{"data":{"id":"10.48550/arxiv.2104.04683","type":"dois","attributes":{"doi":"10.48550/arxiv.2104.04683","prefix":"10.48550","suffix":"arxiv.2104.04683","identifiers":[{"identifier":"2104.04683","identifierType":"arXiv"}],"alternateIdentifiers":[{"alternateIdentifierType":"arXiv","alternateIdentifier":"2104.04683"}],"creators":[{"name":"Hossen, Md Imran","nameType":"Personal","givenName":"Md Imran","familyName":"Hossen","affiliation":[],"nameIdentifiers":[]},{"name":"Hei, Xiali","nameType":"Personal","givenName":"Xiali","familyName":"Hei","affiliation":[],"nameIdentifiers":[]}],"titles":[{"title":"A Low-Cost Attack against the hCaptcha System"}],"publisher":"arXiv","container":{},"publicationYear":2021,"subjects":[{"lang":"en","subject":"Cryptography and Security (cs.CR)","subjectScheme":"arXiv"},{"subject":"FOS: Computer and information sciences","subjectScheme":"Fields of Science and Technology (FOS)"},{"subject":"FOS: Computer and information sciences","schemeUri":"http://www.oecd.org/science/inno/38235147.pdf","subjectScheme":"Fields of Science and Technology (FOS)"}],"contributors":[],"dates":[{"date":"2021-04-10T05:15:15Z","dateType":"Submitted","dateInformation":"v1"},{"date":"2022-03-08T01:10:16Z","dateType":"Updated","dateInformation":"v1"},{"date":"2021-04","dateType":"Available","dateInformation":"v1"},{"date":"2021","dateType":"Issued"}],"language":null,"types":{"ris":"RPRT","bibtex":"article","citeproc":"article-journal","schemaOrg":"ScholarlyArticle","resourceType":"Article","resourceTypeGeneral":"Text"},"relatedIdentifiers":[{"relationType":"IsVersionOf","relatedIdentifier":"10.1109/spw53761.2021.00061","relatedIdentifierType":"DOI"}],"relatedItems":[],"sizes":[],"formats":[],"version":"1","rightsList":[{"rights":"Creative Commons Attribution 4.0 International","rightsUri":"https://creativecommons.org/licenses/by/4.0/legalcode","schemeUri":"https://spdx.org/licenses/","rightsIdentifier":"cc-by-4.0","rightsIdentifierScheme":"SPDX"}],"descriptions":[{"description":"CAPTCHAs are a defense mechanism to prevent malicious bot programs from abusing websites on the Internet. hCaptcha is a relatively new but emerging image CAPTCHA service. This paper presents an automated system that can break hCaptcha challenges with a high success rate. We evaluate our system against 270 hCaptcha challenges from live websites and demonstrate that it can solve them with 95.93% accuracy while taking only 18.76 seconds on average to crack a challenge. We run our attack from a docker instance with only 