Sophos Cloud Optix
CAPTCHAs – the questions that a website asks you to answer to prove if you’re a human being or not – come in many shapes and forms.
Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you to solve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages.
As a keen chess player, I was interested to see this CAPTCHA being used on an online chess forum:
Okay, so it’s not much of a challenge if you’re a chess player, but it also clearly locks out any users who do not know how to play chess. (For those of you can’t see the checkmate, the answer is upside-down at the bottom of this article – and make sure to realise that Black is playing from the bottom)
But most importantly, if a CAPTCHA system like this were to become widely-used, how tricky would it be for an automated bot to solve the puzzle?
Sadly, it wouldn’t be very difficult. After all, chess computers have been capable of beating world chess champions for 15 years.
Solving a chess puzzle doesn’t prove that you are a human – it just proves you know how to play chess. So it can work as a fun CAPTCHA on a chess-related website, but is unlikely to prove an adequate defence if it were adopted widely elsewhere.
Of course, some chess puzzles are harder than others – even for computers to solve.
For a bit of fun, take a look at the following chess puzzle. It’s White to move, and to mate the Black King in two moves.
Can you do it?
Leave a comment below if you think you know how to solve this (sneaky) puzzle.
Chess CAPTCHA solution: .# (ǝʌıɟ doɥsıq s,ƃuıʞ) 4F oʇ uǝǝnb ʞɔɐlq ǝɥʇ ƃuıʌoɯ ʎq ƃuıʞ ǝʇıɥʍ ǝɥʇ ǝʇɐɯʞɔǝɥɔ uɐɔ noʎ
Hat-tip: Reddit
I think the idea of this is more to provide something related to the forum and 'meaningful' rather than just copying 2 words. if you're browsing/posting on a chess forum you're likely going to be more than happy to solve a small problem so it doesn't feel like as much as a chore as typing 2 difficult to read words. I think this will provide adequete security as I doubt many people will see it worth their time writing a bot to defeat this single captcha, however, like stated it would be trivial to perform template matching on the pieces to detect their positions and run it through an existing chess API or write one yourself (after all, you've only got to look ahead 1 or 2 moves so it would be quite trivial)
N-f1 (discovered check) KxR
R-g1 mate
Not hard for anyone familiar with 2-movers.
Trivial for even an 8-bit microprocessor.
But the King doesn’t have to take the rook. It can take the pawn instead.
So that’s not it. 🙂
if the king takes the rook (I guess that's the tower piece), he is still in the 'chess' position, as he can be defeated by the upper knight, no?
Nevell White suggested checking by moving the upper knight to F1. (It's actually a discovered check by the rook)
In that situation, the rook on H1 is no longer protected by that knight. But more importantly, there's nothing to stop the king taking the pawn on F3.
Took a while but I got the mate in two puzzle. Is it a Sam Loyd? It's lovely.
(1 Re4 Kxf3 2 O-O mate )
Feel free to delete this comment if you don't want spoilerage –
CONGRATULATIONS WAYNE! You were the first to come up with an answer to the puzzle.
Like many sneaky chess puzzles, it relied upon either the underpromotion of a pawn, an en-passant manoeuvre or castling (In this case, castling).
Well done to the others who also successfully worked it out!
Ng3-f5 Kg2xf3
Ne2-c4
That doesn’t work. (Firstly, the King doesn’t have to take the pawn – it can take the rook on H1. But also, the E2 knight can’t move to C4.)
If you meant the NE2-F4, then the King can just take the rook on G4.
Argh. Now the real challenge: Concentrate on the Sydney firewall config, not this puzzle all afternoon…
You'll kick yourself when you see it.
Someone has already solved the puzzle (well done Wayne!) but I am waiting before approving their comment, so others can enjoy the challenge.
1. Rf1, Kh2 (or Kh3)
2. Rh1 (Checkmate)
Rook -> F1
King's move to H2
Rook to H4 – Checkmate.. ( apologies if i got the board wrong, very early) lol
That’s not it.
After rook to F1, the king could move to H3 rather than H2 – preventing the RH4 “mate”. (RH4 wouldn’t be mate anyway, as the King can move back to G2)
Try again. 🙂
I just saw that, after I had posted. 🙂 You know all those puns with waking so-so up pretty early in the am.. well that's what happened to me. xD
Considering that I don’t understand chess, I would never get past the captcha.
But then again you'd probably not want to spend time on a Chess forum…
R-E4
KxP
O-O#
That's the one!
This is sneaky because even if you put the position into a computer, it won't find anything faster than mate in 3 (of which there is more than one possibility). However, the key here is that one can find a mate in 2 if one makes the assumption that WHITE CAN STILL CASTLE! What being the case, White plays 1.Re4 (covering the e3 square) and forcing 1. … Kxf3, after which White mates with 2.O-O!
If you set up your computer and tell it that White can still castle King-side, it'll find the Mate in 2 🙂
Well done on working it out Dave.
I'm afraid Wayne beat you to it – but still an impressive solution!
White Cannot castle though as that would involve moving the white king within the area threatened by the black king.
White *can* castle, once the Black king has been forced into taking the pawn on F3.
The answer to the first captcha is wrong isn't it? Pawn takes Queen, so no Checkmate. Rook to F1 is the move.
Nope, I’m pretty sure the answer to the CAPTCHA is correct. Black’s queen checkmates the White king by sliding along the diagonal to sit next to the black bishop.
but is that F4?
Yes it is. In the CAPTCHA, the white rook in the top right hand corner is at A1. The white rook in the top left hand corner is at H1. The black king is at G8. I’m sure you can work out the rest. 🙂
That’s not what I said. 🙂
White rook in top right is A1.
White rook in top left is H1.
The queen moves to F4 in the CAPTCHA puzzle. Checkmate.
My mistake. I was misreading the board. Ugh.
someone pls tell me am not going bonkers!! in the first captcha, it says check mate in one move, but if you check thew answer given, its not actually check mate or am i missing something??
In the CAPTCHA, the answer is to move the Black Queen to F4. In other words, it moves next to the black bishop. (remember that black is playing from the bottom of the board). When the Queen is at F4 it’s checkmate (via the diagonal)
Right? 🙂
It is checkmate. 🙂
You’re probably not noticing that once the queen has moved to F4+, the bishop and passed pawn prevent the King from going to any escape squares.
Why do it in two moves when you can mate in one?
Move the queen to F1, unless I'm missing something here, which is very possible.
Ummm.. the CAPTCHA *is* a mate in one. I give the answer at the end of the article (albeit upside-down).
The puzzle is the second image – which is a mate in two, for white.
In neither of the puzzles can you move the queen to F1.
VERY Good idea.
Wait, just realised I was taking the White King as a queen, ignore me.
1 move checkmate – move the knight from E2 to D4
That’s not checkmate. That’s stalemate, as there’s no legal move for the Black king in that position. Which would mean a draw.
Try again.
There's a great reddit thread on this puzzle (CAUTION SPOILERS):
http://www.reddit.com/r/chess/comments/19zbfe/i_j…
These are particularly spoiley spoilers too – the first comment provides the (only) solution, and the second one explains why that solution is itself highly problematic – what did Black just play? And so what did White just play? And so that solution is… oh dear.
Great puzzle though, and thanks for posting it.
(This comment being just as spoiley as my last one, feel free to not post it or wait a while…)
Oh, and reading further, the reddit thread *is* the origin of this image, as the poster admits that they recreated the position from memory, and given that there is no legal solution as the position stands (castling being illegal, since the previous white move must have been with the king's rook) the pawn on f3 obviously shouldn't be there. (Now there is a legal last move, the Black king just came from f3 and white can castle, so the puzzle works).
This may explain why I've been unable to find this puzzle in any of the problem databases. But I have things to do today.
(Again, feel free not to post until appropriate 🙂 )
Interesting about Captcha, ours seems to be failing more and more. We are actually in the midst of field testing 4 different solutions because re-captcha is not so ADA Friendly (has anyone actually ever listed to the the voice version of the re-captcha, it is unintelligible).
1. Hidden Field (if filled out then rejected)
2. Math Captcha (with typing of answer)
3. Picture Captcha (related to our website)
4. Combination of above
I may be overlooking something but in one move:
NE2-G1
NE2-G1 is stalemate, as there is no legal move for the King.
RH4-F4
KH2-G3 (takes pawn)
KF1-G1 (check mate)
Should have read the actual question completely.
That’s not it. As soon as you move RH4-F4, it’s stalemate.
Nice little puzzle! Sophos should do a weekly puzzle to keep our minds sharp
Rook to E4
King takes pawn (F3)
Rook to F1
Checkmate
Close but no cigar! The King can move back to G2.
Wow, spent more time on it than I thought. Is there actually a solution? 🙂
Yes, it can be solved. We’ve had a few people already solve it (although I’m not approving their comments until a few more folks have had a chance).
knight @ G3 – E4
knight @ E2 – G1
That doesn’t work. After NG3-E4, the King can take the pawn at F3. After NE2-G1, the king can simply take the rook on G4.
In the second board, white is playing up the board. So the black king isn’t being checked. It’s white to move, mate in two.
1. Rg4 e4
2. Kxg2 f3
3. O-O #
White rook from H1 to F1 (protects the pawn while giving the black king one legal move)
Black king moves from G2 to H2 (the only legal move available)
White rook from G4 to H4 (checkmate)
The black king is now in check.
The rook on H4 ensures he can't move to H1 or H3.
The pawn on F3 prevents him moving to G2.
The knight on E2 prevents him moving to G1 or G3.
Therefore the black king can't move out of check.
That’s not it.
After the rook moves from H1 to F1, the king can move to H3. That stops the other white rook from mating on H4.
RH1-H3
either: KxH3, in which case NE2-G1
or KxF3, in which case NG3-F5
But if the King takes F3, NG3-F5 doesn’t put him in check. So that’s not a mate in two!
r-g1 ch then if k-h2 then r -h4 mate or if k-h3, r -h1 mate.
That doesn’t work, because after RG1+, the King can take the pawn on F3.
Have another go.
White rook from A8 to C8
Black king forced to go from B7 to A7
White rook from C8 to C7
Checkmate!
Nope. Afraid not. You missed that the black king can move to attack the second white rook.
So what if it was reversed ?
knight @ E2 – G1
knight @ G3 – E4
If I have to spend more than 5 seconds logging in, I will leave the page and find another more welcoming site on which to buy a product or read an article. If you want people to visit your site, making it harder for them is counter-productive. You do not want to shoot yourself in the foot in an effort to protect yourself from spam.
As for me, playing chess is not my forte and I would simply leave the site. As it is, some of those horrible captchas already piss me off enough. Make it harder and you've lost my business or commentary.
Damn it. I just wasted too much time on this. I gave up and used a chess analyzer. Sneaky is right. Look at all the pieces and pay attention to their POSITION.
NM, I made a typo myself… c8, stupid upside down board.
Rook -> E4
King -> F3
King + Rook -> Castle
Wayne Myers was the first to come up with the correct solution:
http://nakedsecurity.sophos.com/2013/03/12/chess-…
In the second puzzle, how can it possibly be "white to move"? Black king is already in check by the white pawn, but how did that happen? If white pawn moved there to place black king in check, then it's black's move, not white's. But black king couldn't have moved to where it is now on its own move (which would have to have been the case if it's now white's move), because that would have moved black king into check, an illegal move.
So it's a trick question. It CAN'T be white's move.
White is playing up the board. So black is not in check from the pawn
Yep, Rook – E4 and then castling.
White: Knight G3-E4
Black: King G2xF3
White: Rook H1-H3
Check mate in two.
I’m afraid that’s not checkmate. The black King can take the rook on G4 after the rook goes to H3.
I'm an administrator on a large forum, so I'm always on the look out for new and inventive spam defeating techniques. Since I don't know how to play chess, this would not be one of the ones I would be more inclined to use 🙂
However, there are TONS of different types of CAPTCHAs out there, but it's coming to a point where they are becoming completely broken. I've included a few links in this post with more information.
In Search Of The Perfect CAPTCHA: http://coding.smashingmagazine.com/2011/03/04/in-… This article from 2011 details an overview of CAPTCHAs and some different alternatives to word solving ones.
captcha.org: http://captcha.org/ – This site lists all the known CAPTCHA systems out there that are publicly available for usage. As you can see, there are many, many to choose from. Some are very innovative, and there are some that even include advertising so webmasters can monetize user registrations. I don't think the payout is very high, but its an interesting idea.
According to many, reCAPTCHA is a completely broken system. There was a site available at one point called CaptchaTrader that would allow users to solve a captcha for a quota and then they would be awarded credits to have their captchas solved for them. This was used mainly for cyberlocker sites so users could download warez without having to sit there and fill out a captcha for every download. I have a feeling sites like this still exist, but even if they don't, OCR technology and minimally paid human solvers exist to do this anyway. There's some information about this on Wikipedia: http://en.wikipedia.org/wiki/Captcha#Circumventio…
Google reCAPTCHA cracked: http://www.allspammedup.com/2011/01/google-recapt… A few years back 4chan/anonymous defeated reCAPTCHA with a prewritten tool that allowed them to fudge the results of a Time magazine poll for person of the year. This was called the 'penis flood' and is discussed in great detail in this article: http://musicmachinery.com/2009/04/27/moot-wins-ti…
IMO, reCAPTCHA is better than nothing, and they do update their methodology regularly to try and defeat some of the better known tricks, but its a constant cat and mouse game with spammers. Software like XRumer can easily defeat most automated anti-spam techniques, CAPTCHAs included, so coming up with newer and different ways to implement CAPTCHAs is a novel idea, but one that will be eventually bypassed as it becomes more frequently used.
Finally, a few xkcd comics to lighten the mood: http://xkcd.com/233/ http://xkcd.com/810/ http://xkcd.com/632/
How about some love for Dave’s solution:
1. Rf1, Kh2 (or Kh3)
2. Rh1 (Checkmate)
It’s not as fancy as castling but it is no less correct. (It also happens to be the one I found.)
But I don’t think that is checkmate.
The King can move back to G2 after the RH1 check, can’t it?
This was really fun and mentally challenging. Thanks for posting it! 🙂
Being dyslexic and not a chess player – my final solution:-
1 – Transmogrify into a pigeon
2 – Fly onto the board and knock over all the pieces
3 – Crap over all the spaces
4 – Fly off to the flock and claim victory
It would certainly keep me and a lot of others out of certain web sites.
Wonder how that would work out?
Talk about a fail captcha…