Recently I was asked if captchas.net is still secure today. My guess was it probably was not very secure, when compared to the fuzzy text of reCAPTCHA, but I wasn’t sure by how much, so I decided to look into it a bit more.
As you may know, Google has deprecated their old reCAPTCHA V1 API, in favor of their new reputation and image recognition based system. Apparently this may also in-part be because advances in text recognition software is starting to make the fuzzy text challenge obsolete.
As a research experiment, I decided to try my hand at solving captchas.net captchas with only software, and see how well I could do.
Recently while reverse engineering a piece of malicious macOS software to study what exactly it does, I noticed something odd in the binary. There seemed to be a little signature or message in the binary.
(c) 2014 - Cryptic Apps SARL - Disassembling not allowed
Necessity is the mother of pull requests, so that’s what I did.