Never Ending Security

It starts all here

How To Encrypt Bash Scripts

How to Encrypt Bash Script

if you want to encrypt your bash script for some reason, you can do that with SHC utility. Encrypting your script with SHC provides you with a basic type of protection. Please note that the encrypted shell script created by shc is not readable by a regular users but a skilled user can extract the original shell script from the encrypted binary. General rule is to avoid shell script encryption and use better solutions for your problem.

SHC stands for shell script compiler.

Download

Download shc and install it as shown below.

# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9.tgz
# tar xvfz shc-3.8.9.tgz
# cd shc-3.8.9
# make

Verify that shc is installed properly.

$ ./shc -v
shc parse(-f): No source file specified

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script

Create a Sample Shell Script

Create a sample bash shell script that you like to encrypt using shc for testing purpose.

$ vi random.sh
#!/bin/bash

echo -n "How many random numbers do you want to generate? "
read max

for (( start = 1; start <= $max; start++ ))
do
  echo -e $RANDOM
done

$ ./random.sh
How many random numbers do you want to generate? 3
54213
7542
465

Encrypt the Shell Script Using shc

Encrypt the random.sh shell scripting using shc as shown below.

$ ./shc -f random.sh

This will create the following two files:

$ ls -l random.sh*
-rwxrw-r--. 1 ramesh ramesh   149 Mar 27 01:09 random.sh
-rwx-wx--x. 1 ramesh ramesh 11752 Mar 27 01:12 random.sh.x
-rw-rw-r--. 1 ramesh ramesh 10174 Mar 27 01:12 random.sh.x.c
  • random.sh is the original unencrypted shell script
  • random.sh.x is the encrypted shell script in binary format
  • random.sh.x.c is the C source code of the random.sh file. This C source code is compiled to create the above encrypted random.sh.x file. The whole logic behind the shc is to convert the random.sh shell script to random.sh.x.c C program (and of course compile that to generate the random.sh.x executable)
$ file random.sh
random.sh: Bourne-Again shell script text executable

$ file random.sh.x
random.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux, stripped

$ file random.sh.x.c
random.sh.x.c: ASCII C program text

Execute the Encrypted Shell Script

Now, let us execute the encrypted shell script to make sure it works as expected.

$ ./random.sh.x
How many random numbers do you want to generate? 3
2189
76234
34678

Please note that the binary itself is still dependent on the shell (the first line provided in the random.sh. i.e /bin/bash) to be available to execute the script.

Specifying Expiration Date

Using shc you can also specify an expiration date. i.e After this expiration date when somebody tries to execute the shell script, they’ll get an error message.

$ ./shc -e 31/12/2014 -f random.sh

In this example, if someone tries to execute the random.sh.x, after 31-Dec-2014, they’ll get a default expiration message as shown below.

$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider

If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).

$ ./shc -e 31/12/2014 -m "Contact admin@n0where.net for new version of this script" -f random.sh

$ ./random.sh.x
./random.sh.x: has expired!
Contact admin@n0where.net for new version of this script

Create Redistributable Encrypted Shell Scripts

Apart from -e, and -m (for expiration), you can also use the following options:

  • -r will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
  • -T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
  • -v is for verbose

Typically you might want to use both -r and -T option to create a re-distributable and traceable shell encrypted shell script as shown below.

$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc  random.sh.x.c -o random.sh.x
shc: strip random.sh.x
shc: chmod go-r random.sh.x

$ ./random.sh.x
How many random numbers do you want to generate? 3
28954
1410
15234

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s