Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.
Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.
On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:
If we start from the entry point, we will found this mess:
The golang string initialization are encoded and is not displayed on the strings window.
How to locate main? if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")
And here is our main.main:
The code is:
So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.
The initialization sequence is:
The procedure for locating main.main in stripped binaries is:
1. Click on the entry point and locate the runtime.mainPC pointer:
2. click on runtime.main function (LAB_0042B030):
3. locate the main.main call after the zero ifs:
4. click on it and here is the main:
The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.
In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.
In Ghidra we have the script golang_renamer.py which is very useful:
After applying this plugin the main looks like more clear:
This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:
# This script fingerprints the functions
#@author: sha0coder
#@category fingerprinting
print "Fingerprinting..."
import zlib
# loop through program functions
function = getFirstFunction()
while function is not None:
name = str(function.getName())
entry = function.getEntryPoint()
body = function.getBody()
addresses = body.getAddresses(True)
if not addresses.hasNext():
# empty function
continue
ins = getInstructionAt(body.getMinAddress())
opcodes = ''
while ins and ins.getMinAddress() <= body.getMaxAddress():
for b in ins.bytes:
opcodes += chr(b & 0xff)
ins = getInstructionAfter(ins)
crchash = zlib.crc32(opcodes) & 0xffffffff
print name, hex(crchash)
function = getFunctionAfter(function)
More articles
- Bluetooth Hacking Tools Kali
- Hack Tools Pc
- Pentest Tools Subdomain
- Hacking Tools Hardware
- Hacker Tools Free Download
- Pentest Tools Kali Linux
- Pentest Tools Framework
- Hack Tools For Windows
- Hacking Tools For Mac
- Hack Tools
- Hacking Tools
- Hack Tools For Games
- Hacker Tools For Windows
- Hacker Tools List
- Hack Tools Pc
- Hacker Tools For Ios
- Hacking Tools Download
- Game Hacking
- Hacking Tools For Pc
- Hacker Tools 2020
- Hacker Tools Software
- Hack Tools Mac
- Hacker Tools For Pc
- New Hacker Tools
- What Are Hacking Tools
- Hacking Tools Download
- Hacker Tools Software
- Hacker Tools 2019
- Easy Hack Tools
- Blackhat Hacker Tools
- Pentest Tools Tcp Port Scanner
- Hack And Tools
- Hacker Tools Apk
- Hacking Tools Mac
- Pentest Box Tools Download
- Pentest Tools For Windows
- Top Pentest Tools
- Hacking Tools For Windows
- Pentest Tools For Android
- Physical Pentest Tools
- Hacking Tools 2020
- Hacking Tools Github
- Hacker Tools 2020
- Hacker Tools 2019
- Pentest Tools Website Vulnerability
- Pentest Tools Website
- Hacking Tools
- Pentest Tools Online
- Hacking Tools Software
- Hacking Tools And Software
- Hack Tools For Pc
- Pentest Tools Framework
- Pentest Tools Website Vulnerability
- Hacking Tools For Mac
- Hacker Tools For Windows
- What Are Hacking Tools
- Black Hat Hacker Tools
- Pentest Tools For Mac
- Pentest Tools For Mac
- Hack Apps
- Hacking Tools For Windows Free Download
- Github Hacking Tools
- Game Hacking
- Hack Tools For Mac
- Pentest Tools Framework
- Hackrf Tools
- Hacker Tools Free
- Hacking Tools Kit
- Hacking Tools
- Hacker Hardware Tools
- Pentest Automation Tools
- Hacking Tools For Windows 7
- Game Hacking
- Hacker Tools Apk Download
- Hacking Tools For Kali Linux
- Pentest Tools Online
- Hacker Tools Apk
- Pentest Tools For Ubuntu
- Best Hacking Tools 2020
- Hacking Tools Software
- Easy Hack Tools
- Pentest Tools Windows
- Pentest Tools Tcp Port Scanner
- Pentest Tools Online
- Hacker Tools Hardware
- World No 1 Hacker Software
- Pentest Automation Tools
- Pentest Tools Apk
- Hacking Tools Software
- Free Pentest Tools For Windows
- World No 1 Hacker Software
- How To Hack
- Pentest Tools Port Scanner
- Hack Tools For Games
- Pentest Tools Tcp Port Scanner
- Hackrf Tools
- Pentest Tools Nmap
- Hacking Tools
- Usb Pentest Tools
- Hack Tools Online
- Pentest Tools Online
- Hack Tool Apk
- Hacking Apps
- Hackers Toolbox
- Hacking Tools Software
- What Is Hacking Tools
- Pentest Tools Download
- Hacker Tools 2019
- Hacker Tools Software
- Hacker
- Beginner Hacker Tools
- Hacking Tools Windows 10
- Best Hacking Tools 2019
- Hack Tools Mac
- Bluetooth Hacking Tools Kali
- Hack Apps
- Hacking Tools For Beginners
- Pentest Tools List
- Physical Pentest Tools
- Hacking Tools Online
- Pentest Tools Review
- Easy Hack Tools
- Hack Tools Download
- Hacking Tools Online
- Pentest Tools Windows
- Hackers Toolbox
- Hacking Tools And Software
- Black Hat Hacker Tools
- Hacker Tools List
- Pentest Tools
- Hacking Tools Usb
- Hacking Tools Windows 10
- Pentest Tools Url Fuzzer
- Wifi Hacker Tools For Windows
- Pentest Tools Bluekeep
- Hackers Toolbox
- Pentest Tools For Mac
- Hacking Tools For Mac
- Hackrf Tools
- Hack Website Online Tool
- Hacker Tools Mac
- Pentest Tools Website
- Hack Tools
- Hacks And Tools
- Pentest Tools Framework
- Hack Tools 2019
- Pentest Automation Tools
- Hack Tools
No comments:
Post a Comment