Skip to content

Instantly share code, notes, and snippets.

@awt-256

awt-256/i-heart-wasm-writeup.md

Created May 1, 2023 01:42
Show Gist options
  • Save awt-256/bd703c520abac0d6d352bb278ce3aacb to your computer and use it in GitHub Desktop.
Save awt-256/bd703c520abac0d6d352bb278ce3aacb to your computer and use it in GitHub Desktop.
Download ZIP
Writeup to UMDCTF 2023's i-heart-wasm challenge
Raw
i-heart-wasm-writeup.md

i-heart-wasm

After discovering that the program for i-heart-wasm was basically a recompile of https://rustwasm.github.io/wasm-bindgen/exbuild/webaudio/`, started looking into any "invisible" parts of the binary. Then noticed that there are some custom sections, each with one byte of data - ends up being that the bytes combined = the flag.


parsing library used : https://github.com/wasmkit/wasmkit-node/blob/vBETA-archive/parser.js

const wasmBinary = await fetch("https://i-heart-wasm.chall.lol/pkg/wasm_test_bg.wasm").then(r => r.arrayBuffer());

const wasm = WASMParser.parseWASM(wasmBinary)

let flagBytes = [];
for (const idx in wasm.sections.customs) {
    if (isNaN(idx)) continue;
    flagBytes[idx] = wasm.sections.customs[idx][0];
}
const flag = String.fromCharCode(...flagBytes.reverse());
console.log(flag)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment