Solving CAPTCHAs for Cash
I had a really interesting conversation with a guy out of Romania this morning regarding a team of CAPTCHA solvers that he has set up. The basic premise is that he has 5 guys set up to solve CAPTCHAs like Yahoo, MySpace, and Hotmail. He does this for clients all over the world. The economics are probably the most interesting part, since his team is non-technical and only types in what they are given by their clients.
The economics are as follows: 300-500 CAPTCHAs per person per hour. The clients pay between $9-15 per 1000 CAPTCHAs solved. The team works around 12 hours a day per person. That means they can solve somewhere around 4800 CAPTCHAs per day per person, and depending on how hard the CAPTCHAs are that can run you around $50 per day per person (his estimate). The reason it’s not higher is because they take breaks, and fail sometimes.
He also admits it takes some time to ramp them up on new CAPTCHAs. Eventually they get faster at solving them. So for $50 a day, you can get your own human CAPTCHA solver. The ages of the solvers range from 18-23 years old. Pretty interesting stuff - what a crappy job!
April 27th, 2007 at 4:15 pm
Speaking of crappy jobs: I had two occurrences in my forum where repeating spam was definitely sent by humans (bots never get through the protection). The one guy was in China, the other in Belorussia. They didn’t even use proxies, obviously underpaid freelancers paid by number of messages sent - proxies would slow them down.
April 27th, 2007 at 6:15 pm
Sounds rather like gold farming:
http://www.nytimes.com/2005/12/09/technology/09gaming.html?ex=1291784400&en=a723d0f8592dff2e&ei=5090&partner=rssuserland&emc=rss
April 28th, 2007 at 1:24 am
Well, that sounds an awful lot like Amazon’s Mechanical Turk ( http://www.mturk.com/mturk/welcome ).
April 28th, 2007 at 1:25 am
Captcha-törő gép
Tudjátok, az az eltorzított felirat, ami arra szolgál, hogy a robotot megkülönböztesse az embertől, és csak az utóbbit engedje regisztrálni, kommentezni, akármit csinálni. Most jött a hír egy román captcha-törő rendszerről, ami bár l…
April 28th, 2007 at 4:01 am
just what i thought, yawnmoth..
)
it’s an economical thing I suppose, cause human labour can be much cheaper in eastern Europe or Asia (off shoring and outsourcing, eh?
April 28th, 2007 at 8:49 am
Here’s another interesting take on the problem:
http://www.boingboing.net/2004/01/27/solving_and_creating.html
Proxy the captcha onto a free porn site, and let the porn-seekers decode it for nothing. All it costs you is a CD with some pictures/movies and a little bandwidth.
I also saw a response on a tender board some time ago from India or thereabouts, offering to decipher captures for something like $1 per hour.
What amused me about that was that someone actually put out a “request for proposal” for CAPTCHA solving!
April 28th, 2007 at 11:01 pm
These people get paid to solve captcha’s manually while I algorithms to solve them automatically. Almost evil for me to think of putting Romanians (or Indians, or anyone who works for pennies USD) out of work via automation…
4800 hotmail captcha’s would take my algorithm right at one hour to solve - assuming they’re already downloaded.. So any one 2GHZ CPU could solve upwards of 115,000 captchas per day. Keeping the low end estimate of $9 per 100, that’s over a grand a day I’m missing out on.
My hobby is no longer useless!
April 29th, 2007 at 6:33 am
I have always thought this was a perfect application for Amazon’s Mechanical Turk.
April 29th, 2007 at 9:05 am
@Nick Williams - That’s 10x more costly than to do it manually. They are charging between $9-15 per 1000. I’d love to see that code though!
April 29th, 2007 at 2:43 pm
@RSnake - Woops, typo on the $9 per 100, the math was done at $9 per 1000.
