Reverse engineering the obfuscated TikTok VM

https://news.ycombinator.com/rss Hits: 17
Summary

TikTok VM Reverse Engineering (webmssdk.js) This project is for reverse engineering the TikTok Virtual Machine (VM). Overview TikTok uses a custom virtual machine (VM) as part of its obfuscation and security layers. This project includes tools to: Deobfuscate webmssdk.js that has the virtual machine. that has the virtual machine. Decompile TikTok’s virtual machine instructions into readable form. TikTok’s virtual machine instructions into readable form. Script Inject Replace webmssdk.js with the deobfuscated VM injector. Replace webmssdk.js with the deobfuscated VM injector. Sign URLs Generate signed URLs which can be used to perform auth-based requests eg. Post comments. Deobfuscating When looking at webmssdk.js you're met with a heavily obfuscated file. The main method of obfuscating Javascript is to take advantage of bracket notation which let's you index a variable using another variable. So when you see something like this: // Line 3391 of ./deobfVersions/raw.js r [ Gb [ 301 ] ] ( Gb [ 57 ] , e ) ) You have absolutely no idea what it's indexing. Each use of this method is using an array Gb defined as var Gb = [ "ydTGHdFNV" , "sNxpGNHMrpLV" , "xyrNMLEN Fpp rpMu" , "ydWyNe" , ... ] . map ( function ( a ) { return a . split ( "" ) . map ( function ( c ) { return "LsfVNxutyOcrEMpYAGdFHneaUKRXSgoJDbhqICzPZklivTmWBwQj" . indexOf ( c ) == - 1 ? c : "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" [ "LsfVNxutyOcrEMpYAGdFHneaUKRXSgoJDbhqICzPZklivTmWBwQj" . indexOf ( c ) ] } ) . join ( "" ) } ) ; As you can see we can't even read this either as it's all encoded using this string "LsfVNxutyOcrEMpYAGdFHneaUKRXSgoJDbhqICzPZklivTmWBwQj" . Because this code get's executed immediately we can simply take this snippet and run it in any console and retrieve: [ "isTrusted" , "beforeunload" , "filename too long" , "isView" , ... ] We can now see each of these strings, therefore we can use RegEx to go through the script and replace all uses of the array as seen here It will al...

First seen: 2025-04-21 04:32

Last seen: 2025-04-21 20:37

Read Full Article More from this Source
Related News
Visual Transistor-level Simulation of the 6502 CPU
2025-04-28 · 1 hits
How a Pipe Organ Works
2025-04-27 · 6 hits
TmuxAI: AI-Powered, Non-Intrusive Terminal Assistant
2025-04-27 · 10 hits
Cut: Chattanooga Civic User Testing
2025-04-27 · 5 hits
Show HN: I created snapDOM to capture DOM nodes as images with exceptional speed
2025-04-27 · 11 hits