🍷Reverse Engineering Bytecode

Ethereum Bytecode Reverse engineering

Below code can be used to get the hex encoding in a proper format

from web3 import Web3

INFURA = 'https://mainnet.infura.io/v3/<API KEY>'

# Connect to Blockchain

web3 = Web3(Web3.HTTPProvider(INFURA))
print(f'Connected: {web3.is_connected()}')


# Connect to contract

target_address = web3.to_checksum_address("0x514910771AF9Ca656af840dff83E8264EcF986CA")

print(web3.from_wei(web3.eth.get_balance(target_address), 'ether'))

print(web3.to_hex(web3.eth.get_code(target_address)))

# OUTPUT

Connected: True
0
0x606060405236156100b75763ffffffff7c010000000000000000000000000000000000000000000000000000000060003504166306fdde0381146100bc578063095ea7b31461014757806318160ddd1461017d57806323b872dd146101a2578063313ce567146101de5780634000aea014610207578063661884631461028057806370a08231146102b657806395d89b41146102e7578063a9059cbb14610372578063d73dd623146103a8578063dd62ed3e146103de575b600080fd5b34156100c757600080fd5b6100cf610415565b60405160208082528190810183818151815260200191508051906020019080838360005b8381101561010c5780820151818401525b6020016100f3565b50505050905090810190601f1680156101395780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b341561015257600080fd5b610169600160a060020a036004351660243561044c565b604051901515815260200160405180910390f35b341561018857600080fd5b610190610499565b60405190815260200160405180910390f35b34156101ad57600080fd5b610169600160a060020a03600435811690602435166044356104a9565b604051901515815260200160405180910390f35b34156101e957600080fd5b6101f16104f8565b60405160ff909116815260200160405180910390f35b341561021257600080fd5b61016960048035600160a060020a03169060248035919060649060443590810190830135806020601f820181900481020160405190810160405281815292919060208401838380828437509496506104fd95505050505050565b604051901515815260200160405180910390f35b341561028b57600080fd5b610169600160a060020a036004351660243561054c565b604051901515815260200160405180910390f35b34156102c157600080fd5b610190600160a060020a0360043516610648565b60405190815260200160405180910390f35b34156102f257600080fd5b6100cf610667565b60405160208082528190810183818151815260200191508051906020019080838360005b8381101561010c5780820151818401525b6020016100f3565b50505050905090810190601f1680156101395780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b341561037d57600080fd5b610169600160a060020a036004351660243561069e565b604051901515815260200160405180910390f35b34156103b357600080fd5b610169600160a060020a03600435166024356106eb565b604051901515815260200160405180910390f35b34156103e957600080fd5b610190600160a060020a0360043581169060243516610790565b60405190815260200160405180910390f35b60408051908101604052600f81527f436861696e4c696e6b20546f6b656e0000000000000000000000000000000000602082015281565b600082600160a060020a03811615801590610479575030600160a060020a031681600160a060020a031614155b151561048457600080fd5b61048e84846107bd565b91505b5b5092915050565b6b033b2e3c9fd0803ce800000081565b600082600160a060020a038116158015906104d6575030600160a060020a031681600160a060020a031614155b15156104e157600080fd5b6104ec85858561082a565b91505b5b509392505050565b601281565b600083600160a060020a0381161580159061052a575030600160a060020a031681600160a060020a031614155b151561053557600080fd5b6104ec85858561093c565b91505b5b509392505050565b600160a060020a033381166000908152600260209081526040808320938616835292905290812054808311156105a957600160a060020a0333811660009081526002602090815260408083209388168352929052908120556105e0565b6105b9818463ffffffff610a2316565b600160a060020a033381166000908152600260209081526040808320938916835292905220555b600160a060020a0333811660008181526002602090815260408083209489168084529490915290819020547f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925915190815260200160405180910390a3600191505b5092915050565b600160a060020a0381166000908152600160205260409020545b919050565b60408051908101604052600481527f4c494e4b00000000000000000000000000000000000000000000000000000000602082015281565b600082600160a060020a038116158015906106cb575030600160a060020a031681600160a060020a031614155b15156106d657600080fd5b61048e8484610a3a565b91505b5b5092915050565b600160a060020a033381166000908152600260209081526040808320938616835292905290812054610723908363ffffffff610afa16565b600160a060020a0333811660008181526002602090815260408083209489168084529490915290819020849055919290917f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b92591905190815260200160405180910390a35060015b92915050565b600160a060020a038083166000908152600260209081526040808320938516835292905220545b92915050565b600160a060020a03338116600081815260026020908152604080832094871680845294909152808220859055909291907f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b9259085905190815260200160405180910390a35060015b92915050565b600160a060020a03808416600081815260026020908152604080832033909516835293815283822054928252600190529182205461086e908463ffffffff610a2316565b600160a060020a0380871660009081526001602052604080822093909355908616815220546108a3908463ffffffff610afa16565b600160a060020a0385166000908152600160205260409020556108cc818463ffffffff610a2316565b600160a060020a03808716600081815260026020908152604080832033861684529091529081902093909355908616917fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef9086905190815260200160405180910390a3600191505b509392505050565b60006109488484610a3a565b5083600160a060020a031633600160a060020a03167fe19260aff97b920c7df27010903aeb9c8d2be5d310a2c67824cf3f15396e4c16858560405182815260406020820181815290820183818151815260200191508051906020019080838360005b838110156109c35780820151818401525b6020016109aa565b50505050905090810190601f1680156109f05780820380516001836020036101000a031916815260200191505b50935050505060405180910390a3610a0784610b14565b15610a1757610a17848484610b23565b5b5060015b9392505050565b600082821115610a2f57fe5b508082035b92915050565b600160a060020a033316600090815260016020526040812054610a63908363ffffffff610a2316565b600160a060020a033381166000908152600160205260408082209390935590851681522054610a98908363ffffffff610afa16565b600160a060020a0380851660008181526001602052604090819020939093559133909116907fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef9085905190815260200160405180910390a35060015b92915050565b600082820183811015610b0957fe5b8091505b5092915050565b6000813b908111905b50919050565b82600160a060020a03811663a4c0ed363385856040518463ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004018084600160a060020a0316600160a060020a0316815260200183815260200180602001828103825283818151815260200191508051906020019080838360005b83811015610bbd5780820151818401525b602001610ba4565b50505050905090810190601f168015610bea5780820380516001836020036101000a031916815260200191505b50945050505050600060405180830381600087803b1515610c0a57600080fd5b6102c65a03f11515610c1b57600080fd5b5050505b505050505600a165627a7a72305820c5f438ff94e5ddaf2058efa0019e246c636c37a622e04bb67827c7374acad8d60029