April 30th, 2007 at 3:25 am
Hi guys
im trying to write a yahoo mass regger that should bypass image verification.
i was bypassed image verification of phpnuke it was so easily
(
http://phpnuke.org/?pagetitle=
etc
so i must solve thatttttt
has anyone any idea
Some 1 was said me yahoo’s captcha is edited version of base64 but when i base64 for 10 times a captcha
a captcha = eLpLML;
its encoding
OmXiUuVZFemhYG2.JnRpusqa7msjFzOD86aXkdTJTWkMaIXV1_1MwLXtmqQAINrqiOkqhDSoJbKwCg–
its base64
$cap = “eLpLML”;
$basecap = base64_encode($cap);
while($i”;
$i++;
}
i get result like that
WlV4d1RFMU0=
V2xWNGQxUkZNVTA9Cgo8YnI+
VjJ4V05HUXhVa1pOVlRBOUNnbzhZbkkrCgo8YnI+
VmpKNFYwNUhVWGhWYTFwT1ZsUkJPVU5uYnpoWmJra3JDZ284WW5JKwoKPGJyPg==
Vm1wS05GWXdOVWhWV0doV1lURndUMVpzVWtKUFZVNXVZbnBvV21KcmEzSkRaMjg0V1c1Skt3b0tQR0p5UGc9PQoKPGJyPg==
Vm0xd1MwNUdXWGRPVldoV1YwZG9WMWxVUm5kVU1WcHpWV3RLVUZaVk5YVlpibkJ2VjIxS2NtRXpTa1JhTWpnMFYxYzFTa3QzYjB0UVIwcDVVR2M5UFFvS1BHSnlQZz09Cgo8YnI+
Vm0weGQxTXdOVWRYV0dSUFZsZG9WMVl3Wkc5V01XeFZVbTVrVlUxV2NIcFdWM1JMVlVaYVZrNVlWbHBpYmtKMlZqSXhTMk50UlhwVGExSmhUV3BuTUZZeFl6RlRhM1F6WWpCMFVWSXdjRFZWUjJNNVVGRnZTMUJIU25sUVp6MDlDZ284WW5JKwoKPGJyPg==
Vm0wd2VHUXhUWGRPVldSWVYwZFNVRlpzWkc5V01WbDNXa2M1VjAxWGVGWlZiVFZyVmxVeFYyTkljRmRXTTFKTVZsVmFZVlpyTlZsV2JIQnBZbXRLTWxacVNYaFRNazUwVWxod1ZHRXhTbWhVVjNCdVRVWlplRmw2UmxSaE0xRjZXV3BDTUZWV1NYZGpSRlpXVWpKTk5WVkdSblpUTVVKSVUyNXNVVnA2TURsRFoyODRXVzVKS3dvS1BHSnlQZz09Cgo8YnI+
Vm0wd2QyVkhVWGhVV0dSUFZsZFNXVll3WkZOVlJscHpXa2M1VjAxV2JETlhhMk0xVmpBeFdHVkdXbFppVkZaeVZteFZlRll5VGtsalJtUlhUVEZLVFZac1ZtRlpWbHB5VGxac1YySklRbkJaYlhSTFRXeGFjVk5ZYUZSTmF6VXdWV3hvZDFaSFJYaFRiV2hWVmpOQ2RWUlZXbHBsUm13MlVteFNhRTB4UmpaWFYzQkRUVVpXVjFOWVpHcFNSbHBYVldwS1RrNVdWa2RTYmxwVVRWVktTVlV5TlhOVlZuQTJUVVJzUkZveU9EUlhWelZLUzNkdlMxQkhTbmxRWnowOUNnbzhZbkkrCgo8YnI+
not seems like base64 if anyone can solve the yahoo captcha
feel free 2 contact me tontonq@hotmail.com
April 30th, 2007 at 3:55 am
Although I’m from Romania, I must admit those guys must be stupid or desperate.
@Nick Williams - a more serious concern for you would be a Romanian/Indian developer putting guys like you out of work, via outsourcing
April 30th, 2007 at 1:42 pm
I don’t currently make any money from my algorithm, so they can’t exactly put me out of work. If anything, they’ll elevate the difficulty of my hobby and I’ll either be too stupid to keep up or intelligent enough to be right back at square one.
May 1st, 2007 at 11:04 pm
nicely put, Nick
May 5th, 2007 at 9:23 am
I concur - I have always been thinking about Mechanical Turk as use for solving captchas. But probably Amazon filters out such clients…
May 23rd, 2007 at 10:23 pm
Humanos trabajando para robots!
Un equipo de 5 humanos trabajan "decodificando" captchas!!
July 8th, 2007 at 6:40 pm
Most of the captcha could be easily decoded automatically, even like Friendster, Xanga, Yahoo, Gmail, etc… but the challenging could be cheaper done thru cheap labour. For some captcha, I got almost 100% accuracy at the speed of 1~2 seconds per break, depending on the power and bandwidth of the server but I guess that is good enough for any job. Anyone has any luck with the tougher one?
