Decompiler available?

[CoolFire]

Are there any decompilers for go? Most common tools are capable of
handling the binaries fine, but all the libraries available make it a
nightmare to reverse engineer, and there seems to be a go application
popping up in a lot of CTF competitions. (Specifically PlaidCTF today.)

[Kyle Lemons]

Not that I know of.  The gc compiler doesn't have as many optimizations as a typical C compiler, so if it is built with that you'll probably be able to reasonably examine small snippets of the binary as if they were C, though they will probably get confused by the calling convention and you'll have a fair bit of calls into the runtime and bounds checking that would clutter otherwise clean Go code.  On the up-side, method calls and interface calls should be relatively straightforward to trace, and I suspect channel send operations will look like function calls, though go's switch and select will probably be rather inscrutable.

As for actually capturing a flag involving a Go binary, unless they used the unsafe package to create it, the flag is probably hidden in some behavior of the application itself and not in something like a poorly constructed printf.

[Kyle Lemons]

Oh, I should also mention that GDB v7.3+ support debugging Go binaries (if you have a local installation of Go from which it can grab the python runtime helper script), so if the debugging symbols are still there that may help.

[CoolFire]

Alright, thanks for the info. And as for the binary, in this case it's
not that. I know what it is, roughly, but I can't seem to find it. As
the CTF is still running, I won't go into more detail right now :)

On Apr 28, 3:17 am, Kyle Lemons <kev...@google.com> wrote: