Garble Versions Save

This bugfix release fixes a regression in v0.12.0 that broke x/sys/unix. See #830.

This release continues support for Go 1.21 and includes fixes for Go 1.22, now that the final 1.22.0 release is out.

@lu4p improved the detection of types used with reflection to track make calls too, fixing more cannot use T1 as T2 errors when obfuscating types. See #690.

@pagran added a trash block generator to the control flow obfuscator. See #825.

A number of bugfixes are also included:

• Avoid an error when building for GOOS=ios - #816
• Prevent the shuffle literal obfuscation from being optimized away - #819
• Support inline comments in assembly #include lines - #812

This release drops support for Go 1.20, continues support for Go 1.21, and adds initial support for the upcoming Go 1.22.

@lu4p and @mvdan improved the code using SSA to detect which types are used with reflection, which should fix a number of errors such as cannot use T1 as T2 or cannot convert T1 to T2. See: #685, #763, #782, #785, #807.

@pagran added experimental support for control flow obfuscation, which should provide stronger obfuscation of function bodies when enabled. See the documentation at docs/CONTROLFLOW.md. See #462.

A number of bugfixes are also included:

• Avoid panicking on a struct embedding a builtin alias - #798
• Strip struct field tags when hashing struct types for type identity - #801

This bugfix release continues support for Go 1.20 and the upcoming 1.21, and features:

• Avoid obfuscating local types used for reflection, like in go-spew - #765

This release drops support for Go 1.19, continues support for Go 1.20, and adds initial support for the upcoming Go 1.21.

@lu4p rewrote the code to detect whether reflect is used on each Go type, which is used to decide which Go types should not be obfuscated to prevent breakage. The old code analyzed syntax trees with type information, which is cheap but clumsy. The new code uses SSA, which adds a bit of CPU cost to builds, but allows for a more powerful analysis that is less likely to break on edge cases. While this change does slow down builds slightly, we will start using SSA for more features in the near term, such as control flow obfuscation. See #732.

@pagran improved the patching of Go's linker to also obfuscate funcInfo.entryoff, making it harder to relate a function's metadata with its body in the binary. See #641.

@mvdan rewrote garble's caching to be more robust, avoiding errors such as "cannot load garble export file". The new caching system is entirely separate from Go's GOCACHE, being placed in GARBLE_CACHE, which defaults to a directory such as ~/.cache/garble. See #708.

@DominicBreuker taught -literals to support obfuscating large string literals by using the "simple" obfuscator on them, as it runs in linear time. See #720.

@mvdan added support for garble run, the obfuscated version of go run, to quickly test that a main program still works when obfuscated. See #661.

A number of bugfixes are also included:

• Ensure that sync/atomic types are still aligned by the compiler - #686
• Print the chosen random seed when using -seed=random - #696
• Avoid errors in git apply if the system language isn't English - #698
• Avoid a panic when importing a missing package - #694
• Suggest a command when asking the user to rebuild garble - #739

This bugfix release continues support for Go 1.19 and 1.20, and features:

• Support inline comments in assembly to fix GOARCH=ppc64 - #672
• Avoid obfuscating reflect.Value to fix davecgh/go-spew - #676
• Fix runtime panics when using garble build inside a VCS directory - #675

Thanks to @pagran and @lu4p for their contributions!

This bugfix release continues support for Go 1.19 and 1.20, and features:

• Support go:linkname directives referencing methods - #656
• Fix more "unused import" errors with -literals - #658

Thanks to @pagran and @lu4p for their contributions!

This bugfix release continues support for Go 1.19 and the upcoming Go 1.20, and features:

• Support obfuscating code which uses "dot imports" - #610
• Fix linking errors for MIPS architectures - #646
• Compiler intrinsics for packages like math/bits work again - #655

Thanks to @pagran and @lu4p for their contributions!

This release continues support for Go 1.19 and the upcoming Go 1.20.

Noteworthy changes include:

• Randomize the magic number header in pclntab - #622
• Further reduce binary sizes with -tiny by 4% - #633
• Reduce the size overhead of all builds by 2% - #629
• Reduce the binary size overhead of -literals by 20% - #637
• Support assembly references to the current package name - #619
• Support package paths with periods in assembly - #621

Note that the first two changes are done by patching and rebuilding Go's linker. While this adds complexity, it enables more link time obfuscation.

Thanks to @pagran and @lu4p for their contributions!

This release drops support for Go 1.18, continues support for Go 1.19, and adds initial support for the upcoming Go 1.20.

Noteworthy changes include:

• GOGARBLE=* is now the default to obfuscate all packages - #594
• GOPRIVATE is no longer used, being deprecated in v0.5.0
• Obfuscate assembly source code filenames - #605
• Randomize the lengths of obfuscated names
• Support obfuscating time and syscall
• Avoid reflect method call panics if reflect is obfuscated

Thanks to @Azrotronik, @lu4p, and @capnspacehook for contributing to this release!