August 30th, 2007 at 5:54 pm
Paying for solving CAPTCHAs is interesting method of bapassing captchas :-). But there is one more effective (and more cheaper) my own method - MustLive CAPTCHA bypass method. Which can be used for hacking a lot of captchas in the Web.
Everyone who interested in this topic feel free to contact me (in particular who need to bypass some captchas). In near future I’m planning to make article about my CAPTCHA bypass method. And to make some event about a lot of weak captchas ;-). RSnake, I will write you more details about this topic soon.
August 31st, 2007 at 6:28 am
Yah, I’d like to hear the details on that one if it works.
September 28th, 2007 at 12:44 pm
I would definitely be interested in mustLive’s captcha bypass method.
November 11th, 2007 at 9:22 am
Hello sir,
I m from Bangladesh.
We r a group worker who solve captcha image for money.
We are working on another captcha project, too and deliver 50000 captchas/day.
We can work for you too, because we know what we are doing.
we can start as soon i receive all the info the info from you.
I can show you the captcha website we are curently working right now.
It will be a pleasure for us to serve you , too.
Let us working4you.
our rate is $ 8 for per 1000 captcha solved.
let me know what ur decision……..
I m waiting for ur response.
Have a great day !
Best wishes !
Thanks
admin
Raki IT Group
November 28th, 2007 at 8:24 am
Hello,
I’m from VietNam
We have a group with 20 person. We working some site rabot, rubl, look…
Our rate just 4$ for per 1000 captcha solved.
We hope work you
Best Regard,
QuangHung
(road2success83@gmail.com)
December 22nd, 2007 at 12:23 pm
There are several serious design flaws in the Y! CAPTCHA implementation that have nothing to do with the difficulty of recognizing text in the image. The value of the CAPTCHA is almost certainly encoded into the URL for the image, and probably using a very poor encryption scheme. Simply by decrypting the URL for the image, spammers could defeat the CAPTCHA, without even resorting to this farming technique.
Casual inspection shows that a CAPTCHA image takes the form http://ab.login.yahoo.com/img/.jpg, where is obviously a base64-encoded value (with some character substitution in the encoding scheme). Y! CAPTCHAs are either 4, 5, or 6 characters in length. Depending on the length of the CAPTCHA, the length of the decoded ciphertext changes! There are also sections of ciphertext with 0 entropy and some with very low entropy.
There do not appear to be any provisions against automated generation of CAPTCHAs (the CAPTCHA page can be loaded repeatedly, generating a new ciphertext each time, with no lockout). There is likely a lockout after too many attempts to guess a CAPTCHA, but simply generating unlimited instances of valid ciphertext does not seem to be prevented.
Has anyone done any serious cryptanalysis on this? CAPTCHA farmers would be wise to be archiving the valid CAPTCHA/ciphertext pairs as they farm to generate a large volume of data to use. I’m guessing this wouldn’t even be a difficult algorithm to reverse without a large volume of data, but having a few CAPTCHA ‘answers’ with similar (or identical) plaintext would be extremely useful.
January 28th, 2008 at 11:46 am
James, do you have any idea if the same unlimited CAPTCHA generation applies to Gmail?
February 10th, 2008 at 4:33 am
Hi!!! Hope you are doing well. We the leading Data processing company in Bangladesh. Presently we are processing 300000+ captcha per day by our 55 operators. We have a well set up and We can give the law rate for the captcha solving.
Our rate $2 per 1000 captcha.
We just wanna make the relationship for long terms. can we go forward? Thank you, (For inquiry amir4@yours.com or
khoknaa@yahoo.com)
Best Regards
Amir Hossain Dewan
Data Home Ltd.
amir4@yours.com
khoknaa@yahoo.com
February 10th, 2008 at 10:25 am
1000 per 4$
1000 in 2 hours
February 10th, 2008 at 10:27 am
sagmamas@yahoo.com
February 19th, 2008 at 1:44 pm
Hello sir. I am From Bangladesh. My rate is $ 3/ 1000 succesfull captcha’s, If you are interested, please mail me. I can deliver you 100000 captchas / day. I have a big group of worker.
