justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
Forked from: github.com/burrowers/garble
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 Commits
4 Branches
20 Tags
8.3 MiB
Go 98.1%
Shell 1.8%
AMPL 0.1%
 
 
 
master
release-v0.12
ci-test
literalRecheck
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a7da406207'
${ noResults }
Go to file
Daniel Martí a7da406207 start supporting asm functions better 
Spotted while trying to link a program using unix.Syscall, since its
implementation is assembly.

Telling if a function couldn't be garbled isn't trivial. If that
function belongs to an imported package, we only load its export data
instead of type-checking from source, so we don't have all the
information needed.

Instead, use the gc export data importer to import two versions of each
dependency: its original version, for the initial type-checking, and its
garbled version, to check if any of its exported names weren't garbled.

Updates #9.
 		4 years ago
.github add Go 1.14 4 years ago
testdata start supporting asm functions better 4 years ago
.gitattributes start testing on GitHub Actions 5 years ago
.gitignore error if the user forgot -trimpath 5 years ago
LICENSE initial commit 5 years ago
README.md support building modules which require other modules 4 years ago
go.mod don't garble any embedded fields 4 years ago
go.sum don't garble any embedded fields 4 years ago
main.go start supporting asm functions better 4 years ago
main_test.go support building modules which require other modules 4 years ago

README.md

garble

GO111MODULE=on go get mvdan.cc/garble

Obfuscate a Go build. Requires Go 1.13 or later.

garble build [build flags] [packages]

which is equivalent to the longer:

GARBLE_DIR="$PWD" go build -a -trimpath -toolexec=garble [build flags] [packages]

Purpose

Produce a binary that works as well as a regular build, but that has as little information about the original source code as possible.

The tool is designed to be:

  • Coupled with cmd/go, to support both GOPATH and modules with ease
  • Deterministic and reproducible, given the same initial source code
  • Reversible given the original source, to un-garble panic stack traces

Mechanism

The tool wraps calls to the Go compiler to transform the Go source code, in order to:

  • Replace as many useful identifiers as possible with short base64 hashes
  • Remove module build information
  • Strip filenames and unnecessary lines, to make position info less useful

It also wraps calls to the linker in order to:

  • Enforce the -s flag, to not include the symbol table
  • Enforce the -w flag, to not include DWARF debugging data

Finally, the tool requires the use of the -trimpath build flag, to ensure the binary doesn't include paths from the current filesystem.

Caveats

  • The -a flag for go build is required, since -toolexec doesn't work well with the build cache; see #27628.

  • Since no caching at all can take place right now (see the link above), builds will be slower than go build - especially for large projects.

  • The standard library is never garbled when compiled, since the source is always publicly available.

  • Deciding what method names to garble is always going to be difficult, due to interfaces that could be implemented up or down the package import tree.

  • Similarly to methods, exported struct fields are difficult to garble, as the names might be relevant for reflection work like encoding/json