The Netherlands

Frans van Mierisstraat 131 Amsterdam

Javascript and Anti-Bot Security
Dissecting a VM

Javascript and Anti-Bot Security: Dissecting a VM
Category:  Security
Author:  Jesse Izeboud

Javascript and Anti-Bot Security: Dissecting a VM

In the realm of computing, the concept of a Virtual Machine (VM) often appears as a technological marvel. But what truly is a VM, especially when juxtaposed with its physical counterpart? Both virtual and physical machines manifest their results on the same screen and source inputs from identical keyboards. So, how do they differ?

Understanding the Virtual Paradigm

Think of our ability to digitally simulate the universe, craft computer-generated imagery, emulate musical instruments on PCs, and so on. These are all about crafting virtual replicas of real-world entities. Computers, at their essence, are mechanisms that control the flow of electrons, representing them with binary digits: 1s and 0s. A virtual machine, in essence, emulates these processes, serving as a digital counterpart to the tangible hardware.

1. The Essence of Language in Computing

Ever pondered the reason behind terming coding scripts as "languages"?

Languages, in human civilization, are tools for expressing thoughts. Be it English, German, or any of the myriad languages, each has its unique syntax and semantics, akin to artistic mediums. Similarly, programming languages exist in varieties, each tailored for specific tasks.

But all languages, whether for human interaction or computing, serve a fundamental purpose. Mathematics offers a structured way to communicate with the universe. Spoken languages convey emotions, while programming languages bridge the gap between man and machine. At the heart of these systems lies the atomic unit: in English, it's the alphabets; in quantum mechanics, it's quarks; and in computing, it's the binary digits.

However, the raw atomic unit is just a building block. The real magic lies in the rules governing these blocks. In physics, we have the four fundamental forces, and in computing, we have opcodes, the basic instructions dictating the machine's operations.

2. The Role of Memory

Without memory, machines would be severely limited in functionality. A tangible machine uses actual hardware components to store its digital states. A virtual machine, however, utilizes the memory of the physical machine it runs on. It simulates storage systems like arrays and buffers, which, though virtual, are eventually linked to physical components in the host machine.

3. The Art of Interpretation

Machines need a mechanism to decode and execute the sequences of opcodes we provide them. This interpreter translates our instructions, ensuring the machine behaves as intended. Though various tools like linkers, assemblers, and compilers play roles in this process, the underlying goal is to breathe life into the raw lines of code, much like a reader brings meaning to the words in a book.

Closing Thoughts

When delving into the world of VMs, focus on these three core aspects:

  • Opcodes: The foundational commands that dictate interactions.
  • Storage: Mechanisms like arrays or lists that preserve states.
  • Interpreter: The entity that connects the dots, guiding the machine from one opcode to the next.

For those particularly interested in antibot deobfuscation, here are some insights:

  • As of May 2021, Fingerprint js's VM boasts 51 opcodes.
  • Shape Security's VM varies, encompassing anywhere from 2 to 500 opcodes.
  • Kasada's VM varies, encompassing anywhere from 50 to 70 opcodes.

It's crucial to understand how these opcodes interlink, the nature of instruction sequences, and the core functionalities of these opcodes.

Remember, as with all things in cybersecurity, persistence and continuous learning are key.

Qain, with its extensive expertise in Anti-Bot/Javascript security, have delved deep into fully reverse engineering VM's like Kasada's VM.

Their proficiency extends to reversing Akamai's anti-bot measures and bypassing their AI security for web and mobile solutions, including less secure platforms like Datadome.

Combining all this knowledge allows us to create secure platforms. Build our own anti-bot, javascript solutions and VM's for our clients.

Need a team of experts, so you don't have to worry about security? Contact us