Test Task for Javascript Reverse Engineer at ZennoLab
Attempt to reverse engineer a wasm+js code of Hcaptcha's HSW.js Hcaptcha uses rust->wasm
Steps[1,2,3] are attempts to static analysis.
1: Manual rename of all calls to Decode String
and replacing values with regexp
2: Replacing of MemberExpressions and some other things, idk
3: Manual investigating
Abandoned
Entry point is index.mjs with npm modules: "chrome-launcher", "chrome-remote-interface" Starts browser, navigates to target website. Removes all integrity checks, decoding 'HSW.js' strings on the fly and some other deobfuscation techniques from ben-sb/obfuscator-io-deobfuscator Abandoned because main problem isn't JavaScript
Final hsw.js located here.
Start a server: live-server --no-browser --port=8081 local/.
/index_wasm.html is raw wasm, maybe one of optimsed versions /index_wasm2js.html is javascipt version of wasm
Attempts to make 'wasm' code more readable with binaryaen/wasm-opt(also wabt) and iterative manner
Nothing but suffer, abandoned
file.b.* is beautified
- https://gist.github.com/nilslice/41553dcb25537d68b0856b0a5d2faae3
- https://rustwasm.github.io/wasm-bindgen/contributing/design/js-objects-in-rust.html
Javascript Deobfuscation:
- https://github.com/ben-sb/javascript-deobfuscator
- https://github.com/ben-sb/obfuscator-io-deobfuscator
- https://github.com/relative/synchrony
- https://astexplorer.net/
- https://steakenthusiast.github.io/archives/
- https://www.trickster.dev/
CDP:
- https://github.com/cyrus-and/chrome-remote-interface
- https://chromedevtools.github.io/devtools-protocol/tot/
- iframe-issue: cyrus-and/chrome-remote-interface#543
WASM:
- https://github.com/vshymanskyy/awesome-wasm-tools/tree/main
- https://github.com/WebAssembly/binaryen
- https://github.com/WebAssembly/wabt/
- https://rustwasm.github.io/docs/book/reference/debugging.html
- https://v8.dev/blog/tags/webassembly
- https://github.com/nneonneo/ghidra-wasm-plugin
Hcaptcha related:
- Chinese old post about Hcap deobfuscation: https://mp.weixin.qq.com/s?__biz=MzA3Mzk3MTU0Mw==&mid=2247485604&idx=1&sn=daf7f8bfaf3ab0f4cf7c53fc15076738&chksm=9f07aa9ca870238a4d7c5829e7c5e8cfbc21748139ce06bb2e9e0d57f17d6f6c5c5d62fc9433&token=1240538388&lang=zh_CN#rd
Tags: wasm, Wasm2js, Webassembly, Hcaptcha, JavaScript, Deobfuscation, Reverse engineering