Code obfuscation/anti-debugging measures

temmokan · August 7, 2020, 3:20am

There are pieces of software (to name a few, EXECryptor, Themida, Code Virtualizer etc) that “obfuscate”/encrypt executable to make reverse engineering of it as difficult as possible. We are currently using some of them for out non-Go pieces of software.

Are there, perhaps, Go modules capable of doing the same or similar job natively? Using the external tools for that purpose isn’t convenient, and it is always a pain in the head to find a multi-platform solution.

(yes, I know there’s no absolute protection against reverse engineering, and existing techniques just ward off the majority of people trying to alter/crack the application)

mark999 · September 3, 2020, 3:38pm

A few things come to mind:

Walk the AST, scrambling symbols, package names, etc.
Look into the things that affect binary size and try to avoid them
- Use of reflection anywhere turns off DCE https://github.com/u-root/u-root/issues/1798
- bradfitz has an interest in binary size and has tweeted about tools and improvements - for example, https://twitter.com/bradfitz/status/1256080962812690438
A tool that converts js or wasm into C (I think such a thing exists?) could be helpful
- go -> js/wasm -> C -> binary
- Obfuscation tools for js or C could be used at those stages

system · December 2, 2020, 3:38pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.