Automated Disassembly

Pyevmasm

# Installation
pip install pyevmasm

# Disassembly
echo -n "608060405260043610603f57600035" | evmasm -d > disassemble.txt

Python EVM Bytecode Function Bruteforce Application

import re, requests
from colorama import Fore

bytecode = "<ADD_TARGET_BYTECODE"
signatures = "signaturesDB.txt"

#--------------Start Signature Loop-----------------------------#
for signature in open(signatures, 'r'):
    signature = str(signature.strip())
 
 #Does this signature Exist in Bytecode, if so do a lookup
    if signature in bytecode:
        r = requests.get('https://api.etherface.io/v1/signatures/hash/all/'+signature+"/1", verify=False)
        matches = re.findall(r'(?<="text":")(.*?)(?=",)', r.text)
        
 #Print things out and do error checks       
        if r.status_code == 200 and matches :
            print(f' {Fore.GREEN}Signature found:')
            print(f'{Fore.WHITE}Possible Function Values for {signature}:')
            for match in matches:   
                print(f'{Fore.YELLOW}            - {match}')
                
        elif r.status_code != 200:
            print(f'{Fore.RED}Signature Not Found: {signature} returned {r.status_code} (Might be False Positive)')
#--------------END Signature Loop-----------------------------#

print(Fore.WHITE)

Python EVM Bytecode Function Reversing from Assembly

This code is slightly more enhanced version from the previous reversing code. Here, we are first getting the assembly function signatures from the bytecode and then matching those function signatures against our database. It takes less amount of time to complete the process of bruteforcing since we are not matching every signatures in our database with the bytecode signatures.

from pyevmasm import  disassemble_hex 
import re, requests
from colorama import Fore


disass = disassemble_hex("<ADD_BYTECODE").split("\n")
signatures = [line.strip() for line in open("SignaturesDB.txt")]
signature_from_asm = []

def getFunctionsFromASM():
    for instruction in disass: 
        if (len(instruction) == 16) and (instruction[-8:] not in signature_from_asm):
                signature_from_asm.append(instruction[-8:])


def onlineFunctionLookup():
    for signature in signature_from_asm:
        if signature in signatures:
                r = requests.get(f"https://api.etherface.io/v1/signatures/hash/all/{signature}/1", verify=False)
                matches = re.findall(r'(?<="text":")(.*?)(?=",)', r.text)

            
                if r.status_code == 200 and matches :
                    print(f' {Fore.GREEN}Signature found:')
                    print(f'{Fore.WHITE}Possible Function Values for {signature}:')
                    for match in matches:   
                        print(f'{Fore.YELLOW}            - {match}')
                    
                elif r.status_code != 200:
                    print(f'{Fore.RED}Signature Not Found: {signature} returned {r.status_code} (Might be False Positive)')

    print(Fore.WHITE)

getFunctionsFromASM()
onlineFunctionLookup()

REFRENCES

PreviousInteract with WalletsNextSign Transactions

Last updated