Debugging EVM bytecode with radare2

EVM debugging alchemyLet’s continue our journey into the internals of EVM bytecode. In the last post we’ve taken a look at a simple contract and how to reverse engineer it with radare2. Today we will take a look at the EVM ecosystem, how contracts are deployed, how transactions are executed.A few notes on installing radare2 and its extrasThere have been questions in the previous post about installing radare2 properly and its extensions, where the EVM plugins can be found. Well, now you can simply install these extra plugins by runningr2pm install evmAnything else should be done the way official radare2 documentation describes.Deploying a simple contract to test VMEthereum contracts may run in the different environments: in the mainnet, in testnets like Rinkeby, in private nets or in blockchain emulators like ganache-cli (former TestRPC). We will be using the latter .Nodes and users of the ethereum blockchain talk to each other via RPC calls, ganache-cli is not an exception. As soon as we start it with -v flag, it creates some test accounts and starts listening on a local port:https://medium.com/media/90a7c04de9b27a9d0e21f727857eb8fb/hrefNow, navigate your browser to http://remix.ethereum.org (note that http is important, if you connect with https your browser will refuse to...
Read more

Reversing EVM bytecode with radare2

radare2 synthwaveHowdy ya’ll. Today we will look into the insides of Ethereum Virtual Machine (EVM), how Solidity language is translated into bytecode, how the bytecode is executed in the VM. We will also talk about how we implemented a plugin for radare2 reverse-engineering framework to RE and debug code that runs on EVM.IntroWhat?If you are reading this, you have probably already heard about Ethereum blockchain and probably are already aware of its architecture and basic principles. Ethereum consists of a lot of parts and the excellent overview of them is given in . Although there are a lot of interesting parts, here we will be focusing on the Ethereum Virtual Machine, the bytecode, transactions, debugging, all the good low-level stuff. So if you have no understanding of the basic Ethereum stuff like Solidity or the overall blockchain architecture, you should probably read about those first.Why?Ethereum smart contracts’ security has been gaining more and more attention lately. However due to the novelty of this area we are still lacking good tools to use in the research process. Since not all contracts on the Ethereum blockchain have their source code published, one of such tools would be a handy reverse-engineering...
Read more