Skip to content
"Reversing WebAssembly Module 101" Workshop (NorthSec 2019)
Branch: master
Clone or download
Latest commit 81cfe85 May 17, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cryptonight first commit May 13, 2019
ctf first commit May 13, 2019
fibonacci first commit May 13, 2019
firefox_addons first commit May 13, 2019
.gitignore Initial commit May 13, 2019
LICENSE Initial commit May 13, 2019
README.md update readme May 17, 2019

README.md

Reversing WebAssembly Module 101

NorthSec 2019 "Reversing WebAssembly Module 101" Workshop

WebAssembly (WASM) is a new binary format currently supported by all major browsers (Firefox, Chrome, WebKit /Safari and Microsoft Edge) and executed inside JS scripts. It is already used for malicious purposes like Cryptojacking and can be found inside some web-browsers addons.

In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose different techniques (Static/Dynamic analysis) and tools (Octopus, Wasabi, ...) to perform a WebAssembly module analysis. Finally, we will hands-on with basic examples (crackmes) and go throws some real-life cryptominer and web-browsers plugins using WebAssembly module. Along the talk, I will only used open source tools.

Tools installation

install a compatible web-browser

install octopus locally

# Security Analysis tool for WebAssembly module and Blockchain Smart Contracts
git clone https://github.com/quoscient/octopus

Follow the installation guide here

install wasmer

# Universal WebAssembly runtime
# https://github.com/wasmerio/wasmer
curl https://get.wasmer.io -sSfL | sh

install python & pip3

sudo apt install python3 python3-pip

install pywasm & python-ext-wasm

# WebAssembly interpreter written in pure Python
# https://github.com/mohanson/pywasm
pip3 install pywasm

# Python library to run WebAssembly binaries.
# https://github.com/wasmerio/python-ext-wasm
pip3 install wasmer

install wasabi

# A dynamic analysis framework for WebAssembly programs.
# install over docker: https://github.com/danleh/wasabi#alternative-setup-via-docker
git clone https://github.com/danleh/wasabi

install wabt

# WABT: The WebAssembly Binary Toolkit
git clone --recursive https://github.com/WebAssembly/wabt
cd wabt

Follow the installation guide here

OR you can used the wasm2wat online demo

Exercices

Crackmes

OTTAWA BSIDES CTF2018: THE WALL #1

ctf/wall1

FlareOn5 2018

cd ctf/FlareOn5

Cryptominer

cd cryptonight

Firefox addons

cd firefox_addons/ublock
You can’t perform that action at this time.