📥 Download the slides: https://academy.fuzzinglabs.com/introduction-to-ethereum-security?coupon=youtube
Today I’m showing how EVM disassembly works and how to reconstruct the control flow graph (CFG) of an Ethereum smart contract when you only have access to the bytecode (closed-source). It’s really useful when you’re looking to analyze in-depth a contract at the EVM assembly level.
#Reversing #Ethereum #EVM
00:00 Introduction
02:04 Introduction to EVM reversing
05:08 Bytecode disassembly
07:26 Control Flow Graph (CFG) reconstruction
13:26 Fonctions identification
16:55 Functions name recovery
19:54 Example with the Bored Ape (BAYC) contract
22:46 Why use reverse engineering on Ethereum smart contract?
24:46 Bytecode optimization
27:25 Smart contract Post-mortem analysis
28:46 Conclusion
Introduction to Ethereum: https://academy.fuzzinglabs.com/introduction-to-ethereum-security?coupon=YOUTUBE
Video Devcon4: https://archive.devcon.org/archive/watch/4/reversing-ethereum-smart-contracts-to-find-out-whats-behind-evm-bytecode/?playlist=Devcon%204&tab=YouTube
Bored Ape (BAYC) contract: https://etherscan.io/address/0xbc4ca0eda7647a8ab7c2061c2e118a18a936f13d#code
Ethereum Signature Database: https://www.4byte.directory/
https://ethervm.io/decompile/0xBC4CA0EdA7647A8aB7C2061c2E118A18a936f13D#0175
C/C++ Whitebox Fuzzing: https://academy.fuzzinglabs.com/c-whitebox-fuzzing?coupon=youtube
Rust Security Audit and Fuzzing: https://academy.fuzzinglabs.com/rust-security-audit-and-fuzzing-training?coupon=youtube
WebAssembly Reversing and Dynamic Analysis: https://academy.fuzzinglabs.com/wasm-security-reversing-dynamic-analysis?coupon=youtube
Go Security Audit and Fuzzing: https://academy.fuzzinglabs.com/go-security-audit-and-fuzzing?coupon=youtube
https://academy.fuzzinglabs.com/fuzzing-labs-community
Twitter: https://twitter.com/FuzzingLabs
Telegram: https://t.me/fuzzinglabs
Keywords: Reversing, Reverse Engineering, EVM, Ethereum Smart contract, Solidity, Disassembly, Decompilation, EVM bytecode, opcode
Link to this video: https://youtu.be/I6VDBvX9Pkw
Error: Contact form not found.