|
|
|
# Note that it doesn't really matter if the assembly below is badly written.
|
|
|
|
# We just care enough to see that it obfuscates and keeps the same behavior.
|
|
|
|
# TODO: support arm64, at least
|
|
|
|
[!amd64] skip 'the assembly is only written for amd64'
|
|
|
|
|
deprecate using GOPRIVATE in favor of GOGARBLE (#427)
Piggybacking off of GOPRIVATE is great for a number of reasons:
* People tend to obfuscate private code, whose package paths will
generally be in GOPRIVATE already
* Its meaning and syntax are well understood
* It allows all the flexibility we need without adding our own env var
or config option
However, using GOPRIVATE directly has one main drawback.
It's fairly common to also want to obfuscate public dependencies,
to make the code in private packages even harder to follow.
However, using "GOPRIVATE=*" will result in two main downsides:
* GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled.
Downloading modules, such as when adding or updating dependencies,
or when the local cache is cold, can be less reliable.
* GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled.
Adding entries to go.sum, such as when adding or updating dependencies,
can be less secure.
We will continue to consume GOPRIVATE as a fallback,
but we now expect users to set GOGARBLE instead.
The new logic is documented in the README.
While here, rewrite some uses of "private" with "to obfuscate",
to make the code easier to follow and harder to misunderstand.
Fixes #276.
3 years ago
|
|
|
env GOGARBLE=test/main
|
|
|
|
|
|
|
|
garble build
|
|
|
|
exec ./main
|
|
|
|
cmp stderr main.stderr
|
|
|
|
# TODO: ! binsubstr main$exe 'test/main' 'privateAdd' 'PublicAdd' 'garble_main' 'garble_define'
|
|
|
|
! binsubstr main$exe 'privateAdd' 'PublicAdd'
|
|
|
|
|
|
|
|
[short] stop # no need to verify this with -short
|
|
|
|
|
|
|
|
# Ensure that reversing doesn't error with assembly files.
|
|
|
|
# It should fail, as there is nothing to reverse, but without any parse error.
|
|
|
|
stdin empty-reverse.txt
|
|
|
|
! garble reverse .
|
|
|
|
! stderr .
|
|
|
|
|
|
|
|
garble -tiny build
|
|
|
|
exec ./main
|
|
|
|
cmp stderr main.stderr
|
|
|
|
! binsubstr main$exe 'privateAdd' 'PublicAdd'
|
|
|
|
|
|
|
|
go build
|
|
|
|
exec ./main
|
|
|
|
cmp stderr main.stderr
|
|
|
|
binsubstr main$exe 'privateAdd' 'PublicAdd'
|
|
|
|
|
|
|
|
-- go.mod --
|
|
|
|
module test/main
|
|
|
|
|
|
|
|
go 1.18
|
|
|
|
-- main.go --
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"test/main/imported"
|
|
|
|
)
|
|
|
|
|
|
|
|
func privateAdd(x, y int32) int32
|
|
|
|
|
|
|
|
// goData is used from both assembly and header files.
|
|
|
|
var goData = [4]uint64{1, 2, 3, 4}
|
|
|
|
|
|
|
|
func modifyGoData()
|
|
|
|
func modifyGoData2()
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
println(privateAdd(1, 2))
|
|
|
|
|
|
|
|
println(goData[0], goData[1])
|
|
|
|
modifyGoData()
|
|
|
|
println(goData[0], goData[1])
|
|
|
|
modifyGoData2()
|
|
|
|
println(goData[0], goData[1])
|
|
|
|
|
|
|
|
println(imported.PublicAdd(3, 4))
|
|
|
|
}
|
|
|
|
-- garble_main_amd64.s --
|
|
|
|
TEXT ·privateAdd(SB),$0-16
|
|
|
|
MOVL x+0(FP), BX
|
|
|
|
MOVL y+4(FP), BP
|
|
|
|
ADDL BP, BX
|
|
|
|
MOVL BX, ret+8(FP)
|
|
|
|
RET
|
|
|
|
|
|
|
|
#include "garble_define_amd64.h"
|
|
|
|
|
|
|
|
#include "extra/garble_define2_amd64.h"
|
|
|
|
|
|
|
|
TEXT ·modifyGoData(SB),$0-16
|
|
|
|
addGoDataTo($12)
|
|
|
|
ADDL $34, ·goData+8(SB)
|
|
|
|
RET
|
|
|
|
|
|
|
|
TEXT ·modifyGoData2(SB),$0-16
|
|
|
|
addGoDataTo2($12)
|
|
|
|
ADDL $34,·goData+8(SB) // note the lack of a space
|
|
|
|
RET
|
|
|
|
|
|
|
|
-- garble_define_amd64.h --
|
|
|
|
#define addGoDataTo(arg) \
|
|
|
|
ADDL arg, ·goData+0(SB)
|
|
|
|
|
|
|
|
-- extra/garble_define2_amd64.h --
|
|
|
|
#define addGoDataTo2(arg) \
|
|
|
|
ADDL arg, ·goData+0(SB)
|
|
|
|
|
|
|
|
-- imported/imported.go --
|
|
|
|
package imported
|
|
|
|
|
|
|
|
func PublicAdd(x, y int32) int32
|
|
|
|
|
|
|
|
-- imported/imported_amd64.s --
|
|
|
|
TEXT ·PublicAdd(SB),$0-16
|
|
|
|
MOVL x+0(FP), BX
|
|
|
|
MOVL y+4(FP), BP
|
|
|
|
ADDL BP, BX
|
|
|
|
MOVL BX, ret+8(FP)
|
|
|
|
RET
|
|
|
|
-- main.stderr --
|
|
|
|
3
|
|
|
|
1 2
|
|
|
|
13 36
|
|
|
|
25 70
|
|
|
|
7
|
|
|
|
-- empty-reverse.txt --
|