Encrypt shell script

millan · July 22, 2013, 1:41am

Hi,

We have some scripts which will run in other project..So the requirement is that we dont want that they should see our code though they can run it. I have done some searching about how to encrypt the shell script and found SHC utillity as the answer.

Can anybody please suggest how will i do it. I tried to install it using wget command but this command is not available here. i am using solaris.

And is it dependent on the OS? What i mean here is, if i encrypt the scripts in solaris after installing SHC, will these run in HPux or Linux even though no SHC installed there?Or do you see any disadvantage of using this utillity.

Thanks in advance.

rajamadhavan · July 22, 2013, 1:49am

You can just use unix permissions to make it executable only.

millan · July 22, 2013, 3:39am

That team works in a different server.

I tried your solution.. changed the permission to 744..after i downloaded those and put it in another server it 's default permission changed to 644 because of the umask value in that server.

So i dont think this is the appropriate solution of what i m looking for.

Anyother idea is appreciated.

balajesuri · July 22, 2013, 4:01am

shc converts a shell script to a C source code and then uses the available compiler to compile it to a binary. The binary is just like any other executable and though I have not used this shc utility myself, I don't see a reason why it shouldn't work on other linux machines.

To know how to work with shc, please look into the man pages. They should be pretty comprehensive.

millan · July 22, 2013, 7:34am

This utillity is not available in my server..i have checked with man and which command.Can anyone please help me where to download this.

balajesuri · July 22, 2013, 9:09am

http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9.tgz

millan · July 29, 2013, 4:10am

During installing this shc utility in solaris i am getting below error.

 
$ make
/opt/SUNWspro/bin/cc -Wall shc.c -o shc
cc: illegal option -Wall
*** Error code 1
make: Fatal error: Command failed for target `shc'

I was serching for the error, found that i have to comment out all CFLAGS definitions except below one.

 
CFLAGS = -fast -xO4 -s -v -Xa

So where can i find the file(filename and location) containing these definitions?

Or is there any alterative way to avoid this error.

Priy · November 27, 2013, 4:25am

Can anyone decrypt shc encrypted code again ?

Chubler_XL · November 27, 2013, 4:58am

Never tried, but it should be possible to replace the interpreter shc is calling (/bin/bash /bin/sh etc) with our own code that simply saved it's input. I wouldn't trust anything in a shc compiled script as secure.

Corona688 · November 27, 2013, 10:44am

It will be very difficult to get the shell code out of a shc'ed program, since I think it's all turned into assembly. They could disassemble it but it'd be an immense amount of detective work to retrace its steps.

I don't think shc depends on an external shell. There'd be precious little point.

Text strings are another matter. They may be directly extractable via the strings utility.

If you cannot protect the destination file itself, shc is about the best you can manage.

Chubler_XL · November 27, 2013, 2:55pm

From the manual

Strings will not work because the script is encrypted within the binary, so it's by no means a trivial job to get at the script source, but I would not be putting any credit card numbers, banking details or passwords in there!

Corona688 · November 27, 2013, 2:58pm

Well, dang. That's not even any improvement on the other rube-goldberg machines. No security benefit, no speed benefit, why bother?