博客

前几天饭总在采集某网站数据时候被它的验证码拦住了，在范总自己折腾了一个晚上未果后问我有没做过类似事情。之前自己也很少去研究验证码东西，都是找一个顶着用就是，从来没去搞过破解什么的。Google一番，原来BMP图像直接可以读取，一个像素是对应着一个数据的。因此思路出来了。BMP图像的来源及介绍看

这里

，而用C同学想研究它的数据存储结构的看

这里

。

BMP图像包括这几类数据：文件头、位图信息头、颜色信息和位图数据四部分组成。既然位图数据即图形数据能读取出来，那么任何一张验证码图片里面的某一个Code也就能读出了，因为它本身也是由程序生成，那么我们就一定也能从图片反过来分割图片后找出图片里各个字符以及他们在BMP图像里面的一些参数出来。比如我找到的如下：

itemNums //图片中包含元素图像的个数<br /> itemWidth //单个字符图像的宽度<br /> itemHeight //单个字符图像的高度<br /> itamSpace //两字符图像之间的间隔<br /> leftMargin //字符图像与BMP图片的内左边距<br /> rightMargin //字符图像右边距<br /> topMargin //字符图像上边距<br /> bottomMargin //字符图像内下边距<br /> bmpWidth //BMP图像宽度（可以程序读出）<br /> bmpHeight //BMP图像高度（可以程序读出）<br />

上面这些数据除了BMP图片本身的高度和宽度可以程序读出来以外，其他的都必须自己去分析需要破解的验证图片得出，而且所有参数单位为像素（px）。比如我做的图片分析如下：

有上面这张图片的分析我想大家应该大体都知道怎么去做验证了。我的思路步骤为下：

1.收集某验证码BMP图片若干，然后仔细用PS或者其他图片处理工具打开，做我上面这样分析，得到该图像的。

2.有了以上分析得到的图片特征数据，我们就可以很快的写出以下功能函数。我是写了一个类，包含方法接口如下：

class readBmp{<br /> function config($configArray); //读取配置数据<br /> function setFile($file); //设置要读取的文件<br /> function readData(); //读取文件所有位图数据<br /> function getIndex($index); //读取图片中的index位置的元素图像数据，为后面图片验证使用。<br /> function display(); //打印显示<br /> function getCode(); //得到最终图片中的验证码<br /> }

3.我们现在能得到一个BMP图片里的所有某个元素图像的数据了，我们得到的位图数据是这样的：每个像素的数据都是存储着他的RGB颜色值。比如255255255白色。有这些数据，我们经过处理就可以做匹配认证了。首先这一步我们需得到验证码图片的所有元素的数据模板。比如某套验证码图片的有5个字符图像，包括0-9 A-Z这么多，那么我们可以先用getIndex(n)读某一张上某一个index的元素图像数据，因此我们还得先收集满若干原始图片，并保证这些图片里元素图片全部都出现过，这样我们就能采集到一个完整的元素图像数据库。这里提醒下，一般验证码图片都有些干扰像素啊什么的，我们可以这样处理，根据不同的BMP图像里面防干扰的条文来做，设置一个中间点，低于的全设置为0，而高于的都设置为1.那么我们最终一个像素的数据将是(111、110、001、101…)。采集元素位图数据库是一个体力活，要用到眼睛、N张图片、手、以及不断去修改读取图片的路劲、参数等O(∩_∩)O~

4.有的元素图像数据库，我们现在就可以高调的接受破解某张验证图片了，读取图片，然后一个循环读取它的元素图像，并与元素图像数据库里面的去对比，判断是否相同或者高深点算法判断下有多大相似度，并果断认定它是哪一个Code，一次循环下来就出结果啦，呵呵！

