• Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    Python
  • Created over 4 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Decompile things directly from VSCode

get in touch with Consensys Diligence
[ 🌐 📩 🔥 ]

Decompiler!

Let's be honest, there is no reason to remember how to decompile stuff with the various tools available. Wouldn't it be nice to just decompile the $h*! out of things right off the fingertips in Visual Studio Code? Well, here we go:

This extension decompiles ...

  • PEELF/MACH Binary executables for various platforms
    • as supported by Ghidra; Windows PE, Linux ELF, IOS, etc..
    • or IDAPro (Experimental, Windows Only for now)
  • Jar Java Jar archives and compiled Classes
  • APK Android APK's
  • PYC Python .pyc and .pyo
  • EVM Ethereum/EVM based Smart Contracts

Just right-click → Decompile on a supported executable and wait for the magic to happen.

The decompilation result is added to a temporary sub-workspace. You can right-click → Download files to your local file-system right from the sub-workspace.

Have phun 🙌

Tour

macOS

vscode-decompiler

Windows (Ghidra vs. IDAPro)

vscode-decompiler-idapro

Ethereum Smart Contract

Save the EVM byte-code in a file with extension .evm, then right-click → Decompile.

vscode-decompiler-evm-1

Setup

Requirements: General
  • Requires Java (11+) to be installed system-wide. Just install the latest JRE/JDK for your OS (e.g. OpenJDK, Oracle JDK).
  • Other tools are bundled with the extension. Just make sure Java is available in your PATH.
Requirements: Binary executables (Ghidra / IDA Pro)
  • Requires a working installation of Ghidra (← Download) to decompile executables
    • either available in PATH (like when you install it with brew cask install ghidra on os-x; or set-up manually)
    • otherwise please specify the path to the executable <ghidra>/support/analyzeHeadless in code → preferences → settings: vscode-decompiler.tool.ghidra.path and make sure that the analyzeHeadless script runs without errors (and is not prompting for the JDK Home 🤓). Here's a sample Ghidra config for Windows: ghidraconf
  • (Experimental; Windows Only) Optional a licensed version of IDA Pro with decompiler support.
    • specify the path to the idaw executable in code → preferences → settings: vscode-decompiler.tool.idaPro.path, e.g. c:\IDA68\idaw.exe.
    • set preference to idaPro (experimental Windows Only) in code → preferences → settings: vscode-decompiler.default.decompiler.selected.
    • we'll automatically try to run 32 and 64bits idaw on the target application (preference on what executable is configured by you)
    • If you're running <= IDA Pro 6.6 and the normal IDA decompilation mode does not work you can try the set preference to idaPro legacy hexx-plugin (experimental Windows Only) in code → preferences → settings: vscode-decompiler.default.decompiler.selected. Note: Use this method only if the normal IDA Pro mode doesnt work. Caveat: idaw*.exe must not be in a path that contains spaces, ask @microsoft why 😉.
  • You're using Ghidra? Great! Now please follow the Ghidra installation guide (JAVA setup in particular). Make sure both ghidraRun and support/analyzeHeadless run without errors.
Requirements: Python
  • Python decompilation requires pip3 install uncompyle6 (see settings)
    • specify the uncompyle6 script location in code → preferences → settings: vscode-decompiler.tool.uncompyle.path or set to uncompyle6 if it is available in PATH
Requirements: Smart Contracts (EVM byte-code)
  • The pseudocode generator panoramix/eveem requires a working installation of python3.8 or newer.
    • specify the python3.8 path in code → preferences → settings: vscode-decompiler.tool.python38.path (e.g. /usr/local/opt/[email protected]/bin/python3.8 (macos/homebrew))
    • make sure pip for python3.8 is installed
    • install panoramix dependencies: $ /usr/local/opt/[email protected]/bin/python3.8 -m pip install coloredlogs requests web3 timeout_decorator
  • Note: Panoramix is run in local mode. EVM byte-code is not sent to eveem.org.
    • It will attempt to download a function signature database on first load.
    • It will cache files to <userhome>/.panoramix.
  • No Windows support :/ (see this issue).
Setting tool preferences

code → preferences → settings:

  • Set default decompiler preference to ghidra (default) or idaPro (experimental Windows Only) (requires a licensed version of IDAPro + Decompiler)
    • vscode-decompiler.default.decompiler.selected
  • Set preference for java decompilation to JADX or JD-CLI (default)
    • vscode-decompiler.java.decompiler.selected
  • Set preference for android apk decompilation to dex2jar + jd-cli (slow) or JADx (default)
    • vscode-decompiler.apk.decompiler.selected"

Troubleshooting & FAQ

(macOs) "macOs cannot verify the developer of 'decompiler' ...

