12306 the latest verification code can be cracked (it can be applied to the ticket grabbing software)
Is this not reported ...... This wonderful verification code can be recognized by a public service for a long time ...... (The Verification Code comes from a third party)
Use Google Images
Write code
#!/usr/bin/python# # FileName : fuck12306.py# # Author : MaoMao Wang <andelf@gmail.com># # Created : Mon Mar 16 22:08:41 2015 by ShuYu Wang# # Copyright : Feather (c) 2015# # Description : fuck fuck 12306# # Time-stamp: <2015-03-17 10:57:44 andelf>from PIL import Imagefrom PIL import ImageFilterimport urllibimport urllib2import reimport json# hack CERTIFICATE_VERIFY_FAILED# https://github.com/mtschirs/quizduellapi/issues/2import sslif hasattr(ssl, '_create_unverified_context'): ssl._create_default_https_context = ssl._create_unverified_contextUA = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36"pic_url = "https://kyfw.12306.cn/otn/passcodeNew/getPassCodeNew?module=login&rand=sjrand&0.21191171556711197"def get_img(): resp = urllib.urlopen(pic_url) raw = resp.read() with open("./tmp.jpg", 'wb') as fp: fp.write(raw) return Image.open("./tmp.jpg")def get_sub_img(im, x, y): assert 0 <= x <= 3 assert 0 <= y <= 2 WITH = HEIGHT = 68 left = 5 + (67 + 5) * x top = 41 + (67 + 5) * y right = left + 67 bottom = top + 67 return im.crop((left, top, right, bottom))def baidu_stu_lookup(im): url = "http://stu.baidu.com/n/image?fr=html5&needRawImageUrl=true&id=WU_FILE_0&name=233.png&type=image%2Fpng&lastModifiedDate=Mon+Mar+16+2015+20%3A49%3A11+GMT%2B0800+(CST)&size=" im.save("./query_temp_img.png") raw = open("./query_temp_img.png", 'rb').read() url = url + str(len(raw)) req = urllib2.Request(url, raw, {'Content-Type':'image/png', 'User-Agent':UA}) resp = urllib2.urlopen(req) resp_url = resp.read() # return a pure url url = "http://stu.baidu.com/n/searchpc?queryImageUrl=" + urllib.quote(resp_url) req = urllib2.Request(url, headers={'User-Agent':UA}) resp = urllib2.urlopen(req) html = resp.read() return baidu_stu_html_extract(html)def baidu_stu_html_extract(html): #pattern = re.compile(r'<script type="text/javascript">(.*?)</script>', re.DOTALL | re.MULTILINE) pattern = re.compile(r"keywords:'(.*?)'") matches = pattern.findall(html) if not matches: return '[UNKNOWN]' json_str = matches[0] json_str = json_str.replace('\\x22', '"').replace('\\\\', '\\') #print json_str result = [item['keyword'] for item in json.loads(json_str)] return '|'.join(result) if result else '[UNKNOWN]'def ocr_question_extract(im): # git@github.com:madmaze/pytesseract.git global pytesseract try: import pytesseract except: print "[ERROR] pytesseract not installed" return im = im.crop((127, 3, 260, 22)) im = pre_ocr_processing(im) # im.show() return pytesseract.image_to_string(im, lang='chi_sim').strip()def pre_ocr_processing(im): im = im.convert("RGB") width, height = im.size white = im.filter(ImageFilter.BLUR).filter(ImageFilter.MaxFilter(23)) grey = im.convert('L') impix = im.load() whitepix = white.load() greypix = grey.load() for y in range(height): for x in range(width): greypix[x,y] = min(255, max(255 + impix[x,y][0] - whitepix[x,y][0], 255 + impix[x,y][1] - whitepix[x,y][1], 255 + impix[x,y][2] - whitepix[x,y][2])) new_im = grey.copy() binarize(new_im, 150) return new_imdef binarize(im, thresh=120): assert 0 < thresh < 255 assert im.mode == 'L' w, h = im.size for y in xrange(0, h): for x in xrange(0, w): if im.getpixel((x,y)) < thresh: im.putpixel((x,y), 0) else: im.putpixel((x,y), 255)if __name__ == '__main__': im = get_img() #im = Image.open("./tmp.jpg") print 'OCR Question:', ocr_question_extract(im) for y in range(2): for x in range(4): im2 = get_sub_img(im, x, y) result = baidu_stu_lookup(im2) print (y,x), result
12306 verification code can be cracked
> Result (0, 0) iPhone charger (0, 1) physician Qualification Certificate | ID document remake (0, 2) Mobile Phone | mobile phone leather case (0, 3) fried french fries | summer bread | 1, 0 for two people | iPhone case | mobile phone accessories (1, 1) sand points (1, 2) [UNKOWN] (1, 3) waveguide | wearable mirror | mobile phone
> (0, 0) boots | mug (0, 1) Two grains of wheat | brush | sliced planting (0, 2) spicy sauce | bottled seasoning | jam (0, 3) [UNKOWN] (1, 0) grapefruit | round fruit (1, 1) Snow cake (1, 2) Lee Kum Kee | spicy sauce | spices (1, 3) vegetarian dishes
Solution:
1. Do not use this wonderful verification code ...... This verification code is strange, and sometimes blocks some normal users.
2. Since the ticket grabbing software is fully automated, it is better to add a secondary verification text message Verification Code email to confirm the image verification code.