清除Go编译时自带的信息

go-strip

Go编译会自带一堆信息,通过这些信息基本可以还原Go的源码架构,甚至可以用作溯源。本工具可以直接从go编译好的二进制中消除这些信息。

  • 支持Go编译的 Windows、Mac、Linux程序
  • 支持AMD64,386架构
  • Go1.13和Go1.16用于解析的数据结构不太一样,但这款工具都支持

支持消除/混淆

  • 函数名称
  • 函数路径
  • Go Struct
  • Type
  • Go Compiler Version
  • Go BuildID
  • Go Root Path

Useage

go编译出二进制,

go build -ldflags "-s -w" .

之后即可使用工具进行混淆消除

                       _        _
                      | |      (_)
  __ _  ___ ______ ___| |_ _ __ _ _ __
 / _  |/ _ \______/ __| __| '__| | '_ \
| (_| | (_) |     \__ \ |_| |  | | |_) |
\__, |\___/      |___/\__|_|  |_| .__/
__/ |                          | |
|___/                           |_|

Usage of go-strip:
  -a    是否消除Go的编译信息
  -f string
        源文件名
  -output string
        另保存的文件名

执行

go-strip -f binary.exe

将会打印出读取的信息

执行

go-strip -f binary.exe -a -output new.exe

new.exe即是混淆后的二进制文件

Paper

代码

代码已开源,https://t.zsxq.com/6IurbMR

Owner
boyhack
Hacking tools just for fun~
boyhack
https://github.com/boy-hack/go-strip
Comments
  • windows下可以正常编译动态库和混淆,linux可以正常编译动态库但无法混淆

    windows下可以正常编译动态库和混淆,linux可以正常编译动态库但无法混淆

    go版本1.16.1 我的代码 main.go package main import "C" import "fmt" //export Hello func Hello(){  fmt.Println(":hello") } func main(){} 编译命令 go build -buildmode=c-shared -x -v -o test.so -ldflags "-s -w" main.go 混淆命令 ./go-strip -f test.so -a -output test.strip.so 混淆开始 _ _ | | () __ _ ___ ______ | | _ __ _ _ __ / _ |/ _ ___/ | | '| | ' | (| | () | _ \ || | | | |) | , |/ |/|| || ./ / | | | |/ ||

    2021/11/18 01:39:00 开始混淆 2021/11/18 01:39:00 文件结构:ELF 2021/11/18 01:39:00 混淆 BuildId Error when extracting compiler information: no goversion found panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x50 pc=0x50c13b]

    goroutine 1 [running]: github.com/goretk/gore/gosym.(*Table).GetGo12(...) /home/runner/work/go-strip-source/go-strip-source/gosym/symtab.go:485 github.com/goretk/gore.(*GoFile).GetGoRoot(0xc000060ea0, 0xc00000e018, 0xc000093f28) /home/runner/work/go-strip-source/go-strip-source/file.go:195 +0x3b main.main() /home/runner/work/go-strip-source/go-strip-source/testM/main.go:48 +0x2c5 我需要你的帮助

  • 报错

    报错

    报错信息:

    ❯ go-strip.exe -f .\hack-browser-data-v0.3.6-windows-32bit.exe -a -output hbd.exe

                       _        _
                  | |      (_)

    __ _ ___ ______ | | _ __ _ _ __ / _ |/ _ _/ | | '| | '
    | (    | | (    ) | __ \ || | | | |) | __, |_    / |/_|| || ./ / | | | |/ ||

    2021/11/22 17:01:03 开始混淆 2021/11/22 17:01:03 文件结构:PE 2021/11/22 17:01:03 混淆 BuildId 2021/11/22 17:01:03 Compiler version: go1.16.2 (2021-03-11T17:08:05Z) panic: runtime error: invalid memory address or nil pointer dereference [signal 0xc0000005 code=0x0 addr=0x50 pc=0xc6d77e]

    goroutine 1 [running]: github.com/goretk/gore/gosym.(*Table).GetGo12(...) /home/runner/work/go-strip-source/go-strip-source/gosym/symtab.go:485 github.com/goretk/gore.(*GoFile).GetGoRoot(0xc00009c000, 0x1a, 0xc000071f48) /home/runner/work/go-strip-source/go-strip-source/file.go:195 +0x3e main.main() /home/runner/work/go-strip-source/go-strip-source/testM/main.go:48 +0x2d0

