How does Google reCAPTCHA v2 work behind the scenes

Question

This post refers to Google ReCaptcha v2  not the latest version   Recently Google introduced a simplified  captcha  verification system  video  that enables users to pass the  captcha  just by clicking on it   But how can it differentiate a bot from a person just by a click   As per this answer   assuming a similar implementation   at first  recaptcha  generates a hidden key and attaches it to a hidden input element and also lazily renders a check box  not an actual check box input but a div  with the same key which when clicked  sends an asynchronous request  XHR  to the Google backend servers to mark it as a valid verification key  i e  a key that has to be validated when the form is submitted    But why can t bots automate that click  at least  browser-based bots    How might this work

User · Answer

My Bots are running well against ReCaptcha.

Here my Solution.

Let your Bot do this Steps:

First write a Human Mouse Move Function to move your Mouse like a B-Spline (Ask me for Source Code). This is the most important Point.

Also use for better results a VPN like https://www.purevpn.com

For every Recpatcha do these Steps:

If you use VPN switch IP first
Clear all Browser Cookies
Clear all Browser Cache
Set one of these Useragents by Random:

a. Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

b. Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0

5 Move your Mouse with the Human Mouse Move Funktion from a RandomPoint into the I am not a Robot Image every time with different 10x10 Randomrange

Then Click ever with random delay between

WM_LBUTTONDOWN

and

WM_LBUTTONUP
Take Screenshot from Image Captcha
Send Screenshot to

http://www.deathbycaptcha.com

or

https://2captcha.com

and let they solve.

After receiving click cooridinates from captcha solver use your Human Mouse move Funktion to move and Click Recaptcha Images
Use your Human Mouse Move Funktion to move and Click to the Recaptcha Verify Button

In 75% all trys Recaptcha will solved

Chears Google

Tom

User · Answer

May I present my guess  since this is not a open technology   Google says it s about combing information from before  during  after to distinguish human from robot  But I am more interested about that final click on the check box   Say  the POST data  solved CAPTCHA  has a field called fingerprint  a string calculated from user behavior  I think there may be a field about that check box location  I guess this check box is in a coordinate system randomly generated by Google back-end and encrypted by the public key of my site  So  a robot may  guess calculate  a location about this box  but when site owner makes the GET query with private key to verify user identity  Google will decrypt the coordinate system and say if the user click on the right place  So  only one possible right click with some offsets  it s a square box  location in this random coordinate system owned by only Google and site owners

User · Answer

Please remember that Google also use reCaptcha together with  Canvas fingerprinting    to uniquely recognize User Browsers without cookies

User · Answer

A new paper has been released with several tests against reCAPTCHA   https   www blackhat com docs asia-16 materials asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp pdf  Some highlights    By keeping a cookie active for  9 days  by browsing sites with Google resources   you can then pass reCAPTCHA by only clicking the checkbox  There are no restrictions based on requests per IP   The browser s user agent must be real  and Google run tests against your environment to ensure it matches the user agent  Google tests if the browser can render a Canvas  Screen resolution and mouse events don t affect the results    Google has already fixed the cookie vulnerability and is probably restricting some behaviors based on IPs   Another interesting finding is that Google runs a VM in JavaScript that obfuscates much of reCAPTCHA code and behavior  This VM is known as botguard and is used to protect other services besides reCAPTCHA   https   github com neuroradiology InsideReCaptcha  UPDATE 2017  A recent paper  from August  was published on WOOT 2017 achieving 85  accuracy in solving noCAPTCHA reCAPTCHA audio challenges   http   uncaptcha cs umd edu papers uncaptcha woot17 pdf  UPDATE 2018  Google is introducing reCAPTCHA v3  which looks like a  human score prediction engine  that is calibrated per website  It can be installed into different pages of a website  working like a Google Analytics script  to help reCAPTCHA and the website owner to understand the behaviour of humans vs  bots before filling a reCAPTCHA   https   www google com recaptcha intro v3beta html

User · Answer

This is speculation  but based on Google s reference to the  risk analysis engine  they use  http   googleonlinesecurity blogspot com 2014 12 are-you-robot-introducing-no-captcha html   I would assume it looks at how you behaved prior to clicking  how your cursor moved on its way to the check  organic path acceleration   which part of the checkbox was clicked  random places  or dead on center every time   browser fingerprint  Google cookies  amp  contents  click location history tied to your fingerprint or account if it detects one etc    It s fairly difficult to fake  organic  behavior in such a way that it would fool a continuously learning pattern detection engine  In the cases where it s not sure  it still prompts you to match an actual CAPTCHA string

[captcha] How does Google reCAPTCHA v2 work behind the scenes?

Examples related to captcha

Examples related to recaptcha