Notes on Reverse Engineering EVM Bytecode.
lib
├─ ds-test
├─ solmate
src
├─ tests
│ └─ Greeter.t — "Greeter Tests"
└─ Greeter — "A Minimal Greeter Contract"
Don't have rust installed? Run
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Then, install foundry with:
cargo install --git https://github.com/gakonst/foundry --bin forge --locked
yarn setup
yarn test
Requirement: Install r2
:
git clone https://github.com/radareorg/radare2
cd radare2 ; sys/install.sh
(UbInstall libjansson-dev:
sudo apt install libjansson-dev
Install evm
using r2pm:
r2pm -gi evm
Install the iaito graphical interface:
r2pm -ci iaito
Compile Greeter.sol
to binary code using solc
:
solc ./src/Greeter.sol --bin-runtime -o ./out/ --overwrite
ls ./out/
We need to use --bin-runtime
instead of --bin
to exclude the prepended code for blockchain placement.
Now convert the hexadecimal format from solc
into pure binary format using rax2
:
rax2 -s < ./out/Greeter.bin-runtime > ./out/Greeter.bin-runtime.bin
Analyze with r2
:
r2 -a evm ./out/Greeter.bin-runtime.bin
Then, enter aa
for the first prompt:
[0x00000000]> aa
[Warning: set your favourite calling convention in `e anal.cc=?`
[x] Analyze all flags starting with sym. and entry0 (aa)
Next, disassemble 30 instructions with pd 30
:
[0x00000000]> pd 30
┌ 1077: fcn.00000000 ();
│ 0x00000000 60
│ 0x00000001 80
...
- Radare2 Book (select
ayu
color trust me :) - Practical Eth Decompilation
- ICO Security Tips radare2
- foundry
- solmate
- Georgios Konstantopoulos for forge-template resource.
These smart contracts are being provided as is. No guarantee, representation or warranty is being made, express or implied, as to the safety or correctness of the user interface or the smart contracts. They have not been audited and as such there can be no assurance they will work as intended, and users may experience delays, failures, errors, omissions, loss of transmitted information or loss of funds. We are not liable for any of the foregoing. Users should proceed with caution and use at their own risk.