Repository files navigation

Decompile binance smart chain contracts from bytecode.

You will need to set the env variable:

export BSCSCAN_API_KEY='YOUR BSC SCAN API KEY'

python3.9 panoramix.py 0xcc598232a75fB1B361510Bce4Ca39d7bC39cf498

defstorage:  stor0isuint256 atstorage0  stor1is array ofuint256 atstorage1  stor8is array of addr atstorage8  stor9is addr atstorage9  stor10is array of addr atstorage10def_fallback()payable: # defaultfunctionrevertdefwithdrawTokens(address_tokenAddress,uint256_amount)payable:requirecalldata.size-4>=64if not _tokenAddress:if _amount>0:          call0xa0acc61547f6bd066f7c9663c17a312b6ad7e187 with:             value _amountwei               gas gas_remainingweielse:          call0xa0acc61547f6bd066f7c9663c17a312b6ad7e187 with:             value eth.balance(0xa0acc61547f6bd066f7c9663c17a312b6ad7e187) wei               gas gas_remainingweielse:require ext_code.size(_tokenAddress)if _amount:          call _tokenAddress.transfer(addressto,uint256value) with:               gas gas_remainingwei              args0xa0acc61547f6bd066f7c9663c17a312b6ad7e187, _amountelse:          static call _tokenAddress.balanceOf(addressowner) with:                  gas gas_remainingwei                 argsthis.addressif not ext_call.success:revert with ext_call.return_data[0 len return_data.size]require return_data.size>=32require ext_code.size(_tokenAddress)          call _tokenAddress.transfer(addressto,uint256value) with:               gas gas_remainingwei              args0xa0acc61547f6bd066f7c9663c17a312b6ad7e187, ext_call.return_data[0]if not ext_call.success:revert with ext_call.return_data[0 len return_data.size]require return_data.size>=32require caller==0xa0acc61547f6bd066f7c9663c17a312b6ad7e187

^Output cut off as it was too long. Full outputhere

git clone https://github.com/eveem-org/panoramix.gitpip3 install -r requirements.txt

Youneedpython3.8 to run Panoramix. Yes, there was no way around it.

python3.8 panoramix.py address [func_name] [--verbose|--silent|--explain]

e.g.

python3.8 panoramix.py 0x06012c8cf97bead5deae237070f9587f8e7a266d

or

python3.8 panoramix.py kitties

Output goes to two places:

• console
• cache_pan/ directory - .pan, .json, .asm files

If you want to see how Panoramix works under the hood, try the--explain mode:

python3.8 panoramix.py kitties paused --explainpython3.8 panoramix.py kitties pause --explainpython3.8 panoramix.py kitties tokenMetadata --explain

func_name -- name of the function to decompile (note: storage names won't be discovered in this mode)--verbose -- prints out the assembly and stack as well as regular functions, a good way to try it out isby running 'python panoramix.py kitties pause --verbose' - it's a simple function

There are more parameters as well. You can find what they do in panoramix.py.

Some contract addresses, which are good for testing, have shortcuts, e.g. you can run'python panoramix.py kitties' instead of 'python3 panoramix.py 0x06012c8cf97bead5deae237070f9587f8e7a266d'.

See panoramix.py for the list of shortcuts, feel free to add your own.

• core - modules for doing abstract/symbolic operations
• pano - the proper decompiler
• utils - various helper modules
• tilde - the library for handling pattern matching in python3.8

• cache_code - cached bytecodes
• cache_pan - cached decompilation outputs
• cache_pabi - cached auto-generated p-abi files
• supplement.db - sqlite3 database of function definitions
• supp2.db - a lightweight variant o the above

Cache directories are split into subdirectories, so the filesystem doesn't break down with large amountsof cached contracts (important when running bulk_decompile on all 2.2M contracts on the chain)

All of the above generated after the first run.

bulk_decompile.py - batch-decompiles contracts, with multi-processing supportbulk_compare.py - decompiles a set of test contracts, fetches the current decompiled from Eveem, and prepares two files, so you can diff them and see what changes were made

Panoramix uses a ton of pattern matching operations, and python doesn't support those as a language.

There are some pattern-matching libraries for older python versions, but none of them seemed good enough.Because of that, I built Tilde, which is a language extension adding a new operator.

Tilde replaces '~' pattern matching operator with a series of ':=' operators underneath.Because of that, python3.8 is a must.

Believe me, I spent a lot of time looking for some other way to make pattern matching readable.Nothing was close to this good.

But if you manage to figure out a way to do it without Tilde (and maintain readability), I'll gladly accept a PR :)

See the source code comments, starting with panoramix.py. Also, those slides[tbd].