crash.software
Projects
Pull Requests
Issues
Builds
wrongsecrets
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY wrongsecrets Commits d6c94e16
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    src/main/resources/explanations/challenge21.adoc
    1  -=== Obfuscating part 3: the Golang binary
     1 +=== Obfuscating part 3: the Go binary
    2 2   
    3  -Our third language of choice for a compiled application is Golang. With the rise of its popularity, we see an increase of secrets hidden inside the binaries. Can you find the secret in our binary?
     3 +Our third language of choice for a compiled application is Go. With the rise of its popularity, we see an increase of secrets hidden inside the binaries. Can you find the secret in our binary?
    4 4   
    5  -Let's debunk the "secrets are hard to find in native compiled applications" myth for C++: can you find the secret in https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang[wrongsecrets-golang] (or https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang-arm[wrongsecrets-golang-arm], https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang-linux[wrongsecrets-golang-linux])?
     5 +Let's debunk the "secrets are hard to find in native compiled applications" myth for Go: can you find the secret in https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang[wrongsecrets-golang] (or https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang-arm[wrongsecrets-golang-arm], https://github.com/commjoen/wrongsecrets/tree/master/src/main/resources/executables/wrongsecrets-golang-linux[wrongsecrets-golang-linux])?
    6 6   
  • ■ ■ ■ ■ ■ ■
    src/main/resources/explanations/challenge21_hint.adoc
    1  -This challenge is specifically looking at a secret in a Golang binary
     1 +This challenge is specifically looking at a secret in a Go binary
    2 2   
    3  -This one is a little harder, as we used Cobra to create the CLI introducing some more overhead.
     3 +This one is a little harder, as we used Cobra to create the CLI, introducing some more overhead.
    4 4  You can solve this challenge using the following steps:
    5 5   
    6 6  1. Find the secrets with https://ghidra-sre.org/[Ghidra].
    7 7  - Install https://ghidra-sre.org/[Ghidra].
    8  -- Start it whit `ghidraRun`.
     8 +- Start it with `ghidraRun`.
    9 9  - Load the application `wrongsecrets-golang` into ghidra by choosing a new project, then import the file and then doubleclick on it.
    10 10  - Allow the Ghidra to analyze the application. Note that this takes much longer as our binary is a lot larger.
    11 11  - Go to the data type manager in the bottom left, now filter for `string`, now right-click at `string` as a member of `wrongsecrets-golang` and select `find uses of`.
    skipped 3 lines
    15 15  - Install https://www.radare.org[radare2] with either `brew install radare2` on Mac or follow these steps: `git clone https://github.com/radareorg/radare2; cd radare2 ; sys/install.sh`
    16 16  - Launch r2 analysis with `$ r2 -A wrongsecrets-golang`
    17 17  - Start a search for the string with `/w secret`
    18  -- Now take the results and look for possible answers, how about `/w his is the secret in Golgang` ? You should be able to find the secret now.
     18 +- Now take the results and look for possible answers, how about `/w his is the secret in Golang` ? You should be able to find the secret now.
    19 19   
Please wait...
Page is in error, reload to recover