Update README and Dockerfiles to reflect optimized build process and image sizes. Added detailed explanations for compilation flags and enhanced binary stripping techniques. Introduced separate Dockerfile for optimized image with LZMA compression.

2025-07-05 00:03:12 +00:00
parent c47af35a65
commit 6fd3eac4b4
4 changed files with 160 additions and 22 deletions
--- a/README.md
+++ b/README.md
@@ -15,7 +15,8 @@ A minimal, ultra-compressed Docker image containing a password bruteforce tool t
 | Image | Size | Compression |
 |-------|------|-------------|
-| This tool | ~46KB | UPX ultra-brute |
+| This tool (optimized) | 42.5KB | UPX LZMA ultra-brute |
 | This tool (original) | 45.7KB | UPX ultra-brute |
 | Standard Alpine | ~5MB | None |
 | Standard Ubuntu | ~70MB | None |
@@ -29,19 +30,22 @@ A minimal, ultra-compressed Docker image containing a password bruteforce tool t
 ### Build Process
 1. **Multi-stage build** using Alpine Linux
-2. **Static compilation** with musl-gcc
+2. **Static compilation** with musl-gcc and aggressive optimization flags
-3. **Binary stripping** to remove debug symbols
+3. **Enhanced binary stripping** to remove debug symbols and unused sections
-4. **UPX compression** with ultra-brute mode
+4. **UPX LZMA compression** with ultra-brute mode for maximum compression
 5. **Scratch base image** for minimal size
 ## 🏗️ Building
 ```bash
-# Build the image
+# Build the optimized image (recommended)
 docker build -t bruteforce-optimized -f brute/source/Dockerfile.optimized brute/source
 # Build the original image
 docker build -t bruteforce-test -f brute/source/Dockerfile brute/source
-# Check image size
+# Check image sizes
-docker images bruteforce-test
+docker images bruteforce-optimized bruteforce-test
 ```
 ## 🚀 Usage
@@ -60,10 +64,17 @@ docker run --rm \
 #### Crack root password
 ```bash
 # Using optimized image (recommended)
 docker run --rm \
  --volume "/etc:/etc" \
  --volume "$(pwd)/brute/source/wordlist2.txt:/wordlist2.txt" \
  bruteforce-optimized:latest \
  root /wordlist2.txt
 # Using original image
 docker run --rm \
  --volume "/etc:/etc" \
  --volume "$(pwd)/brute/source/wordlist2.txt:/wordlist2.txt" \
  --user root \
  bruteforce-test:latest \
  root /wordlist2.txt
 ```
@@ -117,6 +128,32 @@ Password successfully cracked!
 - Root privileges (for accessing shadow file)
 ### Compilation Flags
 #### Optimized Version (Recommended)
 ```bash
 gcc -static -Os -s \
    -fomit-frame-pointer \
    -fdata-sections \
    -ffunction-sections \
    -fno-unwind-tables \
    -fno-asynchronous-unwind-tables \
    -Wl,--gc-sections \
    -Wl,--strip-all \
    -o bruteforce \
    bruteforce.c \
    yescrypt-ref.c \
    yescrypt-common.c \
    sha256.c \
    insecure_memzero.c \
    && strip --strip-all \
        --remove-section=.comment \
        --remove-section=.note.* \
        --remove-section=.eh_frame \
        bruteforce \
    && upx --lzma --ultra-brute bruteforce
 ```
 #### Original Version
 ```bash
 gcc -static -Os -s -o bruteforce \
    bruteforce.c \
@@ -130,9 +167,11 @@ gcc -static -Os -s -o bruteforce \
 ### Optimization Techniques
 - **Static linking**: No external dependencies
- **Size optimization**: `-Os` flag for minimal size
+- **Aggressive size optimization**: `-Os` flag with additional optimizations
- **Symbol stripping**: Remove debug symbols
+- **Enhanced symbol stripping**: Remove debug symbols and unused sections
- **UPX compression**: Ultra-brute mode for maximum compression
+- **UPX LZMA compression**: Ultra-brute mode with LZMA algorithm for maximum compression
 - **Dead code elimination**: `--gc-sections` to remove unused functions
 - **Frame pointer omission**: `-fomit-frame-pointer` for smaller binaries
 - **Scratch base**: No OS layer in final image
 ## 🛡️ Security Considerations
--- a/README.vi.md
+++ b/README.vi.md