    混淆linux版本的时候正常,windows版本报错

  • 运行报错,

    运行报错,

    2022/05/13 15:50:24 Error when extracting compiler information: no goversion found 2022/05/13 15:50:24 GoRoot获取失败,err: no goroot found 2022/05/13 15:50:24 BuildID: WJboE-czC9YnOF9Glstn/72HVxYogF7S_hsKX2pMA/ixkFI3hByuzCtw7NNThu/NooR4kbHyOUI5lqiLn3Q

    image 师傅你好,工具使用就报错,提示找不到goroot,但是本机是有go环境,goroot也有。
  • 混淆程序运行出错

    混淆程序运行出错

    你好,我在使用 github.com/ying32/govcl/vcl 包写的带gui程序,混淆会出现如下错误: C:\Users\Guser\Desktop\Project\testgostrip\gocode>test.exe runtime: function symbol table header: 0x42427951 0x44 0x6f 0x42 0x4f fatal error: invalid function symbol table

    runtime: panic before malloc heap initialized

    runtime stack: fatal error: findfunc: bad findfunctab entry idx runtime: panic before malloc heap initialized panic during panic

    runtime stack: fatal error: findfunc: bad findfunctab entry idx runtime: panic before malloc heap initialized stack trace unavailable

    C:\Users\Guser\Desktop\Project\testgostrip\gocode>go version go version go1.15 windows/amd64 但在go 1.18下不会出现这个错误,不过运行后只有一个主界面,没有任何控件,gui程序的标题也会被随机字符串替换。 另外,除了知识星球外,还能提供一个其他的源代码下载方式么?

  • 混淆后的exe运行报错

    混淆后的exe运行报错

    go version go1.18 windows/amd64

    本地编译 fscangobustergost

    go build -ldflags "-s -w"

    混淆 go-strip -f xxx.exe -a -output new.exe ,不清楚为啥 混淆后的 fscan/gobuster 无法正常运行,gost正常可以运行。

    log:

    D:\GoProject\fscan-main>new_fscan.exe -h
.......全是base64后的输出.....
.........
.........
...syBCztbfHoayQjOFcWypesaWGHUyqJXdlupHEtInxTNOZOOMyVmmAUuCwWTbTJizCstPIylkRNaMGCsRAjWnlNdKmVOOKkEPAYQYFJARLZG()
        DnLDEtLDxIkTYPXTlwa:1571 +0x1

D:\GoProject\fscan-main>

    D:\gobuster-master>go-strip.exe -f gobuster.exe -a -output new_gobuster.exe

2022/09/26 16:47:26 GoRoot获取失败,err: no goroot found
2022/09/26 16:47:26 Compiler version: go1.18 (2022-03-15T14:06:18Z)
2022/09/26 16:47:26 混淆版本信息
2022/09/26 16:47:26 混淆结构信息,总数:5109
2022/09/26 16:47:40 混淆文件信息,总数623
2022/09/26 16:47:42 混淆函数信息
2022/09/26 16:47:42 混淆BuildID信息
2022/09/26 16:47:42 混淆GoMod信息
2022/09/26 16:47:42 混淆结束
2022/09/26 16:47:42 新的文件保存在 D:\gobuster-master\new_gobuster.exe

D:\GoProject\gobuster-master>new_gobuster.exe
template: top:3:15: executing "top" at <.Runnable>: can't evaluate field Runnable in type JaGlANKVIzuzpr
  • panic: runtime error: slice bounds out of range

    panic: runtime error: slice bounds out of range

    `panic: runtime error: slice bounds out of range [:6917919642050060544] with capacity 788480

    goroutine 1 [running]: gostrip/gore.parseString(0xc0000461c0, 0xff, 0x4ba000, {0xc0006fc000, 0xc0800, 0xc0800}) /home/runner/work/go-strip-source/go-strip-source/gore/type.go:706 +0x1b4 gostrip/gore.typeParse(0x577e08?, 0xc0000461c0, 0x2c098, {0xc0006fc000, 0xc0800, 0xc0800}, 0x4ba000) /home/runner/work/go-strip-source/go-strip-source/gore/type.go:384 +0x34d gostrip/gore.getLegacyTypes(0xc0000461c0, {0x578a78, 0xc00001e380}) /home/runner/work/go-strip-source/go-strip-source/gore/type.go:117 +0x325 gostrip/gore.getTypes(0xc0000461c0, {0x578a78, 0xc00001e380}) /home/runner/work/go-strip-source/go-strip-source/gore/type.go:61 +0x36e gostrip/gore.(*GoFile).GetTypes(0xc000140000) /home/runner/work/go-strip-source/go-strip-source/gore/file.go:422 +0x71 main.main() /home/runner/work/go-strip-source/go-strip-source/cmd/cmd.go:72 +0x312`

Related tags
Compiler go-strip