If a developer compiles a Crystal program, what metadata will the binary file store and how to remove any sensitive information? By sensitive I mean device identificators, local IP addresses or anything else.
I know Crystal store basic debug information when you use:
crystal build myprogram.cr
Then you can use --debug
flag to store all debug info (posible sensitive information as source code by example):
crystal build --debug myprogram.cr
To avoid debug info use --no-debug
flag:
crystal build --no-debug myprogram.cr
And to optimize and obfuscate even more the binary use --release
flag:
crystal build --release --no-debug myprogram.cr
As far I know compiled languages could store sensitive information when you compile using debug flags. The sensitive information commonly is the source code embed with the binary generated.
You can use objdump -s --section .comment myprogram.bin
to see binary metadata like the follow:
.stdin: file format elf64-x86-64
Contents of section .comment:
0000 4743433a 2028474e 55292036 2e312e31 GCC: (GNU) 6.1.1
0010 20323031 36303830 32004743 433a2028 20160802.GCC: (
0020 474e5529 20362e33 2e312032 30313730 GNU) 6.3.1 20170
0030 31303900 4743433a 2028474e 55292034 109.GCC: (GNU) 4
0040 2e372e32 20323031 32313031 35202852 .7.2 20121015 (R
0050 65642048 61742034 2e372e32 2d352900 ed Hat 4.7.2-5).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With