mythril 0.1.6

Mythril is an assembler and disassembler for Ethereum VM bytecode

Mythril is an assembler and disassembler for Ethereum VM bytecode. It was created for low-level testing/fuzzing of EVM implementations.

Installation

Install from Pypi:

$ pip install mythril

Or, clone the GitHub repo to install the newest master branch:

$ git clone https://github.com/b-mueller/mythril/
$ cd mythril
$ python setup.py install

Usage

To disassemble a piece of bytecode, pass it on the command line:

$ mythril -d -c "0x606060405050"
PUSH1 0x60
PUSH1 0x40
POP
POP

Modifying and re-assembling code

Mythril can assemble code from input files that contain one instruction per line. To start from an existing contract, save the disassembly to a text file:

$ mythril -d -c "0x606060405050" -o code.easm

Edit the instructions in a text editor. For example, we can modify the PUSH instructions from the original example:

PUSH2 0x4050
PUSH4 0x60708090
POP
POP

Save the file and run Mythril with the -a flag to re-assemble:

$ mythril -a code.easm
0x61405063607080905050

The virtual machine language is described in the Ethereum Yellowpaper.

Tracing EVM execution

You can run a piece of bytecode in the PyEthereum VM and trace its execution using the -t flag. This will output the instructions executed as well as the state of the stack for every execution step. To run code from the command line, use:

$ ./mythril.py -t -c "0x606060405050"
vm stack=[] op=PUSH1 steps=0 pc=b'0' address=b'
#Eg‰«Íï
#Eg‰«Íï
#Eg' depth=0 pushvalue=96 gas=b'1000000' storage={'code': '0x', 'nonce': '0', 'balance': '0', 'storage': {}} inst=96
vm stack=[b'96'] op=PUSH1 steps=1 depth=0 pushvalue=64 gas=b'999997' pc=b'2' inst=96
vm stack=[b'96', b'64'] op=POP steps=2 depth=0 gas=b'999994' pc=b'4' inst=80
vm stack=[b'96'] op=POP steps=3 depth=0 gas=b'999992' pc=b'5' inst=80

For larger contracts, you might prefer to compile them to a binary file instead:

$ mythril -a contract.easm -o contract.bin
$ mythril --trace -f contract.bin

Disassembling a contract from the Ethereum blockchain

You can also load code from an existing contract in the Ethereum blockchain. For this, you need to have a full node running, and the RPC debug interface must be activated. For example, when running geth you can do this as follows:

$ geth --syncmode full --rpc --rpcapi eth,debug

To load contract code from your node, pass the TxID of the transaction that created the contract:

$ mythril -d --txid 0x23112645da9ae684270de843faaeb44918c79a09e019d3a6cf8b87041020340e -o some_contract.easm

Note: If you want to get code from the Ethereum mainnet, it is easier to download it from Etherscan.

Credit

JSON RPC library is adapted from ethjsonrpc (it doesn’t seem to be maintained anymore, and I needed to make some changes to it).