Reversing WebAssembly Module 101
2019-10-22, 10:30–12:00, Fischbach

WebAssembly (WASM) is a new binary format currently supported by all major web-browsers (Firefox, Chrome, Safari and Edge). WebAssembly module are most commonly compiled from C/C++/Rust source code, loaded and executed inside JS scripts. It is known for being used for malicious purposes like cryptojacking but you will legitimately found usage of WebAssembly inside web-browsers addons, nodejs module or even blockchain smart contracts.

In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose how to analyze a WebAssembly module using different techniques (static & dynamic) as well as some open-source tools that make you the life easier (Octopus, Wasabi, ...). Finally, we will hands-on with simple examples/crackmes and finally go throws the analysis of cryptominers.

Workshop outline

The following point will be discussed in this workshop.

  • Introduction
  • WebAssembly Basics
  • WebAssembly Runtime VM
  • Module dissection
  • Reversing wasm module
  • Dynamic analysis
  • Cryptominers
  • Conclusion