sexta-feira, 2 de junho de 2023

Introduction To Reversing Golang Binaries


Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.






Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.


On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:


If we start from the entry point, we will found this mess:

The golang string initialization are encoded and is not displayed on the strings window.


How to locate main?  if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")


And here is our main.main:


The code is:

So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.

The initialization sequence is:


The procedure for locating main.main in stripped binaries is:
1. Click on the entry point and locate the runtime.mainPC pointer:



2. click on runtime.main function (LAB_0042B030):


3. locate the main.main call after the zero ifs:



4. click on it and here is the main:




The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.



In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.

In Ghidra we have the script golang_renamer.py which is very useful:


After applying this plugin the main looks like more clear:




This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:
# This script fingerprints the functions
#@author: sha0coder
#@category fingerprinting

print "Fingerprinting..."

import zlib


# loop through program functions
function = getFirstFunction()
while function is not None:
name = str(function.getName())
entry = function.getEntryPoint()
body = function.getBody()
addresses = body.getAddresses(True)

if not addresses.hasNext():
# empty function
continue

ins = getInstructionAt(body.getMinAddress())
opcodes = ''
while ins and ins.getMinAddress() <= body.getMaxAddress():
for b in ins.bytes:
opcodes += chr(b & 0xff)
ins = getInstructionAfter(ins)
crchash = zlib.crc32(opcodes) & 0xffffffff

print name, hex(crchash)


function = getFunctionAfter(function)





Related posts

  1. Hacking Tools For Mac
  2. Hacker Tools For Mac
  3. Hacking Tools Free Download
  4. Hacking Tools Online
  5. Pentest Tools Open Source
  6. Hack Website Online Tool
  7. Hacking Tools
  8. Hack Tool Apk No Root
  9. What Is Hacking Tools
  10. Hacks And Tools
  11. Hack Tools Download
  12. Hacker Tools Apk Download
  13. World No 1 Hacker Software
  14. Hacking Tools For Pc
  15. Hacker Tools Free
  16. Hacking Tools Kit
  17. Game Hacking
  18. Hack Website Online Tool
  19. Hacking Tools For Kali Linux
  20. Pentest Tools Subdomain
  21. Pentest Tools List
  22. Nsa Hack Tools Download
  23. Wifi Hacker Tools For Windows
  24. Hacking Tools Mac
  25. What Are Hacking Tools
  26. Hacker Tools Online
  27. Best Hacking Tools 2019
  28. Hack Tools Pc
  29. Hacking Tools And Software
  30. Hacker Hardware Tools
  31. Hack Tools
  32. Hacking Tools For Windows 7
  33. Pentest Tools Subdomain
  34. Pentest Tools
  35. Game Hacking
  36. Hack Tools
  37. Pentest Tools Url Fuzzer
  38. Black Hat Hacker Tools
  39. Hacking Tools For Windows
  40. Hacking Tools Name
  41. Hack Tool Apk
  42. Black Hat Hacker Tools
  43. Pentest Tools Linux
  44. Hacker Tools Online
  45. Pentest Tools Bluekeep
  46. Hacker Tool Kit
  47. Hacking Tools And Software
  48. Pentest Automation Tools
  49. Hack And Tools
  50. Pentest Tools
  51. Ethical Hacker Tools
  52. Top Pentest Tools
  53. Hacker Tools For Mac
  54. Hacks And Tools
  55. How To Make Hacking Tools
  56. Hacking Tools 2019
  57. Pentest Tools Download
  58. Hackrf Tools
  59. How To Install Pentest Tools In Ubuntu
  60. Hacker Tools Hardware
  61. Hacking Tools
  62. Hacking Tools Name
  63. Pentest Recon Tools
  64. Hack Tools 2019
  65. Hacking Tools For Windows Free Download
  66. Hack Tools For Ubuntu
  67. Hack Tool Apk
  68. Hacking Tools For Mac
  69. Hack Tools Online
  70. Hack Website Online Tool
  71. Hacker Tools Online
  72. Hacker Techniques Tools And Incident Handling
  73. Pentest Tools Linux
  74. Pentest Tools Alternative
  75. Computer Hacker
  76. Pentest Tools Free
  77. Hacking Tools For Beginners
  78. Pentest Tools Kali Linux
  79. Best Hacking Tools 2019
  80. Hacker Tools Hardware
  81. Pentest Automation Tools
  82. Pentest Tools Website
  83. Tools Used For Hacking
  84. Hacking Tools Free Download
  85. What Is Hacking Tools
  86. Hacking Tools And Software
  87. Hacking Tools Windows 10
  88. Pentest Tools Find Subdomains
  89. Nsa Hack Tools Download
  90. Hacking App
  91. What Are Hacking Tools
  92. Hack Apps
  93. Physical Pentest Tools
  94. Hacker Techniques Tools And Incident Handling
  95. Hacking Tools Mac
  96. What Is Hacking Tools
  97. Hack Tools For Pc
  98. How To Hack
  99. Pentest Tools Linux
  100. Hacking Tools For Beginners
  101. Hacking Tools And Software
  102. Game Hacking
  103. Hack Tools For Windows
  104. Hack Tools Online
  105. Hacker Tools
  106. Hack Tools Github
  107. Hacker Security Tools
  108. Hacker Tool Kit
  109. Hacking Tools For Windows
  110. Pentest Automation Tools
  111. Hack Tool Apk
  112. Hacking Tools For Mac
  113. New Hacker Tools
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)