SHC: How to encrypt and convert a shell script into a binary executable

Abstract

SHC is a free software (GPL v2) that takes a shell script and produces C source code. The generated source code is then compiled and linked to produce a stripped binary executable.

Introduction

There are some uncomfortable times when you will be asked to not distribute the source code of a shell script (eg. automation script, deployment script, maintenance etc ) that you wrote for a job you have taken as a freelancer or as a sysadmin for a private institution. This is where SCH comes in rescue.

SHC creates a stripped binary executable version of the script specified with -f on the command line. If you supply an expiration date with the -e option the compiled binary will refuse to run after the date specified. The message “Please contact your provider” will be displayed instead. This message can be changed with the -m option.

Materials and Methods

You can use the SHC once you install some dependencies and run a make and install

Install Required Packages

Install required packages for SHC compiler. For Debian/Ubuntu

sudo apt-get install libc6-dev 

Download and Build

Download the latest source code of SHC compiler:

Extract the zip and compile the SHC source code on your system and install it using the following commands.

cd where-the-extracted-is
make 
sudo make install

As of Debian 8.0+ (Jessie) and Ubuntu 15.04+ (Vivid) SHC (version 3.8.7-2) is available from the repositories. So if you are on any of this and you dont mind any bugs available on this older version (see Version bug fixes) you can simply install it by running:

sudo apt install shc

Usage

Use the following command to create a binary file of your script.sh

shc -T -f script.sh

OPTIONS

The command line options that are aalso available are:

-e date: Expiration date in dd/mm/yyyy format [default:none]

-m message: message to display upon expiration [default: “Please contact your provider”]

-f script_name: File name of the script to compile

-i inline_option: Inline option for the shell interpreter i.e: -e

-x comand: exec command, as a printf format i.e: exec(‘%s’,@ARGV);

-l last_option: Last shell option i.e: —

-r Relax security. Make a redistributable binary which executes on different systems running the same operating system.

-v Verbose compilation -D Switch on debug exec calls

-T Allow binary to be traceable (using strace, ptrace, truss, etc.)

-C Display license and exit

-A Display abstract and exit

-h Display help and exit

Results and Discussion

SHC itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell -c option. Unfortunatelly, it will not give you any speed improvement as a real C program would.

The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e. #!/bin/sh), thus shc does not create completely independent binaries.

SHC’s main purpose is to protect your shell scripts from modification or inspection. You can use it if you wish to distribute your scripts but don’t want them to be easily readable by other people.

References

SHC is a tool writen by Francisco Rosales Garcia and distributed under the terms of GNU GPL version 2

  1. Author: Francisco Rosales Garcia
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s