Description
WebAssembly is a new low-level language that tries to enable
secure near-native performance on the web and has
recently seen increasing popularity. However, recent
studies have also shown that it offers new opportunities
for malicious attackers and that this usage is surprisingly common.
On the other hand there are currently few working tools for
analyzing WebAssembly binaries and identifying malicious uses.
In this thesis I therefore present rewasm, a new
decompiler that is able to reconstruct high-level source code
from WebAssembly binaries. This thesis describes
how rewasm converts WebAssembly's stack-based code to a
variable-based representations and applies existing
techniques to reconstruct readable source code.
I evaluate the resulting code in regards to
readability and compactness and find that in
almost all cases it
is significantly easier to understand than
the original WebAssembly or code produced by
existing tools. I also explain why WebAssembly's
design allows reconstruction of high-level
code that is guaranteed to be semantically
equivalent to the binary representation.
|