@@ -15,7 +15,8 @@ Một Docker image siêu nhỏ, được nén tối đa chứa công cụ brutef
 | Image | Kích Thước | Nén |
 |-------|------------|-----|
-| Công cụ này | ~46KB | UPX ultra-brute |
+| Công cụ này (tối ưu) | 42.5KB | UPX LZMA ultra-brute |
 | Công cụ này (gốc) | 45.7KB | UPX ultra-brute |
 | Alpine chuẩn | ~5MB | Không |
 | Ubuntu chuẩn | ~70MB | Không |
@@ -29,19 +30,22 @@ Một Docker image siêu nhỏ, được nén tối đa chứa công cụ brutef
 ### Quy Trình Build
 1. **Multi-stage build** sử dụng Alpine Linux
-2. **Biên dịch tĩnh** với musl-gcc
+2. **Biên dịch tĩnh** với musl-gcc và các cờ tối ưu tích cực
-3. **Strip binary** để loại bỏ debug symbols
+3. **Strip binary nâng cao** để loại bỏ debug symbols và các section không sử dụng
-4. **Nén UPX** với chế độ ultra-brute
+4. **Nén UPX LZMA** với chế độ ultra-brute để nén tối đa
 5. **Base image scratch** để giảm kích thước tối đa
 ## 🏗️ Build
 ```bash
-# Build image
+# Build image tối ưu (khuyến nghị)
 docker build -t bruteforce-optimized -f brute/source/Dockerfile.optimized brute/source
 # Build image gốc
 docker build -t bruteforce-test -f brute/source/Dockerfile brute/source
 # Kiểm tra kích thước image
-docker images bruteforce-test
+docker images bruteforce-optimized bruteforce-test
 ```
 ## 🚀 Sử Dụng
@@ -60,10 +64,17 @@ docker run --rm \
 #### Crack mật khẩu root
 ```bash
 # Sử dụng image tối ưu (khuyến nghị)
 docker run --rm \
  --volume "/etc:/etc" \
  --volume "$(pwd)/brute/source/wordlist2.txt:/wordlist2.txt" \
  bruteforce-optimized:latest \
  root /wordlist2.txt
 # Sử dụng image gốc
 docker run --rm \
  --volume "/etc:/etc" \
  --volume "$(pwd)/brute/source/wordlist2.txt:/wordlist2.txt" \
  --user root \
  bruteforce-test:latest \
  root /wordlist2.txt
 ```
@@ -117,6 +128,32 @@ Password successfully cracked!
 - Quyền root (để truy cập file shadow)
 ### Cờ Biên Dịch
 #### Phiên Bản Tối Ưu (Khuyến Nghị)
 ```bash
 gcc -static -Os -s \
    -fomit-frame-pointer \
    -fdata-sections \
    -ffunction-sections \
    -fno-unwind-tables \
    -fno-asynchronous-unwind-tables \
    -Wl,--gc-sections \
    -Wl,--strip-all \
    -o bruteforce \
    bruteforce.c \
    yescrypt-ref.c \
    yescrypt-common.c \
    sha256.c \
    insecure_memzero.c \
    && strip --strip-all \
        --remove-section=.comment \
        --remove-section=.note.* \
        --remove-section=.eh_frame \
        bruteforce \
    && upx --lzma --ultra-brute bruteforce
 ```
 #### Phiên Bản Gốc
 ```bash
 gcc -static -Os -s -o bruteforce \
    bruteforce.c \
@@ -130,9 +167,11 @@ gcc -static -Os -s -o bruteforce \
 ### Kỹ Thuật Tối Ưu
 - **Link tĩnh**: Không có dependency bên ngoài
- **Tối ưu kích thước**: Cờ `-Os` để giảm kích thước
+- **Tối ưu kích thước tích cực**: Cờ `-Os` với các tối ưu bổ sung
- **Strip symbols**: Loại bỏ debug symbols
+- **Strip symbols nâng cao**: Loại bỏ debug symbols và các section không sử dụng
- **Nén UPX**: Chế độ ultra-brute để nén tối đa
+- **Nén UPX LZMA**: Chế độ ultra-brute với thuật toán LZMA để nén tối đa
 - **Loại bỏ code chết**: `--gc-sections` để loại bỏ các hàm không sử dụng
 - **Bỏ frame pointer**: `-fomit-frame-pointer` để giảm kích thước binary
 - **Base scratch**: Không có layer OS trong image cuối
 ## 🛡️ Cân Nhắc Bảo Mật
--- a/brute/source/Dockerfile
+++ b/brute/source/Dockerfile
@@ -1,6 +1,14 @@
 # Multi-stage build: Use Alpine for building, scratch for final image
 FROM alpine:latest AS build
 # Install build dependencies
 # build-base: gcc, make, and essential build tools
 # musl-dev: C library headers for static linking  
 # linux-headers: Kernel headers for system calls
 # upx: Ultimate Packer for eXecutables - binary compression tool
 RUN apk add --no-cache build-base musl-dev linux-headers upx
 # Set working directory for all subsequent operations
 WORKDIR /src
 # Copy all yescrypt source and header files flat
@@ -10,17 +18,32 @@ COPY yescrypt/yescrypt-common.c .
