tintinweb / vscode-decompiler

Decompile things directly from VSCode
https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-decompiler
159 stars 28 forks source link

get in touch with Consensys Diligence
[ 🌐 πŸ“© πŸ”₯ ]

Decompiler!

Let's be honest, there is no reason to remember how to decompile stuff with the various tools available. Wouldn't it be nice to just decompile the $h*! out of things right off the fingertips in Visual Studio Code? Well, here we go:

This extension decompiles ...

Just right-click β†’ Decompile on a supported executable and wait for the magic to happen.

The decompilation result is added to a temporary sub-workspace. You can right-click β†’ Download files to your local file-system right from the sub-workspace.

Have phun πŸ™Œ

Tour

macOS

vscode-decompiler

Windows (Ghidra vs. IDAPro)

vscode-decompiler-idapro

Ethereum Smart Contract

Save the EVM byte-code in a file with extension .evm, then right-click β†’ Decompile.

vscode-decompiler-evm-1

Setup

Requirements: General * Requires Java (11+) to be installed system-wide. Just install the latest JRE/JDK for your OS (e.g. OpenJDK, Oracle JDK). * Other tools are bundled with the extension. Just make sure Java is available in your `PATH`.
Requirements: Binary executables (Ghidra / IDA Pro) * Requires a working installation of [Ghidra](https://ghidra-sre.org/) (← Download) to decompile executables * either available in `PATH` (like when you install it with `brew cask install ghidra` on os-x; or set-up manually) * otherwise please specify the path to the executable `/support/analyzeHeadless` in `code β†’ preferences β†’ settings: vscode-decompiler.tool.ghidra.path` and make sure that the `analyzeHeadless` script runs without errors (and is not prompting for the JDK Home πŸ€“). Here's a sample Ghidra config for Windows: ![ghidraconf](https://user-images.githubusercontent.com/2865694/81807509-7dc76b00-951e-11ea-99d7-359bd624cce5.png) * (Experimental; Windows Only) Optional a licensed version of [IDA Pro](https://www.hex-rays.com/products/decompiler/) with decompiler support. * specify the path to the `idaw` executable in `code β†’ preferences β†’ settings: vscode-decompiler.tool.idaPro.path`, e.g. `c:\IDA68\idaw.exe`. * set preference to `idaPro (experimental Windows Only)` in `code β†’ preferences β†’ settings: vscode-decompiler.default.decompiler.selected`. * we'll automatically try to run 32 and 64bits `idaw` on the target application (preference on what executable is configured by you) * If you're running `<= IDA Pro 6.6` and the normal IDA decompilation mode does not work you can try the set preference to `idaPro legacy hexx-plugin (experimental Windows Only)` in `code β†’ preferences β†’ settings: vscode-decompiler.default.decompiler.selected`. Note: Use this method only if the normal IDA Pro mode doesnt work. Caveat: `idaw*.exe` must not be in a path that contains spaces, ask @microsoft why πŸ˜‰. * You're using Ghidra? Great! Now please follow the [Ghidra installation guide](https://ghidra-sre.org/InstallationGuide.html#JavaNotes) (JAVA setup in particular). Make sure both `ghidraRun` and `support/analyzeHeadless` run without errors.
Requirements: Python * Python decompilation requires `pip3 install uncompyle6` (see settings) * specify the `uncompyle6` script location in `code β†’ preferences β†’ settings: vscode-decompiler.tool.uncompyle.path` or set to `uncompyle6` if it is available in `PATH`
Requirements: Smart Contracts (EVM byte-code) * The pseudocode generator [panoramix](https://github.com/eveem-org/panoramix)/[eveem](https://www.eveem.org/) requires a working installation of `python3.8` or newer. * specify the `python3.8` path in `code β†’ preferences β†’ settings: vscode-decompiler.tool.python38.path` (e.g. `/usr/local/opt/python@3.8/bin/python3.8` (macos/homebrew)) * make sure `pip` for `python3.8` is installed * install `panoramix` dependencies: `$ /usr/local/opt/python@3.8/bin/python3.8 -m pip install coloredlogs requests web3 timeout_decorator ` * Note: Panoramix is run in local mode. EVM byte-code is **not** sent to eveem.org. * It will attempt to download a function signature database on first load. * It will cache files to `/.panoramix`. * No Windows support :/ ([see this issue](https://github.com/eveem-org/panoramix/issues/19)).
Setting tool preferences `code β†’ preferences β†’ settings:` * Set default decompiler preference to `ghidra` (default) or `idaPro (experimental Windows Only)` (requires a licensed version of IDAPro + Decompiler) * `vscode-decompiler.default.decompiler.selected` * Set preference for java decompilation to JADX or JD-CLI (default) * `vscode-decompiler.java.decompiler.selected` * Set preference for android apk decompilation to dex2jar + jd-cli (slow) or JADx (default) * `vscode-decompiler.apk.decompiler.selected"`

Troubleshooting & FAQ

(macOs) "macOs cannot verify the developer of 'decompiler' ...

(General) This thing failed with: {"code":1,"type":"single"}. What does this mean?

(Ghidra) Failed to run decompiliation command. Check your configuration. {"code":1,"type":"single"}

Note: always restart vscode after changing env vars for changes to take effect.

Credits

This extension wouldn't be possible without the smarties that are developing the following reverse-engineering tools:

Release Notes

see CHANGELOG