驗證碼破解與反破解的思路

使用php破解驗證碼，只有一種方法，就是收集驗證碼裡出現字元的特徵碼，然後想辦法分離出驗證碼裡的字元。什麼人工智慧，顯然是php做不到的，所以，只要能收集齊驗證碼裡出現字符的特徵碼，又能找到方法分離出驗證碼裡的字符，就可以破解。
反破解的思路也主要是圍繞這兩步，使用更多的字符，比如使用中文，使用更多的字體和變形，使得同一個字符有多個特徵碼，或者沒有固定的特徵碼。增加分離字元的難度，字元出現在驗證碼中的位置不固定，大小不固定，間距不固定，幹擾像素要能發揮作用。
下面以某網站驗證碼為例，講解如何透過以上兩步驟破解驗證碼。
註：部分程式碼來自phper“罷巴”，特別鳴謝！

/* 對數值數值進行排序，找出第二多的元素，因為第一多的元素是背景色，第二多是字元顏色，換句話說，如果每個字元都使用不同的顏色，或者背景色不是那麼單調，我該怎麼分離出字元顏色呢？ */
function getMostRepeated($array){
 $count = array_count_values($array);
 arsort($count);
 $keys = array_keys($count);

 $keys = array_keys($count);


 return $keys[1];
}
/* 讀取驗證碼圖片，並將像素RGB讀入二維數組，然後分離出有效字元*/
function fixImg($url){
 $img = imagecreatefrompng($url);

 $with = imagesx($img);
 $height = imagesy($img);
 $middle = $height / 2;

 $colors = array();

 for ($i = 0; $i  $color = imagecolorat($img, $i, $middle);// 讀取中線的像素顏色，中線一定會切到字元。 。 。
 $colors[] = $color;
 }

 $mainColor = getMostRepeated($colors);// 分離出字元顏色
 $pic = array();

 for ($x = 0; $x  $flag = true; for ($y = 0; $y  $currentColor = imagecolorat($img, $x, $y); $pos = 0;// 原圖片用的是斜體，為了方便分割字符，轉成正體，所以用斜體是沒用的。 。 。
 if($y  $pos = 0;
 }elseif($y >= 16 && $y  $pos = 1;
 $ pic[$y][0] = 0;
 }elseif($y >= 21 && $y  $pos = 2;
 $pic[$y][0] = $pic[$y][1] = 0;
 }else{
 $pos = 3;
 $pic[$y][0] = $pic[$y][1] = $pic[$y][2] = 0;
 }
 // 因為幹擾像素和字元的顏色完全不同，輕而易舉的分離出字元色，字元像素點置1，所以乾擾像素顏色至少要有部分是和字元顏色相同才行！
 if ($currentColor !== $mainColor) {
 $pic[$y][$x $pos] = 0;
 }else{
 $pic[$y][$x $pos] = 1;
 $flag = false;
 }
 }
 }

 回傳$pic;
}
// 傳說中的特徵碼
$char = array(
'A'=>'000000000000000000010000000000001000001011000000001010101010 0000000000000000101110011000 0000011111100000011000000011111111100011000000000001111111011 111110000000000000000111111100000000000000000000000000000000000000110000000000111000000000000000000011111 1111101111111111111111111101100000001100000001101100000001100 0000001101111111110011000111100111111000111111110000111010000111111110000000000000011111 '0000010111100000000000000111111111111000000011111111111111000000111010000111111110001110000111000000 011000110000000000000011101100000000000000111011000000000000 000001101100000000000000011011000000000000000000110000000 0000000110001100000000000 111011111111111111111111011111111111111111111011000000000000000011011000000000000000011010 000000110110000000000000000110110000000000000001101100000000 00000011110000111100000000111100000111111111111111000000011 111111111100000000000111111110' 111111101111111111111111111101111111111111111111011000000011 1000000001101100000001100000001101100000001100000001101100000 >'F'=>'11111111111111111111011111111111111111111111111111111111111111111111111110111111111111111111101100000001100000010010100100100 100000000001100000001100000000001100000001100000000001100000 >'G'=>'00000101111000000000000001111111111110000000111111111111110000001110100001111111001010100100100101010101010 00000000000000001110110000000000000000110110000000000010000000001101100000000 00000000000001110000000000000000110110000000001111111100110000000011111111000110001101000000111111111001100001010101 ',
'H'=>'111111111111111111110111111111111111111110111111111111111111111111111111111011111111111111111110000000000110000 00000011000000000000000000000000000 0000000000000000001100000000000 0000000000111111111111111111 110111111111111111111111 1111111111111111011111111111111111110111111111111111111110' ,
'J'=>'1111111110' ,
'J'=>'1111111111111111111111111111111111111111 1111111111110',
'K'=>'11111111111111111110111111111111111111111111111111110111111111111111 000000000000000011011000000001111000111100000000011110000011101010010100101010101010 00000000111000111000000000000011100110000000000000011101000000000000000001100000000000000'
'L'=>'111111111111111111110111111111111111111110111111111111111111111111111111110111111111111111000000000000 000000000000000000000011000000000000000000001100110000 0000000000000000110',
'M'=>'111111111111111111110111111111111111111110111111100000101010010010010 11111100000000000000001111110000000000000000000000000011111100000000000000011111111000000000 0000000000000001111000000000 011111111111111111111011111111111111111110111111111111111111110',
'N'=>'111111111110',
'N'=>'111111111111 111100000000000000000111110000000000000000000000000000000000 0000000000000000000000111110000000000000000011111110 1111011111111111111111111011111111111111111110',
'O'=>'0000010111110000000000000011111 000001110100000011111000011100000000000111000110000000000000 00011011000000000000000011011000000000000000000000000000000 0001111000011110000000011110000001111111111111110000000011111111111000000000001111111100000,000,000' >'P'=>'111111111111111111110111111111111111111111111111111111111111111111111111101111111111111111111011000000001100000100100100 110000000001100000001110000000001100000001110000000001111000011100000000000111111111000101010101010101010101010101010101010101010101010101010 1110000000000000',
'Q'=>'00000111111000000000000000000000000000011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111E00太000000000000太0011011000000000000001111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111往1111111111111111 0000000110000000000110000000000000111000000000000000000000000001111000000000000000000000000000000000000000000000000000000000000000000000000000000111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111E1111111111111111ME 000000000000000000000000010'，
's'=>'000111000000000000000000000111111111111111111111111111111111111111111111111110111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111太及來說1000000011111111111111011000000001 111111000000000000001111100000'，
't' =>'1100000000000000 0000011000000000000000000011000000000000000000011000000000000 00000001100000000000000000001100000000000000000001100000000000000000001111111111111111111101111111111111111111110111111111 11111111111011000000000000000000011000000000000000000110000000000000000000110000000000000000000110000000000000000000110000 000000000000000110000000000000000000' ,
'T'=>'1100000000000000000001100000000000000000011000000000000000000010000 000000000000000000011111111111111111110111111111111111111110111111111111011111111111111111101111111111111111111101100000000000000000000 00110000000000000000000110000000000000000001100000000000000001 00011000000000000000000
'U'=>'1111111111111111100001111111111111111100001111111111111111111100000000000001000 00000000000000000000000011000000000000000000110001100000000000000 100000000000000000111100111111111111111111000111111111111111000000',
'V'=>' 111100000000000000000111111000000000 00000001111111110000000000000000001111110000000000000000111111100000000000 000000111111110000000000000001111111000000000000000001111110000000000000000011110000000000000001111110000000000010111101000 0000000001111100000000000010111110000000000001 1111100000000000000111010000000000000111100000000000000000',/ /少讀一列
'W' =>'111111000000000000000111111111000000000000111111111110000000000000001111111111100000000000011111111100 00000000000001111 11111000000000000000011111000000000000001111111000000000111111100100000001111111110000000001111111000000 0000000111111000000 000000000111111000000000000000111111111110 00000000000000011111111111000000000001111111111100000000000000 11111111100000000 00000000111110000000000000011111110000000001111111001000000011111111000000000011111111000000000000111110 100000000000000',
'X'=>'0000000000000000000101100000000 0000000011011110000000000001110011111100000000011100000111100 0000001100000000011 110000011000000000000111110110000000000000111111100000000000000001111000000000000000001111100000000000 001111001111000000000 01111000111111000000011110000001111000000111000000000011110001110000000000000111101100000000000000011 10100000000000000000010',
'Y'=>'1100000000000000000011 1100000000000000000111111000000000000000001111000001000 011111000000000000000011111111111110000000000000000000111111111111100000000000000000001111111111111000000000 0011110000000000000000111000000000000000011100000000000000001100000000000000000001000' 00000000000000000001111111011000000000001111110111101100000000000111011011000101010101010101010101010101010101010101010101010101010 11011000000011110000011011000001111000000110110001111100000000110110011111000000000110101010101010101010101010101010 0000110111100000000000001101110000000000000110',
'0'=>'00000101111101000000000011111 0001110000000000001110001100000000000001100110000000000000001110110000000000000000 000011011100000000000001110001111100000000111100001111111110111111000000011111111111101111100000001111111111100101010101010101010101010101010 ',
 '1'=>'00110000000000000011000110000000000000011001100000000000000011001100000011101010101011 1111111 111111111101111111111111111110000000000000000001 10000000000000000000110001 100000000000000 ,
' 2'=>'0000000000000000001100011000000000001111100110000000000001111100110001100000000001011110011000010101010101010 000000001 1100011011000000000111000011011000000001110000011011100000011100000011011110010101010101010101010101010101 0011111110 00000000110000111110000000000110',
'3'=>'011000000000000001100010000000000000011001100000001100000001101100000001 10000000110110000001110000000110111000011011000001110111111110110000111000111111100011111010101010 00000111101000',
'4'=>'0000000000001100000000000000 00011100000000000000001111110010010 01100000000000111100001100000000001111000001100000000011100000001100000000111000111000000011000000001110000000111111 11 111111111111011111111111111111111000000000000011000000000000000000011000000000000011010' 100 00000011001111111110000000011101100000110000000001 1011000001100000000011011000001101010101010 000 00'，
'6 '=>' 0000010111101110000000000111111111110000001111111111111110000011101001010000111000100000111010010100001110001000 00 0111011000001100000000011011000001100 00000001101100000110000000001101100000111100101010101010101010101010101010101010101010 11 000 111110110000000000011111110110000000000111111100110 00000001111100000011000000111110100 1110 0000000000011011111000000000000111110000000000000000 11110000000000000000111100 0011 1100000001110000001111110000011111100111111110001 111111111110000110001100011111101010101010 1111 000000011011000000111000000011011000000111100000011 01110010111110000001101111111101011101010 011101 00001111111000000000000000111100000',
'9'=>'0 0001111110000000000000111111111000000110000111111111000000110 001110000001110010000110100101010101010101010101010101010 000110000001 10110000000001100000110110000000001100000110110000000001100000 111111111111 1100000011111111111100000000000111111110000000',
);
$ arr = fmgmg(https"和驗證碼位址，為了支援https，你的php環境要開啟openssl
for($i = 0;$我 unset($arr[$i]);//前10行是空白

