9ef256ec0a
- build-obfuscated.sh: XOR encryption with random 256-bit key - obfuscation/obfuscation.go: Runtime de-obfuscation package - OBFUSCATION.md: Documentation and security comparison - Prevents casual extraction with 'strings' command - Medium security: Good for personal use, env vars for production
116 lines
3.2 KiB
Bash
Executable File
116 lines
3.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# Credential Obfuscation Build Script
|
|
# Encrypts credentials and embeds them in Go binaries
|
|
# Usage: ./build-obfuscated.sh <server-url> <username> <password>
|
|
|
|
set -e
|
|
|
|
if [ $# -ne 3 ]; then
|
|
echo "Usage: $0 <server-url> <username> <password>"
|
|
exit 1
|
|
fi
|
|
|
|
SERVER_URL="$1"
|
|
USERNAME="$2"
|
|
PASSWORD="$3"
|
|
|
|
# Generate a random obfuscation key (64 hex chars)
|
|
OBFUSCATION_KEY=$(openssl rand -hex 32)
|
|
|
|
echo "Building with obfuscated credentials..."
|
|
echo "Server: $SERVER_URL"
|
|
echo "User: $USERNAME"
|
|
echo "Password: ${PASSWORD:0:10}..."
|
|
echo "Obfuscation Key: ${OBFUSCATION_KEY:0:16}..."
|
|
echo ""
|
|
|
|
# Function to obfuscate a string using XOR
|
|
obfuscate_string() {
|
|
local input="$1"
|
|
local key="$2"
|
|
local result=""
|
|
local key_len=${#key}
|
|
|
|
for ((i=0; i<${#input}; i++)); do
|
|
# Get character from input and key
|
|
input_char="${input:$i:1}"
|
|
key_char="${key:$((i % key_len)):1}"
|
|
|
|
# Get ASCII values
|
|
input_val=$(printf '%d' "'$input_char")
|
|
key_val=$(printf '%d' "'$key_char")
|
|
|
|
# XOR and convert back to char
|
|
xor_val=$((input_val ^ key_val))
|
|
xor_char=$(printf "\\$(printf '%03o' $xor_val)")
|
|
|
|
result+="$xor_char"
|
|
done
|
|
|
|
# Base64 encode the result for safe embedding
|
|
echo -n "$result" | base64 -w0
|
|
}
|
|
|
|
# Obfuscate credentials
|
|
OBFUSCATED_SERVER=$(obfuscate_string "$SERVER_URL" "$OBFUSCATION_KEY")
|
|
OBFUSCATED_USER=$(obfuscate_string "$USERNAME" "$OBFUSCATION_KEY")
|
|
OBFUSCATED_PASSWORD=$(obfuscate_string "$PASSWORD" "$OBFUSCATION_KEY")
|
|
|
|
# Build function
|
|
build_tool() {
|
|
local tool_name="$1"
|
|
local tool_dir="$2"
|
|
|
|
echo "Building $tool_name..."
|
|
|
|
cd "$tool_dir"
|
|
|
|
# Build with obfuscated credentials and de-obfuscation key
|
|
go build \
|
|
-ldflags="-X main.ObfuscatedServer=$OBFUSCATED_SERVER \
|
|
-X main.ObfuscatedUser=$OBFUSCATED_USER \
|
|
-X main.ObfuscatedPassword=$OBFUSCATED_PASSWORD \
|
|
-X main.ObfuscationKey=$OBFUSCATION_KEY" \
|
|
-o ~/bin/"$tool_name" .
|
|
|
|
echo "✓ $tool_name built successfully"
|
|
}
|
|
|
|
# Build nextcloud-client
|
|
build_tool "nextcloud-client" "$SCRIPT_DIR/tools/go/nextcloud-client"
|
|
|
|
# Build nextcloud-contacts
|
|
build_tool "nextcloud-contacts" "$SCRIPT_DIR/tools/go/nextcloud-contacts"
|
|
|
|
# Build nextcloud-calendar
|
|
build_tool "nextcloud-calendar" "$SCRIPT_DIR/tools/go/nextcloud-calendar"
|
|
|
|
# Build nextcloud-mail
|
|
build_tool "nextcloud-mail" "$SCRIPT_DIR/tools/go/nextcloud-mail"
|
|
|
|
echo ""
|
|
echo "All tools built with obfuscated credentials!"
|
|
echo ""
|
|
echo "Obfuscation Details:"
|
|
echo " Method: XOR cipher with random 256-bit key"
|
|
echo " Key: $OBFUSCATION_KEY"
|
|
echo " Encoded: Base64 for safe Go embedding"
|
|
echo ""
|
|
echo "Security Notes:"
|
|
echo " ✓ Credentials are XOR encrypted with unique key"
|
|
echo " ✓ Key changes on every build"
|
|
echo " ✓ strings command shows only base64 gibberish"
|
|
echo " ✓ Runtime de-obfuscation happens in memory"
|
|
echo ""
|
|
echo "Binaries installed at:"
|
|
echo " ~/bin/nextcloud-client"
|
|
echo " ~/bin/nextcloud-contacts"
|
|
echo " ~/bin/nextcloud-calendar"
|
|
echo " ~/bin/nextcloud-mail"
|
|
echo ""
|
|
echo "⚠️ Security Level: Medium"
|
|
echo " This prevents casual extraction, but a determined attacker"
|
|
echo " with knowledge of the de-obfuscation code could reverse it."
|
|
echo " For production use, consider stronger encryption or environment"
|
|
echo " variables for sensitive credentials."
|