NorthSec 2022

A snapshot of Doplik: Unwanted Software using serialized JavaScript bytecode as an anti-analysis technique
2022-05-19, 14:30–15:00, Ville-Marie

Doplik is an Unwanted Software that uses V8 snapshots with serialized JavaScript bytecode as an anti-analysis technique. We will share some of the reverse engineering challenges we faced.


Doplik is an Unwanted Software based on NW.js, which is an open-source way of writing native desktop applications using web technologies. What makes Doplik especially interesting is that instead of opting to use plaintext JavaScript, Doplik ships with binary V8 snapshots that contain serialized bytecode representation of Doplik’s source code, preventing static analysis without specialized tooling.

In this talk, we will share a deep dive on some of the reverse engineering challenges we faced and how we were able to overcome them and release an open-source Ghidra plugin to disassemble V8 snapshots.


What is the language of your talk/workshop?

English

Léanne is a security engineer at Google focusing on reverse engineering and threat intelligence. Recently graduated from ÉTS, she participated in multiple CTF and security related events with the DCIÉTS group. She has experimented with tooling, pentesting and threat hunting during her years as a student. Now focusing on reverse engineering, she is always happy to share her expertise and insight.

This speaker also appears in: