Implant protobuf update #1215
Merged
Implant protobuf update #1215
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The protobuf library got updated sometime last year to store the whole protobuf file as a byte slice literal (prefixed by a GZIP header), where before that the data was stored as a byte slice containing the GZIP compressed version of the protobuf file. This means that when we started using this version, all implant build contained clear string literals that represented the protobuf message names, which was an easy way to fingerprint implant using static signatures.
This PR updates the assets generation to dynamically modify the auto-generated protobuf file for the implant (
sliver.pb.go) so it replaces the raw literals with a XOR version of itself.The XOR key is generated when the file is saved to disk, that way we can have unique keys for each server deployment. This should help reduce some static signatures that took advantage of the change introduced in the latest protobuf package version.