justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity

Strip all filename and position info when -tiny is passed (#128)

Browse Source 
Co-authored-by: pagran <pagran@protonmail.com>
Co-authored-by: lu4p <lu4p@pm.me>
pull/133/head
Andrew LeFevre 5 years ago committed by GitHub
parent 1b50a898bd
commit d679944408
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 82 additions and 35 deletions
Show Stats Download Patch File Download Diff File

63
import_obfuscation.go
Unescape Escape View File

@ -17,8 +17,9 @@ import (
// pkgInfo stores a parsed go archive/object file, // pkgInfo stores a parsed go archive/object file,
// and the original path to which it was read from. // and the original path to which it was read from.
type pkgInfo struct { type pkgInfo struct {
pkg *goobj2.Package pkg *goobj2.Package
path string path string
private bool
} }
// dataType signifies whether the Data portion of a // dataType signifies whether the Data portion of a
@ -52,24 +53,26 @@ func obfuscateImports(objPath, importCfgPath string) (map[string]string, error)
if err != nil { if err != nil {
return nil, fmt.Errorf("error parsing main objfile: %v", err) return nil, fmt.Errorf("error parsing main objfile: %v", err)
} }
privatePkgs := []pkgInfo{{mainPkg, objPath}} pkgs := []pkgInfo{{mainPkg, objPath, true}}
// build list of imported packages that are private // build list of imported packages that are private
for pkgPath, info := range importCfg { for pkgPath, info := range importCfg {
if isPrivate(pkgPath) { // if the '-tiny' flag is passed, we will strip filename
// and position info of every package, but not garble anything
if private := isPrivate(pkgPath); envGarbleTiny || private {
pkg, err := goobj2.Parse(info.Path, pkgPath, importCfg) pkg, err := goobj2.Parse(info.Path, pkgPath, importCfg)
if err != nil { if err != nil {
return nil, fmt.Errorf("error parsing objfile %s at %s: %v", pkgPath, info.Path, err) return nil, fmt.Errorf("error parsing objfile %s at %s: %v", pkgPath, info.Path, err)
} }
privatePkgs = append(privatePkgs, pkgInfo{pkg, info.Path}) pkgs = append(pkgs, pkgInfo{pkg, info.Path, private})
} }
} }
var sb strings.Builder var sb strings.Builder
var buf bytes.Buffer var buf bytes.Buffer
garbledImports := make(map[string]string) garbledImports := make(map[string]string)
for _, p := range privatePkgs { for _, p := range pkgs {
// log.Printf("++ Obfuscating object file for %s ++", p.pkg.ImportPath) // log.Printf("++ Obfuscating object file for %s ++", p.pkg.ImportPath)
for _, am := range p.pkg.ArchiveMembers { for _, am := range p.pkg.ArchiveMembers {
// log.Printf("\t## Obfuscating archive member %s ##", am.ArchiveHeader.Name) // log.Printf("\t## Obfuscating archive member %s ##", am.ArchiveHeader.Name)
@ -80,6 +83,13 @@ func obfuscateImports(objPath, importCfgPath string) (map[string]string, error)
continue continue
} }
// not part of a private package, so just strip filename
// and position info and move on
if !p.private {
stripPCLinesAndNames(&am)
continue
}
// add all private import paths to a list to garble // add all private import paths to a list to garble
var privImports privateImports var privImports privateImports
privImports.privatePaths, privImports.privateNames = explodeImportPath(p.pkg.ImportPath) privImports.privatePaths, privImports.privateNames = explodeImportPath(p.pkg.ImportPath)
@ -149,6 +159,37 @@ func obfuscateImports(objPath, importCfgPath string) (map[string]string, error)
return garbledImports, nil return garbledImports, nil
} }
// stripPCLinesAndNames removes all filename and position info
// from an archive member.
func stripPCLinesAndNames(am *goobj2.ArchiveMember) {
lists := [][]*goobj2.Sym{am.SymDefs, am.NonPkgSymDefs, am.NonPkgSymRefs}
for _, list := range lists {
for _, s := range list {
if s.Func == nil {
continue
}
for _, inl := range s.Func.InlTree {
inl.Line = 1
}
s.Func.PCFile = nil
s.Func.PCLine = nil
s.Func.PCInline = nil
// remove unneeded debug aux symbols
s.Func.DwarfInfo = nil
s.Func.DwarfLoc = nil
s.Func.DwarfRanges = nil
s.Func.DwarfDebugLines = nil
}
}
// remove dwarf file list, it isn't needed as we pass "-w, -s" to the linker
am.DWARFFileList = nil
}
// explodeImportPath returns lists of import paths // explodeImportPath returns lists of import paths
// and package names that could all potentially be // and package names that could all potentially be
// in symbol names of the package that imported 'path'. // in symbol names of the package that imported 'path'.
@ -246,6 +287,7 @@ func garbleSymbols(am *goobj2.ArchiveMember, privImports privateImports, garbled
for _, s := range list { for _, s := range list {
// skip debug symbols, and remove the debug symbol's data to save space // skip debug symbols, and remove the debug symbol's data to save space
if s.Kind >= goobj2.SDWARFINFO && s.Kind <= goobj2.SDWARFLINES { if s.Kind >= goobj2.SDWARFINFO && s.Kind <= goobj2.SDWARFLINES {
s.Size = 0
s.Data = nil s.Data = nil
continue continue
} }
@ -291,6 +333,15 @@ func garbleSymbols(am *goobj2.ArchiveMember, privImports privateImports, garbled
} }
for _, inl := range s.Func.InlTree { for _, inl := range s.Func.InlTree {
inl.Func.Name = garbleSymbolName(inl.Func.Name, privImports, garbledImports, sb) inl.Func.Name = garbleSymbolName(inl.Func.Name, privImports, garbledImports, sb)
if envGarbleTiny {
inl.Line = 1
}
}
if envGarbleTiny {
s.Func.PCFile = nil
s.Func.PCLine = nil
s.Func.PCInline = nil
} }
// remove unneeded debug aux symbols // remove unneeded debug aux symbols

