Alfa/MTC SMS Bot

[xcoder]

Don't worry they will remove it soon =)

[Google]

Quote:

Originally Posted by xcoder

Don't worry they will remove it soon =)

I thought that they might remove it. But at the end. I don't really care.
And are you saying this based on some feelings, thoughts or insights?

I'm being very busy for the moment. I will try to solve that problem as soon as I can. But let's face it. How would I manage to solve this problem?
I have 4 solutions in mind and I don't mind this time publishing them in public. Let it be.

1- Code an OCR (optical character detection) function and add it to the bot.
2- Make the CAPTCHA image load in the bot form (Exactly like Alfa did).
3- Implement my CAPTCHA exploit in the bot.
4- Other_unknown_method (Maybe a private exploit ).

Solution 1 is perfect theoretically speaking but not practically. Cause OCR methods have a certain accuracy. When coding some spam bots, this accuracy doesn't really matter since for example if the bot didn't make it with the 20% false positives to register to a certain website, it will make it with the other 80%, so for example 800 users will be created from 1000 attempts (Which is very good!). While this is acceptable when dealing with spam bots, it is not acceptable in our case. Cause suppose the accuracy of my OCR algorithm is 95%, means that there are still 5% of false positives. These 5% can occur at any time, so we won't take the risk and use a program that drops 5% of the sent messages without the user knowing. So the solution 1 can't be a real solution in our case because there is not ideal OCR algorithm with 100% accuracy.

Solution 2 is a mimic state for the current one on Alfa website. This will surely solve this problem, but I don't like it. I don't like the CAPTCHA thing at all. It is not because I'm the bot author, it is because... listen carefully...
Do you know what is the purpose of CAPTCHA tests? Alfa didn't really implement CAPTCHA in the right place. Not at all! CAPTCHA is used to avoid spam. Now in our case, the user only has 5 tiny messages to send. So putting a CAPTCHA there and forcing the user to analyze it and write it each time he/she wants to send a message is not really a good decision made by Alfa. I wonder who's the person behind this decision.

Solution 3 is based on an exploit found in the code of the CAPTCHA used by Alfa. You can find the code of the CAPTCHA used on CodeProject.Com. Actually the exploiting part is easy, ready and applicable (I'm not going to mention now any details about the exploit). But the hardest part of the whole process is to implement this exploit in the bot. I'm sure no one understands what I'm talking about because I didn't clarify the exploit and explain it. But it needs a human side to function within the bot. This cause a little dilemma here because the bot is meant to work by itself. Anyways, this exploit is under study (for the possibility to neglect the tiny human intervention in the process), not just for Alfa SMS bot but for other purposes also.

Solution 4 is not known for the time being because I haven't yet find the time to manage to solve this issue. Maybe I'll find other alternatives for the 3 solutions presented before.

At the end, I would like to thank Alfa for promoting the "security through obscurity" slogan. All I can say is that the CAPTCHA validation was a bad decision. I'll end up with this picture (edited by me). It expresses the whole scene.