TheDude
/
mythril
mirror of https://github.com/ConsenSys/mythril
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 Commits
97 Branches
171 Tags
59 MiB
 
 
 
 
 
 
Tag: Branch: Tree: ec3b7fc094
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ec3b7fc094'
${ noResults }
Bernhard Mueller ec3b7fc094
Update docs 		7 years ago
ether Add tracing functionality 7 years ago
.gitignore Refactor & fix cmdline parsing 7 years ago
LICENSE.md Initial commit 7 years ago
README.md Update docs 7 years ago
code.bin Update docs 7 years ago
code_bin Update docs 7 years ago
code_compiled Update docs 7 years ago
incode Update docs 7 years ago
lol Update docs 7 years ago
mythril.py Update docs 7 years ago
requirements.txt Initial commit 7 years ago
util.py Update docs 7 years ago

README.md

Mythril

Mythril is an assembler and disassembler for Ethereum VM bytecode. It was created for low-level testing/fuzzing of EVM implementations.

Installation

Clone the git repo:

$ git clone https://github.com/b-mueller/mythril/
$ pip install -r requirements.txt

Usage

To disassemble a piece of bytecode, pass it on the command line:

$ ./mythril.py -d -c "0x606060405050"
PUSH1 0x60
PUSH1 0x40
POP
POP

Modifying and re-assembling code

Mythril can assemble code from input files that contain one instruction per line. To start from an existing contract, save the disassembly to a text file:

$ ./mythril.py -d -c "0x606060405050" -o code.easm

Edit the instructions in a text editor. For example, we can modify the PUSH instructions from the original example:

PUSH2 0x4050
PUSH4 0x60708090
POP
POP

Save the file and run Mythril with the -a flag to re-assemble:

$ ./mythril.py -a code.easm 
0x61405063607080905050

The virtual machine language is described in the Ethereum Yellowpaper.

Tracing EVM execution

You can run a piece of bytecode in the PyEthereum VM and trace its execution using the -t flag. This will output the instructions executed as well as the state of the stack for every execution step. You can run code directly from the command line,.

$ ./mythril.py -t -c "0x606060405050"
vm stack=[] op=PUSH1 steps=0 pc=b'0' address=b'\x01#Eg\x89\xab\xcd\xef\x01#Eg\x89\xab\xcd\xef\x01#Eg' depth=0 pushvalue=96 gas=b'1000000' storage={'code': '0x', 'nonce': '0', 'balance': '0', 'storage': {}} inst=96
vm stack=[b'96'] op=PUSH1 steps=1 depth=0 pushvalue=64 gas=b'999997' pc=b'2' inst=96
vm stack=[b'96', b'64'] op=POP steps=2 depth=0 gas=b'999994' pc=b'4' inst=80
vm stack=[b'96'] op=POP steps=3 depth=0 gas=b'999992' pc=b'5' inst=80

For larger contracts, you might prefer to compile them to a binary file instead:

$ ./mythril.py -a contract.easm -o contract.bin
$ ./mythril.py --trace -f contract.bin

Disassembling a contract from the Ethereum blockchain

You can also load code from an existing contract in the Ethereum blockchain. For this, you need to have a full node running, and the RPC debug interface must be activated. For example, when running geth you can do this as follows:

$ geth --syncmode full --rpc --rpcapi eth,debug

To load contract code from your node, pass the TxID of the transaction that created the contract:

$ ./mythril.py -d --txid 0x23112645da9ae684270de843faaeb44918c79a09e019d3a6cf8b87041020340e -o some_contract.easm

Note: If you want to get code from the Ethereum mainnet, it is easier to download it from Etherscan.