Breaking The MintEye CAPTCHA One More Time


A while back we saw the MintEye CAPTCHA system  – an ‘are you human’ test that asks you to move a slider until an image is de-swirled and de-blurred – cracked wide open by exploiting the accessibility option. Later, and in a clever bit of image processing, the MintEye CAPTCHA was broken yet again by coming up with an algorithm to detect if an image is de-swirled and de-blurred.

It appears we’re not done with the MintEye CAPTCHA yet (Russian, translation). Now the MintEye CAPTCHA can be broken without any image processing or text-to-speech libraries. With 31 lines of Java, you too can crack MintEye wide open.

The idea behind the hack comes from the fact that blurred images will be much smaller than their non-blurred counterpart. This makes sense; the less detail in an image, the smaller the file size can be. Well, all the pictures MintEye delivers to your computer – 30 of them, one for each step of swirl and blurring – are the same size, meaning the ‘wrong answer’ images are padded with zeros at the end of the file.

There’s a 31 line program on the build page that shows how to look at thirty MintEye images and find the image with the fewest zeros at the end of the file. This is, by the way, the correct answer for the MintEye CAPTCHA, and has a reproducibility of 100%.

So, does anyone know if MintEye is a publicly traded company? Also, how exactly do you short a stock?

20 thoughts on “Breaking The MintEye CAPTCHA One More Time

    1. the image data will contain some value that indicates the length of the image data rather than the filesize, otherwise we would see the padding in the image.
      checking this rather than looking for and counting the padding should be simple enough

  1. The (obvious) solution is to adjust the compression level on the generated images until the file sizes are random. This may also help a little with the other approaches for breaking minteye as the higher compression ratio may blur the images some…

    1. The reason why the image size will be smaller is because in JPEG, when an image is blurred, a lot of the DCT high-frequency coefficients will be near-zero (and even more after quantization). All those zero coefficients will be highly compressed by the following coding stages (RLC and Huffman).

    1. To a large extent thats what this ends up because of theway that JPEG compresses the image. This ends up a little indirect but works fairly well in practice. Id suspect even if they go bmp or random jpeg quality itll still work fairly well since you can recompress or do a direct fft check like you suggested. I dont see how they can prevent these attacks at the moment.

      1. The only way I see to prevent FT like attacks would be to use low resolution images so there simply isnt much spatial information to work with. That sort of defeats the purpose of being easy for the user/aesthetic though.

    1. Different monitors, especially cheap ones, have wildly varying color accuracy. I am right now using two monitors of the same brand, model, and age. One makes everything look a little cool. The other makes everything pink. Neither can be adjusted far enough to make the effect not noticeable. I’m not convinced a CAPTCHA that relies on color could be set up to be reliably solvable by humans but not computers without being really, really annoying.

      1. ok, maybe MintEye is meant to be not so annoying, but CAPTCHAs in general are annoyance to humans. The problem with colour accuracy is not really a problem. The colour shifts of the CAPTCHAs, or inversions of them are hardly something which can not be made distinguishable enough.
        Compare this to the MinEye use case where your old CRT is out of focus. You’re probably able to tell where the picture is looking least off?
        Colour based scrambling is least vulnerable to spectral analysis and image recognition based exploit angles.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.