Decompilers, Emulators and Moreâ
Smart Contracts are typically written in some high-level language such as Solidity, Rust and then compiled into byte code to be uploaded on the blockchain. Sometimes as a reverse engineer, you might not have the luxury of access to source code.
This is where the disassemblers, decompilers, emulators and debuggers come into play. There are some awesome tools and articles made by the community.
Sergio Anguita of Certik's blog:
- https://curiousstuff.eu/post/part-1-building-ethereum-evm-decompiler-from-scratch.-getting-opcodes/
- https://curiousstuff.eu/post/part-2-building-ethereum-evm-decompiler-from-scratch.-getting-code-blocks/
Richard Patel added Capstone disassembler for BPF.
- https://github.com/radareorg/radare2/pull/20212
- https://twitter.com/terorie_dev/status/1532459642474971191
Richard Patel Binary Ninja plugin for eBPF
14 places to learn about Solana Bytecode Format by Richard Patel
References:
Implementations:
- Rust instruction set
- Rust disassembler
- Rust interpreter
- Rust JIT compiler
- Go disassembler and interpreter
Binary Analysis:
- LLVM BPF target
- Capstone BPF disassembler
- Binary Ninja plugin (Python)
- Binary Ninja plugin (C++)
- Ghidra plugin
- Radare2 plugin
Reverse Engineering Solana with Binary Ninja:
- https://osec.io/blog/tutorials/2022-08-27-reverse-engineering-solana/
- https://twitter.com/osec_io/status/1563688394437169152
Porting the Solana eBPF JIT compiler to ARM64 by Trail of Bits
Symbolic execution of eBPF with radius2 by alkali
Addison Crump's blog on Earn $200K by fuzzing for a weekend
- https://secret.club/2022/05/11/fuzzing-solana.html
- https://secret.club/2022/05/11/fuzzing-solana-2.html
TheZero's blog on A Sneak Peek into Smart Contracts Reversing and Emulation
Will Schwab's about their experiences reverse engineering smart contract articles from bytecode and calldata: