Any solution to hide my source code written in Go and make it a library to develop in Go as well
1,653 views
Skip to first unread message
Billy Cui
May 16, 2020, 3:11:44 PM5/16/20
to golang-nuts
I searched all the websites for such a solution, until Go1.2 there was a buildmode archive, but it did not supported after 1.2, in the mean time, it really don't have enough source code protected.
Then I try use buildmode c-archive/c-shared, of course c-archive is much better, but both of them works not expected as my thought, it's long code so I posted on stackoverflow:
Thank you for any help on this.
Jan Mercl
May 16, 2020, 3:33:44 PM5/16/20
to Billy Cui, golang-nuts
prevent reverse engineering of a compiled program is not giving anyone
access to it in the first place.
Protect your rights legally. Any kind of DRM does not really work.
Billy Cui
May 16, 2020, 3:46:16 PM5/16/20
to golang-nuts
Hi Jan,
Thank you for your reply.
I just want to know the technical solution in Golang, did you mean there is no way for this???
I don't want a 100% working solution. Yes I know the reverse engineering can only be prevented by not release any code or program, I just want to make it more difficult to get the source and read from it. At least c-archive or c-shared are much better than just give them the source codes.
Daniel Martí
May 16, 2020, 6:11:18 PM5/16/20
to golang-nuts
I don't generally advocate the use of obfuscation, but you can give this a try if you want: https://github.com/mvdan/garble
Billy Cui
May 17, 2020, 11:35:29 AM5/17/20
to golang-nuts
Hi Daniel,
I'll try, thank you very much, I did already think of the obfuscation solution, and also found another one: https://github.com/unixpickle/gobfuscate
Maybe you can make a comparison for that one and yours. I think a good competition should be a great thing for both.
Pat Farrell
May 17, 2020, 12:59:18 PM5/17/20
to golang-nuts
Write your code as a service, run it on a cloud service and have the customers just use normal HTTP(s)
You will regret any silly obfuscation approach
You will regret any silly obfuscation approach
Billy Cui
May 17, 2020, 1:10:51 PM5/17/20
to golang-nuts
Hi Pat,
For network usage, you can do that, but there is too many library don't rely on network.
BTW, the obfuscation is not silly, the excellent languages such Java, Javascript and many more have this feature. Actually I wonder why not Golang native support this:)
Billy Cui
May 17, 2020, 10:45:21 PM5/17/20
to golang-nuts
Hi Daniel,
I have test your solution of obfuscation, look you can only obfuscate the binary not the source code. In my case, I need to obfuscate the library code, it's not final binary, it should be called by 3rd party.
On Sunday, May 17, 2020 at 6:11:18 AM UTC+8, Daniel Martí wrote:
robert engels
May 17, 2020, 11:21:40 PM5/17/20
to Billy Cui, golang-nuts
Just distribute it as a plugin (https://golang.org/pkg/plugin/) - you only need to make the calling interface public - and based on your use case - there is nothing proprietary there so it won’t be a problem.
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/87693c2b-91d4-4d5d-9c77-8219d9461cc5%40googlegroups.com.
Billy Cui
May 18, 2020, 2:13:28 AM5/18/20
to golang-nuts
Looks this works, anyone know the plugin mode is easy crack out the source code or not?
On Monday, May 18, 2020 at 11:21:40 AM UTC+8, robert engels wrote:
Just distribute it as a plugin (https://golang.org/pkg/plugin/) - you only need to make the calling interface public - and based on your use case - there is nothing proprietary there so it won’t be a problem.
On May 17, 2020, at 9:45 PM, Billy Cui <bill...@gmail.com> wrote:
Hi Daniel,I have test your solution of obfuscation, look you can only obfuscate the binary not the source code. In my case, I need to obfuscate the library code, it's not final binary, it should be called by 3rd party.
On Sunday, May 17, 2020 at 6:11:18 AM UTC+8, Daniel Martí wrote:I don't generally advocate the use of obfuscation, but you can give this a try if you want: https://github.com/mvdan/garble--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golan...@googlegroups.com.
Robert Engels
May 18, 2020, 8:49:00 AM5/18/20
to Billy Cui, golang-nuts
It’s pretty much the same as any compiled language. See https://www.pnfsoftware.com/blog/analyzing-golang-executables/
On May 18, 2020, at 1:13 AM, Billy Cui <bill...@gmail.com> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/ba2be975-839e-471c-88b0-9eccc4b68a84%40googlegroups.com.
Wojciech S. Czarnecki
May 20, 2020, 9:48:48 AM5/20/20
to golan...@googlegroups.com
Dnia 2020-05-17, o godz. 23:13:28
Billy Cui <bill...@gmail.com> napisał(a):
> Looks this works, anyone know the plugin mode is easy crack out the source code or not?
Read IDA Pro manuals, take a look at IDAGolangHelper scripts for it, then do not waste
your time on futile obfuscation. It will work only if your lib total expected income is less
than $5-10 per your current lines count.
Even after recent spike in reverse engineering prices cost of retrieving compileable source
from the binary is still below $1 per output line. Many skilled Russian, Romanian and
Bulgarian hacking groups who pay for IDA Pro disassembler will gladly take at it.
P.S. compileable does not mean understandable at first sight. This further step
costs magnitudes more, but for the reuse and small "impedance fitting" purposes
is not really needed. Nor it is needed for a possible thief.
hope this helps,
--
Wojciech S. Czarnecki
<< ^oo^ >> OHIR-RIPE
Billy Cui <bill...@gmail.com> napisał(a):
> Looks this works, anyone know the plugin mode is easy crack out the source code or not?
your time on futile obfuscation. It will work only if your lib total expected income is less
than $5-10 per your current lines count.
Even after recent spike in reverse engineering prices cost of retrieving compileable source
from the binary is still below $1 per output line. Many skilled Russian, Romanian and
Bulgarian hacking groups who pay for IDA Pro disassembler will gladly take at it.
P.S. compileable does not mean understandable at first sight. This further step
costs magnitudes more, but for the reuse and small "impedance fitting" purposes
is not really needed. Nor it is needed for a possible thief.
hope this helps,
--
Wojciech S. Czarnecki
<< ^oo^ >> OHIR-RIPE
Jake Montgomery
May 20, 2020, 11:36:54 AM5/20/20
to golang-nuts
Not sure if you care, but plugins are (sadly) not yet supported in Windows. So if you go that route you will not work on Windows.
On Sunday, May 17, 2020 at 11:21:40 PM UTC-4, robert engels wrote:
Just distribute it as a plugin (https://golang.org/pkg/plugin/) - you only need to make the calling interface public - and based on your use case - there is nothing proprietary there so it won’t be a problem.
On May 17, 2020, at 9:45 PM, Billy Cui <bill...@gmail.com> wrote:
Hi Daniel,I have test your solution of obfuscation, look you can only obfuscate the binary not the source code. In my case, I need to obfuscate the library code, it's not final binary, it should be called by 3rd party.
On Sunday, May 17, 2020 at 6:11:18 AM UTC+8, Daniel Martí wrote:I don't generally advocate the use of obfuscation, but you can give this a try if you want: https://github.com/mvdan/garble--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golan...@googlegroups.com.
Billy Cui
May 20, 2020, 11:38:03 AM5/20/20
to golang-nuts
Hi Ohir,
Thanks for your explanation. I'll consider that.
Reply all
Reply to author
Forward
0 new messages