Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



13 Commits

Repository files navigation

Reversing WebAssembly Module 101 Workshop

WebAssembly (WASM) is a new binary format currently supported by all major browsers (Firefox, Chrome, WebKit /Safari and Microsoft Edge) and executed inside JS scripts. It is already used for malicious purposes like Cryptojacking and can be found inside some web-browsers addons.

In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose different techniques (Static/Dynamic analysis) and tools (Octopus, Wasabi, ...) to perform a WebAssembly module analysis. Finally, we will hands-on with basic examples (crackmes) and go throws some real-life cryptominer and web-browsers plugins using WebAssembly module. Along the talk, I will only used open source tools.


  • Introduction
  • WebAssembly Basics
  • WebAssembly Runtime VM
  • Module dissection
  • Reversing wasm module
  • Dynamic analysis
  • Cryptominers
  • Conclusion


Tools installation

Install a compatible web-browser

Install octopus locally

# Security Analysis tool for WebAssembly module and Blockchain Smart Contracts
git clone

Follow the installation guide here

Install python & pip3 & pywasm

# WebAssembly interpreter written in pure Python
sudo apt install python3 python3-pip
pip3 install pywasm

Install wabt

# WABT: The WebAssembly Binary Toolkit
git clone --recursive
cd wabt

Follow the installation guide here

OR you can used the wasm2wat online demo

Install wasabi

# A dynamic analysis framework for WebAssembly programs.
# install over docker:
git clone

Install radare2 & Cutter

# Install Radare2
git clone
cd radare2

Download Cutter here

Install wasmer (optional)

# Universal WebAssembly runtime
curl -sSfL | sh

Install python-ext-wasm (optional)

# Python library to run WebAssembly binaries.
pip3 install wasmer




cd ctf/wall1

FlareOn5 2018

cd ctf/FlareOn5


cd cryptonight

Firefox addons

cd firefox_addons/ublock

Trainings & Contact

Patrick Ventuzelo - @pat_ventuzelo

  • Independent Security Researcher / Trainer.
  • FREE online courses: here