I was just wondering - and forgive me in advance, I know I'll sound dumb but I'm no programmer myself - I guess that ABers currently have ways to solve the captcha that work just fine but from what I read, they're based on things like finding the darkest pixel in the picture... Anyway, they obviously work, but I did some reading about captchas myself and now I see that the Neopets images themselves contain MD5 hash data, so wouldn't it be possible to just save a ton, if not all of Neopets captcha jpegs (I don't know how many there are) and decrypt the hashes? Once you had the encryption key, you could also solve any captcha easily that way, right? Impossible? Pointless? Or potentially useful?
Possible, probably pointless... (cost/benefits don't quiet equal out) it would take about as long to scan the image as it would to scan the file for the right hash.
right now, the OCR in most aber is able to find the pet to click in less than 10ms. I highly doubt that your way would be faster.
Indeed, I think your way would even take more, as the database of all the md5 hashes would be too large to scan it fast. It would of course be more accurate, as some pets are not located where the darkest pixel is, but I think it wouldn't really be worth it.
Okay, thanks for the replies one and all but now I have something else to ask you -- I saved some of the images and submitted the hashes to cracking programs yesterday and I have the key/pass/message now, but I don't understand what I'm looking at. For example, this picture: contains the hash 0f6c1daa5b6477cf0a018401e0048165 and the returned solution was 1239825059 and this picture: had 1d51140a4a3e9a50cef8838465873bd9 and the returned solution was 1239825510 So can anyone explain in layman's terms how these answers actually signify anything? I'm sure that in a way these "messages" or solutions explain where (and maybe what) the captcha picture is in the jpeg, but not in a way that I understand. Like I said, I'm not a programmer - but I am a quick study if anyone can take a few minutes to enlighten me. From what I've read though, I can tell that Neopets doesn't use advanced or difficult hashes - they're very basic and easy to crack.
Ok, you don't seem to understand how hashes work. They are one-way functions that are NOT one-to-one bijections. You can't find the inverse of a hash. Let me give you an example: The square root function returns a number that when squared, gives you the input variable. Like-wise, you are trying to find the input variable that when hashed, gives you the hash. However, the square root function (like hash functions) returns two solutions (a positive and a negative one). The inverse of a hash function returns an infinite number of solutions. Thus, its impossible to find what the original message is after its been hashed. When you use a program to find the solution to a hash, you are finding ONE solution.
? All math aside, Wikipedia reads like hashes are a method of encryption - widely used to store passwords, for example. Like I said I'm no programmer so I'm asking this without ego, but if you can't retrieve the original message in a hash, how are you getting your password back?
Hashes are technically not encrypted messages since the original plaintext cannot be retrieved. When you get your password back via email, I think the server has your password stored as plain-text (or encrypted) somewhere in a database. Normally for logins, it is unnecessary to know the actual password, only the hash is necessary since the server can just compare the hashed password with the hash of the input. That's why some sites do not allow retrieval of your password and only resetting it is allowed.