justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
release-v0.12
ci-test
literalRecheck
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1a8e32227f'
${ noResults }
garble/testdata/scripts/reverse.txt

109 lines
2.3 KiB
Plaintext
Raw Normal View History Unescape Escape

initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
env GOPRIVATE=test/main
# Unknown build flags should result in errors.
refactor "current package" with TOOLEXEC_IMPORTPATH (#266) Now that we've dropped support for Go 1.15.x, we can finally rely on this environment variable for toolexec calls, present in Go 1.16. Before, we had hacky ways of trying to figure out the current package's import path, mostly from the -p flag. The biggest rough edge there was that, for main packages, that was simply the package name, and not its full import path. To work around that, we had a restriction on a single main package, so we could work around that issue. That restriction is now gone. The new code is simpler, especially because we can set curPkg in a single place for all toolexec transform funcs. Since we can always rely on curPkg not being nil now, we can also start reusing listedPackage.Private and avoid the majority of repeated calls to isPrivate. The function is cheap, but still not free. isPrivate itself can also get simpler. We no longer have to worry about the "main" edge case. Plus, the sanity check for invalid package paths is now unnecessary; we only got malformed paths from goobj2, and we now require exact matches with the ImportPath field from "go list -json". Another effect of clearing up the "main" edge case is that -debugdir now uses the right directory for main packages. We also start using consistent debugdir paths in the tests, for the sake of being easier to read and maintain. Finally, note that commandReverse did not need the extra call to "go list -toolexec", as the "shared" call stored in the cache is enough. We still call toolexecCmd to get said cache, which should probably be simplified in a future PR. While at it, replace the use of the "-std" compiler flag with the Standard field from "go list -json".
3 years ago
# TODO: reenable and fix
# ! garble reverse -badflag
# stderr 'flag provided but not defined'
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
garble build
exec ./main
cp stderr main.stderr
# Ensure that the garbled panic output looks correct.
# This output is not reproducible between 'go test' runs,
# so we can't use a static golden file.
grep 'goroutine 1 \[running\]' main.stderr
support reversing stack trace positions (#287) In particular, the positions within function declarations, including the positions of call sites to other functions. Note that this isn't well tested just yet, particularly not with other features like -literals. We can extend the tests and code over time. This gets us the core basics. The issue will be closed once the feature is documented for users, in a follow-up PR. Updates #5.
3 years ago
! grep 'ExportedLibFunc|unexportedMainFunc|test/main|main\.go|lib\.go' main.stderr
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
stdin main.stderr
garble reverse
support reversing stack trace positions (#287) In particular, the positions within function declarations, including the positions of call sites to other functions. Note that this isn't well tested just yet, particularly not with other features like -literals. We can extend the tests and code over time. This gets us the core basics. The issue will be closed once the feature is documented for users, in a follow-up PR. Updates #5.
3 years ago
cmp stdout reverse.stdout
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
# Ensure that the reversed output matches the non-garbled output.
go build -trimpath
exec ./main
cmp stderr reverse.stdout
improve "reverse" even further (#289) Fix up a few TODOs, and simplify the way we handle comments. We now add whitespace around inline /*line*/ directives, to ensure we don't break programs. A test case is added too. We now add line directives to call sites, not function declarations, since those are what actually shows up in stack traces. It's unclear if we care about any other lines inside functions at all. This also fixes reversing with -literals, since that feature adds a significant amount of code which shuffles line numbers around. Finally, we extend the tests with types, methods, and anonymous functions, and we make all of them work well. Updates #5.
3 years ago
# Ensure that we can still reverse with -literals.
garble -literals build
exec ./main
cp stderr main-literals.stderr
stdin main-literals.stderr
garble -literals reverse
cmp stdout reverse.stdout
# Reversing a -literals output without the flag should fail.
stdin main-literals.stderr
garble reverse
cmp stdout main-literals.stderr
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
-- go.mod --
module test/main
all: drop support for Go 1.15.x (#265) This mainly cleans up the few bits of code where we explicitly kept support for Go 1.15.x. With v0.1.0 released, we can drop support now, since the next v0.2.0 release will only support Go 1.16.x. Also updates all modules, including test ones, to 'go 1.16'. Note that the TOOLEXEC_IMPORTPATH refactor is not done here, despite all the TODOs about doing so when we drop 1.15 support. This is because that refactor needs to be done carefully and might have side effects, so it's best to keep it to a separate commit. Finally, update the deps.
