justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
ci-test
literalRecheck
v0.14.2
v0.14.1
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c1c90fee13'
${ noResults }
garble/testdata/scripts/position.txt

118 lines
2.9 KiB
Plaintext
Raw Normal View History Unescape Escape

deprecate using GOPRIVATE in favor of GOGARBLE (#427) Piggybacking off of GOPRIVATE is great for a number of reasons: * People tend to obfuscate private code, whose package paths will generally be in GOPRIVATE already * Its meaning and syntax are well understood * It allows all the flexibility we need without adding our own env var or config option However, using GOPRIVATE directly has one main drawback. It's fairly common to also want to obfuscate public dependencies, to make the code in private packages even harder to follow. However, using "GOPRIVATE=*" will result in two main downsides: * GONOPROXY defaults to GOPRIVATE, so the proxy would be entirely disabled. Downloading modules, such as when adding or updating dependencies, or when the local cache is cold, can be less reliable. * GONOSUMDB defaults to GOPRIVATE, so the sumdb would be entirely disabled. Adding entries to go.sum, such as when adding or updating dependencies, can be less secure. We will continue to consume GOPRIVATE as a fallback, but we now expect users to set GOGARBLE instead. The new logic is documented in the README. While here, rewrite some uses of "private" with "to obfuscate", to make the code easier to follow and harder to misunderstand. Fixes #276.
3 years ago
env GOGARBLE=test/main
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
garble build
exec ./main
testdata: use longer Go filenames for binsubstr Every now and then, a CI run would fail: FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main These were rare, and very hard to reproduce or debug. My best guess is that, since "main.go" is a short string and we use random eight-character obfuscated filenames ending with ".go", it was possible that the random filename happened to end in "main" in some cases. Given the base64 encoding, the chances of a single suffix collision are about 0.000006%. Note, however, that a single obfuscated build will most likely obfuscate many filenames, especially for the tests obfuscating multiple packages. For a single CI run with many tests across three OSs, the chances of any collision are likely very low, but realistic. All this has a simple fix: use longer filenames to match with. We choose "garble_main.go" since it's long enough, but also because it's still clear it's a "main" Go file, and it's very unlikely to cause conflicts with filenames in upstream Go given the "garble_" prefix.
4 years ago
! stdout 'garble_main\.go|garble_other_filename|is sorted'
improve "reverse" even further (#289) Fix up a few TODOs, and simplify the way we handle comments. We now add whitespace around inline /*line*/ directives, to ensure we don't break programs. A test case is added too. We now add line directives to call sites, not function declarations, since those are what actually shows up in stack traces. It's unclear if we care about any other lines inside functions at all. This also fixes reversing with -literals, since that feature adds a significant amount of code which shuffles line numbers around. Finally, we extend the tests with types, methods, and anonymous functions, and we make all of them work well. Updates #5.
4 years ago
testdata: use longer Go filenames for binsubstr Every now and then, a CI run would fail: FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main These were rare, and very hard to reproduce or debug. My best guess is that, since "main.go" is a short string and we use random eight-character obfuscated filenames ending with ".go", it was possible that the random filename happened to end in "main" in some cases. Given the base64 encoding, the chances of a single suffix collision are about 0.000006%. Note, however, that a single obfuscated build will most likely obfuscate many filenames, especially for the tests obfuscating multiple packages. For a single CI run with many tests across three OSs, the chances of any collision are likely very low, but realistic. All this has a simple fix: use longer filenames to match with. We choose "garble_main.go" since it's long enough, but also because it's still clear it's a "main" Go file, and it's very unlikely to cause conflicts with filenames in upstream Go given the "garble_" prefix.
4 years ago
! binsubstr main$exe 'garble_main.go' 'garble_other_filename'
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
[short] stop # no need to verify this with -short
go build
exec ./main
testdata: use longer Go filenames for binsubstr Every now and then, a CI run would fail: FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main These were rare, and very hard to reproduce or debug. My best guess is that, since "main.go" is a short string and we use random eight-character obfuscated filenames ending with ".go", it was possible that the random filename happened to end in "main" in some cases. Given the base64 encoding, the chances of a single suffix collision are about 0.000006%. Note, however, that a single obfuscated build will most likely obfuscate many filenames, especially for the tests obfuscating multiple packages. For a single CI run with many tests across three OSs, the chances of any collision are likely very low, but realistic. All this has a simple fix: use longer filenames to match with. We choose "garble_main.go" since it's long enough, but also because it's still clear it's a "main" Go file, and it's very unlikely to cause conflicts with filenames in upstream Go given the "garble_" prefix.
4 years ago
stdout 'garble_main.go'
stdout 'garble_other_filename'
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
stdout ':19: main'
use hashWith for obfuscation position information Position information was obfuscated with math/rand manually, which meant that the resulting positions were pretty small like "x.go:34", but they were also very hard to reverse due to their short length and difficulty to reproduce. We now hash them with hashWith and the package's GarbleActionID: "main.go:203" hashed with 933ad1c700755b7c3a9913c55cade1 to "mwu1xuNz.go" The input to the hash is the base filename and the byte offset of the declaration within the file, meaning that it's unique within a package. The output filename is long enough to allow easy reversal. The line number is always 1, since the information needed for reversing is contained entirely within the filename. It doesn't really matter if we encode data in the filename or line number, but it's easier for us to use a string. For #5.
