WASM introduction

Root-me challenge: Do you know WebAssembly? Find the password that validates this crackme.

  1. A Web assembly file is loaded: http://challenge01.root-me.org/cracking/ch41/index.wasm.

  2. Decompile index.wasm with tools from the WebAssembly Binary Toolkit.

  3. Analysis

  • Look at $check_password code. Password is MD5 hashed.

  • At the end of the file some constant values are defined.

  1. Use, for example, the hashes website to decrypt.

  2. Enter the decrypted password in the site to get the flag.