How to allow for unobfuscated literal to remain in strings of binary? #613
-
Hi! I've spent way more time than I'm willing to admit trying to do something that seems very counterintuitive. I was working through this "Responsible Red Teaming" course, and one of the lessons was on imprinting your tooling in case of breaches/leaks. I tried recreating the example from the course in Golang, which you can find here. Obviously, Golang doesn't support macros, so the only way to obfuscate literals is to use tools like this one. Problem: The tool is too good at what it does, and even putting the So my question is this: What is the best way to add a useless string to my compiled binary while also using garble? Is it possible? I'm fairly new to Golang so there's a lot I just don't know. I could theoretically replace garble with a XOR function on each literal, but I wanted my example to be a little more realistic, but I'm really struggling to find a good solution. Additional Notes
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
There's currently no way to turn off literal obfuscation for just one literal, as far as I can see in the code. Perhaps @lu4p can confirm. I don't think anyone has asked for it yet :) You could use We do have a way to turn off obfuscating types, as you can see in the README, because that can affect or break reflection in programs. Perhaps we should also have a way to turn off literal obfuscation, for example via comment directives. I can imagine that it might also matter for performance in some hot paths, which is hard for us to predict unless we rely on something like PGO. |
Beta Was this translation helpful? Give feedback.
There's currently no way to turn off literal obfuscation for just one literal, as far as I can see in the code. Perhaps @lu4p can confirm. I don't think anyone has asked for it yet :)
You could use
go:embed
, and we currently do not obfuscate embedded bytes/strings at all. But we might in the future, so that might not be the best solution.We do have a way to turn off obfuscating types, as you can see in the README, because that can affect or break reflection in programs. Perhaps we should also have a way to turn off literal obfuscation, for example via comment directives. I can imagine that it might also matter for performance in some hot paths, which is hard for us to predict unless we r…