#!/bin/bash # Credential Obfuscation Build Script # Encrypts credentials and embeds them in Go binaries # Usage: ./build-obfuscated.sh set -e if [ $# -ne 3 ]; then echo "Usage: $0 " exit 1 fi SERVER_URL="$1" USERNAME="$2" PASSWORD="$3" # Generate a random obfuscation key (64 hex chars) OBFUSCATION_KEY=$(openssl rand -hex 32) echo "Building with obfuscated credentials..." echo "Server: $SERVER_URL" echo "User: $USERNAME" echo "Password: ${PASSWORD:0:10}..." echo "Obfuscation Key: ${OBFUSCATION_KEY:0:16}..." echo "" # Function to obfuscate a string using XOR obfuscate_string() { local input="$1" local key="$2" local result="" local key_len=${#key} for ((i=0; i<${#input}; i++)); do # Get character from input and key input_char="${input:$i:1}" key_char="${key:$((i % key_len)):1}" # Get ASCII values input_val=$(printf '%d' "'$input_char") key_val=$(printf '%d' "'$key_char") # XOR and convert back to char xor_val=$((input_val ^ key_val)) xor_char=$(printf "\\$(printf '%03o' $xor_val)") result+="$xor_char" done # Base64 encode the result for safe embedding echo -n "$result" | base64 -w0 } # Obfuscate credentials OBFUSCATED_SERVER=$(obfuscate_string "$SERVER_URL" "$OBFUSCATION_KEY") OBFUSCATED_USER=$(obfuscate_string "$USERNAME" "$OBFUSCATION_KEY") OBFUSCATED_PASSWORD=$(obfuscate_string "$PASSWORD" "$OBFUSCATION_KEY") # Build function build_tool() { local tool_name="$1" local tool_dir="$2" echo "Building $tool_name..." cd "$tool_dir" # Build with obfuscated credentials and de-obfuscation key go build \ -ldflags="-X main.ObfuscatedServer=$OBFUSCATED_SERVER \ -X main.ObfuscatedUser=$OBFUSCATED_USER \ -X main.ObfuscatedPassword=$OBFUSCATED_PASSWORD \ -X main.ObfuscationKey=$OBFUSCATION_KEY" \ -o ~/bin/"$tool_name" . echo "✓ $tool_name built successfully" } # Build nextcloud-client build_tool "nextcloud-client" "$SCRIPT_DIR/tools/go/nextcloud-client" # Build nextcloud-contacts build_tool "nextcloud-contacts" "$SCRIPT_DIR/tools/go/nextcloud-contacts" # Build nextcloud-calendar build_tool "nextcloud-calendar" "$SCRIPT_DIR/tools/go/nextcloud-calendar" # Build nextcloud-mail build_tool "nextcloud-mail" "$SCRIPT_DIR/tools/go/nextcloud-mail" echo "" echo "All tools built with obfuscated credentials!" echo "" echo "Obfuscation Details:" echo " Method: XOR cipher with random 256-bit key" echo " Key: $OBFUSCATION_KEY" echo " Encoded: Base64 for safe Go embedding" echo "" echo "Security Notes:" echo " ✓ Credentials are XOR encrypted with unique key" echo " ✓ Key changes on every build" echo " ✓ strings command shows only base64 gibberish" echo " ✓ Runtime de-obfuscation happens in memory" echo "" echo "Binaries installed at:" echo " ~/bin/nextcloud-client" echo " ~/bin/nextcloud-contacts" echo " ~/bin/nextcloud-calendar" echo " ~/bin/nextcloud-mail" echo "" echo "⚠️ Security Level: Medium" echo " This prevents casual extraction, but a determined attacker" echo " with knowledge of the de-obfuscation code could reverse it." echo " For production use, consider stronger encryption or environment" echo " variables for sensitive credentials."