Introduction To Reversing Golang Binaries

Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.

Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.

On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:

If we start from the entry point, we will found this mess:

The golang string initialization are encoded and is not displayed on the strings window.

How to locate main?  if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")

And here is our main.main:

The code is:

So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.

The initialization sequence is:

The procedure for locating main.main in stripped binaries is:

1. Click on the entry point and locate the runtime.mainPC pointer:

2. click on runtime.main function (LAB_0042B030):

3. locate the main.main call after the zero ifs:

4. click on it and here is the main:

The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.

In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.

In Ghidra we have the script golang_renamer.py which is very useful:

After applying this plugin the main looks like more clear:

This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:

# This script fingerprints the functions

#@author: sha0coder

#@category fingerprinting

print "Fingerprinting..."

import zlib

# loop through program functions

function = getFirstFunction()

while function is not None:

name = str(function.getName())

entry = function.getEntryPoint()

body = function.getBody()

addresses = body.getAddresses(True)

if not addresses.hasNext():

# empty function

continue

ins = getInstructionAt(body.getMinAddress())

opcodes = ''

while ins and ins.getMinAddress() <= body.getMaxAddress():

for b in ins.bytes:

opcodes += chr(b & 0xff)

ins = getInstructionAfter(ins)

crchash = zlib.crc32(opcodes) & 0xffffffff

print name, hex(crchash)

function = getFunctionAfter(function)

Related word

• Tools 4 Hack
• Hacker Tools List
• Pentest Tools Review
• Hacking Tools For Beginners
• Hacking Tools 2020
• Pentest Tools For Ubuntu
• Hack Tools 2019
• Hack Tools Mac
• Hacker Tools Software
• Physical Pentest Tools
• Hack Rom Tools
• Wifi Hacker Tools For Windows
• Hak5 Tools
• Hacking Tools Name
• Hacker
• Hack Tools Online
• Hacking Tools For Mac
• Underground Hacker Sites
• Pentest Tools For Windows
• Hackrf Tools
• Hack Tools For Mac
• Hack And Tools
• New Hack Tools
• Pentest Tools Download
• Hack Tool Apk No Root
• Hacker Tools For Ios
• Pentest Tools Alternative
• What Is Hacking Tools
• Pentest Tools Port Scanner
• Ethical Hacker Tools
• Hackrf Tools
• Hacker Tools For Ios
• Pentest Tools Website Vulnerability
• Pentest Tools Open Source
• Hack Tools Online
• Hacker Search Tools
• Free Pentest Tools For Windows
• Hacking Tools For Kali Linux
• Pentest Tools Review
• Hacking Tools Kit
• Pentest Tools Github
• Hack Tools For Games
• Pentest Tools Subdomain
• Hack Tools For Ubuntu
• Pentest Tools For Ubuntu
• Underground Hacker Sites
• Computer Hacker
• Pentest Tools Website
• Pentest Tools Nmap
• Hacking Tools Online
• Pentest Tools Android
• Hack Tools Mac
• Hack Tools Online
• Hacking Tools Free Download
• Nsa Hacker Tools
• What Is Hacking Tools
• Usb Pentest Tools
• Hackers Toolbox
• Hack Tools For Ubuntu
• Ethical Hacker Tools
• Hacker Tools For Ios
• Pentest Tools Url Fuzzer
• Pentest Box Tools Download
• Hack Tools Github
• Hacking Tools Github
• Hackrf Tools
• Bluetooth Hacking Tools Kali
• Hacker Tool Kit
• Hack Tools
• Hacker
• Pentest Tools Github
• Hacking Tools For Kali Linux
• Pentest Tools Apk
• Hacker Security Tools
• Hacking Tools Software
• Hacker Tools Online
• Tools Used For Hacking
• Hacking Tools Software
• Tools Used For Hacking
• Hacker Tools List
• Hacker Tools List
• Pentest Tools For Mac
• Ethical Hacker Tools
• New Hacker Tools
• Best Pentesting Tools 2018
• Pentest Tools Open Source
• Nsa Hacker Tools
• Pentest Tools Download
• Hacking Tools Online
• Hacking Tools For Beginners
• Android Hack Tools Github
• Hack Tools For Pc
• Hack Tools For Pc
• Hack Tools Download
• Hacker Tools For Mac
• How To Make Hacking Tools
• Bluetooth Hacking Tools Kali
• Tools Used For Hacking
• Install Pentest Tools Ubuntu
• Kik Hack Tools
• Hack Tools For Ubuntu
• Hacker Search Tools
• Best Hacking Tools 2020
• Hacker Tools 2019
• Top Pentest Tools
• Hacker Tools Software
• Hacker Tools 2019
• Pentest Tools Url Fuzzer
• Hacking Tools For Pc
• Pentest Tools Nmap
• Best Hacking Tools 2019
• Hacker Tools Mac
• Hacking Tools For Beginners
• Pentest Tools Website Vulnerability
• Hacking Tools For Windows 7
• Hack Tool Apk
• Pentest Tools Website Vulnerability
• Pentest Box Tools Download
• Pentest Tools Subdomain
• Hacker
• Bluetooth Hacking Tools Kali
• Tools 4 Hack
• Hak5 Tools
• Hacker Tools List
• Hacking App