justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
Forked from: github.com/burrowers/garble
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 Commits
7 Branches
25 Tags
11 MiB
Go 98.8%
Shell 1.1%
AMPL 0.1%
 
 
 
master
formatTests
defaultSeed
test
string-pattern-fix
ci-test
literalRecheck
v0.15.0
v0.14.2
v0.14.1
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4d5ad43f10'
${ noResults }
Go to file
Daniel Martí 4d5ad43f10 allow garble to test itself 
With this patch, 'go install && garble test' works.
 		6 years ago
.github allow garble to test itself 6 years ago
testdata/scripts allow garble to test itself 6 years ago
.gitattributes start testing on GitHub Actions 6 years ago
.gitignore error if the user forgot -trimpath 6 years ago
LICENSE initial commit 6 years ago
README.md don't garble exported struct fields 6 years ago
go.mod update deps 6 years ago
go.sum update deps 6 years ago
main.go allow garble to test itself 6 years ago
main_test.go parse boolean flags differently from string flags 6 years ago

README.md

garble

GO111MODULE=on go get mvdan.cc/garble

Obfuscate a Go build. Requires Go 1.13 or later.

garble build [build flags] [packages]

which is equivalent to the longer:

go build -a -trimpath -toolexec=garble [build flags] [packages]

Purpose

Produce a binary that works as well as a regular build, but that has as little information about the original source code as possible.

The tool is designed to be:

  • Coupled with cmd/go, to support both GOPATH and modules with ease
  • Deterministic and reproducible, given the same initial source code
  • Reversible given the original source, to un-garble panic stack traces

Mechanism

The tool wraps calls to the Go compiler to transform the Go source code, in order to:

  • Replace as many useful identifiers as possible with short base64 hashes
  • Remove module build information
  • Strip filenames and unnecessary lines, to make position info less useful

It also wraps calls to the linker in order to:

  • Enforce the -s flag, to not include the symbol table
  • Enforce the -w flag, to not include DWARF debugging data

Finally, the tool requires the use of the -trimpath build flag, to ensure the binary doesn't include paths from the current filesystem.

Caveats

  • The -a flag for go build is required, since -toolexec doesn't work well with the build cache; see #27628.

  • Since no caching at all can take place right now (see the link above), builds will be slower than go build - especially for large projects.

  • The standard library is never garbled when compiled, since the source is always publicly available.

  • Deciding what method names to garble is always going to be difficult, due to interfaces that could be implemented up or down the package import tree.

  • Similarly to methods, exported struct fields are difficult to garble, as the names might be relevant for reflection work like encoding/json