Releases: burrowers/garble
v0.15.0
This release adds support for Go 1.25 and drops support for Go 1.23 and Go 1.24.
Literal obfuscation is improved slightly so that deobfuscation via static analysis is not as easy to achieve.
Attempting to obfuscate packages which inject function headers into the runtime via //go:linkname now fails in a very clear way, as such packages like github.com/bytedance/sonic/loader cannot work with an obfuscated runtime.
A number of fixes are also included:
- Fix obfuscating packages whose Go files all import
C - Fix builds where
GOROOTis a symbolic link - Fix control flow obfuscation on packages importing
unsafe - Fix a regression where build flags were not obeyed in
garble reverse
v0.14.2
This bugfix release fixes a number of issues and continues support for Go 1.23 and 1.24.
Toolchain upgrades via GOTOOLCHAIN now work correctly; the transparent upgrade could lead to "linked object header mismatch" errors as garble was accidentally mixing the original and upgraded toolchain versions.
garble -debugdir now refuses to delete a non-empty directory if its contents were not created by a previous -debugdir invocation. This should prevent mistakes which could lead to losing important files.
Function intrinsics were not being picked up correctly from Go 1.24; this could lead to degraded performance for some users, as obfuscating their names prevented the toolchain from optimizing them.
v0.14.1
v0.14.0
This release drops support for Go 1.22 and continues support for Go 1.23.
@lu4p improved the compatibility with reflection of Go types by collecting the set of all types used with reflection during the entire build, and then inject the de-obfuscation of their names in the link step. Thanks to this, many more Go packages should work out of the box, and the README caveat suggesting the use of "reflection hints" is removed.
@mvdan replaced our own tracking of type aliases, necessary given that the alias name becomes a field name when embedded into a struct type. We now rely entirely on upstream Go's tracking of aliases in go/types. Note that this means that Garble now requires Go 1.23.5 or later, given that alias tracking did not work properly in previous Go versions.
A number of fixes are also included:
- Reduce the amount of info fetched from
go list -jsonfor a ~2% speed-up - Package names and paths are now obfuscated separately
- Hashing of struct types to obfuscate field names is now better implemented
- Fix a panic which could occur when using structs as type parameters
Contributors
Assets 2
v0.13.0
This release drops support for Go 1.21 and adds support for Go 1.23.
A number of fixes are also included:
- Fix obfuscation errors when arch-dependent struct padding is used
- Fix a failure when using garble inside a
go.workworkspace - Fail early and clearly if the Go version is too new
- Rewrite the main
go generatescript from Bash to Go and improve it
v0.12.1
v0.12.0
This release continues support for Go 1.21 and includes fixes for Go 1.22, now that the final 1.22.0 release is out.
@lu4p improved the detection of types used with reflection to track make calls too, fixing more cannot use T1 as T2 errors when obfuscating types. See #690.
@pagran added a trash block generator to the control flow obfuscator. See #825.
A number of bugfixes are also included:
Contributors
Assets 2
v0.11.0
This release drops support for Go 1.20, continues support for Go 1.21, and adds initial support for the upcoming Go 1.22.
@lu4p and @mvdan improved the code using SSA to detect which types are used with reflection, which should fix a number of errors such as cannot use T1 as T2 or cannot convert T1 to T2. See: #685, #763, #782, #785, #807.
@pagran added experimental support for control flow obfuscation, which should provide stronger obfuscation of function bodies when enabled. See the documentation at docs/CONTROLFLOW.md. See #462.
A number of bugfixes are also included:
Contributors
Assets 2
v0.10.1
v0.10.0
This release drops support for Go 1.19, continues support for Go 1.20, and adds initial support for the upcoming Go 1.21.
@lu4p rewrote the code to detect whether reflect is used on each Go type, which is used to decide which Go types should not be obfuscated to prevent breakage. The old code analyzed syntax trees with type information, which is cheap but clumsy. The new code uses SSA, which adds a bit of CPU cost to builds, but allows for a more powerful analysis that is less likely to break on edge cases. While this change does slow down builds slightly, we will start using SSA for more features in the near term, such as control flow obfuscation. See #732.
@pagran improved the patching of Go's linker to also obfuscate funcInfo.entryoff, making it harder to relate a function's metadata with its body in the binary. See #641.
@mvdan rewrote garble's caching to be more robust, avoiding errors such as "cannot load garble export file". The new caching system is entirely separate from Go's GOCACHE, being placed in GARBLE_CACHE, which defaults to a directory such as ~/.cache/garble. See #708.
@DominicBreuker taught -literals to support obfuscating large string literals by using the "simple" obfuscator on them, as it runs in linear time. See #720.
@mvdan added support for garble run, the obfuscated version of go run, to quickly test that a main program still works when obfuscated. See #661.
A number of bugfixes are also included:
- Ensure that
sync/atomictypes are still aligned by the compiler - #686 - Print the chosen random seed when using
-seed=random- #696 - Avoid errors in
git applyif the system language isn't English - #698 - Avoid a panic when importing a missing package - #694
- Suggest a command when asking the user to rebuild garble - #739
