add a 'strings' command

[0xdevalias]

It would be cool if GoReSym had a built-in command like strings that could be run on a compiled golang binary.

See Also

I did some quick googling and came across this tool written in python that wraps radare2:

• https://reverseengineering.stackexchange.com/questions/24999/extracting-strings-from-go-binaries
  • https://github.com/ivision-research/gostringsr2

  • gostringsr2 gostringsr2 extracts strings from a Go binary using radare2

• https://github.com/goretk/redress/issues/33

[williballenthin]

agree this would be useful!

additional research and implementation here: https://github.com/mandiant/flare-floss/blob/master/floss/language/go/extract.py

[the-m3chanic]

Hi! I would like to look into this and try and see if I can work on it. What knowledge would I need in order to do so? I am familiar with python programming and have done Golang Reverse-Engineering in the past, and am also familiar with memory, would I be a good fit?

[stevemk14ebr]

hey @the-m3chanic if you're interested in working on this, I say absolutely take a shot at it! We are interested in a near direct port of the capa python string extraction logic (https://github.com/mandiant/flare-floss/blob/master/floss/language/go/extract.py) into GoReSym. That would mean take the existing python code and re-write it to GoLang for inclusion in GoReSym. Requirements:

• Add the new command as a -strings commandline flag. If the -strings flag is present GoReSym should execute the string extraction logic and output the strings as a new entry in GoReSym's JSON output. If it's not present, do not do any string parsing of any kind.
• Test the string extraction logic on all versions of Go. Extend the existing (basic) unit tests to verify that some strings are correctly extracted from each Go version we test again. I have a helper script that uses a dockerfile to build example binaries of each Go version easily, see https://github.com/mandiant/GoReSym/blob/master/build_test_files.sh and https://github.com/mandiant/GoReSym/blob/master/main_test.go which is executed by go test
• Do not introduce new dependencies into GoReSym. There should be the necessary file parsers built in already

There's no pressure for this work, if you make progress just submit a PR. I will merge the work after a few rounds of code review when the quality is up to par. Thanks for you interest!

[the-m3chanic]

Thank you so much for all the info and help! I will start working on this right away, however a little slow-paced as I have my end-semester exams coming up. I shall keep you posted on my progress. 👍 (Is there any way I can contact you to maintain communication? If you're okay with that)

[stevemk14ebr]

There is no rush at all @the-m3chanic any contributions you decide to submit are purely up to you. As far as contact I'd prefer to work via github, that is the easiest for me to keep track of. If you require more hands on mentoring later we can cross that bridge at that time. For now, just submit issues and/or pull requests as you see fit and I will get to responding to them as I'm available