PENGUMUMAN...!!!


SOLAT HAJAT DI TUNDA KE 24HB OGOS 2008 - UST SALLEH MAN

Friday, August 21, 2020

Introduction To Reversing Golang Binaries


Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.






Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.


On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:


If we start from the entry point, we will found this mess:

The golang string initialization are encoded and is not displayed on the strings window.


How to locate main?  if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")


And here is our main.main:


The code is:

So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.

The initialization sequence is:


The procedure for locating main.main in stripped binaries is:
1. Click on the entry point and locate the runtime.mainPC pointer:



2. click on runtime.main function (LAB_0042B030):


3. locate the main.main call after the zero ifs:



4. click on it and here is the main:




The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.



In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.

In Ghidra we have the script golang_renamer.py which is very useful:


After applying this plugin the main looks like more clear:




This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:
# This script fingerprints the functions
#@author: sha0coder
#@category fingerprinting

print "Fingerprinting..."

import zlib


# loop through program functions
function = getFirstFunction()
while function is not None:
name = str(function.getName())
entry = function.getEntryPoint()
body = function.getBody()
addresses = body.getAddresses(True)

if not addresses.hasNext():
# empty function
continue

ins = getInstructionAt(body.getMinAddress())
opcodes = ''
while ins and ins.getMinAddress() <= body.getMaxAddress():
for b in ins.bytes:
opcodes += chr(b & 0xff)
ins = getInstructionAfter(ins)
crchash = zlib.crc32(opcodes) & 0xffffffff

print name, hex(crchash)


function = getFunctionAfter(function)





More info
  1. Hack Tools Mac
  2. Hacker Tools Github
  3. Hacker Tools For Mac
  4. Termux Hacking Tools 2019
  5. Pentest Tools Port Scanner
  6. Hacking Tools Kit
  7. Game Hacking
  8. How To Install Pentest Tools In Ubuntu
  9. Kik Hack Tools
  10. Hacking Tools Windows
  11. Free Pentest Tools For Windows
  12. Hacking Tools 2019
  13. Hacking Tools Windows 10
  14. Hacker Tools For Mac
  15. What Are Hacking Tools
  16. Hacking Tools For Games
  17. Pentest Tools Url Fuzzer
  18. Pentest Reporting Tools
  19. Pentest Tools Framework
  20. Hack Tool Apk No Root
  21. Pentest Automation Tools
  22. Hacking Tools Software
  23. Github Hacking Tools
  24. Hacker Tools Free Download
  25. Hacker Tools Windows
  26. Hacking Tools For Beginners
  27. Pentest Tools Bluekeep
  28. Hacker Tools For Ios
  29. Hacker Tools
  30. Pentest Tools Find Subdomains
  31. How To Install Pentest Tools In Ubuntu
  32. Hacker Tools For Mac
  33. Hak5 Tools
  34. Hacker Tool Kit
  35. Hack Tools Pc
  36. Hacking Tools 2020
  37. Pentest Tools Framework
  38. Wifi Hacker Tools For Windows
  39. Hacking Apps
  40. Hacking Tools Free Download
  41. Hacking Tools For Kali Linux
  42. Pentest Tools Windows
  43. Pentest Tools Windows
  44. Hacker Tools Windows
  45. Hacker Tools Mac
  46. Underground Hacker Sites
  47. Hacking Tools For Beginners
  48. Bluetooth Hacking Tools Kali
  49. Pentest Tools
  50. Hacker Techniques Tools And Incident Handling
  51. Hacking Tools Name
  52. Hacking Tools 2019
  53. Hacker Tools Online
  54. Pentest Tools For Mac
  55. Hacker Tools Mac
  56. Hacking Tools Hardware
  57. Hacking Tools Mac
  58. Hacker Tools 2019
  59. Hacker Tools Mac
  60. Hacker Tools Apk Download
  61. Hacking Tools For Kali Linux
  62. Pentest Tools Find Subdomains
  63. How To Install Pentest Tools In Ubuntu
  64. Hacking Tools For Games
  65. Tools 4 Hack
  66. Hacking Tools For Beginners
  67. Hack Tools Download
  68. Tools For Hacker
  69. Pentest Tools
  70. How To Make Hacking Tools
  71. Pentest Tools For Mac
  72. Hacking Tools Name
  73. Pentest Box Tools Download
  74. Hacker Hardware Tools
  75. Hacker Tools Windows
  76. Pentest Tools Tcp Port Scanner
  77. Hacker Tools
  78. Hacker Tools
  79. Hacking Tools Windows 10
  80. Best Pentesting Tools 2018
  81. Pentest Tools Website
  82. Hack Tools 2019
  83. Pentest Tools Open Source
  84. Github Hacking Tools
  85. Hack Website Online Tool
  86. Pentest Reporting Tools
  87. Hacker Tools Apk
  88. Hacking Tools For Windows Free Download
  89. Hacker Tools Free
  90. Free Pentest Tools For Windows
  91. Pentest Recon Tools
  92. Pentest Automation Tools
  93. Hacking Tools Name
  94. Growth Hacker Tools
  95. Hacking Tools Download
  96. Pentest Tools For Windows
  97. Hack Tool Apk No Root
  98. Pentest Tools Url Fuzzer
  99. Hack Tools Mac
  100. Hacker Tools 2020
  101. Hacking Tools For Pc
  102. Hacking Tools Windows 10
  103. Hacking App
  104. Pentest Tools Open Source
  105. Hacking Tools Github
  106. Hacking Tools Free Download
  107. Computer Hacker
  108. Hacking Tools Software
  109. Tools For Hacker
  110. Hacker Tools For Pc
  111. Hacking Tools Usb
  112. Top Pentest Tools
  113. Hack App
  114. Nsa Hack Tools Download
  115. Growth Hacker Tools
  116. Hak5 Tools
  117. Pentest Automation Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)