Skip to content

Codetcha

I’ve sat on the concept for a long time and it has had many names but I’ve got a bit of free time now so I decided to create a proof of concept. It isn’t perfect yet and there may be false positives due to a few bugs but if you read my blog you know I like to release code early :)

So what is it I hear you ask? Well Codetcha is CAPTCHA but not in the traditional sense, it purposely creates code bugs and uses the developers debugging skills to determine if he/she is human or not. In the first version I’ve used Javascript as the error prone code and a PHP mirror behind the scenes to get the relevant value. However any programming language could be used, I decided on Javascript because you can use the native debugging in the browser to help you pass the test.

It’s worth noting that this sort of system couldn’t be used on a non-technical forum or blog because it assumes knowledge of a programming language but it could be used on technical blogs and forums.

Update…

Fixed more bugs, reduced the settings slightly. I’ll release the source code soon once I’ve refined it a bit more.

Update again…

I’ve fixed many bugs, reduced the code by 50% and improved the replace algorithm.

Codetcha demo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • StumbleUpon

Comments 14

  1. gianni wrote:

    You are insane :-)

    Anyway, I figured it out, but I did this without understanding really well what I was supposed to do.

    You should give more instruction on the codetcha page itself.

    Posted 17 Mar 2008 at 1:36 pm
  2. Gareth Heyes wrote:

    @gianni

    I tried to make it as simple as possible, I’ll maybe look into making a bit easy to understand :P

    Glad you figured it out though :) It still contains bugs which I’m going to sort out and I’ll make it a bit more usable as well.

    Posted 17 Mar 2008 at 1:57 pm
  3. Eirik Hoem wrote:

    That’s a new one for me :) Pretty cool concept. I doubt people would use it on forums / blogs, since it probably would prevent a good portion of the posts. Not every visitor / active member knows JS etc. Still, cool idea :)

    Posted 17 Mar 2008 at 2:09 pm
  4. Gareth Heyes wrote:

    @Eirik

    Don’t forget this is the first version ;) CSS, HTML, C# or any other language could be used.

    I’ve fixed a bug with the script and added instructions, have fun :)

    Posted 17 Mar 2008 at 2:19 pm
  5. fragge wrote:

    @Eirik

    It could be made harder.. weed out the non-coders leeching on a coders forum. Imagine it.. it could wipe out script kiddies ;)

    Posted 17 Mar 2008 at 9:57 pm
  6. nikos wrote:

    i ‘m still laughing…

    Posted 17 Mar 2008 at 10:47 pm
  7. islam wrote:

    just test!

    Posted 18 Mar 2008 at 9:24 am
  8. islam wrote:

    hello , just take look about javascript with the main html document so the user will have the ability to control all the page contant and activity which may be lead to XSS Bug
    find way to separate code code checked engine from main page javascript renderer

    thank you!

    Posted 18 Mar 2008 at 9:37 am
  9. Gareth Heyes wrote:

    @islam

    That isn’t XSS. Unless you can provide me with the means to remotely execute the code without user interaction then I won’t fix it. If you consider that XSS then every web site is vulnerable on the internet, go to google.com enter javascript:alert(/XSS/) in the url bar

    Posted 18 Mar 2008 at 9:58 am
  10. Thiago wrote:

    I don’t think that this kind of verification could be realy used. Imagine, to every message in the forum you have to fix these boring useless codes.

    Posted 18 Mar 2008 at 11:33 am
  11. Gareth Heyes wrote:

    @Thiago

    The CAPTCHA is quite easy to solve and only takes a few seconds and it improves your javascript debugging skills along with it. As a added bonus it can also be used to eliminate script kiddies from forums,

    I’m not saying it could be used on all forums but ones with a high technical knowledge it could prove useful.

    Posted 18 Mar 2008 at 11:43 am
  12. fragge wrote:

    @Thiago
    It doesn’t have to be used on every post. Just on registration on members only forum.. elitist coders ftw.

    Posted 19 Mar 2008 at 5:27 am
  13. agente_naranja wrote:

    @Gareth
    Is not *that* easy to solve. It took me like a minute to solve medium, probably you guys can solve it in 30 seconds but it’s still plenty of time. Mostly because I took time to look for the declaration of all variables, not only fixing the missing )’s or }’s. And what about setting some more less obscure variable names? Like “first”, “second”, etc. A variable called “z9gC0″ is difficult to track :P

    But the idea is really good, I mean, users can reduce it to just one line of a code and say “Fix the three errors in this code and press Submit”. That would certainly prevent lots of “useless” people into joining particular websites.

    Posted 25 Mar 2008 at 11:37 pm
  14. Gareth Heyes wrote:

    @agente_naranja

    It takes me around 5-10 seconds to solve, did you use the test syntax and the highlighted lines numbers? I guess I can reduce it and make it easier or harder depending on the target audience, I see it as a means to remove useless comments and spam within a technical environment.

    The code itself can be configured to produce longer/shorter variables and less functions if required, I’ve done it like this because I see each one being unique and therefore difficult to attack.

    Thanks for the good feedback I’ll look into making it more friendly and producing better variable names.

    Posted 26 Mar 2008 at 12:24 am

Post a Comment

Your email is never published nor shared. Required fields are marked *

Comment spam protected by SpamBam