3 years ago
go 1.16
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
-- main.go --
package main
reverse: support unexported names and package paths (#233) Unexported names are a bit tricky, since they are not listed in the export data file. Perhaps unsurprisingly, it's only meant to expose exported objects. One option would be to go back to adding an extra header to the export data file, containing the unexported methods in a map[string]T or []string. However, we have an easier route: just parse the Go files and look up the names directly. This does mean that we parse the Go files every time "reverse" runs, even if the build cache is warm, but that should not be an issue. Parsing Go files without any typechecking is very cheap compared to everything else we do. Plus, we save having to load go/types information from the build cache, or having to load extra headers from export files. It should be noted that the obfuscation process does need type information, mainly to be careful about which names can be obfuscated and how they should be obfuscated. Neither is a worry here; all names belong to a single package, and it doesn't matter if some aren't actually obfuscated, since the string replacements would simply never trigger in practice. The test includes an unexported func, to test the new feature. We also start reversing the obfuscation of import paths. Now, the test's reverse output is as follows: goroutine 1 [running]: runtime/debug.Stack(0x??, 0x??, 0x??) runtime/debug/stack.go:24 +0x?? test/main/lib.ExportedLibFunc(0x??, 0x??, 0x??, 0x??) p.go:6 +0x?? main.unexportedMainFunc(...) C.go:2 main.main() z.go:3 +0x?? The only major missing feature is positions and filenames. A follow-up PR will take care of those. Updates #5.
3 years ago
import (
"os"
"test/main/lib"
)
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
func main() {
reverse: support unexported names and package paths (#233) Unexported names are a bit tricky, since they are not listed in the export data file. Perhaps unsurprisingly, it's only meant to expose exported objects. One option would be to go back to adding an extra header to the export data file, containing the unexported methods in a map[string]T or []string. However, we have an easier route: just parse the Go files and look up the names directly. This does mean that we parse the Go files every time "reverse" runs, even if the build cache is warm, but that should not be an issue. Parsing Go files without any typechecking is very cheap compared to everything else we do. Plus, we save having to load go/types information from the build cache, or having to load extra headers from export files. It should be noted that the obfuscation process does need type information, mainly to be careful about which names can be obfuscated and how they should be obfuscated. Neither is a worry here; all names belong to a single package, and it doesn't matter if some aren't actually obfuscated, since the string replacements would simply never trigger in practice. The test includes an unexported func, to test the new feature. We also start reversing the obfuscation of import paths. Now, the test's reverse output is as follows: goroutine 1 [running]: runtime/debug.Stack(0x??, 0x??, 0x??) runtime/debug/stack.go:24 +0x?? test/main/lib.ExportedLibFunc(0x??, 0x??, 0x??, 0x??) p.go:6 +0x?? main.unexportedMainFunc(...) C.go:2 main.main() z.go:3 +0x?? The only major missing feature is positions and filenames. A follow-up PR will take care of those. Updates #5.
3 years ago
unexportedMainFunc()
}
func unexportedMainFunc() {
improve "reverse" even further (#289) Fix up a few TODOs, and simplify the way we handle comments. We now add whitespace around inline /*line*/ directives, to ensure we don't break programs. A test case is added too. We now add line directives to call sites, not function declarations, since those are what actually shows up in stack traces. It's unclear if we care about any other lines inside functions at all. This also fixes reversing with -literals, since that feature adds a significant amount of code which shuffles line numbers around. Finally, we extend the tests with types, methods, and anonymous functions, and we make all of them work well. Updates #5.
