Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Bernhard Mueller a425181b6a Remove 'assemble' function 7 years ago
ether Change encoding to UTF-8 7 years ago
rpc Add simple search 7 years ago
.gitignore Add contract search 7 years ago
LICENSE Refactor and add setup.py 7 years ago
README.md Update README 7 years ago
contractstorage.py Obtain contract code from database 7 years ago
ethcontract.py Add contract search 7 years ago
mythril Remove 'assemble' function 7 years ago
requirements.txt Refactor and add setup.py 7 years ago
setup.py Update setup.py 7 years ago

README.md

Mythril

Mythril is an assembler and disassembler for Ethereum VM bytecode. It was created for low-level testing/fuzzing of EVM implementations.

Installation

Install from Pypi:

$ pip install mythril

Or, clone the GitHub repo to install the newest master branch:

$ git clone https://github.com/b-mueller/mythril/
$ cd mythril
$ python setup.py install

Usage

To disassemble a piece of bytecode, pass it on the command line:

$ mythril -d -c "0x606060405050"
PUSH1 0x60
PUSH1 0x40
POP
POP

Modifying and re-assembling code

Mythril can assemble code from input files that contain one instruction per line. To start from an existing contract, save the disassembly to a text file:

$ mythril -d -c "0x606060405050" -o code.easm

Edit the instructions in a text editor. For example, we can modify the PUSH instructions from the original example:

PUSH2 0x4050
PUSH4 0x60708090
POP
POP

Save the file and run Mythril with the -a flag to re-assemble:

$ mythril -a code.easm 
0x61405063607080905050

The virtual machine language is described in the Ethereum Yellowpaper.

Tracing EVM execution

You can run a piece of bytecode in the PyEthereum VM and trace its execution using the -t flag. This will output the instructions executed as well as the state of the stack for every execution step. To run code from the command line, use:

$ ./mythril.py -t -c "0x606060405050"
vm stack=[] op=PUSH1 steps=0 pc=b'0' address=b'\x01#Eg\x89\xab\xcd\xef\x01#Eg\x89\xab\xcd\xef\x01#Eg' depth=0 pushvalue=96 gas=b'1000000' storage={'code': '0x', 'nonce': '0', 'balance': '0', 'storage': {}} inst=96
vm stack=[b'96'] op=PUSH1 steps=1 depth=0 pushvalue=64 gas=b'999997' pc=b'2' inst=96
vm stack=[b'96', b'64'] op=POP steps=2 depth=0 gas=b'999994' pc=b'4' inst=80
vm stack=[b'96'] op=POP steps=3 depth=0 gas=b'999992' pc=b'5' inst=80

For larger contracts, you might prefer to compile them to a binary file instead:

$ mythril -a contract.easm -o contract.bin
$ mythril --trace -f contract.bin

Disassembling a contract from the Ethereum blockchain

You can also load code from an existing contract in the Ethereum blockchain. For this, you need to have a full node running, and the RPC debug interface must be activated. For example, when running geth you can do this as follows:

$ geth --syncmode full --rpc --rpcapi eth,debug

To load contract code from your node, pass the TxID of the transaction that created the contract:

$ mythril -d --txid 0x23112645da9ae684270de843faaeb44918c79a09e019d3a6cf8b87041020340e -o some_contract.easm

Note: If you want to get code from the Ethereum mainnet, it is easier to download it from Etherscan.

Credit

JSON RPC library is adapted from ethjsonrpc (it doesn't seem to be maintained anymore, and I needed to make some changes to it).