上完整代码

：

readerFile.class.php

/**<br /> * Current File: readBmp.class.php<br /> * Current Time: Wed Oct 20 20:28:04 CST 2010<br /> * Author : By Larro $<br /> **/ </p> <p>class readBmp{<br /> /**<br /> * 图片文件<br /> * @var string<br /> */<br /> var $_bmpfile = ”;</p> <p> var $bWidth = 0;<br /> var $bHeight = 0;</p> <p> /**<br /> * 图片宽度<br /> * @var int<br /> */<br /> var $iWidth = 0;</p> <p> /**<br /> * 图片高度<br /> * @var int<br /> */<br /> var $bmpHeight = 0;</p> <p> /**<br /> * 图片BMP数据起始像素位置<br /> * @var int<br /> */<br /> var $bmpOffSet = 0;</p> <p> /**<br /> * 图片数据，bmp格式文件读取<br /> * @var int array<br /> */<br /> var $bmpData = array();</p> <p> /**<br /> * 数据元素左边距<br /> *<br /> * @var int<br /> */<br /> var $toLeftBorder = 0;</p> <p> /**<br /> * 元素右边距<br /> * @var int<br /> */<br /> var $toRightBorder = 0;</p> <p> /**<br /> * 元素上边距<br /> * @var int<br /> */<br /> var $toTopBorder = 0;</p> <p> /**<br /> * 元素下边距<br /> * @var int<br /> */<br /> var $toBottomBorder = 0;</p> <p> /**<br /> * 元素宽度<br /> * @var int<br /> */<br /> var $itemWidth = 0;</p> <p> /**<br /> * 元素高度<br /> * @var int<br /> */<br /> var $itemHeight = 0;</p> <p> /**<br /> * 元素间距<br /> * @var int<br /> */<br /> var $itemSpace = 0;</p> <p> var $keyLib = array(<br /> 0 => ‘0000001111000000000011111111000000111100011111000011000000011100001100000000110000110000000011000011000000001100001100000000110000110000000011000011000000001100001100000000110000110000000011000011100000011100001111100111100000001111111000000000001110000000’,<br /> 0 => ‘0000001111000000000011111111000000111100011111000011000000011100001100000000110000110000000011000011000000001100001100000000110000110000000011000011000000001100001100000000110000110000000011000011100000011100001111100111100000001111111000000000001110000000’,<br /> 1 => ‘0000111111110000000011111110000000000001100000000000000110000000000000011000000000000001100000000000000110000000000000011000000000000001100000000000000110000000000000011000000000001101100000000000111110000000000001111000000000000011100000000000000100000000’,<br /> 2 => “0111111111111000011111111111000000111100000000000000111000000000000001110000000000000011110000000000000111100000000000000111100000000000001111000000000000001110001100000000011000111000000011000001111000011000000011110111100000000011111100000000000110000000”,<br /> 3 => “0000001110000000000011111111000000111100111111000111000000011100010000000000110000000000000011100000000000000110000000000111111000000111111111000000011110000000000000111100000000000000111000000000000001110000000000000011110000111111111111100011111111111100”,<br /> 4 => “0000000011000000000000001100000000000000110000000000000011000000001111111111110000111111111110000011100011000000000110001100000000011100110000000000110011000000000010001100000000000000110000000000000011000000000000001100000000000000110000000000000010000000”,<br /> 5 => “0011111111110000001111111111100000000000000111000000000000001110000000000000011000000000000001100000000000000110000000000011110001111111111110000111111111000000011000000000000001100000000000000110000000000000011000000000000001111111111110000111111111110000”,<br /> 6 => “0000001111000000000011111111000000111100011111000011000000011100001100000000110000110000000011000011000000001100001111100011110000111111111110000011001111000000001100000000000000110000000000000011100000011100001111100111100000001111111000000000001110000000”,<br /> 7 => “0000110000000000000011100000000000000110000000000000011100000000000000111000000000000001110000000000000011000000000000001110000000000000011100000000000000110000110000000011100011000000000111001100000000001110110000000000011011111111111111111111111111111110”,<br /> 8 => “0000000110000000000011111111000000011110111110000001100000011000000110000001100000011000001110000001111001110000000011111100000000000111111000000001110011110000000110000011000000011000001110000001100000011000000111111111000000001111111000000000000100000000”,<br /> 9 => “0000001111000000000011111111000000111100011111000011000000011100000000000000110000000000000011000000011111001100001111111111110000111000011111000011000000001100001100000000110000110000000011000011100000011100001111100111100000001111111000000000001110000000”<br /> );</p> <p> public function config($data){<br /> $this->bWidth = $data[‘bWidth’];<br /> $this->bHeight = $data[‘bHeight’];<br /> $this->itemHeight = $data[‘itemHeight’];<br /> $this->itemWidth = $data[‘itemWidth’];<br /> $this->toLeftBorder = $data[‘toLeftBorder’];<br /> $this->toRightBorder = $data[‘toRightBorder’];<br /> $this->toTopBorder = $data[‘toTopBorder’];<br /> $this->toBottomBorder = $data[‘toBottomBorder’];<br /> $this->itemSpace = $data[‘itemSpace’];<br /> $this->bmpOffSet = $data[‘bmpOffSet’];<br /> }</p> <p> public function setFile($file){<br /> $this->_bmpfile = $file;<br /> }</p> <p> public function readData(){<br /> $data = readBmpFile($this->_bmpfile);<br /> $temp = array();<br /> foreach ($data as $v){<br /> if($v == ‘255255255’){<br /> $temp[] = 0;<br /> } else {<br /> $temp[] = 1;<br /> }<br /> }<br /> $this->bmpData = $temp;<br /> }</p> <p> function readIndex($n){<br /> if(count($this->bmpData) == 0) $this->readData();</p> <p> //共多少个像素数据<br /> $cnt = count($this->bmpData);</p> <p> $w = $this->itemWidth;<br /> $h = $this->itemHeight;</p> <p> $result = ”;<br /> for($i = 0; $i < $h; $i++){<br /> $_x = (($i + $this->toTopBorder) * $this->bWidth) + $this->toLeftBorder + ($n – 1) * ($w + $this->itemSpace);<br /> $line = ”;<br /> for($j = 0; $j < $w; $j++){<br /> $result .= $this->bmpData[$_x + $j];<br /> $line .= $this->bmpData[$_x + $j];<br /> }<br /> //echo $line;<br /> }<br /> return $result;<br /> }</p> <p> function display(){<br /> $i = 0;<br /> foreach ($this->bmpData as $v){<br /> echo $v;<br /> $i ++ ;<br /> if($i % $this->bWidth == 0){<br /> echo “<br/>”;<br /> }<br /> }<br /> }</p> <p> function getCode(){<br /> $result = ”;<br /> for($i = 1; $i <= 5; $i ++){<br /> $numdata = ”;<br /> $numdata = $this->readIndex($i);<br /> for($j = 0; $j <= 9; $j ++){<br /> if(substr($this->keyLib[$j], 10) === substr($numdata,10)){<br /> $result .= $j;<br /> break;<br /> }<br /> }<br /> }<br /> return $result;<br /> }</p> <p>}</p> <p>/**<br /> * @exception 函数修改自网上某位前辈的 imagecreatefrombmp($file) 我去掉了其中图像处理的以及加入适当代码得到我们想要的数据格式，因为我们只需要图像的数据.<br /> * @author Larro<br /> * @param File $file<br /> * @return array<br /> */<br /> function readBmpFile($file){<br /> global $CurrentBit,$echoMode;<br /> $f = fopen($file,”r”);<br /> $Header = fread($f,2);<br /> if($Header == “BM”)<br /> {<br /> $Size = freaddword($f);<br /> $Reserved1 = freadword($f);<br /> $Reserved2 = freadword($f);<br /> $FirstByteOfImage = freaddword($f);<br /> $SizeBITMAPINFOHEADER = freaddword($f);<br /> $Width = freaddword($f);<br /> $Height = freaddword($f);<br /> $biPlanes = freadword($f);<br /> $biBitCount = freadword($f);<br /> $RLECompression = freaddword($f);<br /> $WidthxHeight = freaddword($f);<br /> $biXPelsPerMeter = freaddword($f);<br /> $biYPelsPerMeter = freaddword($f);<br /> $NumberOfPalettesUsed = freaddword($f);<br /> $NumberOfImportantColors = freaddword($f);<br /> if($biBitCount < 24)<br /> {<br /> $Colors=pow(2, $biBitCount);<br /> for($p=0; $p<$Colors; $p++)<br /> {<br /> $B = freadbyte($f);<br /> $G = freadbyte($f);<br /> $R = freadbyte($f);<br /> $Reserved=freadbyte($f);<br /> $imageData[] = sprintf(“%03d”,$R).sprintf(“%03d”,$G).sprintf(“%03d”,$B);<br /> }</p> <p> if($RLECompression==0)<br /> {<br /> $Zbytek=(4-ceil(($Width/(8/$biBitCount)))%4)%4;<br /> for($y = $Height-1;$y>=0;$y–)<br /> {<br /> $CurrentBit=0;<br /> for($x=0; $x<$Width; $x++)<br /> {<br /> $C=freadbits($f,$biBitCount);<br /> }<br /> if($CurrentBit!=0) {<br /> freadbyte($f);<br /> }<br /> for($g=0;$g<$Zbytek;$g++)<br /> freadbyte($f);<br /> }<br /> }<br /> }<br /> if($RLECompression==1) //$BI_RLE8,图像为256色模式， 则采用RLE8压缩方式<br /> {<br /> $y=$Height;<br /> $pocetb=0;<br /> while(true)<br /> {<br /> $y–;<br /> $prefix=freadbyte($f);<br /> $suffix=freadbyte($f);<br /> $pocetb+=2;<br /> $echoit=false;<br /> if($echoit)echo “Prefix: $prefix Suffix: $suffix<BR>”;<br /> if(($prefix==0)and($suffix==1)) break;<br /> if(feof($f)) break;<br /> while(!(($prefix==0)and($suffix==0)))<br /> {<br /> if($prefix==0)<br /> {<br /> $pocet=$suffix;<br /> $Data.=fread($f,$pocet);<br /> $pocetb+=$pocet;<br /> if($pocetb%2==1) {freadbyte($f); $pocetb++;}<br /> }<br /> if($prefix>0)<br /> {<br /> $pocet=$prefix;<br /> for($r=0;$r<$pocet;$r++)<br /> $Data.=chr($suffix);<br /> }<br /> $prefix=freadbyte($f);<br /> $suffix=freadbyte($f);<br /> $pocetb+=2;<br /> if($echoit) echo “Prefix: $prefix Suffix: $suffix<BR>”;<br /> }<br /> $Data=””;<br /> }<br /> }<br /> if($RLECompression==2) //$BI_RLE4,压缩方式,如果图像为16色模式,则采用RLE4压缩方式<br /> {<br /> $y=$Height;<br /> $pocetb=0;<br /> while(true)<br /> {<br /> //break;<br /> $y–;<br /> $prefix=freadbyte($f);<br /> $suffix=freadbyte($f);<br /> $pocetb+=2;<br /> $echoit=false;<br /> if($echoit)echo “Prefix: $prefix Suffix: $suffix<BR>”;<br /> if(($prefix==0)and($suffix==1)) break;<br /> if(feof($f)) break;<br /> while(!(($prefix==0)and($suffix==0)))<br /> {<br /> if($prefix == 0)<br /> {<br /> $pocet = $suffix;<br /> $CurrentBit=0;<br /> for($h=0;$h<$pocet;$h++)<br /> $Data .= chr(freadbits($f,4));<br /> if($CurrentBit!=0) freadbits($f,4);<br /> $pocetb += ceil(($pocet/2));<br /> if($pocetb%2 == 1) {<br /> freadbyte($f); $pocetb++;<br /> }<br /> }<br /> if($prefix>0)<br /> {<br /> $pocet=$prefix;<br /> $i = 0;<br /> for($r = 0;$r<$pocet;$r++)<br /> {<br /> if($i%2==0)<br /> {<br /> $Data.=chr($suffix%16);<br /> }<br /> else<br /> {<br /> $Data.=chr(floor($suffix/16));<br /> }<br /> $i++;<br /> }<br /> }<br /> $prefix=freadbyte($f);<br /> $suffix=freadbyte($f);<br /> $pocetb+=2;<br /> if($echoit) echo “Prefix: $prefix Suffix: $suffix<BR>”;<br /> }<br /> $Data=””;<br /> }<br /> }<br /> if($biBitCount==24)<br /> {<br /> $Zbytek=$Width%4;<br /> for($y=$Height-1;$y>=0;$y–)<br /> {<br /> for($x=0;$x<$Width;$x++)<br /> {<br /> $B=freadbyte($f);<br /> $G=freadbyte($f);<br /> $R=freadbyte($f);<br /> $imageData[] = sprintf(“%03d”,$R).sprintf(“%03d”,$G).sprintf(“%03d”,$B);<br /> }<br /> for($z=0;$z<$Zbytek;$z++)<br /> freadbyte($f);<br /> }<br /> }<br /> return $imageData;<br /> }<br /> fclose($f);<br /> }</p> <p>function freadbyte($f){<br /> return ord(fread($f,1));<br /> }<br /> function freadword($f){<br /> $b1=freadbyte($f);<br /> $b2=freadbyte($f);<br /> return $b2*256+$b1;<br /> }<br /> function freaddword($f){<br /> $b1=freadword($f);<br /> $b2=freadword($f);<br /> return $b2*65536+$b1;<br /> }

其中readFile.class.php里面的$keyLib属性为上面提到的元素图像数据库。为自己动手收集的数据！这里是我要验证的图片的数据库。可以另外做成配置文件形式。

do.php

/**<br /> * Current File: do.php<br /> * Current Time: Wed Oct 20 19:46:26 CST 2010<br /> * Author : By Larro $<br /> **/ </p> <p>// 包含处理类<br /> include_once( ‘readBmp.class.php’ );<br /> $bmp = new readBmp;</p> <p>//设置文件<br /> $bmp->setFile(‘1.bmp’);</p> <p>//配置 读取BMP数据<br /> $config = array(<br /> ‘bWidth’ => 104,<br /> ‘bHeight’ => 20,<br /> ‘itemHeight’ => 16,<br /> ‘itemWidth’ => 16,<br /> ‘toLeftBorder’ => 5,<br /> ‘toRightBorder’ => 3,<br /> ‘toTopBorder’ => 2,<br /> ‘toBottomBorder’=>2,<br /> ‘itemSpace’ => 4,<br /> ‘bmpOffSet’ => 213<br /> );<br /> $bmp->config($config);<br /> //输出查看<br /> $bmp->display();<br /> $code = $bmp->getCode();<br /> echo $code;

晕。。！CSDN不能上传BMP格式的，于是我把后缀改下，你们懂的！