Cracking M1 Free SMS Captcha using the Cloud
I wrote a simple script on cracking the M1 free SMS service using free internet services.
The M1 free sms website is available at http://msgctr.m1.com.sg/guest/index.jsp
The website is ‘protected’ from abuse by a very simple captcha.
The script is pretty much self explanatory and is now available on pastebin.com http://pastebin.com/31NXHGYn
You can also crack the captcha using Tesseract which is the de facto tool for cracking captchas.
However, I have used the font recognition services on http://new.myfonts.com/WhatTheFont for this purpose due to the below reasons
1. This is a very simple captcha
2. The success rates are higher than an untrained tesseract 3.0
3. I do not have to find the font that the captcha is using (required to train tesseract for recognizing the characters in the captcha)
As shown in the below screenshot, MyFonts is able to detect the characters in the captcha accurately which is perfect for cracking the captcha on M1′s sms website.
Please do not abuse the free sms service on M1′s website. It is illegal to do so.
This post is to demonstrate that weak captchas can be easily cracked using online services.
There is a very good article here on how to crack Captcha using Tesseract
For more difficult captchas, you want want to by rendering the services of human captcha crackers.