5
line_obfuscator.go
Unescape Escape View File

@ -99,11 +99,6 @@ func transformLineInfo(file *ast.File) ([]string, *ast.File) {
return true return true
} }
if envGarbleTiny {
funcDecl.Doc = prependComment(funcDecl.Doc, &ast.Comment{Text: "//line :1"})
return true
}
comment := &ast.Comment{Text: fmt.Sprintf("//line %c.go:%d", nameCharset[mathrand.Intn(len(nameCharset))], 1+newLines[funcCounter])} comment := &ast.Comment{Text: fmt.Sprintf("//line %c.go:%d", nameCharset[mathrand.Intn(len(nameCharset))], 1+newLines[funcCounter])}
funcDecl.Doc = prependComment(funcDecl.Doc, comment) funcDecl.Doc = prependComment(funcDecl.Doc, comment)
funcCounter++ funcCounter++

4
main.go
Unescape Escape View File

@ -548,7 +548,9 @@ func transformCompile(args []string) ([]string, error) {
// messy. // messy.
name = "_cgo_" + name name = "_cgo_" + name
default: default:
extraComments, file = transformLineInfo(file) if !envGarbleTiny {
extraComments, file = transformLineInfo(file)
}
file = transformGo(file, info, blacklist) file = transformGo(file, info, blacklist)
// Uncomment for some quick debugging. Do not delete. // Uncomment for some quick debugging. Do not delete.

5
testdata/scripts/asm.txt vendored
Unescape Escape View File

@ -7,6 +7,11 @@ binsubstr main$exe 'privateAdd' 'PublicAdd'
[short] stop # no need to verify this with -short [short] stop # no need to verify this with -short
garble -tiny build
exec ./main
cmp stderr main.stderr
binsubstr main$exe 'privateAdd' 'PublicAdd'
go build go build
exec ./main exec ./main
cmp stderr main.stderr cmp stderr main.stderr

5
testdata/scripts/cgo.txt vendored
Unescape Escape View File

@ -7,6 +7,11 @@ binsubstr main$exe 'privateAdd'
[short] stop # no need to verify this with -short [short] stop # no need to verify this with -short
garble -tiny build
exec ./main
cmp stderr main.stderr
binsubstr main$exe 'privateAdd'
go build go build
exec ./main exec ./main
cmp stderr main.stderr cmp stderr main.stderr

35
testdata/scripts/tiny.txt vendored
Unescape Escape View File

@ -1,43 +1,32 @@
env GOPRIVATE=test/main env GOPRIVATE=test/main
env TINY_PATTERN='^\/\/line :1$'
env DEFAULT_PATTERN='^\/\/line \w\.go:[1-9][0-9]*$'
env DEFAULT_STACK_PATTERN='^\t\w\.go:[1-9][0-9]*(\s\+0x[0-9a-f]+)?'
env TINY_STACK_PATTERN='^\t\?\?:[0-9][0-9]*(\s\+0x[0-9a-f]+)?$'
# Tiny mode # Tiny mode
garble -tiny -debugdir=.obf-src build garble -tiny build
exec ./main$exe
grep $TINY_PATTERN .obf-src/main/main.go stderr '\? 0'
! grep $DEFAULT_PATTERN .obf-src/main/main.go
! exec ./main$exe
! stderr 'main\.go'
! stderr $DEFAULT_STACK_PATTERN
stderr $TINY_STACK_PATTERN
[short] stop # no need to verify this with -short [short] stop # no need to verify this with -short
# Default mode # Default mode
garble -debugdir=.obf-src build garble -debugdir=.obf-src build
# Check for file name leak protection # Check for file name leak protection
grep $TINY_PATTERN .obf-src/main/main.go grep '^\/\/line :1$' .obf-src/main/main.go
# Check for default line obfuscation # Check for default line obfuscation
grep $DEFAULT_PATTERN .obf-src/main/main.go grep '^\/\/line \w\.go:[1-9][0-9]*$' .obf-src/main/main.go
exec ./main$exe
! exec ./main$exe stderr '\w\.go [1-9]'
! stderr 'main\.go'
! stderr $TINY_STACK_PATTERN
stderr $DEFAULT_STACK_PATTERN
-- go.mod -- -- go.mod --
module test/main module test/main
-- main.go -- -- main.go --
package main package main
import "runtime"
func main() { func main() {
panic("Test") _, file, line, _ := runtime.Caller(0)
} println(file, line)
}
Write Preview
Loading…
Cancel
Save