XiaoMouR
commented
5 years ago I met the same problem as yours. Need something modified to the code mentioned above.
Closed AXDOOMER closed 5 years ago
XiaoMouR
commented
5 years ago I met the same problem as yours. Need something modified to the code mentioned above.
AXDOOMER
commented
5 years ago @riddlesomebody I guess that's correct. My gopath is /home/ax/go:/usr/share/go/1.9/contrib. I'll do the change and see if it fixes the tool.
AXDOOMER
commented
5 years ago So it works if I change my GOPATH to /home/ax/go. For some reason it fails to obfuscate every packages.
Obfuscating package names...
Renamed 6 occurrences in 1 file in 1 package.
Renamed 4 occurrences in 1 file in 1 package.
Renamed 10 occurrences in 1 file in 1 package.
Renamed 19 occurrences in 1 file in 1 package.
Renamed 2 occurrences in 1 file in 1 package.
Renamed 3 occurrences in 1 file in 1 package.
2018/12/12 21:46:39 Obfuscating strings...
2018/12/12 21:46:39 Obfuscating symbols...
Renamed 5 occurrences in 2 files in 1 package.
Failed to obfuscate symbols: top-level renaming: package "gfdmkdmimmfipndjbcpb/nnijpfecmaephifobcio/mahmgcpilhcicaliadmh" has no member "KERN_PROC_PROC"It progresses if I run it more times. It always fails with a different reason every time.
Obfuscating package names...
Renamed 6 occurrences in 1 file in 1 package.
Renamed 2 occurrences in 1 file in 1 package.
Renamed 4 occurrences in 1 file in 1 package.
Renamed 10 occurrences in 1 file in 1 package.
Renamed 19 occurrences in 1 file in 1 package.
Renamed 3 occurrences in 1 file in 1 package.
2018/12/12 21:48:00 Obfuscating strings...
2018/12/12 21:48:00 Obfuscating symbols...
Renamed 2 occurrences in 1 file in 1 package.
Renamed 2 occurrences in 1 file in 1 package.
Renamed 9 occurrences in 3 files in 2 packages.
Renamed 2 occurrences in 1 file in 1 package.
Renamed 2 occurrences in 1 file in 1 package.
Renamed 3 occurrences in 1 file in 1 package.
Renamed 3 occurrences in 2 files in 2 packages.
Renamed 3 occurrences in 1 file in 1 package.
Renamed 3 occurrences in 1 file in 1 package.
Renamed 4 occurrences in 1 file in 1 package.
Renamed 2 occurrences in 1 file in 1 package.
Renamed 2 occurrences in 1 file in 1 package.
Renamed 2 occurrences in 1 file in 1 package.
Failed to obfuscate symbols: top-level renaming: package "gdhoidagpgcghjckmfaa/malhkpafchiflaninmhc/kmapichamcgofgfldhaa" has no member "procCloseHandle"Eventually, it came back to the first error, so I had to remove the package that was causing the problem, which is "github.com/mitchellh/go-ps". It produced a package, but I was expecting an executable because the file in my package was a program with a main function.
AXDOOMER
commented
5 years ago For reference, the error message that I was receiving is on this line: https://github.com/unixpickle/gobfuscate/blob/9e966305f26d78b1c96ede9cc5e985af74ab986f/gopath_copy.go#L24
Just above on line 22, you have ctx with contains the GOPATH (/home/ax/go:/usr/share/go/1.9/contrib) which must be /home/ax/go for me in order to work.
XiaoMouR
commented
5 years ago @AXDOOMER This tool can't handle the build tags correctly as I submitted this before. BTW, you can use path list as GOPATH to compile target packages but need some modification in this function. https://github.com/unixpickle/gobfuscate/blob/86b3fcd4c07abb65d9d8180a71999cdd442e24ca/gopath_copy.go#L60 In the function mentioned above, package path is just joined simply, which is the key point to make the error message.
AXDOOMER
commented
5 years ago The error that I get happens on line 22, the copyDep function is only called on line 33.
XiaoMouR
commented
5 years ago The error that I get happens on line 22, the
copyDepfunction is only called on line 33.
I mean, you need to modify the code to make this tool work with GOPATH like /a/gopath1:/b/gopath. And then you can let the original GOPATH /home/ax/go:/usr/share/go/1.9/contrib work correctly which will not trigger the error message on line 22 .
AXDOOMER
commented
5 years ago I think there's no simple way to fix it. If an error happens on the line
forward, _, errs := importgraph.Build(&ctx), then the program should try removing the path that doesn't work and keep the path that works to generate the graph.
XiaoMouR
commented
5 years ago @AXDOOMER To let importgraph.Build work as expected, try the following step.
The example you mentioned is fitted the step 3 that the target package is not keylogger but github.com/MarinX/keylogger.So check the correct package name once more.
AXDOOMER
commented
5 years ago @riddlesomebody The problem was only the /usr/share/go/1.9/contrib part that was in my GOPATH.
Also, this tool generated a package, but I was expecting an executable. Do you know how I can get it to build an executable instead of a package?
XiaoMouR
commented
5 years ago If there is nothing in the path /usr/share/go/1.9/contrib, I think you can ignore it. Or migrate the package to a single new path, and then set the GOPATH to this new path.
unixpickle
commented
5 years ago Did you end up managing to resolve your issues? And if not, are the issues resolved on the latest master branch?
AXDOOMER
commented
5 years ago No, I couldn't solve my issue and I won't test with the latest version.
Hi.
I'm new to Go. I'm working on a CTF project and would like to obfuscate my binary using your tool.
When I run
./gobfuscate botnet ./out, I get:My GOPATH contains
/home/ax/go:/usr/share/go/1.9/contriband my program is in/home/ax/go/src/botnet/. The only source code in this folder isbotnet.go, the package name inside the file isbotnetand it containsfunc main.I tried to run it on other packages like
keyloggerwhich I have in/home/ax/go/src/github.com/MarinX/keylogger/, in this case it would returnFailed to build import graph: keylogger.What am I doing wrong? I don't know how to get it right.
Thank you