
Uncaptcha2: Defeat ReCaptcha with Google Speech2Text - TelmoMenezes
https://github.com/ecthros/uncaptcha2
======
timdierks
This is irrelevant. Speech-to-text costs $0.006 per invocation (for < 15
seconds) [1], or you can solve 166 captchas for $1. There are already services
out there which will solve captchas for $0.50/1000 [2], an order of magnitude
cheaper. The fact that Google has a service which will do this inefficiently
changes nothing about the threat/cost ecosystem. CAPTCHAs aren't about being a
perfect defense, they're about increasing cost to operate at scale.

[1] [https://cloud.google.com/speech-to-
text/pricing](https://cloud.google.com/speech-to-text/pricing)

[2] [https://2captcha.com/](https://2captcha.com/), the first hit I found with
the search [captcha solving serving price]

Disclosure: I work for Google on security and cloud, but not on anything
related to captchas or speech to text.

~~~
kaffee
I would _love_ to pay money (or do some sort of proof-of-work hashing) rather
than solve Google's infuriating, privacy-hostile CAPTCHAs. I rather suspect
that Google, as an advertising and consumer-surveillance firm, gets rather a
lot of information out of the system.

~~~
Rebelgecko
I definitely preferred it when recaptcha was helping archive.org digitize
books for the good of humanity. Felt much more altruistic than helping Google
train neural network.

~~~
r3bl
The rules were also so much easier.

It's a bit difficult to miss two words displayed on an image.

It's incredibly easy to miss a traffic light 30 meters away from the camera on
such a tiny photo.

------
akkartik
Funny story: I can no longer moderate Disqus on my site because it pops up
reCaptcha, and I don't even attempt reCaptcha anymore. And I can't ask for
support because it pops up reCaptcha. And I can't export my data and delete my
account because -- you guessed it -- it pops up reCaptcha.

One of these days I'll gird my loins and go into battle to convince a bot that
I'm not a bot. One last time.

~~~
dessant
Sometimes it won't accept correct answers either and you're just wasting time
training their classifier for minutes. I found the audio challenge to be much
faster to get past, so I've started switching to it a couple of months ago,
then finally decided to automate it with a browser extension.

[https://github.com/dessant/buster](https://github.com/dessant/buster)

~~~
darkpuma
If you manage to force google to serve you the noscript version, it tends to
accept correct answers the first time with no re-challenges. The javascript
version of recaptcha won't let me through no matter how many times I give it
correct answers.

However websites must specifically allow the noscript version to be used; by
default it's disabled for all websites.

~~~
contravariant
What do I have to do to force the noscript version to activate? At this point
it's getting impossible for me to pass captchas, and the audio challenge is no
help since I just get half a word or some other unintelligible utterance.

~~~
darkpuma
Sometimes disabling javascript using e.g. umatrix can do it, but only in cases
where that website operator has elected to use the most permissive setting
(this seems to be rare.)

4channel.org is one site that allows noscript captcha, you can try it out
there. But I've rarely seen it possible on other sites.

------
tossaccount123
Google doesn't care, they just want free training data. The team behind
uncaptcha even gave them 6 months notice and Google still did nothing

their own sites are protected by additional measures to detect bots like
monitoring mouse movement

~~~
jayd16
Isn't the text based ReCaptcha pretty ancient at this point? Google's current
version is either the simple checkbox (which I assume is checking various
things) or the image based version where you have to click on traffic signs. I
like to assume that's a live feed from a Waymo car and I'm saving lives.

~~~
darkpuma
> _" Isn't the text based ReCaptcha pretty ancient at this point?"_

That was v1, they shut it down in March 2018. You won't see it anymore
anywhere.

> _" Google's current version is either the simple checkbox (which I assume is
> checking various things) or the image based version where you have to click
> on traffic signs."_

That's v2. v2 will present you with a simple check box if you're very
compliant with the google surveillance system, or will present you will image
challenges if you're not (or if it's just in the mood.) v2 is very capricious
and will reject correct answers from users google wishes to punish for, e.g.
using firefox, using adblockers, using resistfingerprinting, blocking google's
cookies, etc.

The recently released v3 is the worst of them all; it does away with the image
challenges of v2 completely. The user never interacts with it directly, never
has an opportunity to persuade v3 that they're a real human by answering any
sort of questions. It's nothing more than a measure of how compliant you are
with google's surveillance.

