
Geohot tries to break Google's recaptcha - artf
https://github.com/geohot/lolrecaptcha
======
loopdoend
This problem was solved long ago to the apparent satisfaction of the
marketplace: [http://bypasscaptcha.com](http://bypasscaptcha.com)

George, the devil is in the details. You can't do everything overnight.

0% chance of success.

~~~
photogrammetry
Thanks, dang and sctb, for encouraging people to flag and neg my comment
wishing Geohot good luck.

~~~
loopdoend
Perhaps your "good luck" was snipey and didn't add anything...

~~~
photogrammetry
It wasn't. Perhaps we should be thanking sama, on the other hand.

------
desdiv
>the Google Self Driving Car Cheaters

How is the Google self-driving car team cheating?

Or is he just being a sore loser about how his own self-driving car venture
didn't work out?

~~~
commaai
lol, comma.ai still exists and is still winning self driving cars.
[https://github.com/commaai/openpilot](https://github.com/commaai/openpilot)
We have some amazing things scheduled for 2017

This repo is literally a joke for George to learn Go, in a similar vain to
[https://github.com/geohot/lowqualityraytracer](https://github.com/geohot/lowqualityraytracer)
being about learning raytracing.

Google is "cheating" because they are crowdsourcing labels with CAPTCHA, but
then of course there's [https://www.producthunt.com/posts/comma-
coloring](https://www.producthunt.com/posts/comma-coloring)

~~~
Oletros
A Github repo is not what I would call "winning the self driving cars"

------
krackers
Why only street signs though? The new captchas I've seen ask you all sorts of
random image recognition things, like identifying the squares with grass, with
tea, with eggs, etc.

~~~
chiefalchemist
Pardon me if this is stating the obvious, but the captcha images being decoded
serve a second purpose. In short, Goggle is crowdsourcing the decoding of
those images in a mechanical Turk sorta way.

Why street signs and house numbers? Because when your taken as much Street
level photos as they have some are gonna need human review.

~~~
mgurlitz
At first, ReCaptcha was used to transcribe books, and then in 2012 Google
began to use it for street data. The GP is referring to its newest use, which
is based on an image classification algorithm. Image search used to rely on
nearby words on websites and in the URL, since computer vision was just a
research technology.

Ironically, this new captcha has already been attacked using Google's own
reverse image search:
[https://www.blackhat.com/docs/asia-16/materials/asia-16-Siva...](https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-
Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf)

------
Dolores12
Current solutions on the market solve new google recaptcha with up to 50%
accuracy. Let's see what Geohot can do.

------
zitterbewegung
Has he read this paper?
[https://www.blackhat.com/docs/asia-16/materials/asia-16-Siva...](https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-
Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf)

------
meowface
Clever idea, but Google also has some bot (and maybe also captcha farm)
detections to try to ban captcha gamers. I think you'd also need a distributed
and human-seeming proxy network.

------
wodenokoto
Wonder if anybody commenting has read the readme. This is just a learning
experiment.

Is it really wrong for a famous hacker to dip his toes in a new language by
doing something that is not state of the art?

------
felippee
He was the biggest hacker, tried to be an entrepreneur, now he is working hard
to became the biggest comedian of Silicon Valley. Seems like the comedian role
might actually work out.

~~~
kabes
He never was the biggest hacker.

~~~
felippee
Nevertheless he's got the chance to become the biggest comedian :) I think
Hollywood would work out better for that...

------
arcticfox
Here's my solution: rerecaptcha.

1) Own or work with a very popular site with people filling captchas often

2) Instead of showing a full random captcha, use the recaptcha technique
against itself: show a small random captcha alongside a full recaptcha that
you want to break

3) Use the random known captcha for validation and profit from the user
entered recaptcha

------
bmpafa
You have to admire the showmanship: using a language Google created to try and
break a Google-made system.

~~~
rubyfan
Should use Tensor Flow for his classifier

~~~
Xorlev
Should use Google Cloud Machine Learning to host the resultant model.

------
problems
... this code literally just scrapes images from recaptcha right now, and it
barely does that.

If you want it broken, all you have to do is take these images and feed them
through a captcha cracking service that uses humans and get them to input
numbers for the corresponding squares. Works fairly well in my experience. And
$1/1k you can't argue with.

~~~
neurostimulant
That price is inhumane. Assuming the worker can solve 1 captcha every 10s in
average, when working full time at 25 working day and 8 hours / day, a worker
can clear 72000 captcha per month, grossing $72. The take home pay might be
like half of it? Even in developing countries, $36 per month is too damn low
for that mentally taxing work.

~~~
compsciphd
a good solver should be able to do it much faster than 1 every 10s. As someone
who sees a lot of recaptcha captchas (i.e. per week I solve probably 1k+
working on a similar project) you notice patterns, that makes it much quicker
and not particularly mentally taxing.

With the proper tools, someone should be able to on average do them in under
5s and perhaps even faster. I just did a test, and I was able to do 20
recaptchas in a bit over a minute (65-70s, rough timer)

Now, I wouldn't want to do for pay 8 hours a day, but at 3s a captcha it and
at $1 per 1K captchas, one is looking at about $1/hr, which probably isn't bad
in some parts of the world. (per a quick google search, "In 2009, the average
monthly income in India was Rs 3000 [1]. If we assume 160 hours worked per
month, that comes out to Rs 18.75 per hour, which is about 0.40 USD per hour.
Given that about half of the country lives on a dollar per person per day [2],
this estimate sounds reasonable.Oct 28, 2011")

------
hartator
Geohot never stops to amaze me, at least.

------
badcc
Geohot -
[https://www.youtube.com/watch?v=9iUvuaChDEg](https://www.youtube.com/watch?v=9iUvuaChDEg)

~~~
mwambua
I'm never really sure how I feel about Geohot. I know for sure I liked people
like him a lot more when I was younger and thought that everything was within
close reach.

I hope that he keeps on winning... maybe it will inspire youngsters to try the
impossible before reality knocks the wind out of them.

