
Show HN: Smart contract decompiler that uses symbolic execution - kolinko
Hi All,
I released an EVM&#x2F;Solidity decompiler recently, here:<p><a href="http:&#x2F;&#x2F;www.eveem.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.eveem.org&#x2F;</a><p>Since it uses symbolic execution underneath, the results are quite awesome.<p>There is also an api that delivers a .json &#x2F; middle language representation of every contract here: <a href="http:&#x2F;&#x2F;eveem.org&#x2F;code&#x2F;{{address}" rel="nofollow">http:&#x2F;&#x2F;eveem.org&#x2F;code&#x2F;{{address}</a>}.json<p>The plan is to open-source it as soon as I clean up the code a bit. Spent the last two month crunch-time to get it delivered from scratch :)
======
amelius
I bet most people here (like me) don't know what EVM/Solidity is all about. Do
you have a link with introductory information?

~~~
corysama
[https://wikipedia.org/wiki/Solidity](https://wikipedia.org/wiki/Solidity)

[https://solidity.readthedocs.io/en/v0.5.1/](https://solidity.readthedocs.io/en/v0.5.1/)

------
antpls
For people like me not directly working on the field of smart contracts : does
a solidity decompiler solve a specific problem or was it for fun?

I thought the point of smart contracts was that the source code is available
and auditable by everyone, so there would be no need for a decompiler

------
mewwts
Super curious to how this works - care to elaborate a bit? Any chance you
could use this to decompile arbitrary contracts into ABIs?

~~~
davesque
As in getting an interface definition file? My guess would be no. I don't
believe that compiled methods are annotated with any type information for the
arguments or anything else. You might be able to infer something about the ABI
by looking for common snippets of byte code used for decoding values from the
message call input. But that probably wouldn't be consistently reliable and
might also not always indicate the exact type being decoded.

But I could be wrong.

------
hboon
This is pretty cool.

This looks like it'll be useful for my work. Is 4bytes.directory the only
source of function signatures?

~~~
kolinko
Thanks :)

I used 4bytes initially, but then built my own internal directory that is more
precise (has parameter names, and a slightly larger database).

I plan to open-source it, along with the better 4 bytes :)

Over the weekend, we're hacking something off the data provided through the
unofficial API - you can check it out here:

[https://github.com/kolinko/showmewhatyougot](https://github.com/kolinko/showmewhatyougot)

(python showme.py {address})

the sources are relatively easy to understand, and allow for some nice
contract analysis

~~~
hboon
What a small world. I read "Over the weekend" and clickthrough to your repo. I
was at ETHSingapore the last 2 days (but wouldn't be there on Sunday). Good
luck to your presentation tomorrow!

------
xbt_fan
Good stuff!!

Does your API work for test-nets? Also, what do you think the future of this
project is?

------
zygotic12
You are Batman.

