Radare2 and EVM Bytecode

October 23, 2018   


In this short guide I’m going to show you how to add support to Radare2 for EVM ASM (Ethereum Virtual Machine Assembly) so you can start reverse engineering Ethereum smart contracts. This guide is written specifically with Ubuntu Bionic in mind so package names / package managers for other Linux flavors will differ.


  • Ubuntu server or desktop is fine.
  • sudo or root access

Installing Radare2 + The EVM Plugin

It is always recommended to install Radare2 from Git instead of using your package manager as Radare2 is updated very quickly. There is a joke that if your clone is 1 hour old then it is already out of date.

sudo apt-install build-essential git pkg-config

The above packages should be enough to get everything compiled and installed, next we clone the Radare2 repo from git and change to the new radare2/sys directory

git clone https://github.com/radare/radare2.git
cd radare2/sys

There is a handy install script that will deal with the install for you, it also will deal with updating so you don’t need to clone the repo again.

sudo ./install.sh

Once this has finished you have radare2 installed! Easy right? Change back to your home directory with

cd ~/

Now we are ready to install the EVM plugin. This does not come by default as it requires 3rd party packages which goes against the Radare2 release plan, it was moved to the radre2-extras repo which can be accessed with the r2pm tool. First we need to install a couple of extra packages

sudo apt install libjansson-dev curl4-openssl-dev

Now we can update r2pm and install the EVM plugin

r2pm update
r2pm install evm

This will download and compile the EVM plugin which will now be available to use in Radare2

Trying out the plugin

We can test out the EVM plugin by compiling a small example Solidity binary and opening it up in radre2. First you will need to install the Solidity compiler

sudo add-apt-repository ppa:ethereum/ethereum
sudo apt-get update
sudo apt-get install solc

Next create example1.sol with the follwing usless code

pragma solidity ^0.4.25;

contract Example1 {
    uint a = 0;

    function setA(uint b) {
        a = b + 0x42;

and then compile it to EVM bytecode

solc ./example1.sol --bin-runtime -o ./out/

solc will output the bytecode in hex rather than binary as this is how it is stored on the Ethereum blockchain, we need to covert it to binary with rax2

rax2 -s < ./out/Example1.bin-runtime > ./out/Example1.bin-runtime.bin

Now finally we can open it with radre2

r2 -a evm ./out/Example1.bin-runtime.bin