top | item 18632784

Show HN: Smart contract decompiler that uses symbolic execution

68 points| kolinko | 7 years ago | reply

Hi All, I released an EVM/Solidity decompiler recently, here:

http://www.eveem.org/

Since it uses symbolic execution underneath, the results are quite awesome.

There is also an api that delivers a .json / middle language representation of every contract here: http://eveem.org/code/{{address}}.json

The plan is to open-source it as soon as I clean up the code a bit. Spent the last two month crunch-time to get it delivered from scratch :)

10 comments

[+] amelius|7 years ago|reply

I bet most people here (like me) don't know what EVM/Solidity is all about. Do you have a link with introductory information?

[+] corysama|7 years ago|reply

https://wikipedia.org/wiki/Solidity

https://solidity.readthedocs.io/en/v0.5.1/

[+] antpls|7 years ago|reply

For people like me not directly working on the field of smart contracts : does a solidity decompiler solve a specific problem or was it for fun?

I thought the point of smart contracts was that the source code is available and auditable by everyone, so there would be no need for a decompiler

[+] mewwts|7 years ago|reply

Super curious to how this works - care to elaborate a bit? Any chance you could use this to decompile arbitrary contracts into ABIs?

[+] davesque|7 years ago|reply

As in getting an interface definition file? My guess would be no. I don't believe that compiled methods are annotated with any type information for the arguments or anything else. You might be able to infer something about the ABI by looking for common snippets of byte code used for decoding values from the message call input. But that probably wouldn't be consistently reliable and might also not always indicate the exact type being decoded.

But I could be wrong.

[+] hboon|7 years ago|reply

This is pretty cool.

This looks like it'll be useful for my work. Is 4bytes.directory the only source of function signatures?

[+] kolinko|7 years ago|reply

Thanks :)

I used 4bytes initially, but then built my own internal directory that is more precise (has parameter names, and a slightly larger database).

I plan to open-source it, along with the better 4 bytes :)

Over the weekend, we're hacking something off the data provided through the unofficial API - you can check it out here:

https://github.com/kolinko/showmewhatyougot

(python showme.py {address})

the sources are relatively easy to understand, and allow for some nice contract analysis

[+] xbt_fan|7 years ago|reply

Good stuff!!

Does your API work for test-nets? Also, what do you think the future of this project is?

[+] zygotic12|7 years ago|reply

You are Batman.