Introduction To Reversing Golang Binaries

Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.

Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.

On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:

If we start from the entry point, we will found this mess:

The golang string initialization are encoded and is not displayed on the strings window.

How to locate main?  if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")

And here is our main.main:

The code is:

So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.

The initialization sequence is:

The procedure for locating main.main in stripped binaries is:

1. Click on the entry point and locate the runtime.mainPC pointer:

2. click on runtime.main function (LAB_0042B030):

3. locate the main.main call after the zero ifs:

4. click on it and here is the main:

The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.

In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.

In Ghidra we have the script golang_renamer.py which is very useful:

After applying this plugin the main looks like more clear:

This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:

# This script fingerprints the functions

#@author: sha0coder

#@category fingerprinting

print "Fingerprinting..."

import zlib

# loop through program functions

function = getFirstFunction()

while function is not None:

name = str(function.getName())

entry = function.getEntryPoint()

body = function.getBody()

addresses = body.getAddresses(True)

if not addresses.hasNext():

# empty function

continue

ins = getInstructionAt(body.getMinAddress())

opcodes = ''

while ins and ins.getMinAddress() <= body.getMaxAddress():

for b in ins.bytes:

opcodes += chr(b & 0xff)

ins = getInstructionAfter(ins)

crchash = zlib.crc32(opcodes) & 0xffffffff

print name, hex(crchash)

function = getFunctionAfter(function)

More info

1. Hack Tools
2. Hack Tools For Games
3. Hack Tool Apk
4. Pentest Tools Nmap
5. Hacker Tools Software
6. Hacking Tools Pc
7. Hack Tools
8. Hack Tools
9. Top Pentest Tools
10. Hacking App
11. Growth Hacker Tools
12. Hackers Toolbox
13. How To Make Hacking Tools
14. Hacker Tools For Ios
15. Pentest Tools Framework
16. Tools For Hacker
17. Hacking Tools For Games
18. Pentest Tools Apk
19. Hacker Tools 2019
20. Hacker Search Tools
21. Hack Tools For Windows
22. Underground Hacker Sites
23. Hacking Tools Software
24. Growth Hacker Tools
25. Hacking Tools For Beginners
26. Hack Tools Online
27. Pentest Tools Website Vulnerability
28. Hacker Security Tools
29. Pentest Tools Tcp Port Scanner
30. Hacker Security Tools
31. Pentest Tools Apk
32. Hacker Tools
33. Physical Pentest Tools
34. Hacking Tools Github
35. Best Hacking Tools 2019
36. Hacking Tools Name
37. How To Make Hacking Tools
38. Hack Tools For Mac
39. Underground Hacker Sites
40. Hacking Tools Github
41. Hacking Tools 2020
42. Pentest Tools Port Scanner
43. Hack Tools Mac
44. Hacking Tools Download
45. Hacker Tools Mac
46. Computer Hacker
47. Underground Hacker Sites
48. Hacking Tools Kit
49. Hack Tools For Windows
50. Blackhat Hacker Tools
51. Hack Tool Apk
52. What Is Hacking Tools
53. Hacking Tools And Software
54. New Hacker Tools
55. Hack Website Online Tool
56. Hacker Tools Linux
57. Pentest Tools Online
58. Hack Website Online Tool
59. Pentest Tools Open Source
60. Pentest Tools For Ubuntu
61. Hacking Tools For Windows 7
62. Pentest Tools Open Source
63. Hacker Tools For Ios
64. New Hacker Tools
65. Beginner Hacker Tools
66. Hacking Tools Pc
67. Pentest Automation Tools
68. Hacking Tools Download
69. Hacking Tools 2020
70. Pentest Tools Alternative
71. Top Pentest Tools
72. Pentest Tools List
73. Hacker Tool Kit
74. Wifi Hacker Tools For Windows
75. Hacker
76. Nsa Hack Tools Download
77. Hacking Tools For Beginners
78. Hacker Tools Github
79. Pentest Tools Subdomain
80. How To Make Hacking Tools
81. Kik Hack Tools
82. Best Hacking Tools 2020
83. Hack And Tools
84. Hacking Tools 2019
85. Hacking Tools Windows
86. Pentest Tools Tcp Port Scanner
87. Bluetooth Hacking Tools Kali
88. Pentest Tools Subdomain
89. Pentest Tools List
90. Underground Hacker Sites
91. Pentest Tools Review
92. Pentest Tools Website
93. Hacker
94. Tools 4 Hack
95. Hacker Hardware Tools
96. Hacks And Tools
97. Hacker Tools Windows
98. Hacking Tools And Software
99. Hak5 Tools
100. How To Make Hacking Tools
101. Hacking Tools Free Download
102. Pentest Tools Online
103. Pentest Tools For Android
104. Pentest Tools Port Scanner
105. Hacker Tools 2019
106. Hacker Tools Free Download
107. Hacker Tools
108. Hacker Tools For Pc
109. Pentest Tools Review
110. Pentest Tools For Android
111. Hack Apps
112. Tools 4 Hack
113. Pentest Tools
114. Hack App
115. Hacking Tools Software
116. Pentest Tools Apk
117. Pentest Tools Framework
118. Pentest Tools
119. Best Pentesting Tools 2018
120. Hacking Tools And Software
121. Ethical Hacker Tools
122. Top Pentest Tools
123. Hackrf Tools
124. Hacking Tools 2020
125. Hacking Tools For Games
126. Hack Tools Github
127. Tools For Hacker
128. Pentest Tools Android
129. How To Install Pentest Tools In Ubuntu
130. Pentest Tools Subdomain
131. Wifi Hacker Tools For Windows
132. Hacker Tools 2020
133. Hacker Tools Online
134. Hacker