logo

Hacking WebAssembly Games with Binary Instrumentation

Conference:  Defcon 27

2019-08-01

Summary

Developing a JavaScript library for targeted modifications to web assembly binaries
  • The speaker developed a JavaScript library called the Web Assembly Instrumentation Library (WHALE) for modifying web assembly binaries
  • WHALE can add, edit, or remove entries and sections from the binary
  • WHALE parses binaries as a stream to save time and memory usage
  • Binary instrumentation is the process of manipulating an application binary to aid in analysis
  • Existing tools like Wasabi and Wabbit did not meet the speaker's prerequisites for instrumenting binaries within the browser and handling large web assembly binaries
  • The speaker's library meets these prerequisites and allows for targeted modifications to web assembly binaries
The speaker tried using the existing tool Wabbit to parse a video game binary, but it took too long and ran out of memory

Abstract

WebAssembly is the newest way to play video games in your web browser. Both Unity3d and Unreal Engine now support WebAssembly, meaning the amount of WebAssembly games available is growing rapidly. Unfortunately the WebAssembly specification is missing some features game hackers might otherwise rely on. In this talk I will demonstrate adapting a number of game hacking techniques to WebAssembly while dealing with the limitations of the specification. For reverse engineers, I will show how to build and inject your own "watchpoints" for debugging WebAssembly binaries and how to insert symbols into a stripped binary. For game hackers, I will show how to use binary instrumentation to implement some old-school game hacking tricks and show off some new ones. I will be releasing two tools: a binary instrumentation library built for modifying WebAssembly binaries in the browser, and a browser extension that implements common game hacking methods a la Cheat Engine.

Materials:

Tags: