Reverse engineering of Amazon's RXVM bytecode virtual machine and its client-side bot detection / behavioral telemetry system.
| File | Description |
|---|---|
RXVM_Paper.pdf |
Full academic research paper (12 pages, peer-review format) |
A10_Report.pdf |
Visual technical report — architecture diagrams, feature importance, model analysis |
ANALYSIS.md |
Full technical writeup — architecture, all 15 payloads, data flow |
rxvm_disasm.py |
RXVM bytecode disassembler (v4) — XOR key reseeding, closure discovery |
rxc_decrypt.py |
Amazon rxc= cookie decryptor — RC4 decryption, metric stream parsing |
a10_model.py |
A10 neural network reimplementation — inference, feature importance, simulation |
a10_model_weights.json |
Extracted model weights — norms, dense, batchnorm, all layers |
extract_rx_runtime.py |
Utility to extract rx.M matrix module from Amazon page HTML |
rx_M_extracted.js |
Deobfuscated rx.M source — confirmed pass-through, no weight rescaling |
payload0_crypto_analysis.txt |
Annotated disassembly of the crypto payload with JS equivalents |
rxvm_crypto_layer_analysis.docx |
Detailed crypto layer analysis document |
rxvm_full_disasm.txt |
Complete disassembly of all 15 payloads from a live Amazon page |
python3 rxvm_disasm.py page.htmlpython3 rxvm_disasm.py -b64 "UlgB..."python3 rxc_decrypt.py "AGVoY2hlY2..."python3 a10_model.pypython3 a10_model.py --score 450 500 60 300 310 45 80 90 40 18 48 3 \
0.4 0.4 0.4 0.02 0.11 0.11 0.4 0.02 \
160 160 520 520 240 240 620 620 100 120 7The A10 model reimplementation extracts the correct architecture, features, and weights, but
all profiles currently score ~1.0. The Dense layer constructor in the bytecode passes weights
through rx.M(), a matrix module in the RXVM core JS runtime (not the bytecode payloads).
This module likely rescales the 8-bit minifloat weights at instantiation time. Without it,
BatchNorm betas dominate the pre-sigmoid value, saturating the output.
To fix: extract rx.M from the RXVM interpreter's plaintext JavaScript on Amazon pages.
All tools are pure Python 3, standard library only. No pip installs required.
Amazon Page HTML
└── rx.ex64("base64...") × 15 payloads
│
├── [0] Crypto layer (AES-128-CBC + RC4 fallback)
├── [1] Statistics library (sum, mean, stddev, float16 codec)
├── [2] Cookie fingerprint (hash(UA + SID) → fnpb key)
├── [3] State persistence (EMA tracking via encrypted localStorage)
├── [4] Bot fingerprinting (Playwright, WebDriver, ChromeDriver,
│ Puppeteer, PhantomJS, SwiftShader, headless dimension checks)
├── [5] Mouse click timing (mousedown/mouseup duration)
├── [6] Mouse movement (velocity + angular acceleration)
├── [7] Scroll behavior (scroll velocity)
├── [8] Navigation timing (visit count, session duration)
├── [9] Viewport / screen dimensions
├── [10] ML runtime (Dense, BatchNorm, ReLU, Sigmoid layers)
├── [11] ML scoring (31→16→16→1 neural net, weights inline)
├── [12] Strong interaction detection (mouse/scroll threshold gate)
├── [13] Cookie action tracking (highest interaction tier)
└── [14] AI agent detection (Perplexity browser agent regex scanning)
Responsibly disclosed to Amazon. Confirmed by Amazon.
| Date | Event |
|---|---|
| Mar 12, 2026 | Initial discovery during consumer research into A10 algorithm |
| Mar 14, 2026 | Reverse engineering complete, all tools validated across multiple pages |
| Mar 14, 2026 | Responsible disclosure submitted to Amazon Security |
| Mar 16, 2026 | Confirmed by Amazon |
Research by Nicholas Kloster (NuClide / ExileKingdom). Tools built collaboratively with Claude (Anthropic).
All analysis was performed on publicly-served JavaScript executing in the researcher's own browser. No exploitation, no circumvention, no access to Amazon's server-side systems.
MIT