 COPY yescrypt/sha256.c .
 COPY yescrypt/insecure_memzero.c .
 # Copy main bruteforce source code
 COPY bruteforce.c .
 # Basic compilation with size optimization
 # -static: Create statically linked executable (no external dependencies)
 # -Os: Optimize for size, not speed
 # -s: Strip all symbol table and relocation information
 RUN gcc -static -Os -s -o bruteforce \
    bruteforce.c \
    yescrypt-ref.c \
    yescrypt-common.c \
    sha256.c \
    insecure_memzero.c \
    # Basic binary stripping:
    # --strip-all: Remove all symbol and debug information
    # --remove-section=.comment: Remove compiler/version comments
    && strip --strip-all --remove-section=.comment bruteforce \
    # UPX compression with standard settings:
    # --ultra-brute: Try all compression methods and use the best result
    && upx --ultra-brute bruteforce
 # Final stage: Start with completely empty image (scratch)
 FROM scratch
 # Copy only the final compressed binary from build stage
 COPY --from=build /src/bruteforce /
 # Set the default command for the container
 ENTRYPOINT ["/bruteforce"] 
--- a/brute/source/Dockerfile.optimized
+++ b/brute/source/Dockerfile.optimized
@@ -1,18 +1,39 @@
 # Multi-stage build: Use Alpine for building, scratch for final image
 # Alpine is the smallest base image (~5MB) with package manager
 FROM alpine:latest AS build
 # Install build dependencies with --no-cache to prevent package cache storage
 # build-base: gcc, make, and essential build tools
 # musl-dev: C library headers for static linking
 # linux-headers: Kernel headers for system calls
 # upx: Ultimate Packer for eXecutables - binary compression tool
 RUN apk add --no-cache build-base musl-dev linux-headers upx
 # Set working directory for all subsequent operations
 WORKDIR /src
-# Copy all yescrypt source and header files flat
+# Copy all yescrypt source and header files flat (no subdirectories)
 COPY yescrypt/*.h .
 COPY yescrypt/yescrypt-ref.c .
 COPY yescrypt/yescrypt-common.c .
 COPY yescrypt/sha256.c .
 COPY yescrypt/insecure_memzero.c .
 # Copy main bruteforce source code
 COPY bruteforce.c .
 # Enhanced compilation with maximum size optimization
 # Each flag explained:
 # -static: Create statically linked executable (no external dependencies)
 # -Os: Optimize for size, not speed
 # -s: Strip all symbol table and relocation information
 # -fomit-frame-pointer: Don't keep frame pointer in registers (saves one register)
 # -fdata-sections: Place each data item in its own section (enables dead code elimination)
 # -ffunction-sections: Place each function in its own section (enables dead code elimination)
 # -fno-unwind-tables: Don't generate unwind tables for exception handling
 # -fno-asynchronous-unwind-tables: Don't generate async unwind tables
 # -Wl,--gc-sections: Remove unused sections during linking (dead code elimination)
 # -Wl,--strip-all: Strip all symbols during linking
 RUN gcc -static -Os -s \
    -fomit-frame-pointer \
    -fdata-sections \
@@ -27,13 +48,29 @@ RUN gcc -static -Os -s \
    yescrypt-common.c \
    sha256.c \
    insecure_memzero.c \
    # Additional binary stripping to remove specific sections:
    # --strip-all: Remove all symbol and debug information
    # --remove-section=.comment: Remove compiler/version comments
    # --remove-section=.note.*: Remove all note sections (build info, ABI notes)
    # --remove-section=.eh_frame: Remove exception handling frame information
    && strip --strip-all \
        --remove-section=.comment \
        --remove-section=.note.* \
        --remove-section=.eh_frame \
        bruteforce \
    # UPX compression with maximum settings:
    # --lzma: Use LZMA compression algorithm (better ratio than default)
    # --ultra-brute: Try all compression methods and use the best result
    && upx --lzma --ultra-brute bruteforce
 # Final stage: Start with completely empty image (scratch)
 # This ensures absolute minimum size - no OS layer at all
 FROM scratch
 # Copy only the final compressed binary from build stage
 # --from=build: Copy from the build stage, not from host
 COPY --from=build /src/bruteforce /
 # Set the default command for the container
 # Array format prevents shell interpretation and reduces overhead
 ENTRYPOINT ["/bruteforce"]