Skip to content
"Reversing WebAssembly Module 101" Workshop (NorthSec 2019)
Branch: master
Clone or download
Latest commit 81cfe85 May 17, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
cryptonight first commit May 13, 2019
ctf first commit May 13, 2019
fibonacci first commit May 13, 2019
firefox_addons first commit May 13, 2019
.gitignore Initial commit May 13, 2019
LICENSE Initial commit May 13, 2019 update readme May 17, 2019

Reversing WebAssembly Module 101

NorthSec 2019 "Reversing WebAssembly Module 101" Workshop

WebAssembly (WASM) is a new binary format currently supported by all major browsers (Firefox, Chrome, WebKit /Safari and Microsoft Edge) and executed inside JS scripts. It is already used for malicious purposes like Cryptojacking and can be found inside some web-browsers addons.

In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose different techniques (Static/Dynamic analysis) and tools (Octopus, Wasabi, ...) to perform a WebAssembly module analysis. Finally, we will hands-on with basic examples (crackmes) and go throws some real-life cryptominer and web-browsers plugins using WebAssembly module. Along the talk, I will only used open source tools.

Tools installation

install a compatible web-browser

install octopus locally

# Security Analysis tool for WebAssembly module and Blockchain Smart Contracts
git clone

Follow the installation guide here

install wasmer

# Universal WebAssembly runtime
curl -sSfL | sh

install python & pip3

sudo apt install python3 python3-pip

install pywasm & python-ext-wasm

# WebAssembly interpreter written in pure Python
pip3 install pywasm

# Python library to run WebAssembly binaries.
pip3 install wasmer

install wasabi

# A dynamic analysis framework for WebAssembly programs.
# install over docker:
git clone

install wabt

# WABT: The WebAssembly Binary Toolkit
git clone --recursive
cd wabt

Follow the installation guide here

OR you can used the wasm2wat online demo





FlareOn5 2018

cd ctf/FlareOn5


cd cryptonight

Firefox addons

cd firefox_addons/ublock
You can’t perform that action at this time.