4 years ago
stdout 'initPositions is sorted'
stdout 'varPositions is sorted'
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
-- go.mod --
module test/main
drop support for Go 1.16.x We can now use pruned module graphs in go.mod files, and we no longer need to worry about runtime/internal/sys. Note that I had to update testdata/mod slightly, as the new pruned module graphs algorithm downloads an extra go.mod file. This change also paves the way towards future Go 1.18 support. Thanks to lu4p for cleaning up two TODOs as well. Co-Authored-By: lu4p <lu4p@pm.me>
4 years ago
go 1.17
testdata: use longer Go filenames for binsubstr Every now and then, a CI run would fail: FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main These were rare, and very hard to reproduce or debug. My best guess is that, since "main.go" is a short string and we use random eight-character obfuscated filenames ending with ".go", it was possible that the random filename happened to end in "main" in some cases. Given the base64 encoding, the chances of a single suffix collision are about 0.000006%. Note, however, that a single obfuscated build will most likely obfuscate many filenames, especially for the tests obfuscating multiple packages. For a single CI run with many tests across three OSs, the chances of any collision are likely very low, but realistic. All this has a simple fix: use longer filenames to match with. We choose "garble_main.go" since it's long enough, but also because it's still clear it's a "main" Go file, and it's very unlikely to cause conflicts with filenames in upstream Go given the "garble_" prefix.
4 years ago
-- garble_main.go --
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
package main
import (
"fmt"
"runtime"
"sort"
)
var _, globalFile, globalLine, _ = runtime.Caller(0)
func init() {
_, file, line, _ := runtime.Caller(0)
fmt.Printf("%s:%d: init\n", file, line)
}
func main() {
fmt.Printf("%s:%d: global\n", globalFile, globalLine)
_, file, line, _ := runtime.Caller(0)
fmt.Printf("%s:%d: main\n", file, line)
funcDecl()
funcVar()
use hashWith for obfuscation position information Position information was obfuscated with math/rand manually, which meant that the resulting positions were pretty small like "x.go:34", but they were also very hard to reverse due to their short length and difficulty to reproduce. We now hash them with hashWith and the package's GarbleActionID: "main.go:203" hashed with 933ad1c700755b7c3a9913c55cade1 to "mwu1xuNz.go" The input to the hash is the base filename and the byte offset of the declaration within the file, meaning that it's unique within a package. The output filename is long enough to allow easy reversal. The line number is always 1, since the information needed for reversing is contained entirely within the filename. It doesn't really matter if we encode data in the filename or line number, but it's easier for us to use a string. For #5.
4 years ago
// initPositions is filled by ten consecutive funcs.
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
// If we are not shuffling or obfuscating line numbers,
// this list will be sorted.
// If we are, it's extremely unlikely it would remain sorted.
use hashWith for obfuscation position information Position information was obfuscated with math/rand manually, which meant that the resulting positions were pretty small like "x.go:34", but they were also very hard to reverse due to their short length and difficulty to reproduce. We now hash them with hashWith and the package's GarbleActionID: "main.go:203" hashed with 933ad1c700755b7c3a9913c55cade1 to "mwu1xuNz.go" The input to the hash is the base filename and the byte offset of the declaration within the file, meaning that it's unique within a package. The output filename is long enough to allow easy reversal. The line number is always 1, since the information needed for reversing is contained entirely within the filename. It doesn't really matter if we encode data in the filename or line number, but it's easier for us to use a string. For #5.
4 years ago
if sort.IsSorted(sort.StringSlice(initPositions)) {
fmt.Println("initPositions is sorted")
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
}
// Same as the above, but with vars.
use hashWith for obfuscation position information Position information was obfuscated with math/rand manually, which meant that the resulting positions were pretty small like "x.go:34", but they were also very hard to reverse due to their short length and difficulty to reproduce. We now hash them with hashWith and the package's GarbleActionID: "main.go:203" hashed with 933ad1c700755b7c3a9913c55cade1 to "mwu1xuNz.go" The input to the hash is the base filename and the byte offset of the declaration within the file, meaning that it's unique within a package. The output filename is long enough to allow easy reversal. The line number is always 1, since the information needed for reversing is contained entirely within the filename. It doesn't really matter if we encode data in the filename or line number, but it's easier for us to use a string. For #5.
4 years ago
if sort.IsSorted(sort.StringSlice(varPositions)) {
fmt.Println("varPositions is sorted")
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
}
improve "reverse" even further (#289) Fix up a few TODOs, and simplify the way we handle comments. We now add whitespace around inline /*line*/ directives, to ensure we don't break programs. A test case is added too. We now add line directives to call sites, not function declarations, since those are what actually shows up in stack traces. It's unclear if we care about any other lines inside functions at all. This also fixes reversing with -literals, since that feature adds a significant amount of code which shuffles line numbers around. Finally, we extend the tests with types, methods, and anonymous functions, and we make all of them work well. Updates #5.