2GB memory (RAM), 3 CPUs, and no GPU devices, demonstrating that it requires minimal resources to launch a successful large-scale attack against the hCaptcha system.","descriptionType":"Abstract"},{"description":"To appear in the 15th IEEE Workshop on Offensive Technologies (WOOT 2021)","descriptionType":"Other"}],"geoLocations":[],"fundingReferences":[],"xml":"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHJlc291cmNlIHhtbG5zPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSJodHRwOi8vZGF0YWNpdGUub3JnL3NjaGVtYS9rZXJuZWwtNCBodHRwOi8vc2NoZW1hLmRhdGFjaXRlLm9yZy9tZXRhL2tlcm5lbC00LjMvbWV0YWRhdGEueHNkIj4KICA8aWRlbnRpZmllciBpZGVudGlmaWVyVHlwZT0iRE9JIj4xMC40ODU1MC9BUlhJVi4yMTA0LjA0NjgzPC9pZGVudGlmaWVyPgogIDxhbHRlcm5hdGVJZGVudGlmaWVycz4KICAgIDxhbHRlcm5hdGVJZGVudGlmaWVyIGFsdGVybmF0ZUlkZW50aWZpZXJUeXBlPSJhclhpdiI+MjEwNC4wNDY4MzwvYWx0ZXJuYXRlSWRlbnRpZmllcj4KICA8L2FsdGVybmF0ZUlkZW50aWZpZXJzPgogIDxjcmVhdG9ycz4KICAgIDxjcmVhdG9yPgogICAgICA8Y3JlYXRvck5hbWUgbmFtZVR5cGU9IlBlcnNvbmFsIj5Ib3NzZW4sIE1kIEltcmFuPC9jcmVhdG9yTmFtZT4KICAgICAgPGdpdmVuTmFtZT5NZCBJbXJhbjwvZ2l2ZW5OYW1lPgogICAgICA8ZmFtaWx5TmFtZT5Ib3NzZW48L2ZhbWlseU5hbWU+CiAgICA8L2NyZWF0b3I+CiAgICA8Y3JlYXRvcj4KICAgICAgPGNyZWF0b3JOYW1lIG5hbWVUeXBlPSJQZXJzb25hbCI+SGVpLCBYaWFsaTwvY3JlYXRvck5hbWU+CiAgICAgIDxnaXZlbk5hbWU+WGlhbGk8L2dpdmVuTmFtZT4KICAgICAgPGZhbWlseU5hbWU+SGVpPC9mYW1pbHlOYW1lPgogICAgPC9jcmVhdG9yPgogIDwvY3JlYXRvcnM+CiAgPHRpdGxlcz4KICAgIDx0aXRsZT5BIExvdy1Db3N0IEF0dGFjayBhZ2FpbnN0IHRoZSBoQ2FwdGNoYSBTeXN0ZW08L3RpdGxlPgogIDwvdGl0bGVzPgogIDxwdWJsaXNoZXI+YXJYaXY8L3B1Ymxpc2hlcj4KICA8cHVibGljYXRpb25ZZWFyPjIwMjE8L3B1YmxpY2F0aW9uWWVhcj4KICA8c3ViamVjdHM+CiAgICA8c3ViamVjdCB4bWw6bGFuZz0iZW4iIHN1YmplY3RTY2hlbWU9ImFyWGl2Ij5DcnlwdG9ncmFwaHkgYW5kIFNlY3VyaXR5IChjcy5DUik8L3N1YmplY3Q+CiAgICA8c3ViamVjdCBzdWJqZWN0U2NoZW1lPSJGaWVsZHMgb2YgU2NpZW5jZSBhbmQgVGVjaG5vbG9neSAoRk9TKSI+Rk9TOiBDb21wdXRlciBhbmQgaW5mb3JtYXRpb24gc2NpZW5jZXM8L3N1YmplY3Q+CiAgPC9zdWJqZWN0cz4KICA8ZGF0ZXM+CiAgICA8ZGF0ZSBkYXRlVHlwZT0iU3VibWl0dGVkIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDIxLTA0LTEwVDA1OjE1OjE1WjwvZGF0ZT4KICAgIDxkYXRlIGRhdGVUeXBlPSJVcGRhdGVkIiBkYXRlSW5mb3JtYXRpb249InYxIj4yMDIyLTAzLTA4VDAxOjEwOjE2WjwvZGF0ZT4KICAgIDxkYXRlIGRhdGVUeXBlPSJBdmFpbGFibGUiIGRhdGVJbmZvcm1hdGlvbj0idjEiPjIwMjEtMDQ8L2RhdGU+CiAgPC9kYXRlcz4KICA8cmVzb3VyY2VUeXBlIHJlc291cmNlVHlwZUdlbmVyYWw9IlRleHQiPkFydGljbGU8L3Jlc291cmNlVHlwZT4KICA8cmVsYXRlZElkZW50aWZpZXJzPgogICAgPHJlbGF0ZWRJZGVudGlmaWVyIHJlbGF0ZWRJZGVudGlmaWVyVHlwZT0iRE9JIiByZWxhdGlvblR5cGU9IklzVmVyc2lvbk9mIj4xMC4xMTA5L1NQVzUzNzYxLjIwMjEuMDAwNjE8L3JlbGF0ZWRJZGVudGlmaWVyPgogIDwvcmVsYXRlZElkZW50aWZpZXJzPgogIDx2ZXJzaW9uPjE8L3ZlcnNpb24+CiAgPHJpZ2h0c0xpc3Q+CiAgICA8cmlnaHRzIHJpZ2h0c1VSST0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbGljZW5zZXMvYnkvNC4wLyIgcmlnaHRzSWRlbnRpZmllclNjaGVtZT0iU1BEWCIgcmlnaHRzSWRlbnRpZmllcj0iQ0MtQlktNC4wIj5DcmVhdGl2ZSBDb21tb25zIEF0dHJpYnV0aW9uIDQuMCBJbnRlcm5hdGlvbmFsPC9yaWdodHM+CiAgPC9yaWdodHNMaXN0PgogIDxkZXNjcmlwdGlvbnM+CiAgICA8ZGVzY3JpcHRpb24gZGVzY3JpcHRpb25UeXBlPSJBYnN0cmFjdCI+Q0FQVENIQXMgYXJlIGEgZGVmZW5zZSBtZWNoYW5pc20gdG8gcHJldmVudCBtYWxpY2lvdXMgYm90IHByb2dyYW1zIGZyb20gYWJ1c2luZyB3ZWJzaXRlcyBvbiB0aGUgSW50ZXJuZXQuIGhDYXB0Y2hhIGlzIGEgcmVsYXRpdmVseSBuZXcgYnV0IGVtZXJnaW5nIGltYWdlIENBUFRDSEEgc2VydmljZS4gVGhpcyBwYXBlciBwcmVzZW50cyBhbiBhdXRvbWF0ZWQgc3lzdGVtIHRoYXQgY2FuIGJyZWFrIGhDYXB0Y2hhIGNoYWxsZW5nZXMgd2l0aCBhIGhpZ2ggc3VjY2VzcyByYXRlLiBXZSBldmFsdWF0ZSBvdXIgc3lzdGVtIGFnYWluc3QgMjcwIGhDYXB0Y2hhIGNoYWxsZW5nZXMgZnJvbSBsaXZlIHdlYnNpdGVzIGFuZCBkZW1vbnN0cmF0ZSB0aGF0IGl0IGNhbiBzb2x2ZSB0aGVtIHdpdGggOTUuOTMlIGFjY3VyYWN5IHdoaWxlIHRha2luZyBvbmx5IDE4Ljc2IHNlY29uZHMgb24gYXZlcmFnZSB0byBjcmFjayBhIGNoYWxsZW5nZS4gV2UgcnVuIG91ciBhdHRhY2sgZnJvbSBhIGRvY2tlciBpbnN0YW5jZSB3aXRoIG9ubHkgMkdCIG1lbW9yeSAoUkFNKSwgMyBDUFVzLCBhbmQgbm8gR1BVIGRldmljZXMsIGRlbW9uc3RyYXRpbmcgdGhhdCBpdCByZXF1aXJlcyBtaW5pbWFsIHJlc291cmNlcyB0byBsYXVuY2ggYSBzdWNjZXNzZnVsIGxhcmdlLXNjYWxlIGF0dGFjayBhZ2FpbnN0IHRoZSBoQ2FwdGNoYSBzeXN0ZW0uPC9kZXNjcmlwdGlvbj4KICAgIDxkZXNjcmlwdGlvbiBkZXNjcmlwdGlvblR5cGU9Ik90aGVyIj5UbyBhcHBlYXIgaW4gdGhlIDE1dGggSUVFRSBXb3Jrc2hvcCBvbiBPZmZlbnNpdmUgVGVjaG5vbG9naWVzIChXT09UIDIwMjEpPC9kZXNjcmlwdGlvbj4KICA8L2Rlc2NyaXB0aW9ucz4KPC9yZXNvdXJjZT4=","url":"https://arxiv.org/abs/2104.04683","contentUrl":null,"metadataVersion":1,"schemaVersion":"http://datacite.org/schema/kernel-4","source":"mds","isActive":true,"state":"findable","reason":null,"viewCount":0,"viewsOverTime":[],"downloadCount":0,"downloadsOverTime":[],"referenceCount":0,"citationCount":0,"citationsOverTime":[],"partCount":0,"partOfCount":0,"versionCount":0,"versionOfCount":1,"created":"2022-02-21T21:42:14.000Z","registered":"2022-02-21T21:42:14.000Z","published":"2021","updated":"2022-03-08T04:32:11.000Z"},"relationships":{"client":{"data":{"id":"arxiv.content","type":"clients"}},"provider":{"data":{"id":"arxiv","type":"providers"}},"media":{"data":{"id":"10.48550/arxiv.2104.04683","type":"media"}},"references":{"data":[]},"citations":{"data":[]},"parts":{"data":[]},"partOf":{"data":[]},"versions":{"data":[]},"versionOf":{"data":[{"id":"10.1109/spw53761.2021.00061","type":"dois"}]}}}}