wails icon indicating copy to clipboard operation
wails copied to clipboard
verified publisher icon wailsapp

[v3] How to enable obfuscation

Open ToQuery opened this issue 5 months ago • 13 comments

Enable obfuscated as in version v2

ToQuery avatar Sep 06 '25 09:09 ToQuery

Wails v3 supports obfuscation using the garble tool, just like v2. To enable it, run:

wails build -obfuscated

You can customize obfuscation with the -garbleargs flag, for example:

wails build -obfuscated -garbleargs "-literals -tiny -seed=myrandomseed"

These settings can also be saved in your project config. In obfuscated builds, backend methods are bound using IDs, so make sure your frontend uses the generated bindings from the wailsjs directory for everything to work correctly. More details and examples are in the official documentation.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Chat with Dosu Join Discord Share on X

dosubot[bot] avatar Sep 06 '25 09:09 dosubot[bot] 

 wails3 build -obfuscated

  ERROR   Error: flag provided but not defined: -obfuscated
          See 'wails build --help' for usage

ToQuery avatar Sep 06 '25 10:09 ToQuery

The -obfuscated flag isn't recognized in Wails v3 because the build system no longer supports direct CLI flags for obfuscation. Instead, Wails v3 uses a Taskfile-based build system, so you need to add obfuscation (for example, using garble) as a custom step in your Taskfile.yml or platform-specific Taskfiles.

To enable obfuscation, edit your build task to run garble build instead of go build, or add a new task (like release) that does this. You can customize the build process and variables as needed. See the Wails v3 build docs for details and examples on customizing your Taskfile.

This approach gives you full control over the build pipeline, including integrating obfuscation or any other tooling you need.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Chat with Dosu Join Discord Share on X

dosubot[bot] avatar Sep 06 '25 10:09 dosubot[bot]

@dosu has started getting worse. I'm considering disabling it :/

@ToQuery - we've got an ongoing conversation about how we can access the obfuscated names so we can map them in bindings but so far they haven't come up with a solution. Once there is one, we will support it.

leaanthony avatar Sep 07 '25 02:09 leaanthony

There’s currently no official obfuscation support or CLI flag in Wails v3 because the build system is now Taskfile-based and fully customizable—so you can technically add obfuscation tools like garble by editing your Taskfile.yml, but this isn’t officially supported yet. The main blocker is that mapping obfuscated names for frontend/backend bindings hasn’t been solved, and maintainers are still working on a solution. Until that’s in place, any obfuscation workaround risks breaking your bindings. If you want guidance on customizing Taskfile.yml for obfuscation (with these caveats), let me know. For now, best to watch for updates as this is an active area of discussion and development.
More details on the build system and customization

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Chat with Dosu Join Discord Share on X

dosubot[bot] avatar Sep 07 '25 02:09 dosubot[bot]

After simultaneously applying garble -literals -tiny, frontend projects failed to invoke services. 😢

ToQuery avatar Sep 09 '25 16:09 ToQuery

We're waiting on some upstream changes in garble.

leaanthony avatar Sep 10 '25 12:09 leaanthony

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within the next 10 days.

If this issue is still relevant, please add a comment to keep it open. Thank you for your contributions.

github-actions[bot] avatar Oct 26 '25 01:10 github-actions[bot]

Hey ! Any update on this ?

Did Garble made the changes so we can enable obfuscation for v3 ?

crepefeu avatar Nov 10 '25 15:11 crepefeu

Nope. We may go to beta without this and add it afterwards unless you're keen to chase it up

leaanthony avatar Nov 11 '25 09:11 leaanthony

I am actually ! Will try to look into what is possible but I don't promise anything, will update if I find something

crepefeu avatar Nov 11 '25 10:11 crepefeu

Nope. We may go to beta without this and add it afterwards unless you're keen to chase it up

By chance do you have an issue or something that is opened on their side (garble) so I can track that ?

crepefeu avatar Nov 11 '25 10:11 crepefeu

AMAZING! This PR was the start of the conversation.

For context: Garble will naturally break the bindings from JS to Go because we reference the target method via a string with CallByName. We added CallByID to get around this but it still broke for whatever reason (oh it was because we took a hash of the string but after obfuscation the string changes anyway so meh). The ideal scenario is where we can run garble in a "dry run" mode to find out what identifiers become during the obfuscation process, then we can generate bindings against those new identifiers. V2 had a different (and way more crappy) approach: it would run a build with the bindings build tag which would effectively load in the bound methods and then determine the order they were being stored, then wrote out the index of those methods into bindings and then recompiled again with those bindings. IT turns out we are (so far) just lucky they are the same during multiple builds 😬 This v2 method is brittle as hell and actually makes builds hang if you have anything in main that hangs or loops or whatever. In v3, we use static analysis for bindings which is WAY more robust but what we need is a dry run to make garble tell us that "main.Service.Method" now maps to "AESF#EFef32qw3fe" so that the bindings try to call THAT and it all aligns.

I hope that's useful!

leaanthony avatar Nov 11 '25 11:11 leaanthony