09/23/2009 kRO Maintenance - anti bot

[Technology]

It seems like they have added some sort of captcha.

09/23/2009 kRO Maintenance
Sakray Test Server
- Updated the BOT countermeasure system.

original post: http://forums.irowiki.org/showpost.php? ... tcount=125

[kLabMouse]

Get the difference between old Client and New.
They must add some packets for this system.

[Technology]

Here are 2 clients, the newest one has the captcha thing.

[kLabMouse]

OK. based on Technology info:

Code: Select all

0x07E5 len:8   -- Generation ID / Captcha Session
0x07E6 len:8  -- (Might be same us 0x07E5)
0x07E7 len:32 -- Client Answer
0x07E8 len:0  -- Incoming Image
0x07E9 len:5  -- Wrong Answer / Good Answer

Code: Select all

// Captcha Session ID
struct PACKET_AC_07E5 {
   short PackeType;
   short ID;
   unsigned long GenTime;
};

// Answer to Image
struct PACKET_CA_07E7 {
   short PackeType;
   short ID;
   unsigned long GenTime;
   char answer[24];
};

// Incoming Image
struct PACKET_AC_07E8 {
   short PackeType;
   short PacketLen;
   char img[...]; // BMP Image
};

// Wrong Answer / Accept  Answer
struct PACKET_AC_07E9 {
   short PackeType;
   short ErrorCode; // Always 5
   bool state; // 0 -- wrong answer; 1 -- good answer;
};

[Technology]

9/30/2009 kRO Maintenance
RE Test server Patches
-The bot protection system has been updated.

From what i see, the text of the captcha is straight instead of wavy/distorted now. (text has colours)
They also added a (gray) grid for noise.

Maybe we need to look at the packets again, the captcha seems to be using the same font as the client.
What about we let kore solve the captcha? It should be easy to remove the noise, since it has a different color.

someone wants to break it here

[kLabMouse]

OK. Let's Implement it this way:
We support that packets in ServerType0 (First time seen/mostly used packets).
System must save Image in BMP format, in "log" folder with name of "%ID%%time%.bmp" based on known data.
Plugin must be able too hook, when image is loaded, and on server answer.

That plugin will mostly use "ImageMagic" libraries, may-be even "PWNtcha" lib.

[kLabMouse]

Oh. Yeah. Known OpenSource OCR Libraries:
VXL
Tessnet2
tesseract-ocr
GOCR
Gamera
Conjecture
Ocrad
ocropus
Clara OCR
Captcha Breaker
PWNtcha

[kLabMouse]

Oh. Yeah, I had an Idea.
English Letters and Numbers do not use more then 7 Bits.
So... I was thinking. Is there a chance that server is not saving ID/Time/Answer in DB?
So the Check code only depends on Input data from packet.

For that to see, I need at least 50 or 100 Images + ID + Time with same ID (for at least 30).

[kali]

Possibly what happens is this:
* user tries to log in
* server creates an image, saves the answer to the account, and sends it to user
* user answers
* server clears (or marks) the answer in the account

Maybe we can assume that the server only stores a single answer in the account (to compare with the user's answer). This is the only way to keep track of the session if the tcp connection is nonpersistent.

However, if the tcp connection is persistent, the server does not even have to save/persist the answer at all. The server can just pull up some random string, create a bitmap from the said string, then send it along.

[Technology]

I've logged into kRO.
Tho this is by user intervention, so no OCR automation yet...

The packets are a bit different tho:

Code: Select all

// 1) Our packet from client to server to initialize captcha
struct PACKET_CA_07E5 {
	short PackeType;
	short unknown;					// (in)variable or not: 0x12 = 18 = ?
	unsigned long accountID;
};

// 2) Server's answer to captcha init packet
struct PACKET_AC_07E8 {
	short PackeType;
	short PacketLen;
	char img[...]; // BMP Image
};

// 3) Our answer to image packet
struct PACKET_CA_07E7 {
	short PackeType;
	short unknown;				// (in)variable: 0x20 = 32 = len?
	unsigned long accountID;
	char answer[24];
};

// 4) Server's answer to image packet
struct PACKET_AC_07E9 {
	short PackeType;
	short ErrorCode; // Always 5
	bool state; // 0 -- wrong answer; 1 -- good answer;
};

Atm i'm making the bot log in over and over creating captcha images that have timestamps on them.