justan0th3rstud3nt
/
garble
mirror of https://github.com/burrowers/garble
1
0
Fork 0
Code Issues 1 Projects Releases Wiki Activity
Forked from: github.com/burrowers/garble
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
191 Commits
3 Branches
24 Tags
10 MiB
Go 98.8%
Shell 1.1%
AMPL 0.1%
 
 
 
master
ci-test
literalRecheck
v0.14.2
v0.14.1
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.0
v0.10.1
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c9deff810b'
${ noResults }
Go to file
Daniel Martí c9deff810b
obfuscate fewer std packages (#196) 
Previously, we were never obfuscating runtime and its direct
dependencies. Unfortunately, due to linkname, the runtime package is
actually closely related to dozens of other std packages as well.

Until we can obfuscate the runtime and properly support go:linkname
directives, obfuscating fewer std packages is a better outcome than
breaking and not producing any obfuscated code at all.

The added test case is building runtime/pprof, which used to cause
failures:

	# runtime/pprof
	/go/src/runtime/pprof/label.go:27:21: undefined: context.Context
	/go/src/runtime/pprof/label.go:59:21: undefined: context.Context
	/go/src/runtime/pprof/label.go:93:16: undefined: context.Context
	/go/src/runtime/pprof/label.go:101:20: undefined: context.Context

The net package was also very close to obfuscating properly thanks to
this change, so its test is now run as well. The only other remaining
fix was to not obfuscate fields on cgo types, since those aren't
obfuscated at the moment.

The map is pretty long, but it's only a temporary solution and the
command to obtain the list again is included. Never obfuscating the
entire std library is also an option, but it's a bit unnecessary.

Fixes #134.
 		4 years ago
.github CI: comment out test-gotip for now (#157) 5 years ago
internal Remove the `usesUnsafe` global variable as it's unused 5 years ago
scripts obfuscate fewer std packages (#196) 4 years ago
testdata obfuscate fewer std packages (#196) 4 years ago
.gitattributes start testing on GitHub Actions 5 years ago
.gitignore skip literals used in constant expressions 5 years ago
AUTHORS set up an AUTHORS file to attribute copyright 5 years ago
CONTRIBUTING.md CONTRIBUTING: include some basic terminology (#188) 5 years ago
LICENSE set up an AUTHORS file to attribute copyright 5 years ago
README.md Add a Contributing section to the README (#187) 5 years ago
bench_test.go set up an AUTHORS file to attribute copyright 5 years ago
go.mod Use latest Binject/debug version to support importmap directives, fixes #146 (#189) 5 years ago
go.sum Use latest Binject/debug version to support importmap directives, fixes #146 (#189) 5 years ago
hash.go Share data between processes via a shared file. (#192) 5 years ago
import_obfuscation.go fix 2 small bugs in import obfuscation (#195) 5 years ago
line_obfuscator.go Share data between processes via a shared file. (#192) 5 years ago
main.go obfuscate fewer std packages (#196) 4 years ago
main_test.go testdata: don't let tests rely on rewriting mod files 5 years ago
runtime_strip.go Replaced asthelper.Ident with ast.NewIdent 5 years ago
shared.go obfuscate fewer std packages (#196) 4 years ago

README.md

garble

GO111MODULE=on go get mvdan.cc/garble

Obfuscate Go code by wrapping the Go toolchain. Requires Go 1.15 or later, since Go 1.14 uses an entirely different object format.

garble build [build flags] [packages]

See garble -h for up to date usage information.

Purpose

Produce a binary that works as well as a regular build, but that has as little information about the original source code as possible.

The tool is designed to be:

  • Coupled with cmd/go, to support modules and build caching
  • Deterministic and reproducible, given the same initial source code
  • Reversible given the original source, to un-garble panic stack traces

Mechanism

The tool wraps calls to the Go compiler and linker to transform the Go build, in order to:

  • Replace as many useful identifiers as possible with short base64 hashes
  • Replace package paths with short base64 hashes
  • Remove all build and module information
  • Strip filenames and shuffle position information
  • Strip debugging information and symbol tables
  • Obfuscate literals, if the -literals flag is given
  • Removes extra information if the -tiny flag is given

Options

By default, the tool garbles the packages under the current module. If not running in module mode, then only the main package is garbled. To specify what packages to garble, set GOPRIVATE, documented at go help module-private.

Caveats

Most of these can improve with time and effort. The purpose of this section is to document the current shortcomings of this tool.

  • Exported methods are never garbled at the moment, since they could be required by interfaces and reflection. This area is a work in progress.

  • Functions implemented outside Go, such as assembly, aren't garbled since we currently only transform the input Go source.

  • Go plugins are not currently supported; see #87.

Tiny Mode

When the -tiny flag is passed, extra information is stripped from the resulting Go binary. This includes line numbers, filenames, and code in the runtime the prints panics, fatal errors, and trace/debug info. All in all this can make binaries 6-10% smaller in our testing.

Note: if -tiny is passed, no panics, fatal errors will ever be printed, but they can still be handled internally with recover as normal. In addition, the GODEBUG environmental variable will be ignored.

Contributing

We actively seek new contributors, if you would like to contribute to garble use the CONTRIBUTING.md as a starting point.