Dissection of WebAssembly module Reversing and Analysis of the new “game changer for the web” presented at toorcon2018SanDiego 2018

by Patrick Ventuzelo,

Summary : WebAssembly (WASM) is a new binary format currently developed by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge. In this talk, I will introduce WebAssembly concepts, detailed security measures implemented into WebAssembly VM and explain how to do static analysis (Reversing, Control flow and Calls flow analysis, …) on real life WASM modules.WebAssembly (WASM) is a new binary format currently developed and supported by all major browsers including Firefox, Chrome, WebKit /Safari and Microsoft Edge through the W3C. This new format have been designed to be “Efficient and fast“, “Debuggable“ and “Safe” that why it is often called as the "game changer for the web". More than one year after the “official” release, it is not only used “for the web” by web browsers but also in some (huge) other projects like Blockchain Smart Contract platforms (EOS and Ethereum).I will first introduce WebAssembly concepts and who currently used it in the wild. Secondly, I will show different WebAssembly VM available and explain the security measures implemented into it. Finally, I will show you, throw real life WASM modules, how to do static analysis, using techniques such as reversing, control flow and calls flow analysis, to understand deeper its behaviors. Along the talk, I will used multiple open source tools but mainly the one that I have developed and that is already available on Github (https://github.com/quoscient/octopus).