Hacker’s Perspective : Electron based Desktop Applications

jatin kumar
2 min readNov 13, 2021

--

What is Electron ?

Electron is a free and open-source software framework developed and maintained by GitHub. It allows for the development of desktop GUI applications using web technologies: it combines the Chromium rendering engine and the Node.js runtime.

Architecture

Electron applications comprise multiple processes. There is the “main” process and several “renderer” processes. The main process runs the application logic, and can then launch multiple renderer processes, rendering the windows that appear on a user’s screen rendering HTML and CSS.

Extraction

Electron apps are packed in .asar format.

Asar is a simple extensive archive format, it works like tar that concatenates all files together without compression, while having random access support.

There is command line utility asar, which is used to pack/unpack the asar archive format.

Below command can be used to install ASAR utility.

$ npm install — engine-strict asar

After unpacking the asar file, we get the source code of the application.

Analysis

  • Dynamic analysis using Chrome Developer’s tool and burpsuite.
  • Static analysis by reading , extracted JS files.

References

https://www.electronjs.org/docs/latest
https://www.google.com/googlebooks/chrome/
https://en.wikipedia.org/wiki/Electron_(software_framework)

https://github.com/electron/asar

https://www.youtube.com/watch?v=jkJWA_CWrQs

--

--

jatin kumar
jatin kumar

No responses yet