Tired of the same old dreary Security Graphic?

New Member Joined: Jan 28, 2004 Posts: 2

http://www.nukecops.com/article836.html

just wanted to post that link, to point out where (i think) the idea for that code came from and give the original author a little credit.

by the way, the output that that script creates is far from un-readable by OCR programs. the contrast is far too high; simply adding background color behind some text doesn't make it more difficult to decipher.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

I'm not sure what code you are referring to, but my original post was not pirated from anywhere. I do not do that, nor do I need to. The image routines are far from anyone's intellectual property and are standard API calls. There are countless "How To's" out there that use these calls and are way older than that article of 10/18/2003 from NC. And nowhere do I state about trying to be unreadable by OCR! The subject line says it all "Tired of the same old dreary Security Graphic".

nickeby wrote:

just wanted to post that link, to point out where (i think) the idea for that code came from and give the original author a little credit.

In the future if you think that someone needs credit I would appreciate an email or a PM before you accuse or state what you think in public.

Posted: Wed Jan 28, 2004 2:13 pm

sorry, got too close to the pirated-code accusation. i thought you might have used that other algorithm as the basis for yours; since both are basically the same- write some colored arcs/ellipses in random colors, with a random string on top. i apologize for the original tone of that posting. the code you posted is not ripped from that code on nukecops.

to the other point... the function these security graphics are supposed to serve is to be unreadable by character-recognition programs, right? because if it's easily readable by an OCR, then somebody can write a few scripts to fill out your forms or whatnot, almost as easily as if the security graphic weren't there at all.

Posted: Wed Jan 28, 2004 2:19 pm

I'll stand down from defcon 1 now Laughing

. As a developer myself I am very careful, as I can be, to give credit where credit is due. I appreciate your follow-up.

Actually, in the case of Nuke, the graphic is meant more to discourage bots and automated programs from getting at your site by guessing the algorithm. For that purpose it bodes quite well. To your point though, if you are a security nut Smile

, then you will require more of a smear type graphic.

Posted: Sun Nov 21, 2004 10:31 pm

Cheers,

As per reading the Raven's post today "initially", I decided to make some experiments based on the presented Code Examples. The attached piece of code is an indirect shameless application based on Raven's Code Example (functional!) and the NC Code Example (disfunctional!).

The set goal was to have the output being distorded in such "deterministic" way that the Security Code would be more harder to read by an OCR - this was achieved by applying a provocative DUPLICATE key generation in close vicinity of each "main key". (=> Gone fishing. Me thinks me fisherman, OCR fish.) Wink

Emphasized:

Quote:

* random size constraints narrowed --> higher probability for appearing non-overlapping visible DUPLICATE KEYS (X-axis; Y-axis)
* randow x-axis deviation offset increased --> higher probability for appearing non-overlapping (X-axis shift/drift)

<=> All this carried out to require "more human intelligence" around to read it out, ie. to make it harder for OCR.

The OCR resistance can be hardened/fine-tuned accordingly even further, however this will suit to my personal purposes in the first place (time will tell, whether I should reconsider updating "Security Code" generation mechanism in the future).

In case that you are interested in the actual output, you may want see "Security Code" in action at URL :
[ Only registered users can see links on this board! Get registered or login! ]

Code:




function gfx($random_num) {


    global $prefix, $db, $module_name;


    require("config.php");


    $datekey = date("F j");


    $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));


    $code = substr($rcode, 2, 6);





    // constants (variables) declaration


    $circles=5; 


    $width=100; 


    $height=20; 





    // initializing with random image generation


    Header("Content-type: image/jpeg");


    $image = ImageCreate($width,$height);





    // limiting RGB outputs to range 128:255 [absolute range : 0:255] //   


    for ($i=1;$i<=$circles;$i++) { 


        $randomcolor = imagecolorallocate ($image , rand(128,255),rand(128,255),rand(128,255)); 


        imagefilledellipse($image,rand(0,$width-10),rand(0,$height-3),rand(20,70),rand(20,70),$randomcolor); 


    } 


    // limiting RGB outputs to range 192:255 [absolute range : 0:255] //


    for ($cnt=0; $cnt<12; $cnt++) {


        $text_color = ImageColorAllocate($image, intval(rand(192,255)), intval(rand(192,255)), intval(rand(192,255)));


        ImageArc($image,($cnt*8),10,intval(rand(15,30)),intval(rand(15,30)),0,360, $text_color); 


    }


    // limiting RGB outputs to range 0:63 [absolute range : 0:255] //


    for ($idx=0; $idx<24; $idx++) {


        $text_color  = ImageColorAllocate($image, intval(rand(0,63)), intval(rand(0,63)), intval(rand(0,63)));


        $text_color1 = ImageColorAllocate($image, intval(rand(0,63)), intval(rand(0,63)), intval(rand(0,63)));


        ImageString ($image, intval(rand(1,2)), 9+($idx*14), 2, substr($code,$idx,1), $text_color);


        ImageString ($image, intval(rand(1,5)), 11+($idx*14), 2, substr($code,$idx,1), $text_color1);


    }


    // outputting the image


    ImageJPEG($image, '', 100);


    ImageDestroy($image);


    die();


}

Just my 1.99 cents.

BR,

-beetraham

Useless Joined: Aug 23, 2002 Posts: 213 Location: Chicago

Man your security code is really hard to read.

Posted: Fri Jul 01, 2005 2:52 am

This is an nice hack, but it's realy hard to see the numbers.
How can i make this a little bit better for use? Neutral

Coldy

Posted: Wed Jul 19, 2006 12:40 pm

is there an update for this in newer version of PHP-Nuke that do not have the function gfx in the moduel/Your_Account/index.php file?

Raven's distro 7.6

Also, I have searched and found various suggestions in the forums here for changing the length of the code, form 6 digits to 8, but nothing works that was suggested

Posted: Wed Jul 19, 2006 3:00 pm

I am not usre I understand your question myrtletrees.
The security image should display depending on it's setting in config.php

Posted: Wed Jul 19, 2006 5:33 pm

Hi Guardian,

I was referring to first thread in this topic discussion. My security image shows as it should using the settings in config.php, however, I would like to know how to "spice up" the security image using the code Raven posted, and also how to make the Security image code more than 6 digits.

Worker Joined: Sep 28, 2006 Posts: 241

If anyone knows of an easy mod to add a trie captcha like in IPB or VB could they pass along the link please ?

Posted: Wed Nov 15, 2006 4:11 pm

Sorry what's a 'trie captcha'?

I assume this is different to the standard nuker captcha?