9/23/2023 0 Comments Ida hide debuggerThat bulky size entails a maze of standard code to confuse reverse engineers down long unproductive rabbit holes, steering them away from the sparse user-generated code that implements the actual functionality. The binaries are then easily stripped of debug symbols and can be UPX packed to mask their size quite effectively. Due to the approach of statically-linking dependencies, the simplest Go binary is multiple megabytes in size and one with proper functionality can figure in the 15-20mb range. Go binaries present multiple peculiarities that make our lives a little harder. Our hope is that members of the community will feel inspired to share additional resources to bolster our collective analysis powers.Ī Quick Intro to the Woes of Go Binary Analysis In an attempt to further dispel that myth, we’ve set out to share a series of scripts that simplify the task of analyzing Go binaries using IDA Pro with a friendly methodology. While our tooling has generally improved, the perception that Go binaries are difficult to analyze remains. On the other hand, for analysts, it’s meant learning the inadequacies of our tooling and contending with a foreign programming paradigm. The language offers great benefits for malware developers: portability of statically-linked dependencies, speed of simple concurrency, and ease of cross-compilation. The increasing popularity of Go as a language for malware development is forcing more reverse engineers to come to terms with the perceived difficulties of analyzing these gargantuan binaries.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |