Introduction To Reversing Golang Binaries

Golang binaries are a bit hard to analyze but there are some tricks to locate the things and view what is doing the code.

Is possible to list all the go files compiled in the binary even in an striped binaries, in this case we have only one file gohello.go this is a good clue to guess what is doing the program.

On stripped binaries the runtime functions are not resolved so is more difficult to locate the user algorithms:

If we start from the entry point, we will found this mess:

The golang string initialization are encoded and is not displayed on the strings window.

How to locate main?  if its not stripped just bp on [package name].main for example bp main.main, (you can locate the package-name searching strings with ".main")

And here is our main.main:

The code is:

So in a stripped binary we cant find the string "hello world" neither the initialization 0x1337 nor the comparator 0x1337, all this is obfuscated.

The initialization sequence is:

The procedure for locating main.main in stripped binaries is:

1. Click on the entry point and locate the runtime.mainPC pointer:

2. click on runtime.main function (LAB_0042B030):

3. locate the main.main call after the zero ifs:

4. click on it and here is the main:

The runtime is not obvious for example the fmt.Scanf() call perform several internal calls until reach the syscall, and in a stripped binary there are no function names.

In order to identify the functions one option is compile another binary with symbols and make function fingerprinting.

In Ghidra we have the script golang_renamer.py which is very useful:

After applying this plugin the main looks like more clear:

This script is an example of function fingerprinting, in this case all the opcodes are included on the crc hashing:

# This script fingerprints the functions

#@author: sha0coder

#@category fingerprinting

print "Fingerprinting..."

import zlib

# loop through program functions

function = getFirstFunction()

while function is not None:

name = str(function.getName())

entry = function.getEntryPoint()

body = function.getBody()

addresses = body.getAddresses(True)

if not addresses.hasNext():

# empty function

continue

ins = getInstructionAt(body.getMinAddress())

opcodes = ''

while ins and ins.getMinAddress() <= body.getMaxAddress():

for b in ins.bytes:

opcodes += chr(b & 0xff)

ins = getInstructionAfter(ins)

crchash = zlib.crc32(opcodes) & 0xffffffff

print name, hex(crchash)

function = getFunctionAfter(function)

Related articles

1. Hacker Tools For Ios
2. Hacker Tools Windows
3. Hacking Tools Kit
4. Hacker Tools Free
5. How To Install Pentest Tools In Ubuntu
6. Hacking Tools For Windows
7. Hacker Tools Software
8. Nsa Hack Tools Download
9. Hack Website Online Tool
10. Hack Tools For Windows
11. What Are Hacking Tools
12. Pentest Recon Tools
13. Pentest Reporting Tools
14. Pentest Tools Kali Linux
15. Hacker Tools Online
16. Underground Hacker Sites
17. Hacking Tools Software
18. New Hack Tools
19. Pentest Automation Tools
20. Pentest Box Tools Download
21. Black Hat Hacker Tools
22. Pentest Tools Tcp Port Scanner
23. Hacking Tools Name
24. Hacker Tools Free Download
25. Pentest Tools Free
26. Nsa Hacker Tools
27. How To Make Hacking Tools
28. Pentest Tools Website Vulnerability
29. Easy Hack Tools
30. Pentest Tools Website Vulnerability
31. Hacks And Tools
32. Hacking Tools For Pc
33. Hacking Tools And Software
34. What Are Hacking Tools
35. Hack Tools 2019
36. Hacks And Tools
37. Pentest Tools List
38. How To Make Hacking Tools
39. Usb Pentest Tools
40. Pentest Tools Download
41. Pentest Tools For Android
42. Hacker Tools For Ios
43. Pentest Tools Open Source
44. Hack Tool Apk
45. Hack Tools
46. Hacking Tools Mac
47. World No 1 Hacker Software
48. Pentest Tools Online
49. Hacker Tools Hardware
50. Ethical Hacker Tools
51. Hacking Tools For Windows 7
52. Pentest Reporting Tools
53. Pentest Tools Port Scanner
54. Hacker Tools Github
55. Blackhat Hacker Tools
56. Hack Tools Mac
57. Hack And Tools
58. Hacker Tools For Pc
59. Hacker Tools List
60. Free Pentest Tools For Windows
61. Hack Tools For Ubuntu
62. Pentest Tools For Android
63. Hack Tools Online
64. Pentest Tools Linux
65. Github Hacking Tools
66. Hack Tools Pc
67. Pentest Tools Open Source
68. Nsa Hacker Tools
69. Pentest Box Tools Download
70. Pentest Tools Find Subdomains
71. How To Make Hacking Tools
72. Hacking Tools Online
73. Hack Tools
74. Nsa Hack Tools Download
75. Hacker Security Tools
76. Nsa Hack Tools Download
77. Hacker Tools For Ios
78. Hacks And Tools
79. Pentest Tools Linux
80. Pentest Reporting Tools
81. Hack Tools Online
82. Top Pentest Tools
83. Black Hat Hacker Tools
84. Pentest Box Tools Download
85. Hacking Tools For Mac
86. Hacking Tools And Software
87. Pentest Tools Open Source
88. Hacker Tools Mac
89. Hacker Tools Mac
90. Hacking Tools For Windows
91. Ethical Hacker Tools
92. Hacker
93. Hacker Tools Apk
94. Pentest Tools Subdomain
95. Hacker Tools For Ios
96. Hacking Tools Free Download
97. Pentest Tools Bluekeep
98. Hack Website Online Tool
99. Hack Tools Mac
100. Pentest Tools For Android
101. Hacker Tools For Windows
102. Best Hacking Tools 2020
103. Pentest Tools For Windows
104. Hacker Tool Kit
105. Hack Tool Apk No Root
106. Pentest Recon Tools
107. Hack Tools For Games
108. Pentest Tools List
109. Pentest Box Tools Download
110. Pentest Automation Tools
111. Pentest Tools List
112. Hacker Tools Free Download
113. Hacking Tools Mac
114. Hacking Tools Usb
115. Hacker Tools Hardware
116. Best Hacking Tools 2020
117. Hacker Tools Apk Download
118. Best Hacking Tools 2020
119. Pentest Tools Website Vulnerability
120. Hacking Tools For Kali Linux
121. Hacker Hardware Tools
122. Pentest Tools Website
123. Kik Hack Tools