$ y = 0;//採用由上到下，從左到右順序讀取特徵碼，從第0行開始（實際是第10行）
$len = 31;//多讀一行，JQ超過20行，且J後面幾行佔了上個字元的位置
$ code = array();//分離出來的字元特徵碼
$str = '';

while($ y  $flag = true;// 全0為空白垂直線
 $line = '';
 for($i = 10;$i  if($arr[$ i][$y])
 $flag = false;
 $line .= $arr[$i][$y];
 }
 $isw = false;
 $isy = false;
 // 對vw的特殊處理
 if($str == = $char['V'] || $str === $char['W']){
 $ flag = true;
 $isw = true;
 }elseif($str === $char['Y'] || $str === $char['A']){
 $ isy = true;
 $flag = true;
 }

 if($flag){
 if (strlen($str) > 21)
 $code[] = $str;
 $str = '';
 }else{
 $str .= $line;
 }
 if($isw){
 $str = '00' .substr($line,2,strlen($line));
 if($str === '000000000000000000000')
 $
 $ $isw = false;
 }
 if($isy){
 $str = $line;
 if($str === '00000000000000000000')
 $str = '';
 $isy = false;
 }
 $y ;

}

//字元輸出
foreach($code($code($code as $v){
 $match = false;
 foreach （$char 作為$key => $v2){
 if($v === $v2){
 echo $key;
 $match = true;
 }
 }
 if(!$match)
 echo '?';// 與字元輸出問號不符
}



複製程式碼