whatisgithub

What is recaptcha-vm?

elyelysiox/recaptcha-vm — explained in plain English

Analysis updated 2026-05-18

18RustAudience · researcherComplexity · 5/5Setup · hard

In one sentence

A Rust research project that decodes and disassembles the custom bytecode virtual machine reCAPTCHA runs in the browser to collect fingerprinting signals.

Mindmap

mindmap
  root((recaptcha-vm))
    What it does
      Decrypts reCAPTCHA bytecode
      Disassembles VM instructions
      Analyzes control flow
    Tech stack
      Rust
      Bytecode interpreter
    Use cases
      Study reCAPTCHA's fingerprinting logic
      Reverse engineer obfuscated bytecode
      Research bot detection internals
    Audience
      Security researchers
      Reverse engineers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Decrypt and read the configuration and main bytecode reCAPTCHA loads into the browser

USE CASE 2

Disassemble reCAPTCHA's bytecode into a human-readable list of instructions

USE CASE 3

Study the 42 documented opcodes covering arithmetic, property access, and event handling

USE CASE 4

Analyze the control flow graph of reCAPTCHA's fingerprint collection logic

What is it built with?

Rust

How does it compare?

elyelysiox/recaptcha-vmadindazu/ultimatevocalapplicative-systems/gcan
Stars181818
LanguageRustRustRust
Setup difficultyhardmoderateeasy
Complexity5/52/52/5
Audienceresearcherdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Requires strong familiarity with Rust, bytecode interpreters, and XOR-based obfuscation, the decompiler module is still incomplete.

License is not stated in the provided text.

So what is it?

This is a Rust-based research project that reverse-engineers the virtual machine Google embeds inside reCAPTCHA. reCAPTCHA runs a custom bytecode interpreter inside your browser to collect fingerprinting signals (mouse movement, timing, browser properties, and so on) before deciding whether to show a challenge. This project documents and implements the tools to read and analyze that bytecode. The repository contains four components. The bytecode module handles decoding and decrypting the two forms of bytecode the VM uses. The configuration bytecode is loaded first, carrying encrypted strings and encryption keys, it is decrypted by XOR-folding two separate keys to produce a seed, then running a linear congruential generator over the encrypted bytes. The main bytecode is dynamically constructed inside reCAPTCHA's JavaScript and contains the fingerprint collection logic, it is encrypted separately during execution and decrypted at VM boot. The disassembler module reads the decrypted bytecode and translates it into a human-readable list of instructions. The project documents all 42 opcodes in the VM's instruction set, covering arithmetic, string operations, property access on JavaScript objects and the window, conditional jumps, function calls, event handling, and several specialized operations like obtaining the current performance timestamp or decrypting an encrypted string from the character set. The VM runs with 2048 registers. The instruction pointer and register indices are encoded as variable-length 7-bit continuation integers. The decompiler module is partially complete. The control flow graph analyzer (which maps the branching structure of the bytecode) and the instruction lifter (which converts raw instructions into a higher-level representation) are done, but the full decompiler output is still a work in progress. The encryption module handles the payload encryption functions the VM uses when sending signals back out of the browser context. This project is aimed at security researchers, bot-detection analysts, and developers who need to understand what reCAPTCHA is measuring inside their users' browsers. Reading the code requires comfort with Rust and with concepts like bytecode interpreters and XOR-based obfuscation.

Copy-paste prompts

Prompt 1
Explain how the configuration bytecode decryption process works in this project
Prompt 2
Walk me through the 42 opcodes this VM disassembler documents
Prompt 3
Help me understand the difference between the configuration bytecode and the main bytecode
Prompt 4
Show me what the control flow graph analyzer does with decoded VM instructions

Frequently asked questions

What is recaptcha-vm?

A Rust research project that decodes and disassembles the custom bytecode virtual machine reCAPTCHA runs in the browser to collect fingerprinting signals.

What language is recaptcha-vm written in?

Mainly Rust. The stack also includes Rust.

What license does recaptcha-vm use?

License is not stated in the provided text.

How hard is recaptcha-vm to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is recaptcha-vm for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.