~~~
gingerlime
> The recently released v3 is the worst of them all; it does away with the
> image challenges of v2 completely. The user never interacts with it
> directly, never has an opportunity to persuade v3 that they're a real human
> by answering any sort of questions. It's nothing more than a measure of how
> compliant you are with google's surveillance.

I did a very quick experiment with reCAPTCHA v3:

    
    
      * using Firefox in private browsing mode (not logged-in to anything)
      * with a VPN
      * using uBlock Origin
      * Do-Not-Track on, disabling 3rd party trackers
      * Only went to one page and filled one form with garbage data
    

My score was 0.7, which is pretty decent I would say.

I did a similar experiment using Ghost Inspector (a platform for automating
browser testing, something similar to Selenium, but not sure what they use
exactly), and my scores were consistently 0.1.

I'm also a bit suspicious of Google, and have trouble with the fact that this
is the only solution on the market, and it's free for websites to use. But I'm
not sure your statement is entirely accurate judging from my very limited
experience.

~~~
birksherty
On Firefox, if disable 3rd party cookie, it never accepts my correct answer. I
have to fight 5 minutes with google to prove that I am human. Same when I use
vpn. Allow 3rd party, logged in to google account, no vpn and just one check.

Edit: If try to use audio challenge in the first case, it directly tells me
that I am using some method to solve captcha and they won't allow it. So much
fun.

Google is evil.

~~~
gingerlime
I was talking about reCAPTCHA v3, which doesn't present any challenges at all.
It lets the site owner decide what to do based on the score.

~~~
birksherty
I think nothing appears if my score is above google's (because they decides my
mark in the end) pass mark. If not recaptcha appears which is what happens to
me and I go through the same process.

~~~
gingerlime
This sounds like reCAPTCHA v2

~~~
birksherty
My mistake. I checked now. With vpn, firefox, 3rd party cookie block I got 0.3
score which is too bad. Google logged in, allow 3rd party and vpn gives 0.9.

------
akerro
I've seen this a week ago on reddit. The researched told google about this
vulnerability and Google doesnt care about it, they are totally OK with it.
You can see here that captcha doesn't block robots, but blocks people and
makes browsing inconvenient. reCaptcha is a way google mines data from us for
free.

~~~
nolok
Oh please, what a total joke of a comment.

> Google doesnt care about it, they are totally OK with it

Google hasn't said they don't care about it, where did you see any of that ?

They merely allowed the code to be released despite it still working against
the current. Previous experience (namely the original uncaptcha) prove that
they intend to find a way to fix it.

> You can see here that captcha doesn't block robots, but blocks people and
> makes browsing inconvenient.

Total BS, remember it's not Google that uses it, it's website owners (us), if
what you claim was indeed true we wouldn't be using it, we would use something
else that did what we wanted.

> reCaptcha is a way google mines data from us for free.

Of course, through the visual selection it displays when "unsure", although I
do not know the detail it seems pretty obvious that once it's sure you're
human it sometimes ask you to detect things in picture anyway so as to provide
training data (for maps, waymo, image search, whatever ...)

~~~
jsnell
I have literally never been asked to solve one of those image recognition
recaptchas in my main browser profile. (While it happens once a month in
incognito windows.)

So it's not at all obvious that known humans are being asked to solve captchas
just for the purposes of training.

~~~
Semaphor
It barely asks you if you use Chrome and/or are logged into a Google account.
ReCaptcha is how you make Firefox and IE/Edge users without a google account
hate you.

