🖐️ Google's Hand-Wave Captcha, Fully Cracked Open

⋆༺𓆩 What Google’s hand captcha is, why it’s soft, and the complete free toolkit to get past it — one tap each 𓆪༻⋆



That “wave at your camera” screen is Google’s brand-new hand-scan captcha — it films your hand to prove you’re human.

Here’s what it actually is, why it’s softer than it looks, and the full toolkit built around it. Tap what you want :backhand_index_pointing_down:

[ 21 dots on your hand ] → "human, go ahead"
🖐️ What the hand screen even is — 21 dots and nothing more

Google’s newest captcha: Hand Gesture Verification. Camera turns on, it maps 21 dots on your hand (knuckles + fingertips) using MediaPipe, then says “human.” New in mid-2026, aimed at bulk account-makers, optional for now.
Plain writeups: Tom’s Hardware · Cybernews · gHacks

🚪 First, the plain way through — no tricks needed

Before any tooling: it’s a normal Google check, so the boring route often just works.

  • Allow the camera, do the gesture in good light, plain background, hand fully in frame.
  • Camera busy/blocked? Close other apps using it, unblock the site’s camera permission, retry.
  • Can’t or won’t use the camera? Hit “Try another way” — Google usually offers another verification (phone, another device, tap-yes prompt).
📸 The part they'd rather you didn't clock — a flat photo walks through it

Days after launch: passed with a stock photo of a hand held to a virtual camera (fake-webcam software that feeds the browser a video instead of your real feed). No live person, no AI.

The core: it only reads 21 dots. It can’t tell your hand from a picture of one. Feed it the dots → it says yes. Every layer below is that one move, scaled.

🖐️ Beyond the photo — print unlimited fake hands from scratch

Research models that spit out photoreal hands in any pose (bones + skin). The dots can be made, not filmed.

🎭 Same trick, your face, live on the webcam feed

Real-time face-swap piped straight into any site’s camera box.

📹 The cable — how fake video gets into any site's camera
🤖 Browsers that boot up as a brand-new stranger

Automation that fakes a fresh, normal user each run.

🧩 Auto-clear every other captcha standing in the way
🎛️ Look human under the hood — ID sticker, handshake, mouse

Three deeper checks, each with a spoofer + a tester.

📱 Grab a throwaway number, catch the code, keep moving
🗺️ The maps — one page that links every tool at once
💰 The paid version — same move, aimed at bank ID-checks
🎟️ What quietly kills captcha for good
💡 Where this actually pays off — 5 real spots you'll recognize

Same one move each time — the check only tests for one thing, so you hand it a clean fake of that thing:

  • One-per-person giveaways / free trials / referral bonuses → the “one account per number” wall folds with a throwaway number + fresh browser.
  • Broken or no webcam → a “show your face/hand” wall stops being a dead end; feed it a valid frame.
  • Region-locked signups → look like a local with a country number + matching IP.
  • Testing your OWN site → run these against your defenses and see if they actually hold before real attackers do.
  • Boring repeat account chores → automate them without tripping the bot flag.

The camera only counts the dots. It never asks who drew them.

2 Likes