README
¶
gobfuscate
When you compile a Go binary, it contains a lot of information about your source code: field names, strings, package paths, etc. If you want to ship a binary without leaking this kind of information, what are you to do?
With gobfuscate, you can compile a Go binary from obfuscated source code. This makes a lot of information difficult or impossible to decipher from the binary.
How to use
go get -u github.com/unixpickle/gobfuscate
gobfuscate [flags] pkg_name out_path
pkg_name is the path relative from your $GOPATH/src to the package to obfuscate (typically something like domain.tld/user/repo)
out_path is the path where the binary will be written to
Flags
Usage: gobfuscate [flags] pkg_name out_path
-keeptests
keep _test.go files
-noencrypt
no encrypted package name for go build command (works when main package has CGO code)
-nostatic
do not statically link
-outdir
output a full GOPATH
-padding string
use a custom padding for hashing sensitive information (otherwise a random padding will be used)
-tags string
tags are passed to the go compiler
-verbose
verbose mode
-winhide
hide windows GUI
What it does
Currently, gobfuscate manipulates package names, global variable and function names, type names, method names, and strings.
Package name obfuscation
When gobfuscate builds your program, it constructs a copy of a subset of your GOPATH. It then refactors this GOPATH by hashing package names and paths. As a result, a package like "github.com/unixpickle/deleteme" becomes something like "jiikegpkifenppiphdhi/igijfdokiaecdkihheha/jhiofoppieegdaif". This helps get rid of things like Github usernames from the executable.
Limitation: currently, packages which use CGO cannot be renamed. I suspect this is due to a bug in Go's refactoring API.
Global names
Gobfuscate hashes the names of global vars, consts, and funcs. It also hashes the names of any newly-defined types.
Due to restrictions in the refactoring API, this does not work for packages which contain assembly files or use CGO. It also does not work for names which appear multiple times because of build constraints.
Struct methods
Gobfuscate hashes the names of most struct methods. However, it does not rename methods whose names match methods of any imported interfaces. This is mostly due to internal constraints from the refactoring engine. Theoretically, most interfaces could be obfuscated as well (except for those in the standard library).
Due to restrictions in the refactoring API, this does not work for packages which contain assembly files or use CGO. It also does not work for names which appear multiple times because of build constraints.
Strings
Strings are obfuscated by replacing them with functions. A string will be turned into an expression like the following:
(func() string {
mask := []byte{33, 15, 199}
maskedStr := []byte{73, 106, 190}
res := make([]byte, 3)
for i, m := range mask {
res[i] = m ^ maskedStr[i]
}
return string(res)
}())
Since const declarations cannot include function calls, gobfuscate tries to change any const strings into vars. It works for declarations like any of the following:
const MyStr = "hello"
const MyStr1 = MyStr + "yoyo"
const MyStr2 = MyStr + (MyStr1 + "hello1")
const (
MyStr3 = "hey there"
MyStr4 = MyStr1 + "yo"
)
However, it does not work for mixed const/int blocks:
const (
MyStr = "hey there"
MyNum = 3
)
License
This is under a BSD 2-clause license. See LICENSE.
Documentation
¶
Index ¶
- Variables
- func CopyGopath(packageName, newGopath string, keepTests bool) error
- func EncryptComponents(pkgName string, n NameHasher) string
- func EncryptPackageName(dir string, p NameHasher) string
- func Obfuscate(pkgName, outPath string) bool
- func ObfuscatePackageNames(gopath string, n NameHasher, ctx build.Context) string
- func ObfuscateStrings(gopath string) error
- func ObfuscateSymbols(gopath string, n NameHasher, ctx build.Context) error
- type NameHasher
Constants ¶
This section is empty.
Variables ¶
var IgnoreMethods = map[string]bool{"main": true, "init": true}
IgnoreMethods TODO MAKE COMMENT
Functions ¶
func CopyGopath ¶
CopyGopath creates a new Gopath with a copy of a package and all of its dependencies.
func EncryptComponents ¶
func EncryptComponents(pkgName string, n NameHasher) string
EncryptComponents h
func EncryptPackageName ¶
func EncryptPackageName(dir string, p NameHasher) string
EncryptPackageName Takes the file and gets the filename then makes it a hash of the name and returns the new filepath
func ObfuscatePackageNames ¶
func ObfuscatePackageNames(gopath string, n NameHasher, ctx build.Context) string
ObfuscatePackageNames obfuscates package names
func ObfuscateStrings ¶
ObfuscateStrings is used to obfuscate strings in the custom golang files
func ObfuscateSymbols ¶
func ObfuscateSymbols(gopath string, n NameHasher, ctx build.Context) error
ObfuscateSymbols does as the name says
Types ¶
type NameHasher ¶
type NameHasher []byte
A NameHasher is added to the input of a hash function to make it 'impossible' to find the input value
func (NameHasher) Hash ¶
func (n NameHasher) Hash(token string) string
Hash hashes the padding + token. The case of the first letter of the token is preserved.
Source Files