mumbojumbo's Introduction

Mumbo jumbo

A small tool to obfuscate strings in your Go code

Description

When you want to store specific strings in your go code they are automatically searchable in the go binary.

For example take the following code (x.go):

    package main

    import (
        "fmt"
    )

    const (
        C = "hello"
    )

    func main() {
        fmt.Println(C)
    }

Now run go build ./x.go to build it and the run strings ./x | grep hello.

Surprise ! hello is visible to anyone who has access the go binary.

mumbojumbo tries to mitigate this problem by obfuscating the string so it is no longer searchable with strings.

Getting Started

You can install mumbojumbo by running:

go get github.com/jeromer/mumbojumbo/...

Usage

Once mumbojumbo is installed just run:

mumbojumbo -s=foo -p=bar

where foo is the string you want to obfuscate and bar is the name of the go package which will be generated.

For example, imagine I want to obfuscate the string some secret in pkg foo:

mumbojumbo -s="some secret" -p=foo | goimports > foo.go

The following code will be generated:

// CODE GENERATED BY mumbojumbo 1.0 (https://github.com/jeromer/mumbojumbo) DO NOT EDIT !!!!

package foo

import (
	"unsafe"
)

const (
	EAX = uint8(unsafe.Sizeof(true))
)

func Get() string {
	return string(
		[]byte{
			((((EAX<<EAX|EAX)<<EAX|EAX)<<EAX<<EAX<<EAX|EAX)<<EAX ^ EAX),
			(((((EAX<<EAX|EAX)<<EAX<<EAX|EAX)<<EAX|EAX)<<EAX^EAX)<<EAX | EAX),
			((((EAX<<EAX|EAX)<<EAX<<EAX|EAX)<<EAX|EAX)<<EAX<<EAX ^ EAX),
			(((EAX<<EAX|EAX)<<EAX<<EAX<<EAX|EAX)<<EAX<<EAX | EAX),
			EAX << EAX << EAX << EAX << EAX << EAX,
			((((EAX<<EAX|EAX)<<EAX|EAX)<<EAX<<EAX<<EAX|EAX)<<EAX ^ EAX),
			(((EAX<<EAX|EAX)<<EAX<<EAX<<EAX|EAX)<<EAX<<EAX | EAX),
			(((EAX<<EAX|EAX)<<EAX<<EAX<<EAX<<EAX|EAX)<<EAX | EAX),
			(((EAX<<EAX|EAX)<<EAX|EAX)<<EAX<<EAX<<EAX | EAX) << EAX,
			(((EAX<<EAX|EAX)<<EAX<<EAX<<EAX|EAX)<<EAX<<EAX | EAX),
			(((EAX<<EAX|EAX)<<EAX|EAX)<<EAX<<EAX | EAX) << EAX << EAX,
		},
	)
}

Now import foo.go in your project and call fmt.Println(foo.Get()) you should see "some secret"

Run mumbojumbo --help to get help

License

This project is licensed under the BSD 3-Clause License - see the LICENSE file for details

Acknowledgments

Thanks GH0st3rs for the obfuscation code

mumbojumbo's People

Contributors

Stargazers

Watchers

mumbojumbo's Issues

String getting precomputed and thus not obfuscated

Hi there! I was testing out this package and incorporating the generated code within a go package however upon building noticed that the string is still discoverable when running strings and stored in plaintext format in the binary.

It seems like with certain compiler optimisations will precompute the generated code due to the variable used is a const.

I solved it by defining eax within the function block as a var instead of a const and the string is then computed at runtime and does not show up when running strings on the binary

Recommend Projects

jeromer / mumbojumbo Goto Github PK

mumbojumbo's Introduction

Mumbo jumbo

Description

Getting Started

Usage

License

Acknowledgments

mumbojumbo's People

Contributors

Stargazers

Watchers

Forkers

mumbojumbo's Issues

String getting precomputed and thus not obfuscated

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent