I recently studied some knowledge about breaking through verification codes and recorded them. On the one hand, it is a summary of the learning knowledge over the past few days to help you understand, on the other hand, we hope to help technical students in this area, and also hope to attract the attention of website managers, I always wanted to write this when I provided the verification code. after a long time, I am interested in a simple record.
Verification code
A fully Automated open Turing test (CAPTCHA) that distinguishes Computers from Humans, it is a public, fully automated program that distinguishes users from computers and people. In the CAPTCHA test, the server computer will automatically generate a question to be answered by the user. This question can be generated and judged by computers, but it must be answered by humans. Because the computer cannot answer CAPTCHA's questions, users who answer questions can be considered as humans.
Encyclopedia introduction
To put it simply, it is a randomly generated character, which is output on an image [other types of drag/text message verification codes are not considered here].
Common types
Ideas
This document is only used for demonstration purposes. Therefore, the first image verification code is used as an example.
Each point on the image has its RGB value, which can be obtained through the color filter. we can see that the verification code is a pure digital solid color background.
The color filter shows that the background color RGB value of the verification code is (212,214,204)
Implementation
Next we will use PHPimagecolorsforindex
The function obtains the RGB values of all vertices in the image:
$url = 'http://210.32.33.91:8080/reader/captcha.php';$im = imagecreatefromgif($url);imagegif($im, '1.gif');$rgbArray = array();$res = $im;$size = getimagesize($url);$wid = $size['0'];$hid = $size['1'];for ($i = 0; $i < $hid; ++ $i) { for ($j = 0; $j < $wid; ++ $j) { $rgb = imagecolorat($res, $j, $i); $rgbArray[$i][$j] = imagecolorsforindex($res, $rgb); }}
The result is as follows:
What is the purpose of this question? Next we use another method to display the data, which is output for the background color.□
, Verification code area output■
, Let's take a look:
for ($i = 0; $i < $hid; $i ++) { for ($j = 0; $j < $wid; $j ++) { if ($rgbArray[$i][$j]['red'] == 212) { echo '□'; } else { echo '■'; } } echo "
";}
Effect:
So it is clear.
But you may still have doubts. although we can see it, how can we know it?
The following is an analysis:
Each verification code can be 4 grids separated directly, 6/10 grids separated between left and right, and 16/10 grids separated up and down.
Let's remove these interference points to make them clearer:
Is it clear? Someone may ask, how do you know the number on the image if you say so much.
Let's talk about my ideas.□
And■
In the format of 0 and 1, the numbers are fixed. in this way, 0-9 is displayed, and 8*10 in each area of each word is composed of 0 and 1,
Let's perform each eight splits, remove the 4-cell spacing, and cyclically obtain the 01 combination value of 0-9:
$dic = array( '00011000001111000110011011000011110000111100001111000011011001100011110000011000' => 0, '00011000001110000111100000011000000110000001100000011000000110000001100001111110' => 1, '00111100011001101100001100000011000001100000110000011000001100000110000011111111' => 2, '01111100110001100000001100000110000111000000011000000011000000111100011001111100' => 3, '00000110000011100001111000110110011001101100011011111111000001100000011000000110' => 4, '11111110110000001100000011011100111001100000001100000011110000110110011000111100' => 5, '00111100011001101100001011000000110111001110011011000011110000110110011000111100' => 6, '11111111000000110000001100000110000011000001100000110000011000001100000011000000' => 7, '00111100011001101100001101100110001111000110011011000011110000110110011000111100' => 8, '00111100011001101100001111000011011001110011101100000011010000110110011000111100' => 9);
The 10 values are then combined into an array, and the verification code value is obtained after each resolution of the image RGB into the corresponding array value. The following is a demonstration:
Finally, for accuracy, take a look at the 100 cycles:
Haha, accuracy: 100%
Conclusion
The purpose of this article is to enable WEB developers to pay attention to security when generating verification codes. do not use it for illegal purposes.
The code is already on github: