Hacking WebAssembly Games with Binary Instrumentation

Presented at DEF CON 27 (2019), Aug. 11, 2019, 10 a.m. (45 minutes).

WebAssembly is the newest way to play video games in your web browser. Both Unity3d and Unreal Engine now support WebAssembly, meaning the amount of WebAssembly games available is growing rapidly. Unfortunately the WebAssembly specification is missing some features game hackers might otherwise rely on. In this talk I will demonstrate adapting a number of game hacking techniques to WebAssembly while dealing with the limitations of the specification. For reverse engineers, I will show how to build and inject your own "watchpoints" for debugging WebAssembly binaries and how to insert symbols into a stripped binary. For game hackers, I will show how to use binary instrumentation to implement some old-school game hacking tricks and show off some new ones. I will be releasing two tools: a binary instrumentation library built for modifying WebAssembly binaries in the browser, and a browser extension that implements common game hacking methods a la Cheat Engine.

Presenters:

  • Jack Baker
    Jack Baker is a professional vulnerability researcher and amateur video game hacker. His primary areas of expertise include web application security, embedded reverse engineering, and Tony Hawk's Pro Skater 3. Github: https://github.com/Qwokka

Links:

Similar Presentations: