akzainda11 Posted January 8 Posted January 8 (edited) I couldn't find any threads on this platform about protecting Golang exe files so I'll ask it here. Since it is impossible to actually prevent reverse engineering any binary, what level of protection can I achieve for my Golang computer app? Are Golang binaries easy or very difficult to reverse engineer to source? Note: my goal is to prevent full reverse engineering to source code. I know Golang compiles down into native machine code similar to C and it is statically linked like C. Based on this is it even possible to recover stuff like variable/function names? Some of the steps below are what I have been following to build my Golang binary: Strip debug symbols: `go build -ldflags "-s -w" -o your_binary_name` Obfuscate my code using Garble: `garble build -o your_binary_name` Using a check sum at run time encryption strings and decrypting at runtime (not sure if this even helps), maybe helps against static reversal checking for attached debuggers at runtime: `syscall.Getppid()` Is there any way to detect if API requests my golang app makes is intercepted by stuff like proxyman or Wireshark? What else can I do to make it harder to reverse? If I follow the steps above what can someone still extract if they really wanted to? Edited January 8 by akzainda11 1
jackyjask Posted January 9 Posted January 9 10 hours ago, akzainda11 said: is it even possible to recover stuff like variable/function names? no once you strip down debug symbols (you do) also make sure you build the release build (as debug one might leave lots of debug strings in statements like asserts that still leaves functions/etc debug info in your binary body I was about to recommend to virtualize your most sensitive routines (eg authentication, license validation, etc) using products like VMProtect, but after quick googling figured out you need another product here is why --- https://github.com/Cystemzz/vmprotect-go though there are some (big?) issues wtih VMP +Go protection: https://vmpsoft.com/forum/viewtopic.php?t=25648 also VMP admins are a bit rude on Go: >Unfortunately VMProtect doesn't support binaries compiled with trash compilers like Golang, etc. >I don't know because Golang is very strange compiler. 1
jackyjask Posted January 9 Posted January 9 > If possible, I hope it will be compatible in the future. >We have no such plans.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now