February 23rd, 2008 at 2:15 pm
Dear Sir,
I am very much interested to do this job. I have 8 years experienced in data entry section. and 1 year Experience “CAPTCHA DATA ENTRY” We are doing various kind of project since 8 years. We have an experienced in data entry operators of 10 members. We have ONE server pc with high speed broad band internet connection and also have internet backup connection. Our team is able to enter maximum CAPTCHA’s as per your required. If I get a chance I can start working on it immediately. My bid is $1 for 1000 captchas (Bid rate and payment procedures are negotiable) we are very faster growing up in data entry section at Bangladesh. Our data entry services are fast and reliable, with an accuracy rating up to 99.9%. Our quality controls ensure that your work is entered correctly. Consolidate all your paper documents into a usable digital database that can be uploaded from us over the internet, to provide you quick accessibility you need. All work is done in our primary facility by highly trained operators that can help you plan and implement your next data entry project. Kindly reply me with the necessary details. I am waiting for your guidelines. If you are serious please contact immediately. Best Regards Sumon, Friends Data Entry Service Dhaka, Bangladesh Contact: Cell-01913-386328
March 1st, 2008 at 10:22 pm
POC about Defeating CaptCha:
http://www.botmaster.net/movies/XFull.htm
Protection against it: [Not FoolProof]
http://yehg.org/lab/pr0js/papers/Defeating%20X-Rummer.pdf
March 9th, 2008 at 12:10 pm
dear sir
please give me captcha data entry work
my bid $1 per 1000 captcha.
Please send your data & payment system.
Thanks
Sherazul islam
Bhai Bhai Cyber Cafe
March 13th, 2008 at 6:32 pm
I still haven’t finished laughing at the amount of people who are unable to read correctly and are asking for work! haha
March 22nd, 2008 at 7:09 am
Hello,
I am from Bangladesh, have experience in captcha image entry working. Currently working in Qlinkgroup work. Please provide me more work.
chanchal17@gmail.com
March 27th, 2008 at 7:35 am
to FriXioN, This is your funny comment. i’m confused that are you able to read properly or not. The people are in marketing for their company. i don’t even find any wrong there. And i feel laugh by seeing your comment !!! Ha aha ha ha anyway i thing you don’t have any company accept your comments. Don’t mind.
March 31st, 2008 at 2:28 am
I am work in 500-600 captcha per hour. I am intrested for your work.
Please send more details for by mail. Kindly reply me with the necessary details. I am waiting for your guidelines. If you are serious please contact immediately. My Time Zone : IST
Thanking & With Best Regards
I.S.M. SHAMSUDEEN IBRAHIM
Madurai, Tamilnadu.
India.
April 3rd, 2008 at 9:52 am
I saw a blurb to the story over at infoaddict.com and couldn’t believe that people would work for so little money. But I guess you are all right, wages are much different in eastern europe. and now that I am here, I am even more flabbergasted at the rate people are offering for this work. wow.
April 16th, 2008 at 3:25 pm
Hello Sir- I’m so interested to do captcha entry project. I’ve experience in this field. My bid is 2$/1k captchas. I can deliver at least 25k captcha per day. Please PM me.My yahoo id is - blackrose9974@yahoo.com. Waiting for a good start. Thanks
April 29th, 2008 at 9:05 pm
Hello Sir- I’m so interested to do captcha entry project. I’ve experience in this field. My bid is 2$/1k captchas. I can deliver at least 25k captcha per day. Please PM me.My yahoo id is - mahamud896@gmail.com, Waiting for a good start. Thank
May 8th, 2008 at 12:49 am
Sir,
We interested in captcha entry and can do 15k per day @ 1.5 USD per 1k. mail @mr_asif_bd@yahoo.com
May 8th, 2008 at 10:57 am
#shkilur rahaman shohel Says:
Hi!!! Hope you are doing well. We the leading Data processing company in Bangladesh. Presently we are processing 100000+ captcha per day by our 30 operators. We have a well set up and We can give the law rate for the captcha solving.
Our rate $2 per 1000 captcha.yahoo,hotmail,mayspace,gmail, facebook etc.
We just wanna make the relationship for long terms. can we go forward? Thank you.
Best Regards
shakilur rahaman shohe
se.dhrubotara@yahoo .com
se.dhrubotara@gmail.com