4 years ago
// Adding "/*text*/" comments here is tricky,
// as we don't want to turn "a/b" into "a//*text*/b".
// We need "a/ /*text*/b" to preserve the syntax.
// The nested expression is needed to prevent spaces.
fmt.Printf("%v\n", 10*float64(3.0)/float64(4.0))
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
}
testdata: use longer Go filenames for binsubstr Every now and then, a CI run would fail: FAIL: testdata/scripts/reflect.txt:7: unexpected match for ["main.go"] in main These were rare, and very hard to reproduce or debug. My best guess is that, since "main.go" is a short string and we use random eight-character obfuscated filenames ending with ".go", it was possible that the random filename happened to end in "main" in some cases. Given the base64 encoding, the chances of a single suffix collision are about 0.000006%. Note, however, that a single obfuscated build will most likely obfuscate many filenames, especially for the tests obfuscating multiple packages. For a single CI run with many tests across three OSs, the chances of any collision are likely very low, but realistic. All this has a simple fix: use longer filenames to match with. We choose "garble_main.go" since it's long enough, but also because it's still clear it's a "main" Go file, and it's very unlikely to cause conflicts with filenames in upstream Go given the "garble_" prefix.
4 years ago
-- garble_other_filename.go --
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
package main
import (
"fmt"
"runtime"
)
func funcDecl() {
_, file, line, _ := runtime.Caller(0)
fmt.Printf("%s:%d: func\n", file, line)
}
var funcVar = func() {
_, file, line, _ := runtime.Caller(0)
fmt.Printf("%s:%d: func var\n", file, line)
}
use hashWith for obfuscation position information Position information was obfuscated with math/rand manually, which meant that the resulting positions were pretty small like "x.go:34", but they were also very hard to reverse due to their short length and difficulty to reproduce. We now hash them with hashWith and the package's GarbleActionID: "main.go:203" hashed with 933ad1c700755b7c3a9913c55cade1 to "mwu1xuNz.go" The input to the hash is the base filename and the byte offset of the declaration within the file, meaning that it's unique within a package. The output filename is long enough to allow easy reversal. The line number is always 1, since the information needed for reversing is contained entirely within the filename. It doesn't really matter if we encode data in the filename or line number, but it's easier for us to use a string. For #5.
4 years ago
var initPositions []string
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
use hashWith for obfuscation position information Position information was obfuscated with math/rand manually, which meant that the resulting positions were pretty small like "x.go:34", but they were also very hard to reverse due to their short length and difficulty to reproduce. We now hash them with hashWith and the package's GarbleActionID: "main.go:203" hashed with 933ad1c700755b7c3a9913c55cade1 to "mwu1xuNz.go" The input to the hash is the base filename and the byte offset of the declaration within the file, meaning that it's unique within a package. The output filename is long enough to allow easy reversal. The line number is always 1, since the information needed for reversing is contained entirely within the filename. It doesn't really matter if we encode data in the filename or line number, but it's easier for us to use a string. For #5.
4 years ago
func curPos() string {
_, file, line, _ := runtime.Caller(1)
return fmt.Sprintf("%s:%d", file, line)
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
}
use hashWith for obfuscation position information Position information was obfuscated with math/rand manually, which meant that the resulting positions were pretty small like "x.go:34", but they were also very hard to reverse due to their short length and difficulty to reproduce. We now hash them with hashWith and the package's GarbleActionID: "main.go:203" hashed with 933ad1c700755b7c3a9913c55cade1 to "mwu1xuNz.go" The input to the hash is the base filename and the byte offset of the declaration within the file, meaning that it's unique within a package. The output filename is long enough to allow easy reversal. The line number is always 1, since the information needed for reversing is contained entirely within the filename. It doesn't really matter if we encode data in the filename or line number, but it's easier for us to use a string. For #5.
4 years ago
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
func init() { initPositions = append(initPositions, curPos()) }
var varLine0 = curPos()
var varLine1 = curPos()
var varLine2 = curPos()
var varLine3 = curPos()
var varLine4 = curPos()
var varLine5 = curPos()
var varLine6 = curPos()
var varLine7 = curPos()
var varLine8 = curPos()
var varLine9 = curPos()
var varPositions = []string{
simplify, improve, and test line obfuscation (#239) First, remove the shuffling of the declarations list within each file. This is what we used at the very start to shuffle positions. Ever since we started obfuscating positions via //line comments, that has been entirely unnecessary. Second, add a proper test that will fail if we don't obfuscate line numbers well enough. Filenames were already decently covered by other tests. Third, simplify the line obfuscation code. It does not require astutil.Apply, and ranging over file.Decls is easier. Finally, also obfuscate the position of top-level vars, since we only used to do it for top-level funcs. Without that fix, the test would fail as varLines was unexpectedly sorted.
4 years ago
varLine0, varLine1, varLine2, varLine3, varLine4,
varLine5, varLine6, varLine7, varLine8, varLine9,
}