Sunday, August 23, 2020

Introduction To Reversing Golang Binaries


Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.






Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.


On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:


If we start from the entry point, we will found this mess:

The golang string initialization are encoded and is not displayed on the strings window.


How to locate main?  if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")


And here is our main.main:


The code is:

So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.

The initialization sequence is:


The procedure for locating main.main in stripped binaries is:
1. Click on the entry point and locate the runtime.mainPC pointer:



2. click on runtime.main function (LAB_0042B030):


3. locate the main.main call after the zero ifs:



4. click on it and here is the main:




The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.



In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.

In Ghidra we have the script golang_renamer.py which is very useful:


After applying this plugin the main looks like more clear:




This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:
# This script fingerprints the functions
#@author: sha0coder
#@category fingerprinting

print "Fingerprinting..."

import zlib


# loop through program functions
function = getFirstFunction()
while function is not None:
name = str(function.getName())
entry = function.getEntryPoint()
body = function.getBody()
addresses = body.getAddresses(True)

if not addresses.hasNext():
# empty function
continue

ins = getInstructionAt(body.getMinAddress())
opcodes = ''
while ins and ins.getMinAddress() <= body.getMaxAddress():
for b in ins.bytes:
opcodes += chr(b & 0xff)
ins = getInstructionAfter(ins)
crchash = zlib.crc32(opcodes) & 0xffffffff

print name, hex(crchash)


function = getFunctionAfter(function)





Related news

  1. Pentest Tools Android
  2. Physical Pentest Tools
  3. Pentest Tools For Android
  4. Pentest Tools Framework
  5. Hack Tools For Windows
  6. What Are Hacking Tools
  7. Hacker Tools For Mac
  8. Hack Tools Mac
  9. Top Pentest Tools
  10. Nsa Hacker Tools
  11. Ethical Hacker Tools
  12. Hacking Tools For Windows Free Download
  13. Hacker Tool Kit
  14. Hack Tools
  15. Hack Tools Github
  16. Pentest Tools Find Subdomains
  17. Pentest Tools Kali Linux
  18. Kik Hack Tools
  19. What Are Hacking Tools
  20. World No 1 Hacker Software
  21. Nsa Hacker Tools
  22. Hack Tool Apk No Root
  23. Hack Tools For Pc
  24. Pentest Tools Port Scanner
  25. Bluetooth Hacking Tools Kali
  26. Hack Tools For Windows
  27. Hacker Tools Online
  28. Growth Hacker Tools
  29. Tools Used For Hacking
  30. Termux Hacking Tools 2019
  31. Pentest Tools For Ubuntu
  32. Hacking Tools Usb
  33. Hacker Tool Kit
  34. Hack And Tools
  35. Wifi Hacker Tools For Windows
  36. Pentest Tools Windows
  37. Hack Rom Tools
  38. What Is Hacking Tools
  39. Hackers Toolbox
  40. Tools For Hacker
  41. Hack Tools Github
  42. Hacking Tools Windows
  43. Hacking Tools Kit
  44. Hacking Tools Online
  45. Hack Tools Mac
  46. Hacking Tools Windows
  47. Hacking Tools Windows
  48. Hacker Tool Kit
  49. Underground Hacker Sites
  50. Hacking Tools Windows 10
  51. Hack And Tools
  52. Pentest Box Tools Download
  53. Pentest Tools Review
  54. Pentest Automation Tools
  55. Pentest Tools Url Fuzzer
  56. Hack Rom Tools
  57. Pentest Tools Android
  58. Pentest Tools Online
  59. Pentest Box Tools Download
  60. Free Pentest Tools For Windows
  61. Hacker Tools For Pc
  62. Hacking Tools Github
  63. New Hacker Tools
  64. Hack Tool Apk
  65. Hack Website Online Tool
  66. Pentest Tools Url Fuzzer
  67. Hacker Tools Free
  68. Hacking Tools Hardware
  69. Pentest Tools Website Vulnerability
  70. Hacker Tools Linux
  71. How To Hack
  72. Black Hat Hacker Tools
  73. Hacker Tools Github
  74. Pentest Tools Github
  75. New Hacker Tools
  76. Hacking Tools Usb
  77. Pentest Tools Nmap
  78. Free Pentest Tools For Windows
  79. Hacker Tools Linux
  80. Pentest Tools Bluekeep
  81. Hacker Tools List
  82. Hacker Tools Apk Download
  83. Hack Tools Online
  84. Hack And Tools
  85. Pentest Tools Tcp Port Scanner
  86. Hacker Tools 2019
  87. Hacker Tools Linux
  88. Bluetooth Hacking Tools Kali
  89. Pentest Tools Nmap
  90. Best Pentesting Tools 2018
  91. Hacking Tools Software
  92. Hacker Tools Free
  93. World No 1 Hacker Software
  94. Hack And Tools
  95. Hacker Tools List
  96. Github Hacking Tools
  97. Pentest Tools Apk
  98. Hacking Tools Online
  99. Underground Hacker Sites
  100. Hacker Techniques Tools And Incident Handling
  101. Hacker Tools 2020
  102. Hacking Tools Pc
  103. Hacker Tools 2020
  104. Pentest Tools For Mac
  105. Hacker Tools For Pc
  106. Hacker Tools Free Download
  107. Hack Tools
  108. What Is Hacking Tools
  109. Beginner Hacker Tools
  110. Hack Tools Online
  111. Hack Tools Online
  112. Hacker Tools Apk Download
  113. Hacker Tools Software
  114. Hack Tools Pc
  115. Pentest Tools Apk
  116. Install Pentest Tools Ubuntu
  117. Hack App
  118. Hacking Tools For Windows
  119. Hack Tool Apk No Root
  120. Pentest Tools Kali Linux
  121. Hack Website Online Tool
  122. Hack Tools Pc
  123. Hack Tool Apk
  124. Hacking Tools For Kali Linux
  125. Pentest Tools Url Fuzzer
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)