Breaking the PayPal.com CAPTCHA
Posted by Kurt on May 12th, 2008
The PayPal.com CAPTCHA suffers several weaknesses: fixed font face, fixed font size, no distortions, trivial background noise, and it’s easy to segment. In this experiment, a three step algorithm has been developed to break the PayPal CAPTCHA. The image is preprocessed to remove noise using thresholding and a simple cleaning technique, and then segmented using vertical projections and candidate split positions. Four classification methods have been implemented: pixel counting, vertical projections, horizontal projections and template correlations. The system was trained on a sample of twenty PayPal CAPTCHAs to create thirty-six training templates (one for each character: 0-9 and A-Z). A separate sample of 100 PayPal CAPTCHAs were used for testing. The following success rates have been achieved using the different classifiers: 8% pixel counting, vertical projections 97%, horizontal projections 100%, template correlations 100%. Three of the trained classifiers out perform the 88% success rate of Pwntcha.
Example
Preprocess
- Original:
- Grey Scale:
- Thresholding:
- Further Cleaning:
Segment
- Segmented:
- Padded:
Classify
- Pixel Counting: 8% Break Rate
- Vertical Projections: 97% Break Rate
- Horizontal Projections: 100% Break Rate
- Template Correlations: 100% Break Rate
Paper
The final paper including MATLAB source code, sample runs, and results can be downloaded here.
Presentation
A copy of the slides used for a presentation of this experiment can be downloaded here.
Data
The 20 training and 100 testing PayPal CAPTCHA images are available to download here.
Source Code
Complete MATLAB code (281 lines, well commented) for preprocessing, segmenting, and classifying the images is available here.
I recently graduated from the Rochester Institute of Technology where I received both a BS and MS in Computer Science. My research interests are CAPTCHAs, web security, pattern recognition, and machine learning. My MS thesis is on
Recent Comments