3 years ago
anonFunc := func() {
lt := lib.ExportedLibType{}
if err := lt.ExportedLibMethod(os.Stderr); err != nil {
panic(err)
}
reverse: support unexported names and package paths (#233) Unexported names are a bit tricky, since they are not listed in the export data file. Perhaps unsurprisingly, it's only meant to expose exported objects. One option would be to go back to adding an extra header to the export data file, containing the unexported methods in a map[string]T or []string. However, we have an easier route: just parse the Go files and look up the names directly. This does mean that we parse the Go files every time "reverse" runs, even if the build cache is warm, but that should not be an issue. Parsing Go files without any typechecking is very cheap compared to everything else we do. Plus, we save having to load go/types information from the build cache, or having to load extra headers from export files. It should be noted that the obfuscation process does need type information, mainly to be careful about which names can be obfuscated and how they should be obfuscated. Neither is a worry here; all names belong to a single package, and it doesn't matter if some aren't actually obfuscated, since the string replacements would simply never trigger in practice. The test includes an unexported func, to test the new feature. We also start reversing the obfuscation of import paths. Now, the test's reverse output is as follows: goroutine 1 [running]: runtime/debug.Stack(0x??, 0x??, 0x??) runtime/debug/stack.go:24 +0x?? test/main/lib.ExportedLibFunc(0x??, 0x??, 0x??, 0x??) p.go:6 +0x?? main.unexportedMainFunc(...) C.go:2 main.main() z.go:3 +0x?? The only major missing feature is positions and filenames. A follow-up PR will take care of those. Updates #5.
3 years ago
}
improve "reverse" even further (#289) Fix up a few TODOs, and simplify the way we handle comments. We now add whitespace around inline /*line*/ directives, to ensure we don't break programs. A test case is added too. We now add line directives to call sites, not function declarations, since those are what actually shows up in stack traces. It's unclear if we care about any other lines inside functions at all. This also fixes reversing with -literals, since that feature adds a significant amount of code which shuffles line numbers around. Finally, we extend the tests with types, methods, and anonymous functions, and we make all of them work well. Updates #5.
3 years ago
anonFunc()
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
}
-- lib/lib.go --
package lib
import (
reverse: support unexported names and package paths (#233) Unexported names are a bit tricky, since they are not listed in the export data file. Perhaps unsurprisingly, it's only meant to expose exported objects. One option would be to go back to adding an extra header to the export data file, containing the unexported methods in a map[string]T or []string. However, we have an easier route: just parse the Go files and look up the names directly. This does mean that we parse the Go files every time "reverse" runs, even if the build cache is warm, but that should not be an issue. Parsing Go files without any typechecking is very cheap compared to everything else we do. Plus, we save having to load go/types information from the build cache, or having to load extra headers from export files. It should be noted that the obfuscation process does need type information, mainly to be careful about which names can be obfuscated and how they should be obfuscated. Neither is a worry here; all names belong to a single package, and it doesn't matter if some aren't actually obfuscated, since the string replacements would simply never trigger in practice. The test includes an unexported func, to test the new feature. We also start reversing the obfuscation of import paths. Now, the test's reverse output is as follows: goroutine 1 [running]: runtime/debug.Stack(0x??, 0x??, 0x??) runtime/debug/stack.go:24 +0x?? test/main/lib.ExportedLibFunc(0x??, 0x??, 0x??, 0x??) p.go:6 +0x?? main.unexportedMainFunc(...) C.go:2 main.main() z.go:3 +0x?? The only major missing feature is positions and filenames. A follow-up PR will take care of those. Updates #5.
3 years ago
"io"
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
"regexp"
"runtime/debug"
)
improve "reverse" even further (#289) Fix up a few TODOs, and simplify the way we handle comments. We now add whitespace around inline /*line*/ directives, to ensure we don't break programs. A test case is added too. We now add line directives to call sites, not function declarations, since those are what actually shows up in stack traces. It's unclear if we care about any other lines inside functions at all. This also fixes reversing with -literals, since that feature adds a significant amount of code which shuffles line numbers around. Finally, we extend the tests with types, methods, and anonymous functions, and we make all of them work well. Updates #5.
3 years ago
type ExportedLibType struct{}
func (*ExportedLibType) ExportedLibMethod(w io.Writer) error {
return printStackTrace(w)
}
func printStackTrace(w io.Writer) error {
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
// Panic outputs include "0xNN" pointers and offsets which change
// between platforms.
// Strip them out here, to have portable static stdout files.
rxVariableSuffix := regexp.MustCompile(`0x[0-9a-f]+`)
support reversing stack trace positions (#287) In particular, the positions within function declarations, including the positions of call sites to other functions. Note that this isn't well tested just yet, particularly not with other features like -literals. We can extend the tests and code over time. This gets us the core basics. The issue will be closed once the feature is documented for users, in a follow-up PR. Updates #5.
3 years ago
// Keep this comment here, because comments affect line numbers.
