Dissection of WebAssembly module: Reversing and Analysis of the new “game changer for the web”

Presented at ToorCon San Diego 20 (2018), Sept. 15, 2018, 5 p.m. (50 minutes)

WebAssembly (WASM) is a new binary format currently developed by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge. In this talk, I will introduce WebAssembly concepts, detailed security measures implemented into WebAssembly VM and explain how to do static analysis (Reversing, Control flow and Calls flow analysis, …) on real life WASM modules.

WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the "game changer for the web". More than one year after the “official” release, it is not only used “for the web” by web browsers but also in some (huge) other projects like Blockchain Smart Contract platforms (EOS and Ethereum).

I will first introduce WebAssembly concepts and who currently used it in the wild. Secondly, I will show different WebAssembly VM available and explain the security measures implemented into it. Finally, I will show you, throw real life WASM modules, how to do static analysis, using techniques such as reversing, control flow and calls flow analysis, to understand deeper its behaviors. Along the talk, I will used multiple open source tools but mainly the one that I have developed and that is already available on Github (https://github.com/quoscient/octopus).

Presenters:

• Patrick Ventuzelo
  Patrick is a French security researcher working for Quoscient GmbH. He is mainly focused on Reverse Engineering and Vulnerability Research on various platforms with a strong interest on new research areas such as WebAssembly, Smart Contracts and Blockchain. Patrick Ventuzelo is a French security researcher working for Quoscient GmbH. Previously, he worked for P1 Security, the French Department of Defense (DoD) and Airbus Defense & Space Cybersecurity. He is mainly focused on Reverse Engineering and Vulnerability Research on various platforms with a strong interest on new research areas such as WebAssembly, Smart Contracts and Blockchain. Patrick spoke in 2017 at the French security conference SSTIC about critical vulnerabilities that he found in VoLTE technology. He has been trainer at REcon conference multiple time (BRX 2017 / MTL 2017) and have presented recently his research on “Reverse Engineering of Blockchain Smart Contracts (ETH/NEO/EOS)” at the Recon Montreal 2018 edition.

Links:

• https://frab.toorcon.net/en/toorcon20/public/events/92.html
• https://infocon.org/cons/ToorCon/ToorCon XX - 2018/Dissection Of Webassembly Module - Patrick Ventuzelo.mp4
• https://www.youtube.com/watch?v=0SEtrW5Ns_k

Similar Presentations:

• Shakacon X (2018) / Web (Dis)Assembly – in-depth peek at the VM running inside your Web Browser
• Black Hat USA 2018 / WebAssembly: A New World of Native Exploits on the Browser
• DEF CON 27 (2019) / Hacking WebAssembly Games with Binary Instrumentation