The 12306 strange verification code was cracked, and it couldn't stop scalpers at all

Some experts told Tencent Technology that it is not difficult to break this graphic verification code.

The 12306 strange verification code can't stop scalpers at all: the cracking method is like this

Tencent Technology Sun Hongchao reported on December 8

"Please click on all the lilies in the picture below", "Please click on all the Bosphorus in the picture below"...... These strange verification codes have blown up the circle of friends in the past two days, and have forced those already in a hurry to rack their brains again.

In 12306's view, the endless graphic codes can effectively crack down on scalpers and ticket grabbing software, although it affects some user experience.

However, some experts told Tencent Technology that it is not difficult to break through this graphic verification code, and some experts told Tencent Technology that the new verification code may make it easier for scalpers to swipe tickets.

Strange and strange facts are mostly falsely transmitted

At present, there are a number of strange verifications circulating on the Internet: Bai Baihe, Yang Chengang, short man, beautiful man...... These have also become the object of complaints from netizens.

However, according to Tencent Technology's observation, most of the strange verification codes do not exist, and after netizen statistics, the current verification codes can be divided into the following twelve categories:

Animals, plants and insects: lizards, penguins, dinosaurs, lotus leaves, dragonflies, etc

Food, fruits and vegetables: fried dough sticks, leeks, sandwiches, plums, pineapples, etc

Daily necessities: rain boots, toothbrushes, brooms, shovels, hot water bottles, etc

Office supplies: projectors, folders, fax machines, file bags, etc

Outdoor sports: tents, basketballs, rackets, bowling, dumbbells, etc

Home appliances 3C: mobile phones, TVs, water heaters, rice cookers, etc

Daily necessities: bamboo mats, pillows, beds, pressure cookers, cooking oil, etc

Jewelry: jadeite, diamond, agate, watches, etc

Travel tools: airplanes, bicycles, yachts, etc

Traditional culture: purple clay pots, blue and white porcelain, lion dance, face painting, New Year paintings, etc

Public facilities: fountains, street lamps, libraries, newsagents, railway tracks, etc

Proper nouns: moon, pyramid, dark cloud, solar energy, etc

According to relevant media reports, there are currently 581 image verification codes in the 12306 background.

Image recognition is not difficult

The update of the verification code has always been the focus of attention on 12306, because the Spring Festival ticket has not been able to get rid of the shadow of scalpers.

The initial CAPTCHA is often a simple number or a simple character consisting of numbers plus letters. This verification code was quickly cracked, and then 12306 began to introduce addition, subtraction, multiplication and division calculations, which did not last long.

According to industry insiders, this verification code can be easily cracked by optical character recognition technology and some background software. The person also told Tencent Technology that after adopting picture technology, the difficulty of cracking has increased relatively, and the corresponding characters of the picture have also increased the difficulty.

However, according to actual tests, with the help of intelligent image recognition technology of giants such as Google, computer software can recognize the meaning of most pictures, with an accuracy rate of 85%.

At present, the most complained about is the poor image quality of the verification code, but an insider of Beijing Megvii Technology, a domestic machine vision company, told Tencent Technology: "12306 is not without high-quality pictures, but deliberately selects pictures that are difficult to recognize, the purpose is to make it difficult for humans to recognize, so that machine learning will be very difficult, although it can be technically operated, but the recognition rate will be very low." ”

Previously, it was reported that 360 software has been able to recognize pictures based on search big data, with an accuracy rate of 90%. However, its old rival Cheetah ticket grabbing software does not have this function, and when the verification code appears, users need to manually check it, and Li Tiejun, a Cheetah mobile engineer, said that 360's approach will destroy the stability of the 12306 system itself.

Li Tiejun also told Tencent Technology that this year's cheetah will mainly upgrade the user experience: "For example, it will automatically prompt which route is busier, and it is difficult to grab tickets." ”

In Li Tiejun's view, the current verification code is the same difficulty for everyone, and it will alleviate the traffic impact in a short period of time, which is fair.

Violent bankruptcy

But some experts in image recognition have also provided additional ideas to Tencent Technology.

The data shows that the number of graphics codes for the 12306 website is 581, and a security employee from a domestic Internet giant company told Tencent Technology: "581 or even 5800 is not difficult for the machine, as long as you can be patient enough, brush out all the pictures and add notes, brute force cracking is easy." ”

Megvii Technology insiders also told Tencent Technology: "The machine can remember the answer in advance, and when the verification code is needed, it can be memorized, and ready-made tools can easily do it." ”

The two industry insiders also told Tencent Technology that if 12306 does not strengthen the number of its own pictures and the intelligence of the gallery, then scalpers can easily grab tickets through technical means during the Spring Festival.

Megvii Technology insiders even told Tencent Technology: "In this way, compared with the previous dynamic verification code, the question set has been reduced, and you only need to compare the known correct answer pictures with the candidate pictures given to successfully pass the verification." ”

Another scalper in the industry gave a different approach, he told Tencent Technology: "A simpler way to bypass verification is to go to some areas with lower labor costs, hire some people to swipe the verification code, and leave the rest of the process to the machine." ”

In Li Tiejun's view, although these practices are easy to achieve, they are easy to trigger the interception rules of 12306: "This year, the ban time of 12306 is very long. ”

In Li Tiejun's view, in addition to the graphic verification code, 12306 will also use a variety of methods to restrict scalpers this year.

1. Limit the opening of multiple accounts

A 12306 account can only be online once, in the past there was no limit, scalpers can open multiple browsers, multiple computers, computers and mobile phones to grab tickets at the same time;

2. Limit single rush buying

There are a lot of people in China whose personal information has been leaked, and scalpers can use this personal information to register multiple accounts to facilitate ticket grabbing, but 12306 restricts a maximum of 15 contacts to an account, and is not allowed to be deleted within half a year. Therefore, scalpers sell tickets for up to 15 people on one account.

In Li Tiejun's view, the super difficult verification code not only stumped netizens, but also stumped scalpers who scalped votes. But he also told Tencent Technology that although a variety of technical means have been adopted, the complaints against 12306 will not decrease: "After all, the contradiction between supply and demand is still very large." ”

Source of this article:http://www.techweb.com.cn/internet/2015-12-08/2237711_1.shtml