检查golang中的二进制完整性
[英]check binary integrity in golang
问题描述
i try to create integrity protection of my application , this is my actual code : 
我尝试为我的应用程序创建完整性保护,这是我的实际代码:
package main
import (
"os"
"io"
"crypto/sha256"
"fmt"
)
var OriginalSign string
func checkSUM() string {
hasher := sha256.New()
f, err := os.Open(os.Args[0])
if err != nil {
os.Exit(0)
}
defer f.Close()
if _, err = io.Copy(hasher, f); err != nil {
os.Exit(0)
}
return fmt.Sprintf("%x", hasher.Sum(nil))
}
func main() {
signature := checkSUM()
fmt.Println(OriginalSign)
fmt.Println(signature)
if signature != OriginalSign {
fmt.Println("binary is compromised")
}
}
i compiled with this command : 我用以下命令编译:
C:\Users\admin\go\src\localhost\lic>go build -ldflags="-s -w -X main.OriginalSig
n=8636cdeef255e52c6fd3f391fd7d75fbaf7c6e830e0e7ac66a645093c7efcbc7" -o checksum.
exe checksum.go
C:\Users\admin\go\src\localhost\lic>checksum.exe
8636cdeef255e52c6fd3f391fd7d75fbaf7c6e830e0e7ac66a645093c7efcbc7
d29440d3467f6176a6af0dcb61ea696cb318db3a6f1680b5b8f7890e165d8d7e
binary is compromised
how i can do this corectly in go ? 我怎样才能做到这一点呢? i need to know signature of final binary file and check if is compromited. 我需要知道最终二进制文件的签名并检查是否被压缩。
1 个解决方案
解决方案1
0 2018-06-24 11:41:18
I can't see how to hook into tool buildid in a program but it can (kind of) detect changes to a binary 我看不到如何在程序中加入工具buildid,但它可以(有点)检测对二进制文件的更改
buildid does seem to store a "contentid" of the binary which is the essence of the original question buildid似乎存储了二进制文件的“ contentid”,这是原始问题的本质
Here's a bash script that shows this (sorry I don't do MS Windows) 这是一个显示此内容的bash脚本(对不起,我没有MS Windows)
#
# delete any old binaries
rm -f t
# do an initial build
go build t.go
# show it works
./t
# get the original buildid
ORIG=$(go tool buildid t)
# now tamper with it!
perl -p -i -e 's/testing/porkpie/' t
# run again, show the tamper
./t
# now regenerate the buildid
go tool buildid -w t
# get the buildid after the regeneration
LATER=$(go tool buildid t)
# show the original and the post-tampering buildid - they are different
echo "$ORIG"
echo "$LATER"
Here's the do nothing t.go 这是什么都不做
package main
import (
"fmt"
)
func main() {
fmt.Println("testing 123")
}
Here's the output 这是输出
testing 123
porkpie 123
koB1H61TwQSHTQGiI4PP/-o93sSzqt1ltMhBJn4pR/2wvL4J9vF4vGUGjdbsyd/y-0uRBmxfJdrbAfsE1lr
koB1H61TwQSHTQGiI4PP/-o93sSzqt1ltMhBJn4pR/2wvL4J9vF4vGUGjdbsyd/UeLetY1pBF54B_4Y8-Nj
So the go tool buildid can store a hash in with the binary and (kind of) detect tampering. 因此, go tool buildid可以将散列与二进制文件一起存储,并(检测)篡改。 But I couldn't work out how to get the contentid from a normal call inside a normal program 但是我不知道如何从正常程序中的正常调用中获取contentid
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.