Some tests on complementary wasm environment

Preface

Start on the site wasm Encryption has been studied for some time , Something happened later , No more research , lately , Nothing , Let's study it again .

Reference article

  https://www.52pojie.cn/thread-1533409-1-1.html

2.https://www.52pojie.cn/thread-1533409-1-1.html

3.https://www.52pojie.cn/home.php?mod=space&uid=730156   

For a website wasm Perform video encryption and reverse

This encryption , The boss of the above reference article , Brother Yu has finished the reverse , And there are several ways , Reverse algorithm and complement wasm The environment and wasm turn c.

here , The methods are very good , But we need to find the breakpoint step by step , Find the import function , Import tables, etc . It's a bit of a hassle . Is there a simpler way . since wasm It runs in the browser , Then his environment must be improved , Can you bring it directly , You don't have to change anything , Direct use ？

Start to reverse

1. To find the corresponding js

We open this website , Enter developer tools , Click on the video , He will load a wasm file . Let's go straight to this wasm Break down . See which one js Called it .

Look at the stack , Find the corresponding js, This is called js.

You can see here , In fact, it calls a wasm Inside get function , To decrypt the video .

2. download js

We will js download , Analyze .

See here , We can find out , One is webpack Pack it up , It is easy to see where the arrow points loader . We can use brother Yu's tools webpack Automatic deduction code script . to wasm The loaded function is deducted . I didn't try here , I just manually deducted that function .

3. buckle wasm Loaded js

Here we mainly look for the distribution function , Follow the breakpoint , Look at the key words Module

here , We can find , This 14 Corresponding function , That's what we want wasm The load function . Let's deduct this function . Everything else can be deleted .

The last one that this function returns Module, Is the function we want , Now we just export this Module, There are many export methods , This is not specific .

4. Add a delay

module After export , We export it directly console.log(Module.asm.f) Will be displayed

undefined. In this way, the purpose of our export will not be achieved . This is the time , We need to add a delay .setTimeout. You can call the export function normally . This step is very important . Remember to add delay .

Here we see , added 0.1 Second delay , It can output normally .( It's amazing ）. Then we can call this f Function to decrypt the video . A lot of steps are omitted , There is no need to find a table at a breakpoint , Find imported js Functions, etc . Just take the environment that others have made up . Compared with other methods . It is still relatively simple .

Last Learning exchange group 902854353