OK, OK, I know what you're thinking...
GCHQ? You mean the guys who spy on everyone for no reason?
Right, yes. But this tool is genuinely a life-saver to any developer who needs to do any kind of
data processing or messing around with different data types. It's also given me exposure to lots of
different technologies when developing features for it.
Adventures in porting C libraries to WebAssembly
Taking feature requests from the info-sec community is a core part of working on CyberChef, and one of the
most common in early 2019 was YARA support. YARA is a tool developed by VirusTotal for matching malware
to known signatures based on simple rules and is widely used by security analysts.
I started looking at the documentation for YARA and quickly realised it was going to be a significant
amount of work to
re-implement the query language fully for a product I didn't know the core functionality of at the time
but upon further
investigation discovered a C library which
was used under
the hood by the application.
Upon seeing this I realised I could use it with a wrapper library written in C++ to interface with YARA's
own application logic.
I'd heard of emscripten before as a tool to used to compile C/C++ to WebAssembly but hadn't used it
after the Spectre/Meltdown disclosures, threading support was disabled as it required direct access to
system memory which could
be exploited to trigger a Spectre-based attack. After much sed-hacking (as can be seen here in the CMakeLists.txt) and
getting the full OpenSSL library to compile, libyara-wasm worked!
After this, it was just a matter of making an operation for it in CyberChef - and it was ready for
release. It became rather
popular in the info-sec community and I believe it is still used today. After this I used the same
techniques to add bzip2 compression support (libbzip2-wasm) which was completed in mid 2019.
Over the past 4+ years of contributing, I've also worked on:
- PGP & RSA Key Generation and Encryption
- Charting of data
- Rotation, Bifid, Affine & Vigenere Ciphers
- Overhaul of codebase to ES6
- Overhauling CI to use GitHub Actions
- Many bugfixes