Figure 1: How to bypass the HBO max Cognitive Captcha
with OpenAI GPT4-Vision
I have already written several articles on these topics that I have left you here. some to jump Cognitive Captchas audio, text or image, but above all for solving semantic understanding problems, whether text or visual.
Today I wanted to talk to you about another Cognitive Captcha which I came across, in this case on the website of HBO Max which asks to solve the mystery of putting an iron facing in the direction and angle than a mechanical hand. A curious problem.
Figure 2: HBO max Cognitive Captcha to protect your account
The objective is simple, it is about moving the iron until it is located in the direction of the hand. At that point, you will have proven that you are not an automated robot by solving this Cognitive Captcha.
Figure 3: The Cognitive Captcha solved! I’m human!
Testing this with my friend Julián Isla, with the aim of seeing if this could stop automatic scripts created by an Offensive Security or Red Team team, the first approach we had was to explain the game to him and see if he could solve it by telling us how many times we had to move and to what side, and so there was no way.
Of course, it gave me something to think about, because in the end we were making a very curious assumption, by dividing the 360º of the circle in the number of points, or steps, through which the iron can pass. That should mean that if we have a drawing with an inclination of 45º there would be 8 positions to turn around. 0º, 45º, 90º, 135º, 180º, 225º, 270º and 315º.
Figure 5: Brainy explanation with ChatGPT GPT4-Vision
But the reality is that there is only 6 positions in the image. This made me look a little more and see that in the end they are not ordered either. It is true that one of them is always pointing in the same direction and at the same angle, but the 8 possible positions nor in the same order.
Figure 6: All positions of a specific puzzle
As you can see in the previous image, all the possible answers are 6so to choose the correct one you have to solve the problem in a more “human”. What would any of us do? Well, see if the first image has the hand and the iron aligned. This is a yes or no answer. If yes, we give okay to the answer, if not, we click on the right to go to the next image.
Figure 7: Asking GPT4-Vision in Azure AI Studio whether to hand
and the iron point in the same direction and at the same angle.
Answer -> NO
This reduces the problem of testing with GPT4-Vision Let’s see if it can tell us if the hand and the iron are in the same direction and at the same angle. And as we see, in this specific case, it confirms that they are aligned in direction and angle, so we can safely answer that this is the correct image.
Figure 8: Asking GPT4-Vision in Azure AI Studio whether to hand
and the iron point in the same direction and at the same angle.
Answer -> YES
In this simple way we have reduced the problem to a simple comparison that GPT4-Vision solves perfectly. So Cognitive Captcha useless in the world of GenAI Multimodalbut surely with Cognitive Services falls too.
Evil Greetings!