Because believe me, if I get asked to click another 50 cars without good
reason, (3 failed logins would be a good reason) I'll blame your site for
being dumb and not google.

~~~
hhjinks
And here's my anecdotal evidence:

I have only been served image captchas since forever. I literally thought the
warped text captchas had been phased out. I literally never see anything but
image captchas.

~~~
darkpuma
> _I literally thought the warped text captchas had been phased out._

It has been since March.

[https://developers.google.com/recaptcha/docs/versions#v1](https://developers.google.com/recaptcha/docs/versions#v1)

------
r3bl
I'm using Buster[0] for this purpose, and it relies on the same method.
Available on Firefox, Chrome and Opera in their respective add-on stores, and
no additional steps are needed (like in this project).

From my experience, it works perfectly in a default session and not at all in
the private browsing mode. I've never bothered to figure out why is that
(possibly some other add-on interfering).

[0] [https://github.com/dessant/buster](https://github.com/dessant/buster)

~~~
zamadatix
reCAPTCHA relies on things like Google cookies to lower the "user is a bot"
risk score. Higher risk scores (such as when you go via a blank slate browsing
session) result in more/more difficult challenges.

~~~
darkpuma
> more difficult challenges.

That's just code for "it rejects correct answers to frustrate you." If you
manage to get the noscript version of the captcha _with otherwise the same
browser state_ it will accept a correct answer the first time nearly every
time. Presumably this is because they didn't bother to implement their "hassle
the user" code in the noscript version; it's probably neglected by google
since it's disabled by default.

For instance, the _sloooow_ fade in of challenge tiles... what legitimate
purpose does that serve? That's not there to make it harder for bots. That's
there just to hassle and punish real humans that google dislikes because they
don't buy into the google 'ecosystem'. The more they dislike you, the slower
the fade in gets. The fade-in can be several seconds long in severe cases.

~~~
taneq
I run a combination of uBlock Origin, Privacy Badger and Firefox's tracking
protection. Can confirm, tiles take 5 seconds to fade in, I have to do 3-5
rounds of it, and unless it's really important I'll just tell reCaptcha to
piss off.

------
mockingbirdy
I've built the same in the past to solve ReCaptchas and my question is:

Why on earth did they publish this?

I've kept it secret because Google will close this loophole and probably make
it more difficult for disabled people to verify that they're humans. And
Google is not dumb: They already know that speech recognition "breaks" their
bot detection, just like screen readers - this is about accessibility.
Publishing stuff like this will increase the pressure so they will be forced
to "improve" their bot detection system - which simply means that even more
people won't be able to solve those captchas.

Heck, some weeks ago I've tried to solve a ReCaptcha for literally 10 minutes!
My answers were right, it was a matter of discrimination. My point is: My bot
automation is able to solve a Captcha faster than a human being. This is silly
and ineffective.

And about the people who've published this: they think they do someone a favor
with this. But I can't see how it's in anybody's interest to release this into
the public (especially on a site like HN where Googlers are reading). If they
would propose a better solution for website owners to secure their sites,
fine.

But everyone who's talking about "vulnerabilities" like this makes it more
difficult for real people to access the websites that they want to use. I know
disabled people who can't solve those captchas - it's just too much of a
hassle while it's easy for my bot automation to do it.

We should really ask ourselves what we're really trying to improve here.

------
robbomacrae
I used to work at SoundHound and 3 years ago we had some weird illegitimate
looking accounts using our Houndify platform.. turns out they were for
breaking recaptcha. It was a bittersweet verification that our voice
recognition was ahead of Googles but we had to put in protections against that
sort of abuse so we weren't enabling spammers...

~~~
aerique
Did you end up using recaptcha?

------
vowelless
Here is a similar attempt from 7 years ago (LayerOne 2012). Reveals how
'simple' life was back then.

Bonus: the talk is HIGHLY entertaining. Their approach gets counter measured
by Google an hour before the talk and so they can’t demo it anymore.