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
stack := debug.Stack()
stack = rxVariableSuffix.ReplaceAll(stack, []byte("0x??"))
reverse: support unexported names and package paths (#233) Unexported names are a bit tricky, since they are not listed in the export data file. Perhaps unsurprisingly, it's only meant to expose exported objects. One option would be to go back to adding an extra header to the export data file, containing the unexported methods in a map[string]T or []string. However, we have an easier route: just parse the Go files and look up the names directly. This does mean that we parse the Go files every time "reverse" runs, even if the build cache is warm, but that should not be an issue. Parsing Go files without any typechecking is very cheap compared to everything else we do. Plus, we save having to load go/types information from the build cache, or having to load extra headers from export files. It should be noted that the obfuscation process does need type information, mainly to be careful about which names can be obfuscated and how they should be obfuscated. Neither is a worry here; all names belong to a single package, and it doesn't matter if some aren't actually obfuscated, since the string replacements would simply never trigger in practice. The test includes an unexported func, to test the new feature. We also start reversing the obfuscation of import paths. Now, the test's reverse output is as follows: goroutine 1 [running]: runtime/debug.Stack(0x??, 0x??, 0x??) runtime/debug/stack.go:24 +0x?? test/main/lib.ExportedLibFunc(0x??, 0x??, 0x??, 0x??) p.go:6 +0x?? main.unexportedMainFunc(...) C.go:2 main.main() z.go:3 +0x?? The only major missing feature is positions and filenames. A follow-up PR will take care of those. Updates #5.
3 years ago
_, err := w.Write(stack)
return err
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
}
-- reverse.stdout --
goroutine 1 [running]:
runtime/debug.Stack(0x??, 0x??, 0x??)
runtime/debug/stack.go:24 +0x??
improve "reverse" even further (#289) Fix up a few TODOs, and simplify the way we handle comments. We now add whitespace around inline /*line*/ directives, to ensure we don't break programs. A test case is added too. We now add line directives to call sites, not function declarations, since those are what actually shows up in stack traces. It's unclear if we care about any other lines inside functions at all. This also fixes reversing with -literals, since that feature adds a significant amount of code which shuffles line numbers around. Finally, we extend the tests with types, methods, and anonymous functions, and we make all of them work well. Updates #5.
3 years ago
test/main/lib.printStackTrace(0x??, 0x??, 0x??, 0x??)
test/main/lib/lib.go:23 +0x??
test/main/lib.(*ExportedLibType).ExportedLibMethod(...)
test/main/lib/lib.go:12
main.unexportedMainFunc.func1()
test/main/main.go:16 +0x??
main.unexportedMainFunc()
test/main/main.go:20 +0x??
initial support for reversing panic output (#225) For now, this only implements reversing of exported names which are hashed with action IDs. Many other kinds of obfuscation, like positions and private names, are not yet implemented. Note that we don't document this new command yet on purpose, since it's not finished. Some other minor cleanups were done for future changes, such as making transformLineInfo into a method that also receives the original filename, and making header names more self-describing. Updates #5.
3 years ago
main.main()
reverse: support unexported names and package paths (#233) Unexported names are a bit tricky, since they are not listed in the export data file. Perhaps unsurprisingly, it's only meant to expose exported objects. One option would be to go back to adding an extra header to the export data file, containing the unexported methods in a map[string]T or []string. However, we have an easier route: just parse the Go files and look up the names directly. This does mean that we parse the Go files every time "reverse" runs, even if the build cache is warm, but that should not be an issue. Parsing Go files without any typechecking is very cheap compared to everything else we do. Plus, we save having to load go/types information from the build cache, or having to load extra headers from export files. It should be noted that the obfuscation process does need type information, mainly to be careful about which names can be obfuscated and how they should be obfuscated. Neither is a worry here; all names belong to a single package, and it doesn't matter if some aren't actually obfuscated, since the string replacements would simply never trigger in practice. The test includes an unexported func, to test the new feature. We also start reversing the obfuscation of import paths. Now, the test's reverse output is as follows: goroutine 1 [running]: runtime/debug.Stack(0x??, 0x??, 0x??) runtime/debug/stack.go:24 +0x?? test/main/lib.ExportedLibFunc(0x??, 0x??, 0x??, 0x??) p.go:6 +0x?? main.unexportedMainFunc(...) C.go:2 main.main() z.go:3 +0x?? The only major missing feature is positions and filenames. A follow-up PR will take care of those. Updates #5.
3 years ago
test/main/main.go:10 +0x??