Workshop @ 2019: Reversing WebAssembly Module 101

2019/10/22 @ 2019

WebAssembly (WASM) is a new binary format currently supported by all major web-browsers (Firefox, Chrome, Safari and Edge). WebAssembly module are most commonly compiled from C/C++/Rust source code, loaded and executed inside JS scripts. It is known for being used for malicious purposes like cryptojacking but you will legitimately found usage of WebAssembly inside web-browsers addons, nodejs module or even blockchain smart contracts.

In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose how to analyze a WebAssembly module using different techniques (static & dynamic) as well as some open-source tools that make you the life easier (Octopus, Wasabi, …). Finally, we will hands-on with simple examples/crackmes and finally go throws the analysis of cryptominers.

The following point will be discussed in this workshop.

  1. Introduction
  2. WebAssembly Basics
  3. WebAssembly Runtime VM
  4. Module dissection
  5. Reversing wasm module
  6. Dynamic analysis
  7. Cryptominers
  8. Conclusion

link / slides / repository