Description
WebAssembly is a new low-level language that tries to enable secure near-native performance on the web and has recently seen increasing popularity. However, recent studies have also shown that it offers new opportunities for malicious attackers and that this usage is surprisingly common. On the other hand there are currently few working tools for analyzing WebAssembly binaries and identifying malicious uses. In this thesis I therefore present rewasm, a new decompiler that is able to reconstruct high-level source code from WebAssembly binaries. This thesis describes how rewasm converts WebAssembly's stack-based code to a variable-based representations and applies existing techniques to reconstruct readable source code. I evaluate the resulting code in regards to readability and compactness and find that in almost all cases it is significantly easier to understand than the original WebAssembly or code produced by existing tools. I also explain why WebAssembly's design allows reconstruction of high-level code that is guaranteed to be semantically equivalent to the binary representation.
|