porosity
Alternatives
As you can see Porosity is now unmaintained, we recommend JEB Decompiler for smart-contracts by Nicolas Failliere as an alternative.
Why is it unmaintained? After some initial research on Ethereum Smart-Contracts and Ethereum Virtual Machine, I came to the conclusion that the foundation of Ethereum were not strong enough to be a sustainable long term and that spending time on it was a waste of time. We will surely see alternative languages that will take over Ethereum for the smart-contract platforms. The most shocking part is that decades of work on secure languages and secure virtual machines has been done prior the existance of Ethereum (and other DLT languages/platforms) and it had been totally ignored from the beginning.
We also recommend you to read @msuiche blogpost from December 2017 on the future of smart-contract languages.
Getting Started
| Platform | Status |
|---|---|
| Windows | |
| Linux. | Supported |
| Mac OS X. | Supported |
Overview
Ethereum is gaining a significant popularity in the blockchain community, mainly due to fact that it is design in a way that enables developers to write decentralized applications (Dapps) and smart-contract using blockchain technology.
Ethereum blockchain is a consensus-based globally executed virtual machine, also referred as Ethereum Virtual Machine (EVM) by implemented its own micro-kernel supporting a handful number of instructions, its own stack, memory and storage. This enables the radical new concept of distributed applications.
Contracts live on the blockchain in an Ethereum-specific binary format (EVM bytecode). However, contracts are typically written in some high-level language such as Solidity and then compiled into byte code to be uploaded on the blockchain. Solidity is a contract-oriented, high-level language whose syntax is similar to that of JavaScript.
This new paradigm of applications opens the door to many possibilities and opportunities. Blockchain is often referred as secure by design, but now that blockchains can embed applications this raise multiple questions regarding architecture, design, attack vectors and patch deployments.
As we, reverse engineers, know having access to source code is often a luxury. Hence, the need for an open-source tool like Porosity: decompiler for EVM bytecode into readable Solidity-syntax contracts – to enable static and dynamic analysis of compiled contracts but also vulnerability discovery.
Getting Started
First you can either compile your own Ethereum contract or analyze public contract from Etherscan.
more .\vulnerable.sol
contract SendBalance {
mapping ( address => uint ) userBalances ;
bool withdrawn = false ;
function getBalance (address u) constant returns ( uint ){
return userBalances [u];
}
function addToBalance () {
userBalances[msg.sender] += msg.value ;
}
function withdrawBalance (){
if (!(msg.sender.call.gas(0x1111).value (
userBalances [msg . sender ])())) { throw ; }
userBalances [msg.sender ] = 0;
}
}solc --abi -o output vulnerable.sol
solc --bin -o output vulnerable.sol
solc --bin-runtime -o output vulnerable.sol
$abi = Get-Content .\output\SendBalance.abi
$bin = Get-Content .\output\SendBalance.bin
$binRuntime = Get-Content .\output\SendBalance.bin-runtime
echo $abi
[{"constant":false,"inputs":[],"name":"withdrawBalance","outputs":[],"type":"function"},{"constant":false,"inputs":[],"name":"addToBalance","outputs":[],"type":"function"},{"constant":true,"inputs":[{"name":"u","type":"address"}],"name":"ge
tBalance","outputs":[{"name":"","type":"uint256"}],"type":"function"}]echo $bin
60606040526000600160006101000a81548160ff021916908302179055506101bb8061002b6000396000f360606040526000357c0100000000000000000000000000000000000000000000000000000000900480635fd8c7101461004f578063c0e317fb1461005e578063f8b2cb4f1461006d5761004d56
5b005b61005c6004805050610099565b005b61006b600480505061013e565b005b610083600480803590602001909190505061017d565b6040518082815260200191505060405180910390f35b3373ffffffffffffffffffffffffffffffffffffffff16611111600060005060003373ffffffffffffffff
ffffffffffffffffffffffff16815260200190815260200160002060005054604051809050600060405180830381858888f19350505050151561010657610002565b6000600060005060003373ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600050819055505b
565b34600060005060003373ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828282505401925050819055505b565b6000600060005060008373ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000505490506101b6
565b91905056echo $binRuntime
60606040526000357c0100000000000000000000000000000000000000000000000000000000900480635fd8c7101461004f578063c0e317fb1461005e578063f8b2cb4f1461006d5761004d565b005b61005c6004805050610099565b005b61006b600480505061013e565b005b61008360048080359060
2001909190505061017d565b6040518082815260200191505060405180910390f35b3373ffffffffffffffffffffffffffffffffffffffff16611111600060005060003373ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060005054604051809050600060405180
830381858888f19350505050151561010657610002565b6000600060005060003373ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600050819055505b565b34600060005060003373ffffffffffffffffffffffffffffffffffffffff1681526020019081526020
016000206000828282505401925050819055505b565b6000600060005060008373ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000505490506101b6565b91905056Using Porosity
List functions
You can get the list of all the functions from the dispatch routine using the --list option.
porosity --code $code --abi $abi --list --verbose 0
Porosity v0.1 (https://www.comae.io)
Matt Suiche, Comae Technologies <support@comae.io>
The Ethereum bytecode commandline decompiler.
Decompiles the given Ethereum input bytecode and outputs the Solidity code.
Attempting to parse ABI definition...
Success.
[+] Hash: 0x0A19B14A (trade) (1 references)
[+] Hash: 0x0B927666 (order) (1 references)
[+] Hash: 0x19774D43 (orderFills) (1 references)
[+] Hash: 0x278B8C0E (cancelOrder) (1 references)
[+] Hash: 0x2E1A7D4D (withdraw) (1 references)
[+] Hash: 0x338B5DEA (depositToken) (1 references)
[+] Hash: 0x46BE96C3 (amountFilled) (1 references)
[+] Hash: 0x508493BC (tokens) (1 references)
[+] Hash: 0x54D03B5C (changeFeeMake) (1 references)
[+] Hash: 0x57786394 (feeMake) (1 references)
[+] Hash: 0x5E1D7AE4 (changeFeeRebate) (1 references)
[+] Hash: 0x65E17C9D (feeAccount) (1 references)
[+] Hash: 0x6C86888B (testTrade) (1 references)
[+] Hash: 0x71FFCB16 (changeFeeAccount) (1 references)
[+] Hash: 0x731C2F81 (feeRebate) (1 references)
[+] Hash: 0x8823A9C0 (changeFeeTake) (1 references)
[+] Hash: 0x8F283970 (changeAdmin) (1 references)
[+] Hash: 0x9E281A98 (withdrawToken) (1 references)
[+] Hash: 0xBB5F4629 (orders) (1 references)
[+] Hash: 0xC281309E (feeTake) (1 references)
[+] Hash: 0xD0E30DB0 (deposit) (1 references)
[+] Hash: 0xE8F6BC2E (changeAccountLevelsAddr) (1 references)
[+] Hash: 0xF3412942 (accountLevelsAddr) (1 references)
[+] Hash: 0xF7888AEC (balanceOf) (1 references)
[+] Hash: 0xF851A440 (admin) (1 references)
[+] Hash: 0xFB6E155F (availableVolume) (1 references)Disassemble
Using the --disassm option, you will be able to display the assembly code.
porosity --abi $abi --code $code --disassm
click here to view Disassembly
``` Porosity v0.1 (https://www.comae.io) Matt Suiche, Comae TechnologiesDecompilation
The --decompile option will decompile the given function or contract and attempt to highlight vulnerabilities.
porosity --abi $abi --code $code --decompile --verbose 0
click here to view Decompilation
``` Porosity v0.1 (https://www.comae.io) Matt Suiche, Comae TechnologiesDevelop
OSX
cd porosity/porosity/
make
Note: you may need to install boost c++ dependency.
Using HomeBrew:
brew install boost
Using MacPorts:
sudo port install boost