Forked from: github.com/burrowers/garble

golang binary build code-obfuscator obfuscation

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

lu4p c59283c548 Update FUNDING.yml		4 years ago
.github	Update FUNDING.yml	4 years ago
internal	all: update the docs a bit	4 years ago
testdata	Validate the user provided seed. (#126 )	4 years ago
.gitattributes	start testing on GitHub Actions	5 years ago
.gitignore	skip literals used in constant expressions	4 years ago
CONTRIBUTING.md	PRs with one review and CI are now mandatory (#92 )	4 years ago
LICENSE	initial commit	5 years ago
README.md	all: update the docs a bit	4 years ago
bench_test.go	Add windows support for benchmark (#105 )	4 years ago
crlf_test.sh	Check that all files use LF line endings in CI	4 years ago
go.mod	Garble imports and package paths in GOPRIVATE (#116 )	4 years ago
go.sum	Garble imports and package paths in GOPRIVATE (#116 )	4 years ago
import_obfuscation.go	all: update the docs a bit	4 years ago
line_obfuscator.go	Optimize fake line number	4 years ago
main.go	Validate the user provided seed. (#126 )	4 years ago
main_test.go	remove buggy number literal obfuscation	4 years ago
runtime_api.go	also replace 'println' statements in the runtime with panicprint	4 years ago

README.md

garble

GO111MODULE=on go get mvdan.cc/garble

Obfuscate Go code by wrapping the Go toolchain. Requires Go 1.15 or later, since Go 1.14 uses an entirely different object format.

garble build [build flags] [packages]

See garble -h for up to date usage information.

Purpose

Produce a binary that works as well as a regular build, but that has as little information about the original source code as possible.

The tool is designed to be:

Coupled with cmd/go, to support both GOPATH and modules with ease
Deterministic and reproducible, given the same initial source code
Reversible given the original source, to un-garble panic stack traces

Mechanism

The tool wraps calls to the Go compiler and linker to transform the Go build, in order to:

Replace as many useful identifiers as possible with short base64 hashes
Replace package paths with short base64 hashes
Remove all build and module information
Strip filenames and shuffle position information
Strip debugging information and symbol tables
Obfuscate literals, if the -literals flag is given
Expose additional functions in the runtime package that can optionally hide information during execution

Options

By default, the tool garbles the packages under the current module. If not running in module mode, then only the main package is garbled. To specify what packages to garble, set GOPRIVATE, documented at go help module-private.

Caveats

Most of these can improve with time and effort. The purpose of this section is to document the current shortcomings of this tool.

Build caching is not supported, so large projects will likely be slow to build. See golang/go#41145.
Exported methods and fields are never garbled at the moment, since they could be required by interfaces and reflection. This area is a work in progress.
Functions implemented outside Go, such as assembly, aren't garbled since we currently only transform the input Go source.
Go plugins are not currently supported; see #87.

Runtime API

The tool adds additional functions to the runtime that can optionally be used to hide information during execution. The functions added are:

// hideFatalErrors suppresses printing fatal error messages and
// fatal panics when hide is true. This behavior can be changed at 
// any time by calling hideFatalErrors again. All other behaviors of 
// panics remains the same.
func hideFatalErrors(hide bool)

These functions must be used with the linkname compiler directive, like so:

package main

import _ "unsafe"

//go:linkname hideFatalErrors runtime.hideFatalErrors
func hideFatalErrors(hide bool)

func init() { hideFatalErrors(true) }

func main() {
	panic("ya like jazz?")
}