undefined | Better HN

0 pointsmsandford10y ago0 comments

Right now most javascript is readable-ish and if you see something totally unreadable, that's a good indication it's probably malware.

Once you have machine code that's not terribly human readable it gets a lot easier to hide things.

0 comments

6 comments · 3 top-level

moron4hire10y ago· 3 in thread

I take it you don't know what a minifier is or how it can save upwards of 50% of your payload size.

msandfordOP10y ago

I absolutely do, but thanks for being condescending nonetheless.

Read C source. Then go read the machine code that C compiles into. I assure you that the C is far, far more readable even if you've HEAVILY obfuscated it.

In order to better understand this, I present you with a StackOverflow answer: http://stackoverflow.com/a/331474

This:

int get_int(int c);

int main(void) {

    int a = 1, b = 2;

    return getCode(a) + b;

}

Might yield this:

00000000 <main>:

int get_int(int c);

int main(void) { /* here, the prologue creates the frame for main /

   0:   8d 4c 24 04             lea    0x4(%esp),%ecx

   4:   83 e4 f0                and    $0xfffffff0,%esp

   7:   ff 71 fc                pushl  -0x4(%ecx)

   a:   55                      push   %ebp

   b:   89 e5                   mov    %esp,%ebp

   d:   51                      push   %ecx

   e:   83 ec 14                sub    $0x14,%esp

    int a = 1, b = 2; /* setting up space for locals */

  11:   c7 45 f4 01 00 00 00    movl   $0x1,-0xc(%ebp)

  18:   c7 45 f8 02 00 00 00    movl   $0x2,-0x8(%ebp)

    return getCode(a) + b;

  1f:   8b 45 f4                mov    -0xc(%ebp),%eax

  22:   89 04 24                mov    %eax,(%esp)

  25:   e8 fc ff ff ff          call   26 <main+0x26>

  2a:   03 45 f8                add    -0x8(%ebp),%eax

} / the epilogue runs, returning to the previous frame */ 2d: 83 c4 14 add $0x14,%esp

  30:   59                      pop    %ecx

  31:   5d                      pop    %ebp

  32:   8d 61 fc                lea    -0x4(%ecx),%esp

  35:   c3                      ret

I don't know why people find this notion that web assembly probably will make it easier to hide nefarious payloads so offensive. It's demonstrably true! People find out about open source projects "calling home" much, much faster than they do closed source projects.

Go look at the spec. It's at a much lower level of abstraction than JavaScript is. https://github.com/WebAssembly/design/blob/master/AstSemanti...

Semiapies10y ago

There's no real size difference if you gzip it at the webserver.

moron4hire10y ago

That is incorrect. Theoretically, it should be true, but in practice it is not. You get the most savings by minifying and gzipping.

1 more reply

untog10y ago

if you see something totally unreadable, that's a good indication it's probably malware.

That's definitely not true. Minified JS is everywhere.

wtetzner10y ago

This is already true for plenty of "compile-to-javascript" languages. The textual format of wasm should be as easy to read as the output of those languages, if not easier.

j / k navigate · click thread line to collapse

0 comments

6 comments · 3 top-level

moron4hire10y ago· 3 in thread

I take it you don't know what a minifier is or how it can save upwards of 50% of your payload size.

msandfordOP10y ago

I absolutely do, but thanks for being condescending nonetheless.

Read C source. Then go read the machine code that C compiles into. I assure you that the C is far, far more readable even if you've HEAVILY obfuscated it.

In order to better understand this, I present you with a StackOverflow answer: http://stackoverflow.com/a/331474

This:

int get_int(int c);

int main(void) {

    int a = 1, b = 2;

    return getCode(a) + b;

}

Might yield this:

00000000 <main>:

int get_int(int c);

int main(void) { /* here, the prologue creates the frame for main /

   0:   8d 4c 24 04             lea    0x4(%esp),%ecx

   4:   83 e4 f0                and    $0xfffffff0,%esp

   7:   ff 71 fc                pushl  -0x4(%ecx)

   a:   55                      push   %ebp

   b:   89 e5                   mov    %esp,%ebp

   d:   51                      push   %ecx

   e:   83 ec 14                sub    $0x14,%esp

    int a = 1, b = 2; /* setting up space for locals */

  11:   c7 45 f4 01 00 00 00    movl   $0x1,-0xc(%ebp)

  18:   c7 45 f8 02 00 00 00    movl   $0x2,-0x8(%ebp)

    return getCode(a) + b;

  1f:   8b 45 f4                mov    -0xc(%ebp),%eax

  22:   89 04 24                mov    %eax,(%esp)

  25:   e8 fc ff ff ff          call   26 <main+0x26>

  2a:   03 45 f8                add    -0x8(%ebp),%eax

} / the epilogue runs, returning to the previous frame */ 2d: 83 c4 14 add $0x14,%esp

  30:   59                      pop    %ecx

  31:   5d                      pop    %ebp

  32:   8d 61 fc                lea    -0x4(%ecx),%esp

  35:   c3                      ret

Go look at the spec. It's at a much lower level of abstraction than JavaScript is. https://github.com/WebAssembly/design/blob/master/AstSemanti...

Semiapies10y ago

There's no real size difference if you gzip it at the webserver.

moron4hire10y ago

That is incorrect. Theoretically, it should be true, but in practice it is not. You get the most savings by minifying and gzipping.

1 more reply

untog10y ago

if you see something totally unreadable, that's a good indication it's probably malware.

That's definitely not true. Minified JS is everywhere.

wtetzner10y ago

This is already true for plenty of "compile-to-javascript" languages. The textual format of wasm should be as easy to read as the output of those languages, if not easier.

j / k navigate · click thread line to collapse