Shell script encryption tool shc
shc is a tool for encrypting shell scripts. Its function is to convert shell scripts into an executable binary file.
Application scenarios
It is simple, convenient and portable to use shell scripts to automatically maintain the system. However, shell scripts are readable and writeable and are likely to leak sensitive information, such as username, password, path, IP, etc.
For scripts that contain some sensitive information, we usually want to make binary programs to prevent users from seeing the source code. For those with this need, we usually use shc or gzexe. I personally recommend shc.
shc installation and use
yum -y install shc or apt install shc
Let's write a script
# cat #!/bin/bash echo "this is shc test"
Encrypt with shc
shc -r -v -f
shc -r -f script-name Note: There must be the -r option, -f followed by the script name to be encrypted.
# ls -l total 36 -rw-r--r-- 1 root root 37 12moon 20 21:48 -rwx--x--x 1 root root 11160 12moon 20 21:48 -rw-r--r-- 1 root root 9433 12moon 20 21:48
Two files will be generated after encryption
Source File
Encrypted binary files
The C language version source code corresponding to the script
Execute the encrypted file
# ./ this is shc test
shc decryption
There are now corresponding unshc decryption programs on the market, let's go to github to check it out.
/yanncam/UnSHc/
Support x86 mips arm architecture CPU
But for my test results, it should be the best for x86 support. The author maintains it himself, and the others are maintained by third-party individuals, and the compatibility is poor.
# ./ /tmp/ -o _ _ _____ _ _ | | | | / ___| | | | | | | |_ __ \ `--.| |_| | ___ | | | | '_ \ `--. \ _ |/ __| | |_| | | | /\__/ / | | | (__ \___/|_| |_\____/\_| |_/\___| --- UnSHc - The shc decrypter. --- Version: 0.8 ------------------------------ UnSHc is used to decrypt script encrypted with SHc Original idea from Luiz Octavio Duarte (LOD) Updated and modernized by Yann CAM - SHc : [/~frosal/] - UnSHc : [/unshc-the-shc-decrypter/] ------------------------------ [*] Input file name to decrypt [/tmp/] [+] Output file name specified [] [+] ARC4 address call candidate : [0x400d06] [*] Extracting each args address and size for the 14 arc4() calls with address [0x400d06]... [0] Working with var address at offset [0x602179] (0x2a bytes) [1] Working with var address at offset [0x602121] (0x1 bytes) [2] Working with var address at offset [0x602319] (0xa bytes) [3] Working with var address at offset [0x602170] (0x3 bytes) [4] Working with var address at offset [0x6020e0] (0xf bytes) [5] Working with var address at offset [0x602141] (0x1 bytes) [6] Working with var address at offset [0x602127] (0x16 bytes) [7] Working with var address at offset [0x602144] (0x16 bytes) [8] Working with var address at offset [0x60215d] (0x13 bytes) [9] Working with var address at offset [0x6021ad] (0x1 bytes) [10] Working with var address at offset [0x6021ae] (0x1 bytes) [11] Working with var address at offset [0x6020f9] (0x26 bytes) [12] Working with var address at offset [0x6021b3] (0x13 bytes) [13] Working with var address at offset [0x6021c8] (0x13 bytes) [*] Extracting password... [+] PWD address found : [0x6021ec] [+] PWD size found : [0x100] [*] Executing [/tmp/MYoKED] to decrypt [/tmp/] [*] Retrieving initial source code in [] [*] All done! root@Develop:~/UnSHc-master/latest# cat #!/bin/bash echo "this is shc test"
It can be seen that the source code is directly decrypted, and the support for x86 is very good. The principle is to add 4096 bytes of garbled code to the head. And the shc encrypted script can see the source code of the shell when it is run by ps -ef. Therefore, shc is not really useful!
The above is the detailed content of the shell script encryption tool shc. For more information about the shell script encryption tool, please follow my other related articles!