git rebase -x "python -c \\\\\\"import subprocess; refs , errs = subprocess.Popen('git rev-parse HEAD', stdout = subprocess.PIPE).communicate(); subprocess.call('git commit --no-edit --quiet --amend --date=\\\\\\\\\\\\\\"" + str(date) + "\\\\\\\\\\\\\\" --author=\\\\\\\\\\\\\\"" + author + " <" + email + ">\\\\\\\\\\\\\\" --message=\\\\\\\\\\\\\\"" + msg + "\\\\\\\\\\\\\\"', shell = True) if str(refs.decode('utf-8')).strip() == '" + tgt + "' else True\\\\\\""" --rebase-merges $start_hash$

 This beauty of a command allows us to edit the author, commit message, date and committer email of a commit with hash tgt in our commit history. To understand the why and the how some background is necessary.  

 Cyber deception is a domain of cyber security, in which adversaries are shown fake information or given access to fake machines that appear to be part of the real system. This allows defenders to monitor their adversary as well as waste their time and resources. While working on a project to create tooling for cyber deception operations, I was given the task of obfuscating the git commit history in order to litter code on a deception machine. Some requirements that made things more difficult were the ability to edit commit messages and maintain the merge history. This open ended task resulted in the above command through a process of trial and error. 

 The first step was to interact with GitHub's API in order to allow a search for repos based on the user's specifications. This required token authentication and the construction of a dictionary of parameters for the search. Then we get the hash of the latest commit from the GitHub repo object and clone it via the command line. Finally, we remove all evidence of the remote repo, which wraps up the initialization. 

 Beyond the command line interaction exists the 'plumbing' of the git version control system. In a simplified view git consists of commits, trees and blobs. Commits store the authors name, the date a pointer to a tree and a pointer to the previous commit. A tree maintains pointers to blobs which are the hashed files in the repository. So in order to change the first commit in the repo we must adjust the pointer values stored all the way up to the commit tree. This leads us to our outermost command. 

cmd = 'git rebase -x "' + py_cmd + '" --rebase-merges ' + start_hash

 This command rebases our git history starting from the earliest commit, while the -x flag specifies the that the py_cmd should be executed at every commit during the rebase. However, we cannot edit every commit in the same pass or the merge history structure will not be maintained. To accommodate this our py_cmd consists of code that checks the hash of the HEAD (current commit in the rebase) and executes the inner command if we are at the target hash. This method needs to be dynamic as the commit hash changes with each edited pass of the commit history.  

py_cmd = "python -c \\\\\\"import subprocess; refs , errs = subprocess.Popen('git rev-parse HEAD', stdout = subprocess.PIPE).communicate(); subprocess.call('" + inner_cmd + "', shell = True) if str(refs.decode('utf-8')).strip() == '" + tgt + "' else True\\\\\\""

 Finally, this is the inner command that is executed at the target commit and handles the editing of the date, author email and commit message. 

inner_cmd = "git commit --no-edit --quiet --amend --date=\\\\\\\\\\\\\\"" + str(date) + "\\\\\\\\\\\\\\" --author=\\\\\\\\\\\\\\"" + author + " <" + email + ">\\\\\\\\\\\\\\" --message=\\\\\\\\\\\\\\"" + msg + "\\\\\\\\\\\\\\""

 This command is part of a larger code base that allows the user to populate a machine with obfuscated code and a realistic git history and it was satisfying to write.