Using SHC to encrypt bash scripts

Summary
Previously written to see other people write scripts with SHC encryption, I also have to understand the next.

SHC represents shell script compiler, the shell scripting compiler. A script that has been compiled by SHC is not readable to ordinary users, so if you want to protect your code (for example, with a key), you can consider SHC; however, some people can use the reverse compiler to crack the SHC encrypted script.
Let's start by introducing:

I. Using SHC to encrypt bash scripts
1. Download and compile SHC
# wget Http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar Xvfz shc-3.8.7.tgz
# CD shc-3.8.7
# make
You can find the latest source code on the SHC official website.
Now we verify that the SHC is properly installed:
$./shc-v
SHC Parse (-f): No source file specified

SHC USAGE:SHC [-E Date] [-M addr] [-I iopt] [-X CMND] [-L-lopt] [-rvdtcah]-F Script
2. Create a Test bash script
#!/bin/bash

Echo-n "How many random numbers does you want to generate?"
Read Max

for (start = 1; start <= $max; start++))
Do
ECHO-E $RANDOM
Done
3. Use SHC to encrypt bash scripts
$./shc-f random.sh
After that we can see two more files:
$ ll random.sh*
-rwxr-xr-x 1 Lesca Lesca 153 2012-05-16 06:34 random.sh*
-rwx–x–x 1 Lesca lesca 10512 2012-05-16 06:34 random.sh.x*
-rw-r–r–1 Lesca Lesca 10145 2012-05-16 06:34 random.sh.x.c
Random.sh is the original, non-encrypted bash script
Random.sh.x is an encrypted binary format bash script
RANDOM.SH.X.C is the C source code of random.sh. The file was converted from random.sh, and SHC was encrypted by converting the bash script to C.
$ file random.sh*
Random.sh:bourne-again Shell Script Text executable
Random.sh.x:elf 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for gnu/li Nux 2.6.15, stripped
Random.sh.x.c:ascii C Program Text
4. Execute an encrypted bash script
$./random.sh.x
How many random numbers does you want to generate? 3
15146
20741
17825
Ii. other functions of the SHC
1. Set the script age
We can specify the expiration date of the program through SHC, the program will expire after expiration, and any user attempting to run will receive an error message. SHC uses the-e dd/mm/yyyy to turn on this feature:
$./SHC-E 31/12/2011-f random.sh
If the program expires, you will get the following message:
$./random.sh.x
./random.sh.x:has expired!
Please contact your provider
With the-M "message" option, we can specify the message to output when an error occurs:
$./SHC-E 31/12/2011-m "Contact [e-mail protected] for new version of this script"-F random.sh

$./random.sh.x
./random.sh.x:has expired!
Contact [e-mail protected] for new version of this script
2. Create a repeatable release encryption script
-R: Allows the script to run on different hardware platforms on the same operating system
-T: Allow Ltrace, strace-like programs to trace scripts to run
-V: Output details
Typically-R is used with-t to create a repeatable and traceable cryptographic script, such as:
$./shc-v-r-t-F random.sh
SHC Shll=bash
SHC [-i]=-c
SHC [-x]=exec '%s ' "[email protected]"
SHC [-l]=
SHC opts=
SHC:CC Random.sh.x.c-o random.sh.x
Shc:strip random.sh.x
Shc:chmod Go-r random.sh.x

$./random.sh.x
How many random numbers does you want to generate? 3
1311
19637
14891

Q:How do I encrypt my bash shell script on Linux environment? The shell script contains password, and I don ' t want others who has execute access to view the shell script and get the P Assword. Is there a-to encrypt my shell script?

A:first, as a best practice you should is not encrypting your shell script. You should really document your shell script properly so the anybody who views it understands exactly what it does. If it contains sensitive information like password, you should figure out a different approach to write the shell script W Ithout has to encrypt it.
That's being said, if you still insist in encrypting a shell script, you can use SHC utility as explained below. Please note this encrypted shell script created by SHC isn't readable by normal users. However someone who understands how this works can extract the original shell script from the encrypted binary created by Shc.
SHC stands for Shell script compiler.
1. Download SHC and install it
Download SHC and install it as shown below.
# wget Http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar Xvfz shc-3.8.7.tgz
# CD shc-3.8.7
# make
Verify that SHC is installed properly.
$./shc-v
SHC Parse (-f): No source file specified

SHC USAGE:SHC [-E Date] [-M addr] [-I iopt] [-X CMND] [-L-lopt] [-rvdtcah]-F Script
2. Create a Sample Shell Script
Create a sample Bash shell script that is like to encrypt using the SHC for testing purpose.
For testing purpose, let us create the following random.sh shell script which generates random numbers. You has to specify how many random numbers your like to generate.
$ VI random.sh
#!/bin/bash

Echo-n "How many random numbers does you want to generate?"
Read Max

for (start = 1; start <= $max; start++))
Do
ECHO-E $RANDOM
Done

$./random.sh
How many random numbers does you want to generate? 3
24682
1678
491
3. Encrypt the Shell Script Using SHC
Encrypt the random.sh shell scripting using SHC as shown below.
$./shc-f random.sh
This would create the following and the files:
$ ls-l random.sh*
-rwxrw-r–. 1 Ramesh Ramesh 149 Mar 01:09 random.sh
-rwx-wx–x. 1 Ramesh Ramesh 11752 Mar 01:12 random.sh.x
-rw-rw-r–. 1 Ramesh Ramesh 10174 Mar 01:12 random.sh.x.c
Random.sh is the original unencrypted shell script
Random.sh.x is the encrypted shell script in binary format
RANDOM.SH.X.C is the C source code of the random.sh file. This C source code was compiled to create the above encrypted random.sh.x file. The whole logic behind the SHC is to convert the random.sh shell script to random.sh.x.c C program (and of course compile That to generate the random.sh.x executable)
$ file random.sh
Random.sh:bourne-again Shell Script Text executable

$ file random.sh.x
Random.sh.x:elf 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for Gnu/linux 2.6 . Stripped

$ file Random.sh.x.c
Random.sh.x.c:ascii C Program Text
4. Execute the Encrypted Shell Script
Now, let us execute the encrypted shell script to make sure it works as expected.
$./random.sh.x
How many random numbers does you want to generate? 3
7489
10494
29627
Please note that the binary itself are still dependent on the shell (the first line provided in the random.sh. I.e/bin/bas h) to is available to execute the script.
5. Specifying expiration Date for Your Shell Script
Using SHC You can also specify an expiration date. I.e after this expiration date is somebody tries to execute the shell script, they ' ll get a error message.
Let us say so you don ' t want anybody to execute the random.sh.x after 31-dec-2011 (I used last year date for testing pur Pose).
Create a new encrypted shell script using "shc-e" option to specify expiration date. The expiration date is specified in the DD/MM/YYYY format.
$./SHC-E 31/12/2011-f random.sh
In this example, if someone tries to execute the random.sh.x, after 31-dec-2011, they ' ll get a default expiration message as shown below.
$./random.sh.x
./random.sh.x:has expired!
Please contact your provider
If you like to specify your own custom expiration message, use-m option (along WITH-E option as shown below).
$./SHC-E 31/12/2011-m "Contact [e-mail protected] for new version of this script"-F random.sh

$./random.sh.x
./random.sh.x:has expired!
Contact [e-mail protected] for new version of this script
6. Create Redistributable Encrypted Shell Scripts
Apart From-e, and-m (for expiration), your can also use the following options:
-R would relax security to create a redistributable binary this executes on other systems runs the same operating Syst EM as the one on which it is compiled.
-T would allow the created binary files to be traceable using programs like Strace, Ltrace, etc.
-V is for verbose
Typically might want to use both-r and-t option to craete a redistributable and tracable shell encrypted shell scrip T as shown below.
$./shc-v-r-t-F random.sh
SHC Shll=bash
SHC [-i]=-c
SHC [-x]=exec '%s ' "[email protected]"
SHC [-l]=
SHC opts=
SHC:CC Random.sh.x.c-o random.sh.x
Shc:strip random.sh.x
S

Using SHC to encrypt bash scripts