Monday, May 29, 2023

Introduction To Reversing Golang Binaries


Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.






Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.


On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:


If we start from the entry point, we will found this mess:

The golang string initialization are encoded and is not displayed on the strings window.


How to locate main?  if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")


And here is our main.main:


The code is:

So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.

The initialization sequence is:


The procedure for locating main.main in stripped binaries is:
1. Click on the entry point and locate the runtime.mainPC pointer:



2. click on runtime.main function (LAB_0042B030):


3. locate the main.main call after the zero ifs:



4. click on it and here is the main:




The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.



In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.

In Ghidra we have the script golang_renamer.py which is very useful:


After applying this plugin the main looks like more clear:




This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:
# This script fingerprints the functions
#@author: sha0coder
#@category fingerprinting

print "Fingerprinting..."

import zlib


# loop through program functions
function = getFirstFunction()
while function is not None:
name = str(function.getName())
entry = function.getEntryPoint()
body = function.getBody()
addresses = body.getAddresses(True)

if not addresses.hasNext():
# empty function
continue

ins = getInstructionAt(body.getMinAddress())
opcodes = ''
while ins and ins.getMinAddress() <= body.getMaxAddress():
for b in ins.bytes:
opcodes += chr(b & 0xff)
ins = getInstructionAfter(ins)
crchash = zlib.crc32(opcodes) & 0xffffffff

print name, hex(crchash)


function = getFunctionAfter(function)





Related news


  1. Hacking Tools For Games
  2. Hacker Tools Mac
  3. Pentest Tools Apk
  4. Free Pentest Tools For Windows
  5. Nsa Hack Tools Download
  6. Hacker Tools Hardware
  7. Pentest Automation Tools
  8. Hak5 Tools
  9. Hack Tools 2019
  10. Pentest Box Tools Download
  11. Hacker Tools Mac
  12. Hacker Tools For Mac
  13. Pentest Tools Linux
  14. Github Hacking Tools
  15. Github Hacking Tools
  16. Hacking Tools Online
  17. Hacker Security Tools
  18. Hacker Techniques Tools And Incident Handling
  19. Pentest Tools Framework
  20. Hacking Tools Mac
  21. Easy Hack Tools
  22. Hack Tools For Windows
  23. Hacker Tools For Ios
  24. Pentest Recon Tools
  25. Hacking Tools For Kali Linux
  26. Hacking Tools For Kali Linux
  27. Best Pentesting Tools 2018
  28. Tools 4 Hack
  29. Pentest Tools For Mac
  30. Nsa Hacker Tools
  31. Hacking Tools For Windows 7
  32. Blackhat Hacker Tools
  33. Hacking Tools And Software
  34. Pentest Tools Tcp Port Scanner
  35. Pentest Tools Website Vulnerability
  36. Blackhat Hacker Tools
  37. Pentest Tools Nmap
  38. Pentest Tools Url Fuzzer
  39. Hacking Tools Windows
  40. Hacker Tools Apk
  41. Hacker Tools For Pc
  42. Underground Hacker Sites
  43. Hacker Search Tools
  44. Hack Tool Apk No Root
  45. Kik Hack Tools
  46. Pentest Tools Bluekeep
  47. Hacking Tools For Windows Free Download
  48. Hacker Tool Kit
  49. Hacker Search Tools
  50. Hacker Tools List
  51. Hack Rom Tools
  52. Pentest Tools Windows
  53. Hacking Tools For Windows 7
  54. Hacking Tools Download
  55. Hack Tools For Pc
  56. Hack Apps
  57. Hacking Tools Github
  58. Pentest Tools
  59. Hacking Tools For Windows 7
  60. Blackhat Hacker Tools
  61. Hacker Tools List
  62. How To Make Hacking Tools
  63. Hack Tools 2019
  64. Usb Pentest Tools
  65. Pentest Reporting Tools
  66. Hacking Tools For Kali Linux
  67. Hack Tools For Mac
  68. Hacker Tools Apk
  69. Hacking Tools Windows
  70. Hacker Tools Github
  71. Pentest Tools Online
  72. Hack Tools Github
  73. Nsa Hack Tools Download
  74. Hacking Tools Free Download
  75. Hacking Tools Mac
  76. Pentest Tools Url Fuzzer
  77. Pentest Tools Framework
  78. Hacking Apps
  79. Hacking Tools For Windows Free Download
  80. Hack Tool Apk No Root
  81. Pentest Tools Alternative
  82. Nsa Hacker Tools
  83. Pentest Tools Nmap
  84. Hacking Tools Windows
  85. Top Pentest Tools
  86. Github Hacking Tools
  87. Hacker Tools Github
  88. Pentest Reporting Tools
  89. Hacking Tools
  90. Hackers Toolbox
  91. Hack Tools For Pc
  92. Pentest Tools Find Subdomains
  93. Pentest Tools Download
  94. Hacking Tools Windows 10
  95. Pentest Tools Open Source
  96. Hacking Apps
  97. Pentest Tools Website Vulnerability
  98. Hacker Tools For Windows
  99. Hack Tools Github
  100. Hacking Tools Software
  101. Hacking Tools Hardware
  102. Hack Tool Apk No Root
  103. Wifi Hacker Tools For Windows
  104. Hacking Tools For Mac
  105. Github Hacking Tools
  106. Hacking Tools For Beginners
  107. Hacker Tools Windows
  108. Hacking Tools Usb
  109. Hack And Tools
  110. Hacker
  111. Pentest Reporting Tools
  112. Github Hacking Tools
  113. Tools Used For Hacking
  114. Hack Tools Pc
  115. Hack Tool Apk
  116. Pentest Tools For Windows
  117. Pentest Tools Website Vulnerability
  118. Pentest Tools Tcp Port Scanner
  119. Hacker Techniques Tools And Incident Handling
  120. Hack Tools For Mac
  121. How To Install Pentest Tools In Ubuntu

Posted by Tushar Surekha at 11:20 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Bloomberg - UTV

Must Watch...Ad may come initially.. wait for video.Also keep volume on

Disclaimer



This Document is subject to changes without prior notice and is intended only for the person or entity to which it is addressed to and may contain confidential and/or privileged material and is not for any type of circulation. Any review, retransmission, or any other use is prohibited. Kindly note that this document does not constitute an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction.


The information contained herein is from publicly available data or other sources believed to be reliable. While I would endeavour to update the information herein on reasonable basis, I am under no obligation to update or keep the information current. Also, there may be regulatory, compliance, or other reasons that may prevent me from doing so. I do not represent that information contained herein is accurate or complete and it should not be relied upon as such. This document is prepared for assistance only and is not intended to be and must not alone betaken as the basis for an investment decision. The user assumes the entire risk of any use made of this information. Each recipient of this document should make such investigations as it deems necessary to arrive at an independent evaluation of an investment in the securities of companies referred to in this document (including the merits and risks involved), and should consult its own advisors to determine the merits and risks of such an investment. The investment discussed or views expressed may not be suitable for all investors. I do not undertake to advise you as to any change of my views. I may have issued other reports that are inconsistent with and reach different conclusion from the information presented in this report. This report is not directed or intended for distribution to, or use by, any person or entity who is a citizen or resident of or located in any locality, state, country or other jurisdiction, where such distribution, publication, availability or use would be contrary to law, regulation or which would subject me to any registration or licensing requirement within such jurisdiction. The securities described herein may or may not be eligible for sale in all jurisdictions or to certain category of investors. Persons in whose possession this document may come are required to inform themselves of and to observe such restriction. I may have used the information set forth herein before publication and may have positions in, may from time to time purchase or sell or may be materially interested in any of the securities mentioned or related securities. I may from time to time solicit from, or perform investment banking, or other services for, any company mentioned herein. Without limiting any of the foregoing, in no event shall I or any third party involved in, or related to, computing or compiling the information have any liability for any damages of any kind.