Reversing Ewasm smart contracts 101 – EthCC 2020 I just gave a talk/workshop today (03/2020) at EthCC 2020 (Paris – France), about reversing Ewasm (Ethereum flavored WebAssembly) smart contract. In this talk, I briefly introduce WebAssembly concepts , Ewasm ethereum specificity and opcodes/instructions. Secondly, I show how to create Ewasm smart contracts and expose different techniques/tools…
Fuzzing javascript nodejs/npm WebAssembly parsing library with jsfuzz I asked recently on twitter what should be my next blogpost subject and voters choose this one, so here it is. In this short blogpost, I will first introduce jsfuzz, a coverage-guided javascript fuzzer for nodejs/npm packages. Then, I’ll discuss about the wasm binary parsing library I…
Fuzzing JavaScript WebAssembly APIs using Dharma/Domato (V8 engine) First of all, Happy new hacking year everyone 😉 I got asked multiple time if fuzzing WebAssembly APIs of Javascript engines is complicated, so here is a short tutorial using Dharma (but you can use Domato if you prefer). In this blogpost, I will first detailed WebAssembly…
How to create polyglot HTML/JS/WebAssembly module Just a bit of context first, so last month I was at the hack.lu conference to give a workshop about “Reversing WebAssembly module 101” and spend some amazing time with friends. Workshop goes well, attendees were really interested and even better I received the award of the best talk/workshop…
Analysis of Google Keep WebAssembly module Last month, i was at REcon Montreal to give my training about WebAssembly Security and after some discussion people always ask me this question: Is WebAssembly already used in the wild? The answer is of course YES and some WebAssembly modules are potentially running right now in your browser…
