←back to thread

Reverse engineering the obfuscated TikTok VM

(github.com)
412 points xfeeefeee | 1 comments | 21 Apr 25 01:59 UTC | HN request time: 0.207s | source
Show context
xfeeefeee ◴[21 Apr 25 01:59 UTC] No.43747922[source]
The fascinating process of reverse engineering this VM is detailed here.

TikTok uses a custom virtual machine (VM) as part of its obfuscation and security layers. This project includes tools to:

Deobfuscate webmssdk.js that has the virtual machine.

Decompile TikTok’s virtual machine instructions into readable form.

Script Inject Replace webmssdk.js with the deobfuscated VM injector.

Sign URLs Generate signed URLs which can be used to perform auth-based requests eg. Post comments.

replies(2): >>43748699 #>>43754044 #
noduerme ◴[21 Apr 25 05:22 UTC] No.43748699[source]
Is calling a massive embedded JS obfuscator a "VM" a bit of a stretch? Ultimately it's not translating anything to a lower-level language.

Still, I had no idea. This is really taking JS obfuscation to the next level.

One kind of wonders, what is the purpose of that level of obfuscation? The naive take is that obfuscation is usually to protect intellectual property... but this is client-side code that wouldn't give away anything about their secret sauce algorithm.

replies(3): >>43748760 #>>43748939 #>>43748965 #
throwaway48476 ◴[21 Apr 25 05:37 UTC] No.43748760[source]
VM obfuscation is a common technique for malware developers.

The VM term is applied because the obfuscator creates a custom instruction set and executes custom byte code. This is generated per build.

replies(1): >>43750450 #
1. noduerme ◴[21 Apr 25 10:55 UTC] No.43750450[source]
I appreciate you making the distinction that anything which creates a custom instruction set is thus a VM. I think that's the way a lot of people here who are currently at my throat seem to define it, so I'm glad you put it in clear terms. I would define it as a custom instruction set plus some sort of plug-in that allows those opcodes to be run closer to the metal than the language they're written in. FWIW I'd call this thing more of an obfuscation framework. But maybe I'm just a dino. I am really glad you made this comment, though. It clarified for me why so many people went bananas when I said this wasn't a VM.