-based ones. Use shapes and symbols to represent letters, then have your key say things like "s is the third symbol, a is the first, q is the second from the last". It's not possible to prevent all chances of bots getting in… but, if you want to confuse them for a while, that should do a decent job.
Finally… you could try putting more letters in the image than you actually want the user to type, then say something like "type all the letters on the bottom" or "type the letters all in lowercase" or something. Something that it would take a significant amount of learning for a bot to pick up as a technique.
http://ipicstorage.com/captcha/php_captcha.php
Here is my WiP right now. It will keep changing, Let me know where you would change it. and what have you.
I'd make some of the lines in the background white so that it will confuse bots that are looking for letter patterns. Also, you might consider making it so that the user has to enter all of the items either uppercase or lowercase, regardless of what case it is in the picture; bots would probably be looking to use the exact case if they're able to discern the alphanumerical characters in your Captcha. Other than that… looks fine.
AldarHawk wrote: I have a 75% success on the code.
Yeah, it's just that…well all your efforts to scramble it as much as possible/put as many lines over it as you can/make the bg and text color variable…it's all pretty unnecessary. Look at the google (gmail) CAPTCHA:
http://img145.imageshack.us/img145/2166/captchacx3.jpg
That's a nice one, I don't see how anyone could get under 100% success on it and I don't see any bots finding a pattern with it and cracking it.
slpctrl wrote: http://img145.imageshack.us/img145/2166/captchacx3.jpg
slpctrl, nice effort with the image and all, but please learn to cut away the stuff we don't need ;), this way you can reduce image size, which will result in faster loading.
Edit:
Plus, with a little data mining, your screenshot reveals WAY TOO MUCH about you.
spyware wrote: [quote]slpctrl wrote: http://img145.imageshack.us/img145/2166/captchacx3.jpg
slpctrl, nice effort with the image and all, but please learn to cut away the stuff we don't need ;), this way you can reduce image size, which will result in faster loading.
Edit:
Plus, with a little data mining, your screenshot reveals WAY TOO MUCH about you.[/quote]
I aint scurred B). But yeah would have been smart to just get the captcha and not the whole screen shot :p.
AldarHawk wrote: I ain't google mate… I do not have millions of dollars to spend on people to create fully custom scripts like this.
Ohh and BTW that CAPTCHA is crackable…just difficult…
You don't need to be google or have millions to code an effective yet simple CAPTCHA :p
sacman wrote: hmm i like it more simple
this is my captcha :
Now there's a good one :D.
AldarHawk wrote: Once again, Easily cracked.
All I would have to do is write a bot to decipher the two colors and POOF instant crack.
Not necessarily. I've got a CAPTCHA in the works right now, and I'm willing to bet nobody will be able to crack it, despite the whole 'theoretically able to crack'. In fact, I'll offer anyone 100 bucks to build a bot to crack it. The color isn't really that big of an issue really as font and other things are. The one I'm building has random font, random position, random size, random lines (not an insane/overkill amount either). I'm just fixing a few issues then I will post the image and source here for someone to try their luck at cracking it ;).
sacman wrote: yours is just as easy to crack, even easier when i know the fonts you used :)
Exactamundo ;)
spyware wrote: [quote]slpctrl wrote: I'm willing to bet nobody will be able to crack it, despite the whole 'theoretically able to crack'.
Nobody?[/quote]
Nobody here I'm willing to bet. Imma post the source and everything here, free for anyone to attempt to crack. There will be a reward for anyone willing to crack it, the problem is that I have it selecting random fonts, so I'm not sure how a bot would be able to crack it at all but you're all free to try.
captcha.php (creates the image)
<?php
session_start();
$str1 = md5(microtime() * mktime());
$str = substr($str1,0,5);
$captcha = imagecreatefrompng("./captcha.png");
$black = imagecolorallocate($captcha,0,0,0);
$line = imagecolorallocate($captcha,rand(0,250),rand(0,239),rand(0,240));
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$line);
imagestring($captcha,rand(1,5),rand(0,100),rand(0,50),$str,$black);
$_SESSION['str'] = md5($str);
header("Content-type: image/png");
imagepng($captcha);
?>
code.php (creates the form, SRCs the image and checks for matching text)
<?php
session_start();
echo <<<HTML
<html>
<head>
<title>Captcha</title>
</head>
<body>
<img src="captcha.php" border="0">
<form action="" method="post">
Enter the text from the image:<br><input type="text" name="code" />
<input type="submit" />
</form>
</body>
</html>
HTML;
if(!$_POST['code'])
die();
else
{
if(md5($_POST['code']) != $_SESSION['str'])
die("Error: Wrong code entered");
else
echo("Correct!");
}
?>
Then all you'd need is a .png image file, whatever background you'd like to use. It's gotta be 200x70 otherwise the text will go off the page etc. I used this image:
it's probably completely unnecessary to have those random blue lines, but it can't hurt. Here is the hosted captcha:
http://slpctrl.freehostia.com/code.php
It is an extremely simple, yet I believe very effective captcha. Anyone that would like to build a bot to crack it is more than welcome, and if I can use the bot to crack it I'll for sure give a reward for it.
sacman wrote: 100 $ nice :) everyone or just the first ? ^^
Und nur weil ich die Deutschen LIEBE, werde ich dir ein besonderes Geschenk geben :).
So: http://slpctrl.freehostia.com/code.php is mah CAPTCHA. Someone try and crack it ;).
sacman wrote: courier & times are 2 of the fonts right ?
du machst es mir sehr einfach mein freund :)
Nah, there are 5 built in ones in imagestring function. Hence:
imagestring($captcha,rand(1,5),rand(0,100),rand(0,50),$str,$black);
Hence the rand(1,5), 1 2 3 4 and 5 represent a different font. I could always use the imageloadfont function with an array of different fonts, but there was a few issues with that; I didn't know what fonts were on the different hosts so I just stuck it out with the 5 default ones from imagestring. Aber wenn es so einfach ist, dann moechte ich dein Loesung sehen!
AFter speaking with sacman, I've decided to modify the code to make it a bit more secure:
<?php
session_start();
$str1 = md5(microtime() * mktime());
$str = substr($str1,0,5);
$captcha = imagecreatefrompng("./captcha.png");
$black = imagecolorallocate($captcha,0,0,0);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(50,200),rand(0,100),rand(50,200),rand(80,200),$black);
imageline($captcha,rand(50,250),rand(0,100),rand(0,200),rand(50,200),$black);
imageline($captcha,rand(70,150),rand(0,100),rand(50,200),rand(0,200),$black);
imageline($captcha,rand(20,150),rand(0,100),rand(20,150),rand(35,200),$black);
imageline($captcha,rand(80,200),rand(0,100),rand(50,200),rand(85,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imagestring($captcha,rand(1,5),rand(0,100),rand(0,50),$str,$black);
$_SESSION['str'] = md5($str);
header("Content-type: image/png");
imagepng($captcha);
?>
I won't modify it anymore. It is crackable, but now it'll be a bit tougher.
All you'd need to do is use the same microtime as the server (which you would get by parsing through the response headers and making the time into microtime) and then translate the time to mktime as well. Then, just do a post to the page (while using cookies so you retain your session) with the microtime to mktime. Of course, that would be dependent on the response from the http server which will hopefully include the time. If I wasn't lazy, I'd write up some code for it. No need for OCR :D.
Edit: Please correct me if this is just stupid.
Zephyr_Pure wrote: [quote]slpctrl wrote: AFter speaking with sacman, I've decided to modify the code to make it a bit more secure…
So, where's his $100?[/quote]
Yeah, he didn't crack it, he was simply telling me a method to do so. I hear a lot of you talking 'theoretically I could crack that!' :p
hacker2k wrote: All you'd need to do is use the same microtime as the server (which you would get by parsing through the response headers and making the time into microtime) and then translate the time to mktime as well. Then, just do a post to the page (while using cookies so you retain your session) with the microtime to mktime. Of course, that would be dependent on the response from the http server which will hopefully include the time. If I wasn't lazy, I'd write up some code for it. No need for OCR :D.
Edit: Please correct me if this is just stupid.
Yeah, yeah. I'm gonna modify that, so that it takes 5 random characters from the string :D. But, yeah that would be a feasible way to crack it.
Edit: That could be fixed easily enough by taking this line:
markup$str1 = md5(microtime() * mktime());
And just shuffling all the characters before taking the 1st five like:
markup$str2 = str_shuffle(md5(microtime() * mktime()));
Although I'm doubting that you could really do that. In theory it sounds good, but I doubt it'd work.
Okie dokie, here is my captcha. It's simple, it could use some work but oh well I got some real projects to start working on. Not bad I guess for a total of 20 minutes of work, but my offer stands, if you can find a way to crack either one of them, I'll paypal you 100 bucks, but you've gotta explain and produce the code as to exactly how you did it so I can repeat it. Here the code:
Create image with random characters:
<?php
session_start();
$str1 = str_shuffle(md5(microtime() * mktime()));
$str = substr($str1,0,5);
$captcha = imagecreatefrompng("./captcha.png");
$black = imagecolorallocate($captcha,0,0,0);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(50,200),rand(0,100),rand(50,200),rand(80,200),$black);
imageline($captcha,rand(50,250),rand(0,100),rand(0,200),rand(50,200),$black);
imageline($captcha,rand(70,150),rand(0,100),rand(50,200),rand(0,200),$black);
imageline($captcha,rand(20,150),rand(0,100),rand(20,150),rand(35,200),$black);
imageline($captcha,rand(80,200),rand(0,100),rand(50,200),rand(85,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imagestring($captcha,rand(1,5),rand(0,100),rand(0,50),$str,$black);
$_SESSION['str'] = md5($str);
header("Content-type: image/png");
imagepng($captcha);
?>
Form/string validation:
<?php
session_start();
echo <<<HTML
<html>
<head>
<title>Captcha</title>
</head>
<body>
<img src="captcha.php" border="0">
<form action="" method="post">
Enter the text from the image:<br><input type="text" name="code" />
<input type="submit" />
</form>
</body>
</html>
HTML;
if(!$_POST['code'])
die();
else
{
if(md5($_POST['code']) != $_SESSION['str'])
die("Error: Wrong code entered");
else
echo("Correct!");
}
?>
One thing I'd like to add though is a button to refresh only the image, not the whole page. Can anyone help me out there?
slpctrl wrote: money - paypal - $100
/*
not the best way to do it but a very straightforward PoC.
even for this approach of 'ocr' there are still many optimizations
that could be done.. like skipping whiteblocks or doing some
preprocessing to see which rows have the most pixels and test
rows adjacent to that first...etc
*/
//note: you must have fopen wrappers w/ url support enabled for the following func to work
$captcha = imagecreatefrompng("http://slpctrl.freehostia.com/captcha.php");
imagepng($captcha, ".\\tmp.png");
//load all possible text combos
$kewlImages = array();
//different letters can compare equally.. most 'full' letters go first
$possibilities = "08bf74de123569ac";
//compares to bl's of images.. each letter - no matter the size - takes a fixed amount of iterations.
function block_compare($image, $startx, $starty, $compare) {
$maxx = imagesx($image);
$maxy = imagesy($image);
$black = imagecolorallocate($image,0,0,0);
for($y = $starty; ($y < $starty + 15 && $y < $maxy); $y++) {
for($x = $startx; ($x < $startx + 10 && $x < $maxx); $x++) {
$i = imagecolorat($image, $x, $y);
$c = imagecolorat($compare, ($x-$startx), ($y-$starty));
if($c == $black && $i != $black) return FALSE;
}
}
if($y == $maxy || $x == $maxx) return FALSE;
return TRUE;
}
//largest font to smallest
for($x = 5; $x >= 1; $x--) {
for($y = 0; $y < strlen($possibilities); $y++) {
$capture = imagecreatetruecolor(10, 15);
imagefill($capture, 0, 0, imagecolorallocate($capture, 255, 255, 255));
$black = imagecolorallocate($capture,0,0,0);
/*cheap hack fix.. small fonts are better at being big fonts than
big fonts.. need to shift index one pixel for smaller fonts*/
if($x < 4)
imagestring($capture, $x, 0, 0, $possibilities[$y], $black);
else
imagestring($capture, $x, 1, 0, $possibilities[$y], $black);
array_push($kewlImages, $capture);
}
}
$maxx = imagesx($captcha);
$maxy = imagesy($captcha);
$maxz = count($kewlImages);
$output = "";
$starty = 0;
$startz = 0;
$charfound = false;
$len = 0;
//we iterate through every (x,y) pixel coordinate and through each letter in our database
//and compare the image blocks to see if they are a match.. largest font sizes compared first
for($x = 0; $x < $maxx; $x++) {
for($y = $starty; $y < $maxy; $y++) {
$charfound = false;
for($z = $startz; $z < $maxz; $z++) {
if(block_compare($captcha, $x, $y, $kewlImages[$z])) {
$output .= ($possibilities[$z%16]);
//update limits
$starty = $y;
$maxy = $y+1;
//update fonts
$startz = ($z-($z%16));
$maxz = $startz + 16;
$len += 1;
$charfound = true;
}
if($charfound) break;
}
if($charfound) break;
if($len == 5) break;
}
if($len == 5) break;
}
echo $output . "<br>";
?>```
shortdesc:
ascii md5 hash strings have 16 distinct characters.. the code you provided changed those characters in only 1 of 5 possible ways.. the code builds a database of all characters and all transformations and searches the image from left to right for possible characters.. this is a slow way to do it but it's very straightforward.. and the code I provided can be optimized a lot more. It works though.
Paypal: chinchilla@gmail.com
Thanks.
edit: smileys disabled :<
Chinchilla3k wrote: [quote]slpctrl wrote: money - paypal - $100
/*
not the best way to do it but a very straightforward PoC.
even for this approach of 'ocr' there are still many optimizations
that could be done.. like skipping whiteblocks or doing some
preprocessing to see which rows have the most pixels and test
rows adjacent to that first...etc
*/
//note: you must have fopen wrappers w/ url support enabled for the following func to work
$captcha = imagecreatefrompng("http://slpctrl.freehostia.com/captcha.php");
imagepng($captcha, ".\\tmp.png");
//load all possible text combos
$kewlImages = array();
//different letters can compare equally.. most 'full' letters go first
$possibilities = "08bf74de123569ac";
//compares to bl's of images.. each letter - no matter the size - takes a fixed amount of iterations.
function block_compare($image, $startx, $starty, $compare) {
$maxx = imagesx($image);
$maxy = imagesy($image);
$black = imagecolorallocate($image,0,0,0);
for($y = $starty; ($y < $starty + 15 && $y < $maxy); $y++) {
for($x = $startx; ($x < $startx + 10 && $x < $maxx); $x++) {
$i = imagecolorat($image, $x, $y);
$c = imagecolorat($compare, ($x-$startx), ($y-$starty));
if($c == $black && $i != $black) return FALSE;
}
}
if($y == $maxy || $x == $maxx) return FALSE;
return TRUE;
}
//largest font to smallest
for($x = 5; $x >= 1; $x--) {
for($y = 0; $y < strlen($possibilities); $y++) {
$capture = imagecreatetruecolor(10, 15);
imagefill($capture, 0, 0, imagecolorallocate($capture, 255, 255, 255));
$black = imagecolorallocate($capture,0,0,0);
/*cheap hack fix.. small fonts are better at being big fonts than
big fonts.. need to shift index one pixel for smaller fonts*/
if($x < 4)
imagestring($capture, $x, 0, 0, $possibilities[$y], $black);
else
imagestring($capture, $x, 1, 0, $possibilities[$y], $black);
array_push($kewlImages, $capture);
}
}
$maxx = imagesx($captcha);
$maxy = imagesy($captcha);
$maxz = count($kewlImages);
$output = "";
$starty = 0;
$startz = 0;
$charfound = false;
$len = 0;
//we iterate through every (x,y) pixel coordinate and through each letter in our database
//and compare the image blocks to see if they are a match.. largest font sizes compared first
for($x = 0; $x < $maxx; $x++) {
for($y = $starty; $y < $maxy; $y++) {
$charfound = false;
for($z = $startz; $z < $maxz; $z++) {
if(block_compare($captcha, $x, $y, $kewlImages[$z])) {
$output .= ($possibilities[$z%16]);
//update limits
$starty = $y;
$maxy = $y+1;
//update fonts
$startz = ($z-($z%16));
$maxz = $startz + 16;
$len += 1;
$charfound = true;
}
if($charfound) break;
}
if($charfound) break;
if($len == 5) break;
}
if($len == 5) break;
}
echo $output . "<br>";
?>```
shortdesc:
ascii md5 hash strings have 16 distinct characters.. the code you provided changed those characters in only 1 of 5 possible ways.. the code builds a database of all characters and all transformations and searches the image from left to right for possible characters.. this is a slow way to do it but it's very straightforward.. and the code I provided can be optimized a lot more. It works though.
Paypal: chinchilla@gmail.com
Thanks.
edit: smileys disabled :<[/quote]
Half the time I was getting a fatal error, having taken more than 30 seconds to process, some of the characters your script returned was less than 5 characters (2-3), and I don't even know if the 5 digit characters are correct. My aim was for you to spoof the post value of the 5 digit character and bring the page back ( slpctrl.freehostia.com/code.php ) and have it echo 'Correct!' otherwise you may not even be returning the correct values. I'm not paypaling anything until someone can provide me with a script that spoofs the post value and returns %100 of the time (a fullproof crack) the text 'Correct!' Nice start though, I've learned a lot from this script.
And, no offense, but since you only posted a half done script, I changed 1 line. This one:
```markup$black = imagecolorallocate($captcha,0,0,0);```
to:
```markup$color = imagecolorallocate($captcha,rand(0,50),rand(0,50),rand(0,50));```
So now you're gonna have to redo it for the money. Next time don't submit half done code to me (although I do applaud the code you did, you weren't doing what I asked which is to actually crack it, not just return the characters which I'm not sure if they're right or not). So as of now your script doesn't work at all.
I know the exact way to crack yours, It is theoretically simple. I just am too lazy to code the crack ;) Also note my time is worth about $50/hour (professionally) so if this took me 2 hours of thinking and coding to crack it would not be worth my while ;)
Mine is totally different and you cannot crack it with checking the time. You would need the bot to check all the characters and be able to read them.
Also note that yours has a lot of redundant code. you could tighten up those lines with a nice for loop to go through and make the 10 lines.
Remember, yours is strictly based off microtime and mktime so it is simple to crack.
If you take a character set and pick a random number of them (5-10 for example) it becomes 100% more difficult to get it all done correctly. I am just working on misplacing my characters into different locations in my spare time (which ATM is 0).
Please let me know what you all think of my code though. I was not looking for other peoples code. Thank you all for your input into MY CAPTCHA project though.
@SwartMumba: Let me know what you think of mine. I know you are a CAPTCHA cracking wiz!
AldarHawk wrote: I know the exact way to crack yours, It is theoretically simple. I just am too lazy to code the crack ;) Also note my time is worth about $50/hour (professionally) so if this took me 2 hours of thinking and coding to crack it would not be worth my while ;)
Mine is totally different and you cannot crack it with checking the time. You would need the bot to check all the characters and be able to read them.
Also note that yours has a lot of redundant code. you could tighten up those lines with a nice for loop to go through and make the 10 lines.
Remember, yours is strictly based off microtime and mktime so it is simple to crack.
If you take a character set and pick a random number of them (5-10 for example) it becomes 100% more difficult to get it all done correctly. I am just working on misplacing my characters into different locations in my spare time (which ATM is 0).
Please let me know what you all think of my code though. I was not looking for other peoples code. Thank you all for your input into MY CAPTCHA project though.
@SwartMumba: Let me know what you think of mine. I know you are a CAPTCHA cracking wiz!
Ha, that's fine I don't expect people to hop on it to crack, but you're completely wrong. Take a look at the line again:
$str1 = str_shuffle(md5(microtime() * mktime()));
Note the str_shuffle command used on the md5(microtime() * mktime())), after the md5'd microtime is multiplied by the mktime, then all the characters are shuffled and randomized even further :p. It can't be cracked with time :). And yeah I know a lot of it is redundant, it was the easiest way to produce it though with the randomized position of the lines (all you gotta do is copy and paste the first line of code and just add different values to rand() :p.) Here is my code:
<?php
session_start();
$str1 = str_shuffle(md5(microtime() * mktime()));
$str = substr($str1,0,5);
$captcha = imagecreatefrompng("./captcha.png");
$color = imagecolorallocate($captcha,rand(0,50),rand(0,50),rand(0,50));
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$black);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$color);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$color);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$color);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$color);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$color);
imageline($captcha,rand(50,200),rand(0,100),rand(50,200),rand(80,200),$color);
imageline($captcha,rand(50,250),rand(0,100),rand(0,200),rand(50,200),$color);
imageline($captcha,rand(70,150),rand(0,100),rand(50,200),rand(0,200),$color);
imageline($captcha,rand(20,150),rand(0,100),rand(20,150),rand(35,200),$color);
imageline($captcha,rand(80,200),rand(0,100),rand(50,200),rand(85,200),$color);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$color);
imagestring($captcha,rand(1,5),rand(0,100),rand(0,50),$str,$color);
$_SESSION['str'] = md5($str);
header("Content-type: image/png");
imagepng($captcha);
?>
Of course it's not crackproof…2 people have already possibly cracked it (until I repatched it :p) It's not bad for 20 minutes of work.
slpctrl wrote:
updated version : http://pastebin.ca/1195821
This one handles the random text color and posts the result along with the session to your form.. yea sometimes it can take upwards of over 30 seconds to crack. It shouldn't output only a few of the characters*. If you get an error please post the exact error. It'll output the result of sending the request to your "code.php" .. somewhere in the output you should see "Correct!".. the last line contains the text in the image.
This one requires cURL.
I tried this on all transformations of all the characters (excluding ordering and colour.. as those are irrelevent to the way I am doing it)
Same short description.. same paypal..
edit: needed to clarify something
Alright, I'll paypal you something but it's not gonna be 100 bucks, because this wasn't at all what I was looking for. :angry: /dissapointment.
Now that I've started on this, like most things I do (B)) I decided to perfect it. Here is a new code. Yeah it's still really redundant, but I can't use a loop because of the different rand values and other values that are different for each variable. Hurr is the code for my new one:
<?php
session_start();
$str1 = str_shuffle(md5(microtime() * mktime()));
sleep(.5);
$str2 = str_shuffle(md5(microtime() * mktime()));
$str = substr($str1,0,5);
$xtra1 = substr($str2,0,5);
$xtra2 = substr($str2,5,10);
$xtra3 = substr($str2,10,15);
$xtra4 = substr($str2,15,20);
$xtra5 = substr($str2,20,25);
$captcha = imagecreatefrompng("./captcha.png");
$color = imagecolorallocatealpha($captcha,255,0,0,40);
$linecolor = imagecolorallocatealpha($captcha,255,0,0,rand(0,100));
$textcolor = imagecolorallocatealpha($captcha,230,0,0,100);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$linecolor);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$linecolor);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$linecolor);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$linecolor);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$linecolor);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$linecolor);
imageline($captcha,rand(50,200),rand(0,100),rand(50,200),rand(80,200),$linecolor);
imageline($captcha,rand(50,250),rand(0,100),rand(0,200),rand(50,200),$linecolor);
imageline($captcha,rand(70,150),rand(0,100),rand(50,200),rand(0,200),$linecolor);
imageline($captcha,rand(20,150),rand(0,100),rand(20,150),rand(35,200),$linecolor);
imageline($captcha,rand(80,200),rand(0,100),rand(50,200),rand(85,200),$linecolor);
imageline($captcha,rand(0,50),rand(0,100),rand(0,200),rand(0,200),$linecolor);
imagestring($captcha,3,rand(0,100),rand(0,50),$str,$color);
imagestring($captcha,rand(1,5),rand(0,200),rand(0,70),$xtra1,$textcolor);
imagestring($captcha,rand(1,5),rand(0,200),rand(0,70),$xtra2,$textcolor);
imagestring($captcha,rand(1,5),rand(0,200),rand(0,70),$xtra3,$textcolor);
imagestring($captcha,rand(1,5),rand(0,200),rand(0,70),$xtra4,$textcolor);
imagestring($captcha,rand(1,5),rand(0,200),rand(0,70),$xtra5,$textcolor);
$_SESSION['str'] = md5($str);
header("Content-type: image/png");
imagepng($captcha);
?>
That's just to draw the image, I'm not gonna repost the form and validation as it's the same. Still crackable, but now it's a bit more difficult. Same URL if you'd like to see the captcha in action ( slpctrl.freehostia.com/code.php ) :p
Edit: slight adjustment to the line colors.
I havent given too much attention in writing a program that would crack the captcha, but did notice a few things, that I would look at if I were going to.
$color = imagecolorallocatealpha($captcha,255,0,0,40);
$linecolor = imagecolorallocatealpha($captcha,255,0,0,rand(0,100));
$textcolor = imagecolorallocatealpha($captcha,230,0,0,100);
Here you are always using the same color for the lines/text.
Getting the image and replacing/filter out anything not equal to the text color of (230,0,0,100) would be fairly simple. For example just replace everything else with a white color and work on the image like that.
Im really new to image processing, captcha included, but I dont see whats wrong with my thought process here.
If I am way off, please enlighten me
stdio wrote: I havent given too much attention in writing a program that would crack the captcha, but did notice a few things, that I would look at if I were going to.
$color = imagecolorallocatealpha($captcha,255,0,0,40);
$linecolor = imagecolorallocatealpha($captcha,255,0,0,rand(0,100));
$textcolor = imagecolorallocatealpha($captcha,230,0,0,100);
Here you are always using the same color for the lines/text.
Getting the image and replacing/filter out anything not equal to the text color of (230,0,0,100) would be fairly simple. For example just replace everything else with a white color and work on the image like that.
Im really new to image processing, captcha included, but I dont see whats wrong with my thought process here.
If I am way off, please enlighten me
I donno what you're saying, does that change your thoughts?
Edit: oops, that image takes my sig out of the bottom layer :wow: Here's a link: take a look at it:
http://slpctrl.freehostia.com/captcha.php or http://slpctrl.freehostia.com/code.php
Also, the differences are in the alpha value (transparency) in the colors.
Take a look at the image:
[img]http://slpctrl.freehostia.com/captcha.php[/img]
I did look at the image, the text is red, the lines are red, the backgroud letters are faded red, on a gradient black/white bg. Looking the same and being the same are two different things.. If the text color is ALWAYS the same (seemed that way through multiple refreshes). Then it is fairly safe to assume one could easily capture just those pixels and filter out / change anything not equal to them.
Clarification edit:
(255,0,0) (255,0,0) (230,0,0)
These are the RGB values for each thing in your captcha. The 230 is only there in the text for valid part to send back, anything with 230 = pass and any pixel != 230,, can be filtered out or changed to another static color, white for example. This would then produce an image with only a white backgroud, and the red (230,0,0) text pixels.
stdio wrote: I did look at the image, the text is red, the lines are red, the backgroud letters are faded red, on a gradient black/white bg. Looking the same and being the same are two different things.. If the text color is ALWAYS the same (seemed that way through multiple refreshes). Then it is fairly safe to assume one could easily capture just those pixels and filter out / change anything not equal to them.
So then do it :p The text is slightly transparent so that the background, lines, and other background text will ever so slightly come through making trouble for the bot.
slpctrl wrote: I reread, and yeah I did assume (because every other community I go to actually has coders that have a fucking clue, and if I were to offer them money they would have produced beautiful code for me to be able to follow…in fact, webdeveloper.com did for free, I should have considered the source though) that some decent code would have been produced because of money being offered. But, given that only 2 attempted, I now know that very very few here have a fucking clue, and are more interested in the whole 'I'm a leet hacker I know what I'm talking about so I'll sit here and flame, be condescending little shitheads instead of lifting a finger to do an iota of anything that would be considered productive'. $100 bucks won't even knick my pockets; I guess it's a tiny price to pay to see what this community is really made of.
My choice to not bother coding for your CAPTCHA was based upon the facts that my time is worth more than you were offering, and the fact that I code PHP for a living for 60+ hours a week. THAT is why you don't see my code in the code banks; I take my off-time to relax. This is also why I did not bother to pick apart your code. I gave you the benefit of the doubt and did not speak up until I felt you were in the wrong.
I don't have to justify my productivity on this site to you… any number of other people can easily do so on my behalf. My contributions have been intellectual property of a different sort than your contributions to the code bank. Do not undervalue them because your emotions and your naivety do not enable you to focus. Here, I'll make it easier for you:
slpctrl wrote: Alright, I'll paypal you something but it's not gonna be 100 bucks, because this wasn't at all what I was looking for. :angry: /dissapointment.
Address that, or shut up. Everything else you say is irrelevant.
Edit: Edited, didn't quote. Sue me.
I actually may just write something to try.
but you said your text is transparent not true.
$textcolor = imagecolorallocatealpha($captcha,230,0,0,100);
assuming I read this right. the 100 is the transparency of the text, and its set to 100% so always 100% filled with (230,0,0) only the lines/background have a transparency effect added to them, which is a different color to begin with.
stdio wrote: I actually may just write something to try.
but you said your text is transparent not true.
$textcolor = imagecolorallocatealpha($captcha,230,0,0,100);
assuming I read this right. the 100 is the transparency of the text, and its set to 100% so always 100% filled with (230,0,0) only the lines/background have a transparency effect added to them, which is a different color to begin with.
127 is completely transparent, 0 has no transparency.
slpctrl wrote: stuff
You actually never clarified what you wanted.. all you said was "whoever could crack this".. what I did was on par with packing a bank safe with explosives.. but it still blew the safe apart. My code - without any human interaction - requested an image and pasted the text in the image directly to your little form and got the result back "Correct!".. you didn't specify anything else that was required beyond that.
I would be happy if you gave me enough money to buy a domain name for a year and a couple months of hosting.. there's an idea I want to start up
stdio wrote: filter
Yea you're right.. I wrote a simple filter.. it doesn't get rid of the lines.. but that could also be filtered out of there quite easily
Chinchilla3k wrote: [quote]slpctrl wrote: stuff
You actually never clarified what you wanted.. all you said was "whoever could crack this".. what I did was on par with packing a bank safe with explosives.. but it still blew the safe apart. My code - without any human interaction - requested an image and pasted the text in the image directly to your little form and got the result back "Correct!".. you didn't specify anything else that was required beyond that.
I would be happy if you gave me enough money to buy a domain name for a year and a couple months of hosting.. there's an idea I want to start up
stdio wrote: filter
Yea you're right.. I wrote a simple filter.. it doesn't get rid of the lines.. but that could also be filtered out of there quite easily
[/quote]
Btw, I'll paypal you 50 bucks tomorrow I don't have a paypal hooked up to my bank account. The reason I decide to pay people to do things like this is so I can learn and I did, it just wasn't the end result of what I wanted but it was still good coding and I learned something quite useful :happy:.
Edit: 50 bucks is enough right? I might want to learn some more about this and it's capabilities, if you'd like to teach me some new shit some time in the future I'll pay you for your time too :p.
slpctrl wrote: Not necessarily. I've got a CAPTCHA in the works right now, and I'm willing to bet nobody will be able to crack it, despite the whole 'theoretically able to crack'. In fact, I'll offer anyone 100 bucks to build a bot to crack it. slpctrl wrote: Btw, I'll paypal you 50 bucks tomorrow I don't have a paypal hooked up to my bank account. The reason I decide to pay people to do things like this is so I can learn and I did, it just wasn't the end result of what I wanted but it was still good coding and I learned something quite useful :happy:.
Edit: 50 bucks is enough right?
Oh, yeah, I'm sure 50 bucks is alright… as long as you don't mind people knowing that your word is officially worth about as much as yours31f's posts. Can't imagine anyone else taking your offer of money to help you learn when you revise the deal halfway through. That's a shitty move. If you don't plan to follow through, don't bother saying it.
Zephyr_Pure wrote: [quote]slpctrl wrote: Not necessarily. I've got a CAPTCHA in the works right now, and I'm willing to bet nobody will be able to crack it, despite the whole 'theoretically able to crack'. In fact, I'll offer anyone 100 bucks to build a bot to crack it. slpctrl wrote: Btw, I'll paypal you 50 bucks tomorrow I don't have a paypal hooked up to my bank account. The reason I decide to pay people to do things like this is so I can learn and I did, it just wasn't the end result of what I wanted but it was still good coding and I learned something quite useful :happy:.
Edit: 50 bucks is enough right?
Oh, yeah, I'm sure 50 bucks is alright… as long as you don't mind people knowing that your word is officially worth about as much as yours31f's posts. Can't imagine anyone else taking your offer of money to help you learn when you revise the deal halfway through. That's a shitty move. If you don't plan to follow through, don't bother saying it.[/quote]
Well let's keep it real, he made a shitty half assed admittedly attempt to make it. It worked about half the time on my server. So cracking it 50% of the time (because of how inefficient the code is) is worth 50% of the pay. In fact, I don't know anyone that would have paid him for it. Everyone else would have told him to fuck off to be completely real and honest about it.
For 100 bucks I'd expect someone to take the time to do a nice script, but then again I guess asking for quality code no matter how much I'm offering would be just too much, now wouldn't it. Go fuck yourself.
Let's look at the first comment in the code:
/* not the best way to do it but a very straightforward PoC. even for this approach of 'ocr' there are still many optimizations that could be done.. like skipping whiteblocks or doing some preprocessing to see which rows have the most pixels and test rows adjacent to that first…etc */
There are many optimizations that could be done, I just didn't because I'm lazy and just needed to make the money. Fuck no I'm not going to pay him 100 bucks for a half assed, half working script.
I feel I'm being pretty fucking nice to be completely honest. I get errors from his script out the asshole. And not only the fatal error, took over the time alloted to process the PHP, I got quite a few errors that I guess I should have documented. I'll put everything back up though and list all the errors.
slpctrl wrote: stuff
$50 is more than enough. The challenge was fun to do. I agree with you when you said that 'hacking' sites should be like this.. people paste code or w/e and challenge others to break it… that's probably one of the most entertaining ways to learn. I will help you for free if you keep your word.. as long as I have time.. and as long as it's something creative/interesting.. if you want we can continue this tit-for-tat learning.
(you develop something and I develop something to get past it).. it's fun and I'll do it for free.. although I can't guarantee a lot of time to this.
edit: I just read your reply.. I did it the way I did it because it was the quickest thing to do and the easiest to understand.. I asked you to document the errors.. the code I have - on my server, and for the "latest code" you had at the time - worked 100% of the time for me.
@Chinchilla3k: Dude you are greedy as a bitch !
@slpctrl: I wouldn't say it's the most efficient way to learn, but I catch your drift,if some money is involved, more 'people' will be attracted… Still don't agree with that though, I mean paying someone to help you learn and improve your knowledge is against whole community thought
In fact, and for the purposes to bump this and tell you once again to go fuck yourself, I didn't ask for a script that worked 50% of the time, based first off of inefficiency, but that the script actually didn't work every time. It worked sometimes. I guess next time I'll be specific to say that if you can only produce a script that works 50% of the time, don't fucking bother even talking to me. I've got plenty of money; money isn't an issue so I'll give him the 100 bucks this time, for his shitty ass half assed script, and next time because of self righteous pricks like yourself I'll tell them if you can't produce something decent don't bother even posting.
Chinchilla3k wrote: [quote]slpctrl wrote: stuff
$50 is more than enough. The challenge was fun to do. I agree with you when you said that 'hacking' sites should be like this.. people paste code or w/e and challenge others to break it… that's probably one of the most entertaining ways to learn. I will help you for free if you keep your word.. as long as I have time.. and as long as it's something creative/interesting.. if you want we can continue this tit-for-tat learning.
(you develop something and I develop something to get past it).. it's fun and I'll do it for free.. although I can't guarantee a lot of time to this. [/quote]
Nah, I'll pay you your 100 bucks. And next time, to keep self righteous assholes completely the fuck away from me, I'll specify that the script needs to be efficient enough to not time out, and it needs to be right every time.
clone4 wrote: @Chinchilla3k: Dude you are greedy as a bitch !
@slpctrl: I wouldn't say it's the most efficient way to learn, but I catch your drift,if some money is involved, more 'people' will be attracted… Still don't agree with that though, I mean paying someone to help you learn and improve your knowledge is against whole community thought
Yeah, but let's keep it real, who besides me would actually get involved (for the few that actually know what the fuck they're doing) in helping with coding, helping secure and other things. There's very few people/0 people here that actually just help out. They want to think they're so fucking leet and shit and think that their time is just too valuable. That was unimaginably audacious of him to say some fucking shit like that. So next time I'll specify if you want to get paid, optimize your code, make it work every time etc etc and not half the time. LOL WOW the audacity of these fucking little assholes.
slpctrl wrote: [quote]clone4 wrote: @Chinchilla3k: Dude you are greedy as a bitch !
@slpctrl: I wouldn't say it's the most efficient way to learn, but I catch your drift,if some money is involved, more 'people' will be attracted… Still don't agree with that though, I mean paying someone to help you learn and improve your knowledge is against whole community thought
Yeah, but let's keep it real, who besides me would actually get involved (for the few that actually know what the fuck they're doing) in helping with coding, helping secure and other things. There's very few people/0 people here that actually just help out. They want to think they're so fucking leet and shit and think that their time is just too valuable. That was unimaginably audacious of him to say some fucking shit like that. So next time I'll specify if you want to get paid, optimize your code, make it work every time etc etc and not half the time. LOL WOW the audacity of these fucking little assholes.[/quote]
I've actually been googling my ass off :) And even though I still can't really get involved, cause of my coding skills ( or lack of it if want :)) I'm at least working on it. On the second part of the post, I can't say anything but yeah you're right
slpctrl wrote: In fact, and for the purposes to bump this and tell you once again to go fuck yourself, I didn't ask for a script that worked 50% of the time, based first off of inefficiency, but that the script actually didn't work every time. It worked sometimes. I guess next time I'll be specific to say that if you can only produce a script that works 50% of the time, don't fucking bother even talking to me. slpctrl wrote: Alright, I'll paypal you something but it's not gonna be 100 bucks, because this wasn't at all what I was looking for. :angry: /dissapointment.
At what point in you offering him less than what was agreed to did you specify that his solution did not work 100% of the time? Does it make me self-righteous to uphold the concept of a man's word being binding? Not at all… make whatever excuse you like and call me whatever name you want. Speak… however you feel you must to cover it up. It's right there; read it.
slpctrl wrote: For 100 bucks I'd expect someone to take the time to do a nice script, but then again I guess asking for quality code no matter how much I'm offering would be just too much, now wouldn't it. Go fuck yourself.
Then, you really should pay attention to how you phrase your deals next time. Your only stipulation was that he crack it 100% of the time and, at the time you offered him less than the original offer, you made no statement saying it did otherwise… again, read what you said above.
You first, Betty.
I feel I'm being pretty fucking nice to be completely honest. I get errors from his script out the asshole. And not only the fatal error, took over the time alloted to process the PHP, I got quite a few errors that I guess I should have documented. I'll put everything back up though and list all the errors.
Not really… you're being a real shithead about the whole thing, mainly because you stated none of this when offering him less money. Need I repeat this again? Yes, you should have documented the errors you got and, according to your previous agreement, shouldn't have offered anything, as anything less than what you initially stated, without reason, would look like a shitty move.
If he was willing to revise it after the first error-ridden test on your end, wouldn't he be willing to revise it again and again in the pursuit of bettering his technique and code?
slpctrl wrote: They want to think they're so fucking leet and shit and think that their time is just too valuable. That was unimaginably audacious of him to say some fucking shit like that. So next time I'll specify if you want to get paid, optimize your code, make it work every time etc etc and not half the time. LOL WOW the audacity of these fucking little assholes.
No… as Aldarhawk said, some of us get paid a rate on a regular basis that would make your offer pointless. It's audacious of me to expect precision? Alright. Argue with your sense instead of your emotions next time.
Profanity makes some people feel like men… but, for some of us, we only use it when needed for intended meaning. Isn't be the first time I'll hear any of the crap you just passed off in this thread, and won't be the last.
Moral of this all: Be a man of your word or no one will respect you. I thought you were mentally capable enough to already be aware of this, but obviously I expected too much of you. Flame away.
clone4 wrote: [quote]slpctrl wrote: [quote]clone4 wrote: @Chinchilla3k: Dude you are greedy as a bitch !
@slpctrl: I wouldn't say it's the most efficient way to learn, but I catch your drift,if some money is involved, more 'people' will be attracted… Still don't agree with that though, I mean paying someone to help you learn and improve your knowledge is against whole community thought
Yeah, but let's keep it real, who besides me would actually get involved (for the few that actually know what the fuck they're doing) in helping with coding, helping secure and other things. There's very few people/0 people here that actually just help out. They want to think they're so fucking leet and shit and think that their time is just too valuable. That was unimaginably audacious of him to say some fucking shit like that. So next time I'll specify if you want to get paid, optimize your code, make it work every time etc etc and not half the time. LOL WOW the audacity of these fucking little assholes.[/quote]
I've actually been googling my ass off :) And even though I still can't really get involved, cause of my coding skills ( or lack of it if want :)) I'm at least working on it. On the second part of the post, I can't say anything but yeah you're right [/quote]
I still can't believe anyone said that to me. Sometimes I feel like a fucking idiot for helping people out with coding, doing my own to compare mine with theirs and see where it can be improved, I help people out here quite a fucking bit. And when I'm actually still gonna pay someone for half assed code that works half the time, sometimes returning less than 5 characters, most of the time timing out and he tells me my word is now worth nothing when even chinchilla said that that was fine. What a little fucking cock sucker! Wow, that's just unbelievable. Where I was wanting to go with it was competitions with cash rewards, but that's for sure not happening anymore. Alright everyone quit hijacking AldarHawk's thread, let's get back on topic here :p.
Zephyr_Pure wrote: [quote]slpctrl wrote: In fact, and for the purposes to bump this and tell you once again to go fuck yourself, I didn't ask for a script that worked 50% of the time, based first off of inefficiency, but that the script actually didn't work every time. It worked sometimes. I guess next time I'll be specific to say that if you can only produce a script that works 50% of the time, don't fucking bother even talking to me. slpctrl wrote: Alright, I'll paypal you something but it's not gonna be 100 bucks, because this wasn't at all what I was looking for. :angry: /dissapointment.
At what point in you offering him less than what was agreed to did you specify that his solution did not work 100% of the time? Does it make me self-righteous to uphold the concept of a man's word being binding? Not at all… make whatever excuse you like and call me whatever name you want. Speak… however you feel you must to cover it up. It's right there; read it.
slpctrl wrote: For 100 bucks I'd expect someone to take the time to do a nice script, but then again I guess asking for quality code no matter how much I'm offering would be just too much, now wouldn't it. Go fuck yourself.
Then, you really should pay attention to how you phrase your deals next time. Your only stipulation was that he crack it 100% of the time and, at the time you offered him less than the original offer, you made no statement saying it did otherwise… again, read what you said above.
You first, Betty.
I feel I'm being pretty fucking nice to be completely honest. I get errors from his script out the asshole. And not only the fatal error, took over the time alloted to process the PHP, I got quite a few errors that I guess I should have documented. I'll put everything back up though and list all the errors.
Not really… you're being a real shithead about the whole thing, mainly because you stated none of this when offering him less money. Need I repeat this again? Yes, you should have documented the errors you got and, according to your previous agreement, shouldn't have offered anything, as anything less than what you initially stated, without reason, would look like a shitty move.
If he was willing to revise it after the first error-ridden test on your end, wouldn't he be willing to revise it again and again in the pursuit of bettering his technique and code?
Profanity makes some people feel like men… but, for some of us, we only use it when needed for intended meaning. Isn't be the first time I'll hear any of the crap you just passed off in this thread, and won't be the last.
Moral of this all: Be a man of your word or no one will respect you. I thought you were mentally capable enough to already be aware of this, but obviously I expected too much of you. Flame away.[/quote]
Nope, I guess I expected too much when I expected that the crack not work 50% of the time, period. And yeah I did explicitely say it had to work a percentage of the time, I think 80& of the time but I'm still paying, you're getting into other's business where you don't belong, PERIOD. There was little that you could have said that would offend me, trashing my word was one thing that's going to severely piss me off. Despite the fact that he DID NOT meet my stipulations I'm still giving him some money. PERIOD. You don't know what the fuck you're talking about, you don't belong in ANY of this conversation, I haven't seen you produce jack shit so fuck off. And quit hijacking AldarHawk's thread now. There will be no more money involved period, I'll help people out and I won't expect jack shit out of any of you anymore.
slpctrl wrote: Nope, I guess I expected too much when I expected that the crack not work 50% of the time, period. And yeah I did explicitely say it had to work a percentage of the time, I think 80& of the time but I'm still paying, you're getting into other's business where you don't belong, PERIOD. There was little that you could have said that would offend me, trashing my word was one thing that's going to severely piss me off. Despite the fact that he DID NOT meet my stipulations I'm still giving him some money. PERIOD. You don't know what the fuck you're talking about, you don't belong in ANY of this conversation, I haven't seen you produce jack shit so fuck off. And quit hijacking AldarHawk's thread now.
Re-read what I wrote before you respond. I'm getting into the business because you tried to pull a fast one on someone that put in legitimate effort and, according to what was visible to everyone else but you, deserved his full payment. Hell, he wasn't even going to stand up for himself in the face of your shit; he was willing to settle for $50. I respect effort and knowledgeable work and, at any point in time, will support it as is just.
If you don't want me to trash your word, then don't use your word until you're being respectable. How would you know if I knew what I was talking about? Your response wasn't even a logical retort to what I wrote.
Get it straight: You hijacked AldarHawk's thread, not me. Don't blame me for either your disrespect for his issue or for your little panty-twist problem here, guy.
After readin this, i agree with z_pure(soz cant remeber how to spell the first bit), if you offer an amount for someone to crack it you should pay the full amount.
Not half just because you dont like how he did it.
And another thing, even if it did only work %50 of the time, %50 of the time he cracked it, if you are cracking something it only needs to work once.
Coder Disaster wrote: ? If you design something to crack a bank vault, it only needs to do it once. So the fact that it doesnt work half the time doesnt matter. Do you even know what a CAPTCHA is? Or what it's used for? Or what the fuck you're talking about? This is one of those times when you should shut up if you don't know anything. Hell, you should *never *input your opinion if you don't know anything.
I reread, and yeah I did assume (because every other community I go to actually has coders that have a fucking clue, and if I were to offer them money they would have produced beautiful code for me to be able to follow…in fact, webdeveloper.com did for free, I should have considered the source though) that some decent code would have been produced because of money being offered. But, given that only 2 attempted, I now know that very very few here have a fucking clue, and are more interested in the whole 'I'm a leet hacker I know what I'm talking about so I'll sit here and flame, be condescending little shitheads instead of lifting a finger to do an iota of anything that would be considered productive'. $100 bucks won't even knick my pockets; I guess it's a tiny price to pay to see what this community is really made of.
Coder Disaster wrote: ? If you design something to crack a bank vault, it only needs to do it once. So the fact that it doesnt work half the time doesnt matter.
And I guess when you code a game, you only need to code it to work once to sell. You really don't know what you're talking about; only the theoretical concept behind it. Yeah, based on what I said that was enough.
spyware wrote: [quote]slpctrl wrote:$100 bucks won't even knick my pockets
Why? I mean, come on. Why?[/quote]
Also, learn to read fellas. I just reread my posts:
slpctrl wrote: Half the time I was getting a fatal error, having taken more than 30 seconds to process, some of the characters your script returned was less than 5 characters (2-3), and I don't even know if the 5 digit characters are correct. My aim was for you to spoof the post value of the 5 digit character and bring the page back ( slpctrl.freehostia.com/code.php ) and have it echo 'Correct!' otherwise you may not even be returning the correct values. I'm not paypaling anything until someone can provide me with a script that spoofs the post value and returns %100 of the time (a fullproof crack) the text 'Correct!' Nice start though, I've learned a lot from this script.
And, no offense, but since you only posted a half done script, I changed 1 line. This one:
markup$black = imagecolorallocate($captcha,0,0,0);
to:
markup$color = imagecolorallocate($captcha,rand(0,50),rand(0,50),rand(0,50));
So now you're gonna have to redo it for the money. Next time don't submit half done code to me (although I do applaud the code you did, you weren't doing what I asked which is to actually crack it, not just return the characters which I'm not sure if they're right or not). So as of now your script doesn't work at all.
So, I wasn't wrong. I did in fact request that it worked consistently. Everyone wants to ignore this though.
slpctrl wrote: I reread, and yeah I did assume (because every other community I go to actually has coders that have a fucking clue, and if I were to offer them money they would have produced beautiful code for me to be able to follow…in fact, webdeveloper.com did for free, I should have considered the source though) that some decent code would have been produced because of money being offered. But, given that only 2 attempted, I now know that very very few here have a fucking clue, and are more interested in the whole 'I'm a leet hacker I know what I'm talking about so I'll sit here and flame, be condescending little shitheads instead of lifting a finger to do an iota of anything that would be considered productive'. $100 bucks won't even knick my pockets; I guess it's a tiny price to pay to see what this community is really made of.
My choice to not bother coding for your CAPTCHA was based upon the facts that my time is worth more than you were offering, and the fact that I code PHP for a living for 60+ hours a week. THAT is why you don't see my code in the code banks; I take my off-time to relax. This is also why I did not bother to pick apart your code. I gave you the benefit of the doubt and did not speak up until I felt you were in the wrong.
I don't have to justify my productivity on this site to you… any number of other people can easily do so on my behalf. My contributions have been intellectual property of a different sort than your contributions to the code bank. Do not undervalue them because your emotions and your naivety do not enable you to focus. Here, I'll make it easier for you:
slpctrl wrote: Alright, I'll paypal you something but it's not gonna be 100 bucks, because this wasn't at all what I was looking for. :angry: /dissapointment.
Address that, or shut up. Everything else you say is irrelevant.
Coder, your support of my statements means nothing when it is likely that you are less aware of the full conversation than the others involved are. Just butt out and let the big kids talk. Thanks.
Coder Disaster wrote: In his defence , he said it worked %100 of the time on his server.
Actually, I went back and reread every single one of his posts, he never said that a single time. And on my server (all of which have PHP Defaults set at the time of testing except for the cURL plugin loaded) it took often times well over 30 seconds, causing a fatal error.
Chinchilla3k wrote: yea sometimes it can take upwards of over 30 seconds to crack.
And spyware…I donno :\ I don't post to please anyone, I post to learn and to help others learn. I'm terribly sorry :\
Zephyr_Pure wrote: [quote]slpctrl wrote: I reread, and yeah I did assume (because every other community I go to actually has coders that have a fucking clue, and if I were to offer them money they would have produced beautiful code for me to be able to follow…in fact, webdeveloper.com did for free, I should have considered the source though) that some decent code would have been produced because of money being offered. But, given that only 2 attempted, I now know that very very few here have a fucking clue, and are more interested in the whole 'I'm a leet hacker I know what I'm talking about so I'll sit here and flame, be condescending little shitheads instead of lifting a finger to do an iota of anything that would be considered productive'. $100 bucks won't even knick my pockets; I guess it's a tiny price to pay to see what this community is really made of.
My choice to not bother coding for your CAPTCHA was based upon the facts that my time is worth more than you were offering, and the fact that I code PHP for a living for 60+ hours a week. THAT is why you don't see my code in the code banks; I take my off-time to relax. This is also why I did not bother to pick apart your code. I gave you the benefit of the doubt and did not speak up until I felt you were in the wrong.
I don't have to justify my productivity on this site to you… any number of other people can easily do so on my behalf. My contributions have been intellectual property of a different sort than your contributions to the code bank. Do not undervalue them because your emotions and your naivety do not enable you to focus. Here, I'll make it easier for you:
slpctrl wrote: Alright, I'll paypal you something but it's not gonna be 100 bucks, because this wasn't at all what I was looking for. :angry: /dissapointment.
Address that, or shut up. Everything else you say is irrelevant.
Coder, your support of my statements means nothing when it is likely that you are less aware of the full conversation than the others involved are. Just butt out and let the big kids talk. Thanks.[/quote]
The fact of the matter is, that after I realized the bullshit code he tried to submit to me (which literally didn't even crack the CAPTCHA), I told him hey wait a minute; hell nah you code what I ask of you and then I'll pay you. I program for a living aswell I don't know why that's relevant. The fact of the matter is this: I'm still paying him for writing code that didn't meet my pre-worded requirements. Period. I'll still pay him though, but now I know that my time would be better spent elsewhere. That's all.
Coder Disaster wrote: [quote]Chinchilla3k wrote: [quote]slpctrl wrote: stuff edit: I just read your reply.. I did it the way I did it because it was the quickest thing to do and the easiest to understand.. I asked you to document the errors.. the code I have - on my server, and for the "latest code" you had at the time - worked 100% of the time for me. [/quote]
slpctrl wrote: Also, learn to read fellas.[/quote]
I won't even bother to requote me saying 'so that I can reproduce on my server' but my box I'm on has WAMP, with all the defaults except cURL (which was needed). IT didn't work for me 100% of the time, nor did it for sacman so regardless of him telling me it worked for him, that's irrelevant.
Chinchilla3k wrote: [quote]slpctrl wrote: stuff edit: I just read your reply.. I did it the way I did it because it was the quickest thing to do and the easiest to understand.. I asked you to document the errors.. the code I have - on my server, and for the "latest code" you had at the time - worked 100% of the time for me. [/quote]
slpctrl wrote: Also, learn to read fellas.
slpctrl wrote: The fact of the matter is, that after I realized the bullshit code he tried to submit to me (which literally didn't even crack the CAPTCHA), I told him hey wait a minute; hell nah you code what I ask of you and then I'll pay you. I program for a living aswell I don't know why that's relevant. The fact of the matter is this: I'm still paying him for writing code that didn't meet my pre-worded requirements. Period. I'll still pay him though, but now I know that my time would be better spent elsewhere. That's all.
You didn't feel it was necessary to post that when you offered him less? Christ, that would've avoided the whole argument. It's not like I WANT to argue with you… What do you expect with what you presented in the thread?
The fact that I code for a living is relevant because I say so. I don't have to specify any extras because, for reasons of my own, I do not contribute code very often. Judge me by that if you must, but I put in my time here just fine.
If you had just stated the fact that his code didn't meet the requirement in the first place… none of this would've happened. No one would expect you to pay him in full (or at all) for a halfway-working submission. I wouldn't be here posting back, you wouldn't be here chewing my ass, and I'd say "cheers" and tip back my glass of Stoly on the rocks.
Coder Disaster wrote: I won't even bother to requote me saying 'so that I can reproduce on my server' but my box I'm on has WAMP, with all the defaults except cURL (which was needed). IT didn't work for me 100% of the time, nor did it for sacman so regardless of him telling me it worked for him, that's irrelevant.
Agreed. Coder makes stupid points, anyways. My point wasn't incorrect based upon the information that was available to me, yours wasn't for the information available to you… and that puts us where?
Zephyr_Pure wrote: [quote]slpctrl wrote: The fact of the matter is, that after I realized the bullshit code he tried to submit to me (which literally didn't even crack the CAPTCHA), I told him hey wait a minute; hell nah you code what I ask of you and then I'll pay you. I program for a living aswell I don't know why that's relevant. The fact of the matter is this: I'm still paying him for writing code that didn't meet my pre-worded requirements. Period. I'll still pay him though, but now I know that my time would be better spent elsewhere. That's all.
You didn't feel it was necessary to post that when you offered him less? Christ, that would've avoided the whole argument.[/quote]
I posted that wayyyyyy before I offered him less…I posted that when he submitted his first piece of code which was complete and utter bullshit and did nothing more than return the characters from the captcha (and they weren't always right because it was at times returning 2-3 characters only). :\ As soon as I saw his first code, which was nowhere in the ball park of what I was asking(for the money) I specified that it would have to run on my server and work 100% of the time. I'm done here though, he'll get his money and we're done. End.
slpctrl wrote: crying
I have made a video and it's currently being uploaded where I use my code and his latest code (at the time I posted my reply) on my server. I do about 9-10 test runs and all of them output the correct text. To be honest I don't really care about the money.. I was hoping it would go where it appeared to be going where you would continue to develop something harder to break and I would develop something else to crack it.. I find that sort of thing fun and I've done it with people before. It seemed to be going well until slpctrl read Zephyr's post where he was pointing out that I fulfilled the conditions he set and slpctrl was not delivering… and it seems like only after that did slpctrl ACTUALLY read my code and he finally threw a tantrum…
@slpctrl To be honest I don't think you would know what to do with beautiful code.. I think you're just pissed off that a simple idea did break your crappy code. However, I am willing to do another challenge if you're upto it. You make another captcha, take your time.. and set it so that it will only accept the text in the image for only a second after the image was requested.. you can make the text as long as you want as long as I can download the image before the time is up. IF the request is successfully sent within the amount of time given.. what your code will reply is something interesting.. like maybe your user/pass for either your paypal, e-mail, hbh account or w/e. I will give you the full code. It won't be in php..
Also, you have to provide the code for the form handling and the image generation - short of the actual thing you will output.. and when you provide the code.. that code will be set in stone (i.e… you can't give 'security fixes')
If you want other conditions, specify them ^_^
video: http://www.2shared.com/file/3886532/20a043ce/vid.html the download link is near the bottom.. "Save file to your PC".. the video shows my error log as well.. and you'll see that the only thing in there is a PHP notice from code slpctrl provided.
edit: smileys disabled
edit: Also, I thought the whole point of the challenge was to break the captcha (i.e. get the text from the image).. I didn't think you would mind if it only outputted the text since the ONLY other thing required was sending http requests which I think is required on challenges for this site. Oh.. and to clarify.. a human should be able to read the captcha image*
Zephyr_Pure wrote: You didn't feel it was necessary to post that when you offered him less? Christ, that would've avoided the whole argument. slpctrl wrote: I posted that wayyyyyy before I offered him less…I posted that when he submitted his first piece of code <snip>
And he posted a revision for the second round. Retort?
I'm done here though, he'll get his money and we're done. End.
You may be done here, but I am not. You attacked me personally on numerous occasions based upon the validity of your argument. Until you make reparations for your ill-deserved behavior, I'll just continue.
Re-read again, then respond. The fact that you remain incomplete in your perception of and focus on the argument indicates that you are, in fact, incapable of purposeful argument. However, that is no excuse for you being an ass.
Chinchilla3k wrote: [quote]slpctrl wrote: crying
I have made a video and it's currently being uploaded where I use my code and his latest code (at the time I posted my reply) on my server. I do about 9-10 test runs and all of them output the correct text. To be honest I don't really care about the money.. I was hoping it would go where it appeared to be going where you would continue to develop something harder to break and I would develop something else to crack it.. I find that sort of thing fun and I've done it with people before. It seemed to be going well until slpctrl read Zephyr's post where he was pointing out that I fulfilled the conditions he set and slpctrl was not delivering… and it seems like only after that did slpctrl ACTUALLY read my code and he finally threw a tantrum…
@slpctrl To be honest I don't think you would know what to do with beautiful code.. I think you're just pissed off that a simple idea did break your crappy code. However, I am willing to do another challenge if you're upto it. You make another captcha, take your time.. and set it so that it will only accept the text in the image for only a second after the image was requested.. you can make the text as long as you want as long as I can download the image before the time is up. IF the request is successfully sent within the amount of time given.. what your code will reply is something interesting.. like maybe your user/pass for either your paypal, e-mail, hbh account or w/e. I will give you the full code. It won't be in php..
Also, you have to provide the code for the form handling and the image generation - short of the actual thing you will output.. and when you provide the code.. that code will be set in stone (i.e… you can't give 'security fixes')
If you want other conditions, specify them ^_^
video: http://www.2shared.com/file/3886532/20a043ce/vid.html the download link is near the bottom.. "Save file to your PC".. the video shows my error log as well.. and you'll see that the only thing in there is a PHP notice from code slpctrl provided.
edit: smileys disabled[/quote]
I was saying from the very first piece of code you submitted that it wasn't what I wanted. I guess I should have just asserted myself a little better and told you to fuck off with your half assed code unless you wanted paid. Your first attempt you didn't do anything but return the characters in a blank PHP document. Lol I was like wtf…Look at my post on page 2:
slpctrl wrote:
Half the time I was getting a fatal error, having taken more than 30 seconds to process, some of the characters your script returned was less than 5 characters (2-3), and I don't even know if the 5 digit characters are correct. My aim was for you to spoof the post value of the 5 digit character and bring the page back ( slpctrl.freehostia.com/code.php ) and have it echo 'Correct!' otherwise you may not even be returning the correct values. I'm not paypaling anything until someone can provide me with a script that spoofs the post value and returns %100 of the time (a fullproof crack) the text 'Correct!' Nice start though, I've learned a lot from this script.
So now you're gonna have to redo it for the money. Next time don't submit half done code to me (although I do applaud the code you did, you weren't doing what I asked which is to actually crack it, not just return the characters which I'm not sure if they're right or not). So as of now your script doesn't work at all.
sacman can back me up, regardless of how you can say all day your script worked, it wouldn't from my nor sacman's server. I should haev simply asserted myself a bit better and not tried to be nice, and told you to fuck off with your fruitless half assed attempt where you didn't bother to submit your string you were returning; especially since sacman actually put work into it and made a nice one, that despite not working 100% of the time, he never submitted it like you did.
Zephyr_Pure wrote: [quote]Zephyr_Pure wrote: You didn't feel it was necessary to post that when you offered him less? Christ, that would've avoided the whole argument. slpctrl wrote: I posted that wayyyyyy before I offered him less…I posted that when he submitted his first piece of code <snip>
And he posted a revision for the second round. Retort?
I'm done here though, he'll get his money and we're done. End.
You may be done here, but I am not. You attacked me personally on numerous occasions based upon the validity of your argument. Until you make reparations for your ill-deserved behavior, I'll just continue.
Re-read again, then respond. The fact that you remain incomplete in your perception of and focus on the argument indicates that you are, in fact, incapable of purposeful argument. However, that is no excuse for you being an ass.[/quote]
No, I just don't particularly like to argue on the internet; but I see that people like yourself that's all you're good for. Especially being a paid programmer, it's pretty fucking pathetic that you're a member of HBH only to flame and whatnot. I offered him 50 bucks for his shitty, unoptimized code that barely worked. You yourself, chinchilla said it often times took over 30 seconds to do. If it goes over 30 seconds (actually processing the PHP), by default it returns a fatal error. You're out of your fucking mind if you think I'm going to apologize to you or something…but I'm not going to argue with you either, I'd hate to sink to your pathetic level. So don't 'be done', I don't find the ability to argue with little kids online to be a desireable…attribute.
Chinchilla3k wrote: video: http://www.2shared.com/file/3886532/20a043ce/vid.html
Hats off, everyone! Verbal violence is great, but video proof is really something else.
spyware wrote: [quote]Chinchilla3k wrote: video: http://www.2shared.com/file/3886532/20a043ce/vid.html
Hats off, everyone! Verbal violence is great, but video proof is really something else.[/quote]
Didn't see the vid. I've got some time, lemme download 'cam studio' then I'll show what was happening on my end B).
slpctrl wrote: No, I just don't particularly like to argue on the internet; but I see that people like yourself that's all you're good for. Especially being a paid programmer, it's pretty fucking pathetic that you're a member of HBH only to flame and whatnot. I offered him 50 bucks for his shitty, unoptimized code that barely worked. You yourself, chinchilla said it often times took over 30 seconds to do. If it goes over 30 seconds (actually processing the PHP), by default it returns a fatal error. You're out of your fucking mind if you think I'm going to apologize to you or something…but I'm not going to argue with you either, I'd hate to sink to your pathetic level. So don't 'be done', I don't find the ability to argue with little kids online to be a desireable…attribute.
Irrelevant. Nice try.
Zephyr_Pure wrote: You didn't feel it was necessary to post that when you offered him less? Christ, that would've avoided the whole argument. slpctrl wrote: I posted that wayyyyyy before I offered him less…I posted that when he submitted his first piece of code <snip>
Zephyr_Pure wrote: And he posted a revision for the second round. Retort?
Chinchilla3k wrote: updated version : http://pastebin.ca/1195821
This one handles the random text color and posts the result along with the session to your form.. yea sometimes it can take upwards of over 30 seconds to crack. It shouldn't output only a few of the characters*. If you get an error please post the exact error. It'll output the result of sending the request to your "code.php" .. somewhere in the output you should see "Correct!".. the last line contains the text in the image.
This one requires cURL.
I tried this on all transformations of all the characters (excluding ordering and colour.. as those are irrelevent to the way I am doing it)
Same short description.. same paypal..
edit: needed to clarify something
That was his second attempt. Why haven't you spoken about that yet? THAT was the one that you agreed to pay him for, not his first one. So, fuck you and your fucking apology. Argue accurately, or shut the fuck up and quit wasting my time. Stoop to my level? Get your fucking facts straight, you ignorant little pussy.
There. Do you understand that, or do I have to quote more of the thread for you to realize that you're being a narrow-minded twit? I will… as long as it takes. You won't disrespect me based upon your misguided assumptions, though… ever. Or, you'll just be remembered as being the ass that couldn't get his fucking shit straight. In which case, you'll end up in the same boat as yours31f because you don't contribute anything worth reading.
What truth are you going to twist to satisfy your argument now? Go for it.
So are you going to address the challenge I offered? You make a captcha with a large amount of text using w/e transformations you like.. as long as it's human readable.. and you set a time limit on how long it can be submitted by. If it's submitted in time (a second or two) .. it'll output something interesting. You'll get your beautiful code that works fast. I'll get an active account you use as a trophy (or maybe someone else will get it).. or you'll be completely right about this community and me.
If that's not tempting enough.. you said you like to learn new things.. well on top of that you'll either learn that you're right or you'll learn some humility ^_^.
I like interesting challenges more than money.
Zephyr_Pure wrote: [quote]slpctrl wrote: No, I just don't particularly like to argue on the internet; but I see that people like yourself that's all you're good for. Especially being a paid programmer, it's pretty fucking pathetic that you're a member of HBH only to flame and whatnot. I offered him 50 bucks for his shitty, unoptimized code that barely worked. You yourself, chinchilla said it often times took over 30 seconds to do. If it goes over 30 seconds (actually processing the PHP), by default it returns a fatal error. You're out of your fucking mind if you think I'm going to apologize to you or something…but I'm not going to argue with you either, I'd hate to sink to your pathetic level. So don't 'be done', I don't find the ability to argue with little kids online to be a desireable…attribute.
Irrelevant. Nice try.
Zephyr_Pure wrote: You didn't feel it was necessary to post that when you offered him less? Christ, that would've avoided the whole argument. slpctrl wrote: I posted that wayyyyyy before I offered him less…I posted that when he submitted his first piece of code <snip>
Zephyr_Pure wrote: And he posted a revision for the second round. Retort?
Chinchilla3k wrote: updated version : http://pastebin.ca/1195821
This one handles the random text color and posts the result along with the session to your form.. yea sometimes it can take upwards of over 30 seconds to crack. It shouldn't output only a few of the characters*. If you get an error please post the exact error. It'll output the result of sending the request to your "code.php" .. somewhere in the output you should see "Correct!".. the last line contains the text in the image.
This one requires cURL.
I tried this on all transformations of all the characters (excluding ordering and colour.. as those are irrelevent to the way I am doing it)
Same short description.. same paypal..
edit: needed to clarify something
That was his second attempt. Why haven't you spoken about that yet? THAT was the one that you agreed to pay him for, not his first one. So, fuck you and your fucking apology. Argue accurately, or shut the fuck up and quit wasting my time. Stoop to my level? Get your fucking facts straight, you ignorant little pussy.
There. Do you understand that, or do I have to quote more of the thread for you to realize that you're being a narrow-minded twit? I will… as long as it takes. You won't disrespect me based upon your misguided assumptions, though… ever. Or, you'll just be remembered as being the ass that couldn't get his fucking shit straight. In which case, you'll end up in the same boat as yours31f because you don't contribute anything worth reading.
What truth are you going to twist to satisfy your argument now? Go for it.[/quote]
His 2nd code was timing out like no other, and I'm about to prove it so just hold your horses there buddy.
Fuck you. Until you say something to validate what you were saying before, instead of changing your argument every time you need to be right… fuck you. FUCK YOU. You're worthless. For someone that doesn't like to do online arguments, you sure made a big fucking fuss when I argued my point precisely. So, "fuck you" to everything else you say until you come with a correct argument. You ignorant bitch.
Zephyr_Pure wrote: Fuck you. Until you say something to validate what you were saying before, instead of changing your argument every time you need to be right… fuck you. FUCK YOU. You're worthless. For someone that doesn't like to do online arguments, you sure made a big fucking fuss when I argued my point precisely. So, "fuck you" to everything else you say until you come with a correct argument. You ignorant bitch.
Just give me a second. I saw a possible error in the code. As I said, and am going to prove, his 2ND CODE TIMES OUT VIRTUALLY EVERY TIME ON MY SERVER.
slpctrl wrote: Just give me a second. I saw a possible error in the code. As I said, and am going to prove, his 2ND CODE TIMES OUT VIRTUALLY EVERY TIME ON MY SERVER.
You didn't fucking say that AT ALL in the thread. You defended yourself by referencing his FIRST submission. You fucking flamed me for being right because you had your facts wrong. Whatever you prove from this point… better fucking prove that you did not short-change him according to the information available in this thread, or I don't fucking give a shit.
I DON'T GIVE A SHIT UNTIL YOU FUCKING PROVE ME WRONG. Do you understand that, you fucktard, shit-spewing kindergarten motherfucker? You fucking prove me wrong, or you're an asshat. Period. Everything else you say will see this…
FUCK YOU. FUCK YOU FOR BEING IGNORANT.
Do you hear me now? Stay on topic, you inbred mentally-incompetent fucking waste of matter.
Stupid stubborn son of a bitch.
http://www.filefactory.com/file/f847b4/n/myresponse_rar
Zephyr_Pure wrote: [quote]slpctrl wrote: Just give me a second. I saw a possible error in the code. As I said, and am going to prove, his 2ND CODE TIMES OUT VIRTUALLY EVERY TIME ON MY SERVER.
You didn't fucking say that AT ALL in the thread. You defended yourself by referencing his FIRST submission. You fucking flamed me for being right because you had your facts wrong. Whatever you prove from this point… better fucking prove that you did not short-change him according to the information available in this thread, or I don't fucking give a shit.
I DON'T GIVE A SHIT UNTIL YOU FUCKING PROVE ME WRONG. Do you understand that, you fucktard, shit-spewing kindergarten motherfucker? You fucking prove me wrong, or you're an asshat. Period. Everything else you say will see this…
FUCK YOU. FUCK YOU FOR BEING IGNORANT.
Do you hear me now? Stay on topic, you inbred mentally-incompetent fucking waste of matter.
Stupid stubborn son of a bitch.[/quote]
LOL. You're a 26 year old programmer, and you've stooped down there
looks down
Woah hahahahaha. I called you a stupid fucking cock sucking audacious faggot, what you are. Just watch the video and shut your fucking mouth.
slpctrl wrote: http://www.filefactory.com/file/f847b4/n/myresponse_rar
FUCK YOU.
Zephyr_Pure wrote: [quote]slpctrl wrote: http://www.filefactory.com/file/f847b4/n/myresponse_rar
FUCK YOU.[/quote]
If you don't want to look at my proof, then fuck off. I recorded a video, that a only did 2 attempts, I rerecorded and was patient. His code was shit, but instead of being nice about it and saying heh….I'll give you 50 for the attempt, I should have said take your bull shit and get the fuck out of my face with it. That's what I should have done, I didn't realize how insanely audacious and angry on the internet you fags can get. Especially a 26 year old man hahahahaha. I wasn't getting all angry and shit like you are…this is gold hahahahaha.
you are a huge fag who sits around the HBH community and others alike because you A need to feel like a hacker, although you're just a burned out programmer and B to flame the young teens that come here aspiring to be hackers. You represent the truly pathetic pieces of shit that roam this mother fucker hahahahahahaha.
Ok, well slpctrl posted his video.. replied to this thread.. but then deleted his post.. I'm not sure why.. so his video is here:
http://www.filefactory.com/file/484b73/n/myresponse_rar
I figured it would be the "time limit exceeded" error that you would post.. well that or something stupid like a cURL lib not being included.
max_execution_time = 360
in my php file.. I don't think I initially read that the code had to be PHP or that there had to be a time-limit (though I could be mistaken).. I assumed you would know how to set the time limit higher.
I never said my code was optimized.. I said there are MANY optimizations to be made.. and I think I specified in my shortdesc that this was probably one of the worst ways to do it (I said this was a slow way) but it was the most straightforward. You've quoted me saying that the code was unoptimized. Don't put words in my mouth.
I agree with you, the code can't really be used for any practical purposes.. it's slow as hell.. probably one of the slowest ways to do it. I already suggested a challenge to you. If you don't want to pay - that's fine. I don't care.
edit: lol you posted another vid ^_^
Chinchilla3k wrote: Ok, well slpctrl posted his video.. replied to this thread.. but then deleted his post.. I'm not sure why.. so his video is here:
http://www.filefactory.com/file/484b73/n/myresponse_rar
I figured it would be the "time limit exceeded" error that you would post.. well that or something stupid like a cURL lib not being included.
max_execution_time = 360
in my php file.. I don't think I initially read that the code had to be PHP or that there had to be a time-limit (though I could be mistaken).. I assumed you would know how to set the time limit higher.
I never said my code was optimized.. I said there are MANY optimizations to be made.. and I think I specified in my shortdesc that this was probably one of the worst ways to do it (I said this was a slow way) but it was the most straightforward. You've quoted me saying that the code was unoptimized. Don't put words in my mouth.
I agree with you, the code can't really be used for any practical purposes.. it's slow as hell.. probably one of the slowest ways to do it. I already suggested a challenge to you. If you don't want to pay - that's fine. I don't care.
edit: lol you posted another vid ^_^
I only made 2 attempts, wanted to do a 3rd. But anyways, I'll pay you…it's not a big deal. I'm having more fun with zephyr_pure, a grown man that is getting so pissed off over the internet hahahaha. What a pathetic piece of shit!
also, now that you're here, you ran the captcha in the video locally didn't you? That's okay for recording purposes, but I simply said way long time ago that it had to connect to the one on freehostia.
Zephyr_Pure wrote: You defended yourself by referencing his FIRST submission. slpctrl wrote: If you don't want to look at my proof, then fuck off.
Prove your original argument, or shut up. If you need to remember what it was, read back a bit… right before the flaming on your part, I believe. Glad you're enjoying this… I'm enjoying burying you.
Zephyr_Pure wrote: [quote]Zephyr_Pure wrote: You defended yourself by referencing his FIRST submission. slpctrl wrote: If you don't want to look at my proof, then fuck off.
Prove your original argument, or shut up. If you need to remember what it was, read back a bit… right before the flaming on your part, I believe. Glad you're enjoying this… I'm enjoying burying you.[/quote]
I'm posting video proof that his scripts time out to an almost useless state. I've actually only gotten them to work a few times, and of those few times there was one that returned 2 and 3 characters. And no chinchilla, I'm not going to change around the PHP defaults; they're there for a reason. And I hope that you, a 26 year old programmer are enjoying the hell out of burning people online. LOLZ. That's so fucking pathetic/wrong on so many levels, especially given your contributions here.
And by the way, I have proven my original argument…after the 1st code which did nothing more than return the characters (I missed your cached png file that produced the image from captcha.php), I said it had to work 100% of the time. Your optimized code doesn't come close.
slpctrl wrote: I'm posting video proof that his scripts time out to an almost useless state.
After the fact… after the whole argument.
And I hope that you, a 26 year old programmer are enjoying the hell out of burning people online. LOLZ. That's so fucking pathetic/wrong on so many levels, especially given your contributions here.
Oh, now I have contributions? About 20 posts ago, you said I didn't. Nice contradiction.
And by the way, I have proven my original argument…after the 1st code which did nothing more than return the characters (I missed your cached png file that produced the image from captcha.php), I said it had to work 100% of the time. Your optimized code doesn't come close.
The argument was about the second code. You didn't state, at the time, that the second code submission didn't work. Read back; my arguments have stayed consistent and to the point while yours… have changed to fulfill your goal.
Argue about the original topic, not about your perception of me. Otherwise, your arguments are not valid. Enjoy.
Zephyr_Pure wrote: [quote]slpctrl wrote: I'm posting video proof that his scripts time out to an almost useless state.
After the fact… after the whole argument.
And I hope that you, a 26 year old programmer are enjoying the hell out of burning people online. LOLZ. That's so fucking pathetic/wrong on so many levels, especially given your contributions here.
Oh, now I have contributions? About 20 posts ago, you said I didn't. Nice contradiction.
And by the way, I have proven my original argument…after the 1st code which did nothing more than return the characters (I missed your cached png file that produced the image from captcha.php), I said it had to work 100% of the time. Your optimized code doesn't come close.
The argument was about the second code. You didn't state, at the time, that the second code submission didn't work. Read back; my arguments have stayed consistent and to the point while yours… have changed to fulfill your goal.
Argue about the original topic, not about your perception of me. Otherwise, your arguments are not valid. Enjoy.[/quote]
That's what I've been meaning THIS ENTIRE TIME
LOL. I HAVEN'T BEEN ONCE REFERRING TO HIS 1ST CODE. LOL. MY apologies for the misunderstanding. Chinchilla, I'll still pay you because I learned from the code, although I'm displeased that you rushed through it and didn't create the quality I know you probably could have.
LOL.
And no, I've pretty much been arguing, that at least using his script remotely on mine and not locally, it works pretty much less than 50% of the time. And where have I seen that 'Argue about the original topic, not about your perception of me. Otherwise, your arguments are not valid. Enjoy.' before….can't quite put my finger on it though I know I've seen it before.
slpctrl wrote: That's what I've been meaning THIS ENTIRE TIME
LOL. I HAVEN'T BEEN ONCE REFERRING TO HIS 1ST CODE.
Numerous times in the thread you did. I'm not going to bother quoting them anymore. However…
MY apologies for the misunderstanding.
I accept, partially. I'm still pissed that you would disrespect me the way you did. However, the fact that this whole argument is taking a turn for the better is an improvement.
And where have I seen that 'Argue about the original topic, not about your perception of me. Otherwise, your arguments are not valid. Enjoy.' before….can't quite put my finger on it though I know I've seen it before.
Probably in another argument where you argued with personal attacks instead of logical retorts.
slpctrl wrote: I only made 2 attempts, wanted to do a 3rd. But anyways, I'll pay you…it's not a big deal. I'm having more fun with zephyr_pure, a grown man that is getting so pissed off over the internet hahahaha. What a pathetic piece of shit!
also, now that you're here, you ran the captcha in the video locally didn't you? That's okay for recording purposes, but I simply said way long time ago that it had to connect to the one on freehostia.
Yep, I ran it locally.. if you actually think that's what makes a significant difference then you're more ignorant than yours3lf or Coder Disaster (I thought I would use a comparison you can relate to). Sending a request over the net compared to requesting it locally is trivial .. it at best would make a couple second difference in the TOTAL execution time (that's a generous estimation in your favour).
Also, I know I'm biased in this argument .. but I agree with Zeyphyr.. I fulfilled the requirements you specified.. you didn't even show the supposed incorrect results in your video.. and ALL the fatal errors you showed (I believe you implied that there were many) was only a timeout.. you didn't even specify which language we had to use to solve the captcha.. if I had done this in C this way it wouldn't be an issue cause there would be no default setting that would cause it to timeout. I said it could take over 30 seconds to solve. That's why I assumed the time-limit wouldn't be an issue.
Zephyr's age doesn't matter… if you value knowledge as much as you claimed earlier (when you said you were happy to learn) then you should only focus on his arguments and directly reply instead of repeating about how you shouldn't have to pay - but you do cause you're a nice guy - because the code took over 30 seconds to execute.
And to be fair, I am younger than you… and if you want me to help you with OCR then I'll still help.
edit: smileys
Coder Disaster wrote: Dont bring me into it, i defended you.
I re-he-heaaaally doubt that you could defend Zephyr. Well, perhaps as a human shield, but in a conversation? Oh no, you weren't defending anything, you were actually a disturbance in this conversation. A red ant among human beings, an annoying instance of a bug.
Squish, bug, squish.
Coder Disaster wrote: Read what i wrote, where does it say i am talking about z_pure, i was talking about chinchilla
Oh sorry. That's because you fail at quoting. Whatever, replace Zephyr's name from my post with Chinchilla3k's, done.
So, to sum it up. You can't quote, still can't defend shit AND, stop talking. Please. Lets leave this subject alone. It's over, done, like privacy.
I made one that breaks slpctrl's latest one (the one with a bunch of red random alpha text).. this one runs in roughly <1 - 2 seconds.
I uploaded it on freehostia
http://eetcake.freehostia.com/filter.php
his captcha is here
http://eetcake.freehostia.com/captcha.php
and the image is temporarily stored in
http://eetcake.freehostia.com/tmp.png
So if you run filter.php.. you should see the server time before the script execs.. the text in the image.. and the server time after the script execs.. and the image should be stored as tmp.png
If you read the src code and wonder where data.txt is.. it's here
Thank you all for turning this into a "crack my code for money! ohh shit it got cracked cry." Thread.
I wanted constructive words on how to improve mine, not try this one which has very inefficient code because it cannot (ohh shit it did) get cracked!
Please let me know where I can improve on mine and what you personally think could make it better. If you have snippets please let me know.
I am currently working on character location displacement as well as character color randomization PER character. This has taken a total of about 1 hour of off and on coding to get to where it is right now so please let me know where it can be improved upon. http://ipicstorage.com/captcha/form.php to test it out.
Thank you and lets get this back on track PLEASE!
AldarHawk wrote: Advice pls
Use a randomized wave function on the letters.. preferably one where the "straight boundaries" overlap.. i.e. although the letters won't overlap.. if you were to enclose a letter in a rectangle.. another letter would intersect that rectangle. Well.. you could always allow the letters to overlap.. but it wouldn't be as aesthetically pleasing.
Wavy letters are probably one of the more computationally expensive things to recognize.
What you have right now isn't that much further of a leap than slpctrl's latest one.. It would require a bit more effort and a bit more computational power but when a bot filters out the background and handles the rotation.. the only other thing it has to account for is the limited number of shapes the letters can take on.
Edit: misspelled wavy.
AldarHawk wrote: How to do waviness?
http://ca.php.net/manual/en/function.imagick-waveimage.php
Or if you want to use your own implementation then you could always perform varying shear transformations on each (x,y) coordinate of the letter.
What I would probably do is take each letter in your captcha, set each of them at slightly varying angles (important), apply the wave function to each - using varying amplitudes and lengths(also important).. and then piece it all together in the final image. I wouldn't do any other distortion (i.e. the background would be white)
I'm not sure on how I would break this.. I have several ideas but I'm not sure of the practicality of them.
http://ipicstorage.com/captcha/form.php
No wave implemented yet but, what do you all think….do 10 and post your score :D
AldarHawk wrote: http://ipicstorage.com/captcha/form.php
No wave implemented yet but, what do you all think….do 10 and post your score :D
I don't like some of the fonts.. they're hard to read. Smaller fonts won't work too well with wave functions.. so I would use larger fonts… or you could resize the smaller ones. I would put each letter closer together.. and reduce the angle of rotation.. for some images I'm not sure if I'm looking at a tilted 'm' or a tilted '3'. The text should be larger.. just because it's hard for a human to read doesn't mean it's hard for a computer to read. Conversely, just because it's really easy for a human to read doesn't mean it's really easy for a computer to read.
Google has a really good captcha.
https://www.google.com/accounts/DisplayUnlockCaptcha
Use really simple, readable, large fonts.
Hmm.. google seems to create random strings that are phonetically friendly.. (that can be pronounced).. they probably have a list of consonant/vowel combinations to build the string… this probably makes it easier to read.
yours31f wrote: So flipping text is only good until someone sees it?
Take that blind hackers. ^_^
Seriously though, if your intention is to secure an already existing captcha that can be broken, then you can assume that the person breaking the existing captcha has a somewhat solid understanding of arrays. 'Flipping' arrays is not that difficult of a concept beyond that.
Also, I am not aware of any common out-of-the-box bots that can break captchas.
sacman wrote: i guess because it is pretty hard to crack those and even if someone did the best success rate till now was 30% ? why else ?
I was wondering what your reasoning for the claim you made was. I'm sure there are better success rates than 30%.. probably unknown ones.. where did you get that number from?
Google's captcha would be interesting to tackle
Chinchilla3k wrote: I was wondering what your reasoning for the claim you made was. I'm sure there are better success rates than 30%.. probably unknown ones.. where did you get that number from?
Google's captcha would be interesting to tackle
good question i don't remember sry. it's bin a few months now so i don't recall the exact page. but i think u could google it ^^.
edit: i googled it now it's about 20 %, hmm i thought i saw one with a 30 % success rate
btw 30% is a huge number if it's about google …..
but i guess you are right the captcha 4 porn (funniest way to crack btw ^^) cracking has a 100 % success rate. but still that's not really solving it with an algorithm.