  • Follow the fix outline in https://support.apple.com/en-za/guide/mac-help/mh40616/mac.
  • Verify that you've downloaded ghidra from the original website, verify checksums. Note: you're running an NSA tool on your computer, just saying.
  • Open the <ghidra-install-folder>/Ghidra/Features/Decompiler/os/osx64 in finder, Ctrl+mouseClick on decompileopen and confirm that you trust the application (you only need to do this one time).

(General) This thing failed with: {"code":1,"type":"single"}. What does this mean?

  • Your tool (Ghidra/Ida/...) is not set up correctly and therefore execution failed. The path may be wrong, the tool may fail due ti an incorrect java configuration or the java version is incompatible. There are many ways this error can be provoked and it's in 99% of cases a misconfiguration of the tool or the environment it requires (e.g. java env vars, version, etc)
  • code: is the tools exit code. we are expecting success (0) but a tool may return non-zero to indicate an error. Check the tools output to troubleshoot. code=1 means the tool retunred exitcode 1, indicating an error conditon.
  • type: is how ths tool got executed. single or multi command. ignore this.

(Ghidra) Failed to run decompiliation command. Check your configuration. {"code":1,"type":"single"}

  • make sure you're using a supported java version (e.g. win: jdk 14 is working, jdk 16 seems to be incompatible)
  • make sure environment vars are set up correctly (ghida setup doc google: setting env vars)
    • JAVA_HOME pointing to your jdk installation folder
    • PATH including an en try pointing to $JAVA_HOME/bin (win: %JAVA_HOME\bin)
  • make sure ghidraRun and support/analyzeHeadless run without errors (you may have to follow the analyzeheadless documentation to provide meaningful parameters for this test)
  • check out the ghidra application log in (windows) c:\users\<yourname>\.ghidra\<.ghidraversion>\application.log

Note: always restart vscode after changing env vars for changes to take effect.

Credits

This extension wouldn't be possible without the smarties that are developing the following reverse-engineering tools:

Release Notes

see CHANGELOG


More Repositories

1

smart-contract-sanctuary

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
Python
1,423
star
2

solidity-shell

An interactive Solidity Shell
JavaScript
535
star
3

scapy-ssl_tls

SSL/TLS layers for scapy the interactive packet manipulation tool
Python
418
star
4

ecdsa-private-key-recovery

A simple library to recover the private key of ECDSA and DSA signatures sharing the same nonce k and therefore having identical signature parameter r
Python
384
star
5

electron-inject

Inject javascript into closed source electron applications e.g. to enable developer tools for debugging.
Python
296
star
6

ida-batch_decompile

*Decompile All the Things* - IDA Batch Decompile plugin and script for Hex-Ray's IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file
Python
265
star
7

pub

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Python
254
star
8

smart-contract-sanctuary-ethereum

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
251
star
9

ethereum-dasm

An ethereum evm bytecode disassembler and static/dynamic analysis tool
Python
212
star
10

smart-contract-inspector

the magic X-ray machine for solidity smart contracts
JavaScript
172
star
11

striptls

proxy poc implementation of STARTTLS stripping attacks
Python
167
star
12

vscode-interactive-graphviz

Interactive Graphviz Dot Preview for Visual Studio Code
TypeScript
145
star
13

solgrep

🧠 A scriptable semantic grep utility for solidity
JavaScript
138
star
14

smart-contract-storage-viewer

🔆🔎👀 Smart Contract Storage Viewer, DataType Guesser, Toolbox & Transaction Decoder
JavaScript
99
star
15

smart-contract-sanctuary-bsc

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
75
star
16

smart-contract-vulndb

🍋 An open dataset containing smart contract audit issues from various sources.
JavaScript
63
star
17

ethereum-input-decoder

Decode transaction inputs based on the contract ABI
Python
59
star
18

bugbounty-companion

A BugBounty companion that checks out high-reward yielding bug bounty code-bases from Immunefi/code4rena 🙌 (use at own risk)
Python
55
star
19

vscode-vyper

Ethereum Vyper language support for Visual Studio Code
JavaScript
52
star
20

unbox

🎁 unbox - Unpack and Decompile the $h*! out of things
Python
48
star
21

vscode-inline-bookmarks

Customizable inline Bookmarks for Visual Studio Code
JavaScript
45
star
22

smart-contract-sanctuary-arbitrum

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
Solidity
43
star
23

pyetherchain

A python interface to the ethereum blockchain explorer at www.etherchain.org ❤⛓🐍
Python
42
star
24

hallucinate.sol

😵‍💫 A Recurrent Neural Network (RNN) hallucinating solidity source code.
Jupyter Notebook
38
star
25

smart-contract-sanctuary-polygon

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
37
star
26

DSAregenK

Recover the private key from signed DSA messages. (multiple signed messages, static coefficient 'k')
Python
35
star
27

smart-contract-sanctuary-optimism

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
Solidity
34
star
28

aggroArgs

Bruteforce commandline buffer overflows and automated exploit generation, linux, aggressive arguments
Python
33
star
29

evm-shell

An interactive EVM repl/shell.
JavaScript
30
star
30

smart-contract-sanctuary-avalanche

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
Solidity
26
star
31

sigbank

🏦 SigBank - A Database of Smart Contract Function Signatures
20
star
32

smart-contract-sanctuary-fantom

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
Solidity
19
star
33

vscode-ethereum-security-bundle

A meta-extension bundling marketplace plugins for secure Ethereum smart contract development.
19
star
34

smart-contract-sanctuary-tron

[Tron] 🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
Solidity
16
star
35

vscode-circom-pro

👩‍💻 Circom compiler, snippets, hover and language support for Visual Studio Code
JavaScript
15
star
36

solidity-workspace

A simple workspace based interface to the solidity-parser and objectified Abstract Syntax Tree
JavaScript
14
star
37

solidity-doppelganger

JavaScript
13
star
38

solidity-ecdsa-malleability-demo

Solidity
12
star
39

scapy-ssh

ssh key exchange layer for scapy
Python
12
star
40

python-smtpd-tls

An extension to the standard python 2.x smtpd library implementing implicit/explicit SSL/TLS/STARTTLS
Python
11
star
41

heroku-eth-address-converter

Ethereum ENR ⇄ enode ⇄ MultiAddress converter heroku app
Python
11
star
42

smart-contract-sanctuary-celo

🐦🌴🌴🌴🦕 A home for ethereum smart contracts. 🏠
Solidity
10
star
43

solidity-metrics-action

📊 Generates Solidity Code Metrics Reports for Solidity Source Units in your Repository.
Dockerfile
10
star
44

aragraph

**Repo Moved** Easily generate permission graphs for Aragon DAO Templates
8
star
45

ssl_tls_socket_layers

ssl tls tcp udp layers for python sockets intended for messing with tls ssl protocol fields (fuzzing, exploitation, ...)
Python
7
star
46

IP_UDPFlood

General purpose IP src/dst network flooder
Python
6
star
47

vscode-solidity-language

Solidity Language Support, Syntax Highlighting, and Themes for VSCode - This is the standalone passive language support originally found in the Solidity Visual Developer extension
6
star
48

feedmon

monitor rss/atom feeds for some keywords
Python
4
star
49

tintinweb

4
star
50

EBNFSpill

Create Random Data based on EBNF Syntax description (EBNF parser: simpleparse)
Python
4
star
51

vscode-LLL

Ethereum LLL language support for Visual Studio Code
JavaScript
4
star
52

random-ssl-server

spawns a server listening for HTTPS (SSL) requests supplying random auto-generated certificates for each request. [HTTPS,SSL,Fuzzing,Testing,Resiliency]
Python
4
star
53

pymemscrape

A python-ctypes based process memory scraper that attempts to find key-material by matching template C structs in memory (OpenSSL ssl_session_st, dsa_st, rsa_st, bignum_st, ec_key_st, dh_st and generic ASN.1)
Python
4
star
54

openssl-version_scan

Scan Files and Processes for traces of static and shared OpenSSL libraries and display version information.
Python
4
star
55

vscode-solidity-flattener

Flatten Solidity Contracts using `truffle-flattener`
JavaScript
3
star
56

solcwrapper

Easily run any version of solc with solcwrapper. Automatically downloads/compiles/installs and transparently invokes officially released solc versions.
Python
3
star
57

DHCPv4v6

low-level scapy based dhcp client script (ipv4 ipv6)
Python
2
star
58

HashCollisioneer

checks a predefined list of names and hash-algorithms for collisions to find the best suiting hash-algorithm for some sample data
Python
1
star
59

heroku-vscode-downloader

A Simple Heroku WebApp to download vscode extensions for offline use
HTML
1
star