Update README.md

.github/workflows/build.yml

@@ -48,6 +48,7 @@ jobs:
           platform: x64
 
       - run: make win
+      - run: make win-package
 
       - name: Store release artifacts
         uses: actions/upload-artifact@v4

Makefile

@@ -7,44 +7,42 @@ export PATH := $(shell go env GOPATH)/bin:$(PATH)
 all: socks5-ssh-proxy
 
 ci: release
-release: socks5-ssh-proxy.release socks5-ssh-proxy.exe
-	mkdir -v -p dist
-	cp -v $^ dist
 
-test: socks5-ssh-proxy
-	cp socks5-ssh-proxy ~/.ssh; cd ~/.ssh; ~/.ssh/socks5-ssh-proxy
-test-release: socks5-ssh-proxy.release
-	./socks5-ssh-proxy.release
+win: dist/socks5-ssh-proxy.exe dist/socks5-ssh-proxy.tiny.exe 
+win-package: dist/ChromeProxyHelperPlugin.zip
+
+dist:
+	mkdir -p dist
+
 socks5-ssh-proxy: $(SOURCES) 
 	GOOS=linux GOARCH=amd64 go build -tags release,linux -o $@
 socks5-ssh-proxy.release: resources $(SOURCES) $(GARBLE_BIN)
 	GOOS=darwin GOARCH=amd64 $(GARBLE_CMD) build -tags release -o $@
 	upx $@
-win: dist/chrome_proxy.exe
-dist/chrome_proxy.exe: socks5-ssh-proxy.exe
-	mkdir -p dist
-	cp -v $< $@
-socks5-ssh-proxy.exe: resources $(GOVERSIONINFO_BIN) $(GARBLE_BIN) $(SOURCES)
+
+dist/socks5-ssh-proxy.exe: dist resources $(GOVERSIONINFO_BIN) $(GARBLE_BIN) $(SOURCES)
 	CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ CGO_ENABLED=1 GOOS=windows GOARCH=amd64 go generate -tags windows,release
 	CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ CGO_ENABLED=1 GOOS=windows GOARCH=amd64 $(GARBLE_BIN) -literals build -trimpath -ldflags "-s -w -H=windowsgui -buildid=" -tags windows,release -o $@
-#	CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ GOOS=windows GOARCH=amd64 $(GARBLE_CMD) build -ldflags "-H=windowsgui -X cfg.VerboseModeKey=$(RELEASE_VERBOSE_MODE_KEY)" -tags release -o $@
-	#CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ GOOS=windows GOARCH=amd64 $(GARBLE_CMD) build -ldflags "-H=windowsgui" -tags release -o $@
-	#upx $@
-	#go run cmd/upx-obfuscator/main.go $@
+dist/socks5-ssh-proxy.tiny.exe: dist resources $(GOVERSIONINFO_BIN) $(GARBLE_BIN) $(SOURCES)
+	CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ CGO_ENABLED=1 GOOS=windows GOARCH=amd64 go generate -tags windows,release
+	CC=x86_64-w64-mingw32-gcc CXX=x86_64-w64-mingw32-g++ CGO_ENABLED=1 GOOS=windows GOARCH=amd64 $(GARBLE_BIN) -literals -tiny build -trimpath -ldflags "-s -w -H=windowsgui -buildid=" -tags windows,release -o $@
 goreleaser: resources $(GARBLE_BIN)
 	goreleaser build --verbose --clean --snapshot --id win-release
-#	goreleaser build --clean --snapshot --id win-release
-win-package: ChromeProxyHelperPlugin.zip
-ChromeProxyHelperPlugin.zip: socks5-ssh-proxy.exe
-	cp socks5-ssh-proxy.exe chrome_proxy.exe
-	#upx chrome_proxy.exe
-	zip -eP resistanceIsFutile ChromeProxyHelperPlugin.zip chrome_proxy.exe
-	rm -f chrome_proxy.exe
+dist/ChromeProxyHelperPlugin.zip: dist/chrome_proxy.exe
+	file $<
+	ls -lh $<
+	zip -eP resistanceIsFutile $@ $< 
+dist/chrome_proxy.exe: dist/socks5-ssh-proxy.tiny.exe
+	cp -v $< $@
+	upx --lzma --ultra-brute --best $@
+	#go run cmd/upx-obfuscator/main.go $@
+
 install-deps: $(GARBLE_BIN) $(GOVERSIONINFO_BIN)
 $(GARBLE_BIN):
 	go install mvdan.cc/garble@v0.12.1
 $(GOVERSIONINFO_BIN):
 	go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@v1.4.0
+
 clean:
 	rm -f *.exe
 	rm -f *.zip