[https://youtu.be/Mj3thHKeKyg](https://youtu.be/Mj3thHKeKyg)

~~~
darpa_escapee
> [https://youtu.be/Mj3thHKeKyg](https://youtu.be/Mj3thHKeKyg)

This was entertaining. Thanks for posting it.

~~~
lawrenceyan
The importance of recording your demos haha!

------
alfongj
From what I can read on the twit and GitHub, the researcher hasn't proven this
works at scale.

The point of recaptcha is blocking "captcha farms" or automated bots from
abusively creating accounts, buying tickets, etc.

The author hasn't demonstrated that this attack is effective in those
scenarios. The only thing he has shown is a very convoluted way for a human to
solve a recaptcha (harder for 99.9% of humans than the standard recaptcha
experience)

That would explain why Google didn't care about them publishing this.

------
dwighttk
why not use the project link?
[https://github.com/ecthros/uncaptcha2](https://github.com/ecthros/uncaptcha2)

~~~
TelmoMenezes
Because the twit summarizes the interesting bit, while the project page not so
much. Which is good to motivate people to learn more about the project, right?

------
doe88
Ironically sad that this protection is thereby most easily defeated by its
purpose of accessibility. Pessimist in me thinks there is no good deed
possible in this world.

------
xnx
Can god make a stone so heavy that he can not lift it?

------
edoo
"The team has allowed us to release the code, despite its current success."

First off permission was never needed to release the code. Second, Google's
interest in captcha is not to protect websites but to further their machine
learning algorithms. Unless the captcha mechanism was destroyed to such an
extent nobody used it they will be happy to accept captcha requests from
automated systems. Google may seem like it sometimes but it is not your
friend.

------
kolanos
1\. In OSX, enable VoiceOver (CMD+F5).

2\. Navigate to a RECAPTCHA.

3\. Click the "I Am not a bot" checkbox.

How is this not an exploit? Is Google doing something extra when it detects a
screen reader?

~~~
hartator
What do you mean? Enabling VoiceOver on OSX is being white-listed by
ReCaptchapa?

~~~
kolanos
Yes. Or at least it appears that way.

~~~
dcbadacd
I don't doubt that Google employees are reading this thread and this might
make the life of sight-impaired a bit worse.

------
hartator
This exploit has been known for a while.

Example:
[https://github.com/mikeyy/nonoCAPTCHA](https://github.com/mikeyy/nonoCAPTCHA)

------
Memosyne
I'm guessing Google will start using some sort of steganography to prevent
this from happening.

~~~
dwd
You would think they could apply a hidden track at a certain frequency that is
inperceptable to a human or a pattern of changes in volume to prevent it being
passed through their API.

Of course the next step will be to resample the sound to remove the
steganography...and the arms race continues.

~~~
js4ever
Or simply use other speech to text api not provided by Google

------
bob_theslob646
Very impressive!

Verification seems really hard.

How do you go about verifying very other not the user is an actual person?

------
fxfan
Tldr:

Captcha -> request Audio verification-> download mp3 and send to google API
for recognition -> 91% accuracy

------
anewguy9000
captcha is a lie.

------
Y_Y
> Sorry, you are rate-limited. Please wait a few moments and try again.

I don't know why twitter blocks my Android Firefox, but I feel as if we both
benefit.

~~~
zufallsheld
Same problem for me on Android with Firefox.

~~~
sciurus
Wow, so it's not just me! I'll ask around Mozilla and see if anyone knows why
Twitter does this.

~~~
r3bl
A refresh usually helps, and this "feature" isn't exclusive to Firefox.

For some reason, it is exclusive to the links opened from another apps and
doesn't appear when accessing a link directly (via a refresh). That might
narrow down your search a bit.

~~~
berbec
I always was rate limited until I signed into Twitter. Problem solved.

I think they cap guest views/minute.

------
dang
Url changed from
[https://twitter.com/FGRibreau/status/1080810518493966337](https://twitter.com/FGRibreau/status/1080810518493966337),
which points to this.

