Garble is an obfuscation tool for Go binaries. It transforms compiled Go programs by hashing identifiers, package paths, and filenames into short, opaque strings, making reverse engineering more difficult. The tool produces reproducible results from identical source and a user-supplied seed, enabling verifiable builds. Obfuscation can be restricted to only those packages that match user-defined patterns, leaving other parts of the codebase untouched. Constant string literals in the binary are replaced with runtime-resolved expressions to hide their original content.
The tool integrates directly into the Go build pipeline, automatically intercepting and modifying compilation and linking steps. It works by rewriting the Go AST at compile time, replacing identifiers and paths before the binary is produced. Build metadata such as debug position information, symbol tables, and unused symbols are stripped out, reducing binary size and removing clues for attackers. The obfuscation process is deterministic: given the same seed and source code, the output is identical across builds. Scope selection uses pattern matching to decide which packages to obfuscate, giving fine-grained control.
