burrowers
Support for -toolexec in garble
Hi,
It appears that garble and OpenTelemetry (or otel) are experiencing compatibility issues due to their interaction with the Go toolchain. I've had a brief discussion with @123liuziming, and it seems the resolution may primarily lie within garble.
We would appreciate any thoughts on how to improve this compatibility.
garble now does not support to use -toolexec manually, can we support this to make two Agent compatible?
Out of curiosity, why would you want to add telemetry instrumentation to an obfuscated binary? Telemetry instrumentation by design will expose more information about what a binary is doing, so it goes directly against the goals of obfuscation in general.
Hi Daniel,
Adding telemetry instrumentation is about automating the bootstrapping of application metrics at a high level, while obfuscating the binary helps prevent reverse engineering of the binary file itself (kind of — I know! :-P).
Best,
@mvdan
Out of curiosity, why would you want to add telemetry instrumentation to an obfuscated binary? Telemetry instrumentation by design will expose more information about what a binary is doing, so it goes directly against the goals of obfuscation in general.
Yes, I would agree with you, but if the stack traces are obfuscated to be sent to Sentry or OpenTelemetry, the line of code and the obfuscated “file.go” will be displayed. With Android and ProGuard, you can also obfuscate your Android app, and when you get the stack traces, you can use a “mapping.txt” to see exactly where the crash happened. This would be worth implementing here. so a “mapping.txt”.
example:
XyZqRt github.com/burrowers/garble/reverse.go
This is outside the scope of the project for now, given our existing goals and available time. If someone wants to look into this, you're welcome to have a go. For the time being, I'll close the issue as not planned.