Hacker’s Perspective : Electron based Desktop Applications
What is Electron ?
Electron is a free and open-source software framework developed and maintained by GitHub. It allows for the development of desktop GUI applications using web technologies: it combines the Chromium rendering engine and the Node.js runtime.
Architecture
Electron applications comprise multiple processes. There is the “main” process and several “renderer” processes. The main process runs the application logic, and can then launch multiple renderer processes, rendering the windows that appear on a user’s screen rendering HTML and CSS.
Extraction
Electron apps are packed in .asar format.
Asar is a simple extensive archive format, it works like tar
that concatenates all files together without compression, while having random access support.
There is command line utility asar, which is used to pack/unpack the asar archive format.
Below command can be used to install ASAR utility.
$ npm install — engine-strict asar
After unpacking the asar file, we get the source code of the application.
Analysis
- Dynamic analysis using Chrome Developer’s tool and burpsuite.
- Static analysis by reading , extracted JS files.
References
https://www.electronjs.org/docs/latest
https://www.google.com/googlebooks/chrome/
https://en.wikipedia.org/wiki/Electron_(software_framework)