strange wasm

55 views
Skip to first unread message

Alessio Mochi

unread,
Nov 4, 2021, 1:22:11 PM11/4/21
to emscripten-discuss
I download from the browser an a file .wasm of an web application where inside
is present a unique string like:

YAJ/fwF/YAF/AX5gBX9/f39/AGAAAGADf39/AGAHf39/f39/fwBgBH9/f38Bf2AAAX9gAX8Bf2AEf39/fwBgBn9/f39/fwF/YAd/f39/f39/AX9gAAACVQIHLi9pbmRleCJfX3diZ19sb2FkUmVzdWx0c19hNzlhNDg1ODc0MmIxNDkyAAUHLi9pbmRleBxfX3diZ19lcnJvcl...

that is very strange. I usually see some code in file wasm. 
Is it possible for the code to be decrypted and executed on the fly in the browser?

Floh

unread,
Nov 6, 2021, 8:29:52 AM11/6/21
to emscripten-discuss
Despite the name, WASM files are binary data. If you want to see the disassembly, either look at the WASM files in browser devtools under the "Sources" tab, or use the wasm2wat tool from the WABT toolkit: https://github.com/WebAssembly/wabt

Alessio Mochi

unread,
Nov 6, 2021, 10:10:22 AM11/6/21
to emscripte...@googlegroups.com
I was not referring to the name of the file but to its content.
I tried to run the command on the file but it says it's invalid

$ wasm2wat file.module.wasm
0000004: error: bad magic value


--
You received this message because you are subscribed to a topic in the Google Groups "emscripten-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/emscripten-discuss/7LWjNCep_04/unsubscribe.
To unsubscribe from this group and all its topics, send an email to emscripten-disc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/emscripten-discuss/acaf9af8-0c26-4f91-ac11-977ac22fdd9bn%40googlegroups.com.

Jorge Prendes

unread,
Nov 6, 2021, 11:30:44 AM11/6/21
to emscripte...@googlegroups.com
If that's the begining of the file, then it's not a valid wasm file.

I any case, that seems to be base64 encoded, decoding to:

` ` ~` `` ` ` ` ` ` ` ` ` U ./index"__wbg_loadResults_a79a4858742b1492 ./index __wbg_error

This is not a valid wasm file start either, but might help you move forward.

Answering your question, it's entirely possible for the application to manipulate the bytes before attempting to execute it as a wasm binary.

Cheers,
Jorge

You received this message because you are subscribed to the Google Groups "emscripten-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to emscripten-disc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/emscripten-discuss/CAHUGow0KNkGuNOD4acQvx4AjSqdwb--GDYdWOO3BfuGQQovR9w%40mail.gmail.com.

Alessio Mochi

unread,
Nov 6, 2021, 11:38:35 AM11/6/21
to emscripte...@googlegroups.com
Hello Jorge,
the file content begin with:
AGFzbQEAAAABZxBgAn9/AGABfwBgA39/fwF/YAJ/fwF/YAF/AX5gBX9/f39/AGAAAGADf39/AGAHf39/f39/fwBgBH9/f38Bf2AAAX9gAX8Bf2AEf39/fwBgBn9/f39

can you explain how this process of decoding and executing the wasm file can be done on the browser?



To view this discussion on the web visit https://groups.google.com/d/msgid/emscripten-discuss/CAEde_x_vb1SRfj1TYxGG2yUU-L4Djxs7bT4jVO5G8GFzkXHjgw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages