Protecting Shell scripts with compiled binary

Protecting Shell scripts with compiled binary

Mahesh Wakade Mahesh Wakade

Mahesh Wakade

Published Jan 6, 2023
+ Follow

I believe open source activities are very important for developing great software programs and systems but I also think there should not be stealing of code and design. Sometimes, When we write shell scripts and just would like to secure them and keep their implementation hidden. Shell scripts are very easy to write for minimizing certain time-consuming tasks.

There is a very good way to solve this problem. Francisco Javier Rosales García developed free software, a generic script compiler called SHC. shc itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary that behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell -c option.

We get an executable file after post-processing the shell script with shc with the following command. Perl script can also be protected using this application.

Recommended by LinkedIn

I Spent 15 Years Reverse Engineering a Dead Programming Language Nobody Asked Me To
I Spent 15 Years Reverse Engineering a Dead…
Charles W. 1 month ago
Unleashing the Full Potential of Kotlin-CLI and GraalVM: The Birth of the "SFTP-file-downloader-and-renamer"
Unleashing the Full Potential of Kotlin-CLI and…
Joshua Harding 3 years ago
Backup config. of 500 nodes in 8 seconds!
Backup config. of 500 nodes in 8 seconds!
Ahmed Dimah 6 years ago
Syntax:
shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-o outfile] [-rvDSUHCABh] -f script



shc Usage: 

shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-o outfile] [-rvDSUHCABh] -f script


    -e %s  Expiration date in dd/mm/yyyy format [none]
    -m %s  Message to display upon expiration ["Please contact your provider"]
    -f %s  File name of the script to compile
    -i %s  Inline option for the shell interpreter i.e: -e
    -x %s  eXec command, as a printf format i.e: exec('%s',@ARGV);
    -l %s  Last shell option i.e: --
    -o %s  output filename
    -r     Relax security. Make a redistributable binary
    -v     Verbose compilation
    -S     Switch ON setuid for root callable programs [OFF]
    -D     Switch ON debug exec calls [OFF]
    -U     Make binary untraceable [no]
    -H     Hardening : extra security protection [no]
           Require bourne shell (sh) and parameters are not supported
    -C     Display license and exit
    -A     Display abstract and exit
    -B     Compile for busybox
    -h     Display help and exit


    Environment variables used:
    Name    Default  Usage
    CC      cc       C compiler command
    CFLAGS  <none>   C compiler flags
    LDFLAGS <none>   Linker flags

To view or add a comment, sign in

More articles by Mahesh Wakade

  • Mathematics behind public key cryptography
    Oct 26, 2016

    Mathematics behind public key cryptography

    Prime number and their occurrence pattern is matter of interest for many. Several mathematicians in past and current…

    1 Comment

Others also viewed

Explore content categories