justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
Forked from: github.com/burrowers/garble
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
144 Commits
3 Branches
23 Tags
10 MiB
Go 98.8%
Shell 1.1%
AMPL 0.1%
 
 
 
master
ci-test
literalRecheck
v0.14.1
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c8d61c772f'
${ noResults }
Go to file
Andrew LeFevre c8d61c772f
Garble imports and package paths in GOPRIVATE (#116) 
Finally, finally this is done. This allows import paths to be obfuscated by modifying
object/archive files and garbling import paths contained within. The bulk of the
code that makes parsing and writing Go object/archive files possible lives at
https://github.com/Binject/debug/tree/master/goobj2, which I wrote as well.

I have tested by garbling and checking for import paths via strings and grep
(in order of difficulty) https://github.com/lu4p/binclude, garble itself, and
https://github.com/dominikh/go-tools/tree/master/cmd/staticcheck.

This only supports object/archive files produced from the Go 1.15 compiler.
The object file format changed at 1.15, and 1.14 and earlier is not supported.

Fixes #13.
 		5 years ago
.github update dependency versions, drop Go 1.14 5 years ago
internal remove buggy number literal obfuscation 5 years ago
testdata Garble imports and package paths in GOPRIVATE (#116) 5 years ago
.gitattributes start testing on GitHub Actions 5 years ago
.gitignore skip literals used in constant expressions 5 years ago
CONTRIBUTING.md PRs with one review and CI are now mandatory (#92) 5 years ago
LICENSE initial commit 5 years ago
README.md Garble imports and package paths in GOPRIVATE (#116) 5 years ago
bench_test.go Add windows support for benchmark (#105) 5 years ago
crlf_test.sh Check that all files use LF line endings in CI 5 years ago
go.mod Garble imports and package paths in GOPRIVATE (#116) 5 years ago
go.sum Garble imports and package paths in GOPRIVATE (#116) 5 years ago
import_obfuscation.go Garble imports and package paths in GOPRIVATE (#116) 5 years ago
line_obfuscator.go Optimize fake line number 5 years ago
main.go Garble imports and package paths in GOPRIVATE (#116) 5 years ago
main_test.go remove buggy number literal obfuscation 5 years ago
runtime_api.go also replace 'println' statements in the runtime with panicprint 5 years ago

README.md

garble

GO111MODULE=on go get mvdan.cc/garble

Obfuscate a Go build. Requires Go 1.15 or later, since Go 1.14 uses an entirely different object format.

garble build [build flags] [packages]

See garble -h for up to date usage information.

Purpose

Produce a binary that works as well as a regular build, but that has as little information about the original source code as possible.

The tool is designed to be:

  • Coupled with cmd/go, to support both GOPATH and modules with ease
  • Deterministic and reproducible, given the same initial source code
  • Reversible given the original source, to un-garble panic stack traces

Mechanism

The tool wraps calls to the Go compiler and linker to transform the Go build, in order to:

  • Replace as many useful identifiers as possible with short base64 hashes
  • Replace package paths with short base64 hashes
  • Remove all build and module information
  • Strip filenames and shuffle position information
  • Obfuscate literals, if the -literals flag is given
  • Strip debugging information and symbol tables
  • Expose additional functions in the runtime that can optionally hide information during execution

Options

By default, the tool garbles the packages under the current module. If not running in module mode, then only the main package is garbled. To specify what packages to garble, set GOPRIVATE, documented at go help module-private.

Caveats

Most of these can improve with time and effort. The purpose of this section is to document the current shortcomings of this tool.

  • The -a flag for go build is required, since -toolexec doesn't work well with the build cache; see golang/go#27628.

  • Since no caching at all can take place right now (see the link above), fast incremental builds aren't possible. Large projects might be slow to build.

  • Deciding what method names to garble is always going to be difficult, due to interfaces that could be implemented up or down the package import tree. At the moment, exported methods are never garbled.

  • Similarly to methods, exported struct fields are difficult to garble, as the names might be relevant for reflection work like encoding/json. At the moment, exported methods are never garbled.

  • Functions implemented outside Go, such as assembly, aren't garbled since we currently only transform the input Go source.

  • Since garble forces -trimpath, plugins built with -garble must be loaded from Go programs built with -trimpath too. Plugins currently do not always work with well with garble; see #87.

Runtime API

The tool adds additional functions to the runtime that can optionally be used to hide information during execution. The functions added are:

// hideFatalErrors suppresses printing fatal error messages and
// fatal panics when hide is true. This behavior can be changed at 
// any time by calling hideFatalErrors again. All other behaviors of 
// panics remains the same.
func hideFatalErrors(hide bool)

These functions must be used with the linkname compiler directive, like so:

package main

import _ "unsafe"

//go:linkname hideFatalErrors runtime.hideFatalErrors
func hideFatalErrors(hide bool)

func init() { hideFatalErrors(true) }

func main() {
	panic("ya like jazz?")
}