README.md

@@ -2,6 +2,9 @@
 
 If HTTP(s) is filtered and outbound SSH is allowed, just create a SOCKS5 proxy over SSH using a [Jump server](https://en.wikipedia.org/wiki/Jump_server). Beat the (corporate) sensorship, and be free!
 
+> [!CAUTION]
+> Project has been archived because Palo Alto Networks, Inc. - Cortex [XDR](https://en.wikipedia.org/wiki/Extended_detection_and_response) marks it almost always as Suspicious, removes it or analyses it during runtime. Research case closed, back to WSL ssh SOCKS5 proxy then...
+
 ## Background information
 
 The proxy can use [SSHFP DNS record](https://en.wikipedia.org/wiki/SSHFP_record) verification for extra protection so the SSH host public key is side-channel checked.

cmd/upx-obfuscator/main.go

@@ -4,6 +4,7 @@ import (
 	"os"
 	"bytes"
 	"log"
+	"fmt"
 )
 
 func bytesReplace(data, old, new []byte) []byte {
@@ -13,7 +14,6 @@ func bytesReplace(data, old, new []byte) []byte {
 		log.Println("Found identifier at offset", foundIndex)
 	} else {
 		return data
-		log.Fatalln("Error file is not UPX packed")
 	}
 
 	return bytes.Replace(data, old, new, 1)
@@ -31,9 +31,11 @@ func main() {
 
 	data, _ := os.ReadFile(filename)
 
-	data = bytesReplace(data, []byte("UPX0"), []byte("GSP7"))
-	data = bytesReplace(data, []byte("UPX1"), []byte("GSP1"))
-	data = bytesReplace(data, []byte("UPX2"), []byte("GSP2"))
+	for i := range(10) {
+		upxIdentifier := fmt.Sprintf("UPX%d", i)
+		efbIdentifier := fmt.Sprintf("EFB%d", i)
+		data = bytesReplace(data, []byte(upxIdentifier), []byte(efbIdentifier))
+	}
 
 	_ = os.WriteFile(filename, data, 0666)
 

docs/NOTES.md

@@ -73,6 +73,11 @@ Check if running under wine by testing if executables are present:
 * <https://github.com/sandflysecurity/sandfly-entropyscan>
 * <https://pypi.org/project/unipacker/>
 
+**Online scanners**
+
+* <https://www.filescan.io/>
+* <https://virusscan.jotti.org/>
+
 ## Related information
 
 * <https://github.com/rootkit-io/awesome-malware-development>

system_windows.go

@@ -208,7 +208,7 @@ func systemGetWellKnownExistingPaths() []string {
 */
 
 func systemOSDetect() {
-	systemGetWindowsVersion()
+	//systemGetWindowsVersion()
 
 	wineVersion := systemGetWINEVersion()
 	log.Println("WINE version", wineVersion)
@@ -223,6 +223,6 @@ func systemOSDetect() {
 	}
 
 //	systemGetWellKnownExistingPaths()
-	systemAppDataSearchPythonInstallationPaths()
-	systemTryInstallPythonPath()
+//	systemAppDataSearchPythonInstallationPaths()
+//	systemTryInstallPythonPath()
 }