WASM反编译,WASM逆向

腾讯安全中心的一个"码上种树"活动里遇到了一道题,用的是WebAssembly。
放一个测试的wasm地址:test.wasm

之前没有接触过,上网查了一下之后发现都是通过wabt(WebAssembly二进制工具包)中的wasm2c进行转换:
在线转换地址

转换结果:

(module
  (type $t0 (func (param i32 i32) (result i32)))
  (import "Math" "min" (func $Math.min (type $t0)))
  (import "Math" "max" (func $Math.max (type $t0)))
  (func $Run (type $t0) (param $p0 i32) (param $p1 i32) (result i32)
    (local $l2 i32) (local $l3 i32) (local $l4 i32) (local $l5 i32) (local $l6 i32) (local $l7 i32)
    local.get $p0
    local.set $l2
    i32.const 10
    i32.const 1
    i32.sub
    local.tee $l4
    if $I0
      loop $L1
        local.get $l2
        local.set $l3
        i32.const 0
        local.set $l6
        i32.const 10
        local.set $l7
        loop $L2
          local.get $l3
          i32.const 10
          i32.rem_u
          local.set $l5
          local.get $l3
          i32.const 10
          i32.div_u
          local.set $l3
          local.get $l5
          local.get $l6
          call $Math.max
          local.set $l6
          local.get $l5
          local.get $l7
          call $Math.min
          local.set $l7
          local.get $l3
          i32.const 0
          i32.gt_u
          br_if $L2
        end
        local.get $l2
        local.get $l6
        local.get $l7
        i32.mul
        i32.add
        local.set $l2
        local.get $l4
        i32.const 1
        i32.sub
        local.tee $l4
        br_if $L1
      end
    end
    local.get $l2)
  (export "Run" (func $Run)))

用wasm2c转换之后还是比较复杂,看了WebAssembly官方文档之后发现了一个工具可以转换成可读性更好的伪代码:
wasm-decompile

通过wabt工具库编译出的wasm-decomplie进行转换,清晰多了

./wabt/bin/wasm-decompile test.wasm -o test.o
import function Math_min(a:int, b:int):int;
import function Math_max(a:int, b:int):int;
export function Run(a:int, b:int):int {
  var c:int = a;
  var e:int = b - 1;
  if (e) {
    loop L_b {
      var d:int = c;
      var g:int = 0;
      var h:int = 10;
      loop L_c {
        var f:int = d % 10;
        d = d / 10;
        g = Math_max(f, g);
        h = Math_min(f, h);
        if (d > 0) continue L_c;
      }
      c = c + g * h;
      e = e - 1;
      if (e) continue L_b;
    }
  }
  return c;
}

感谢阅读!欢迎关注微信公众号”混沌前端“,获取推送更新。

你可能感兴趣的:(前端开发,CFP)