12306 applies for a patent to prevent automatic ticket grabbing. Is the ticket grabbing software still useful?

Today is the first day of the Spring Festival travel rush. Has everyone managed to grab a ticket? How many workers have been scrambling for tickets regularly, constantly refreshing the web page, and still had to spend a lot of money to buy a "ticket scrambler" to get a ticket?

In the past two days, the news that "12306 has applied for a patent to prevent automatic ticket grabbing" has become a hot topic, attracting the attention of many netizens.

So, why can we really buy the scarce tickets with the help of software? How can we prevent the automatic ticket grabbing? Let’s talk about it from a technical perspective today.

Image source: Internet screenshot

What exactly happens when you buy tickets online?

The basic process of buying train tickets on 12306 is similar to that of buying things on e-commerce websites such as Taobao and JD.com . It can be roughly divided into the steps of logging in, querying, selecting, confirming, and paying.

Logging in is a prerequisite for purchasing tickets. It verifies whether the user's identity is who they claim to be, and involves confirmation of personal information.

The principle is also very simple: the user enters his or her username and login password, and the ticket purchasing system queries its own user database to see if the username and password are correct. If correct, the user's identity is considered credible.

Image source: Internet screenshot

At this stage, the risk is that the user's identity may be spoofed. The spoofer may try a large number of different passwords, or use passwords leaked from other websites to spoof the real user's identity.

The general solution is to take a two-pronged approach: when a user enters an incorrect password several times in a row, the user is prohibited from logging in for a period of time; and after the user enters the password, there is another verification step that allows the user to drag the puzzle pieces or find a picture that meets the requirements from a series of pictures.

In the past, 12306 was criticized for its high verification difficulty. In the early days, the first verification pass rate of 12306 was only a pitiful 8%. Of course, after years of continuous improvement, this problem has been almost solved.

After confirming the user's identity, the journey is smooth. The user first checks the remaining tickets according to his/her departure and arrival places, and then chooses the train he/she wants; then he/she selects the passenger and seat information, and after confirming the selection is correct, he/she pays the ticket.

This process is actually the same as the user handing over his ID card to the staff at the train station ticket office, and the staff casting the ballot on his behalf, except that it is now completely self-service.

When there are spare tickets, there is no problem with this process, and everyone can just buy tickets one by one in the order of first come, first served. But if there are not enough spare tickets and everyone wants to buy tickets, then some people will inevitably want to use some technical means.

Why is it possible to grab tickets through technical means?

The technical means of buying tickets is to automatically grab tickets. The basic idea of ​​automatic ticket grabbing is to let computers simulate human behavior.

Personal use: If you want to develop an automated ticket grabbing program for your own use, it is relatively simple. First, log in with your personal information, manually pass the identity verification, and then continue to query the desired train at a high frequency. When the query returns data indicating that there are remaining tickets, place an order immediately.

The key here is to analyze the query results returned. This is not difficult, after all, the query result is a string of text returned, and it is easy to extract information from it. It is like standing at the ticket window and asking if there are tickets every two minutes. Anyway, the 12306 server is a machine instead of a ticket office staff. As long as the computing power allows, it can answer all questions, and you won't feel annoyed by asking questions over and over again.

Multiple users : If you need to grab tickets for many people, it will be more troublesome. It is more troublesome to help users log in and pass the verification. After all, it is still difficult for computers to recognize graphics and pass the verification process like humans. The verification code was invented to make it difficult for computers to impersonate humans.

Image source: Internet screenshot

However, since it is a technical problem, there will often be a technical solution. With the development of computer vision technology, it is not difficult to crack the graphic verification code, but the technical threshold has been raised.

So the process of automated ticket grabbing is like a group of people blocking the ticket window. Every few seconds someone comes over to ask if there are any tickets, and they won’t stop until a ticket is bought or the ticket sales time has passed.

Copyright images in the gallery. Reprinting and using them may lead to copyright disputes.

Automated ticket grabbing will have several consequences: it is unfair to those users who queue up to buy tickets in an orderly manner; it wastes the computing resources of the 12306 server and may reduce the ticket purchasing experience of 12306 users; and it reduces the happiness of all users - users who fail to buy tickets are naturally unhappy, and users who pay extra money to grab tickets may not be happy either.

So of course, in order to prevent automated ticket grabbing, there should be corresponding technical means.

How to prevent automated ticket grabbing?

There are several basic ideas that can improve the technical difficulty of automated ticket grabbing.

1. Identify behaviors from automated ticket grabbing software and find those robo-scalpers that automatically grab tickets.

Specifically, by analyzing the access situation of the server, we can filter out those machines that frequently query ticket information in a short period of time and prohibit them from accessing; and in order to cope with this solution, the automated ticket grabbing software often adopts the method of frequently changing IP addresses. Therefore, this idea can only serve as a basis.

2. Prevent the automated ticket grabbing software from obtaining valid remaining ticket information.

As mentioned above, every time we query the remaining tickets on 12306, a string of text will be returned to the user's browser, and the ticket grabbing software will analyze this string of text to obtain the remaining ticket information. If the returned text is not text, it will be much more difficult for the ticket grabbing software to process. After all, computer vision is very different from human vision. What a human can see at a glance is not easy for a computer to recognize.

Image source: Internet screenshot

In November 2021, the Institute of Electronic Computing Technology of the China Academy of Railway Sciences applied for a patent titled "A method, system, device and storage medium for preventing automatic ticket grabbing", which adopted this idea. In this patent, the researchers converted the remaining ticket information after the query into a scalable vector graph (SVG) and sent it back to the user's browser.

SVG is a very interesting image format. It is an image, but it uses text to describe the position, color, line width and other information in the image; it uses relative points to save data, so it can be scaled to any size without distortion. These two features make it easy to draw through programs and suitable for displaying on displays of any size.

These two features are very useful for automated ticket purchase: the query returns an image, and traditional automated ticket purchase software cannot extract text related to the ticket information from it, so it is naturally impossible to purchase tickets. However, users who purchase tickets manually can recognize the ticket information in these images and still only need to click on the desired train information to continue purchasing tickets.

The patent mentioned above also proposed a clever verification method: using a combination of words to implement behavior verification based on word reasoning, which means that users need to undergo another behavior verification before buying tickets.

Specifically, it is like this: First, randomly select a few Chinese characters, convert them into SVG images, and then divide them into upper and lower parts. Then, display the upper part of these Chinese characters and the lower part of one of them. Finally, let the user find the correct way to put them together. Only when the correct Chinese character is formed, it will be considered verified.

Only Figure 5 is correct. Image source: the above patent specification

In order for the automated ticket grabbing software to pass this verification, it needs to be able to "recognize characters", which means it needs to have a character library and be able to find the correct spelling method by comparing the character library, which will undoubtedly increase the difficulty of automated ticket grabbing.

In short, to prevent automated ticket grabbing, we need to design some obstacles for the ticket purchasing system. These obstacles are not difficult for humans, but are still difficult for computers.

After all, demand is motivation, and computer capabilities will improve. Technology will gradually upgrade, and automated ticket grabbing and anti-automated ticket grabbing will be a continuous tug-of-war.

Planning and production

This article is a work of Science Popularization China-Starry Sky Project

Produced by: Science Popularization Department of China Association for Science and Technology

Producer｜China Science and Technology Press Co., Ltd., Beijing Zhongke Xinghe Culture Media Co., Ltd.

Author: Mammoth Harbin University of Science and Technology

Review｜Yu Yang, Head of Tencent Xuanwu Lab

Planning丨Fu Sijia Linlin

Editor: Fu Sijia Linlin