Shc (shell script compiler)
shc is a shell script compiler for Unix-like operating systems written in the C programming language. The Shell Script Compiler (SHC) encodes and encrypts shell scripts into executable binaries. Compiling shell scripts into binaries provides protection against accidental changes and source code modification, and is a way of hiding shell script source code.[1]
Mechanism
[edit]shc
takes a shell script which is specified on the command line by the -f
option and produces a C source code of the script with added encryption. The generated source code is then compiled and linked to produce a binary executable. It is a two step process where, first, it creates a filename.x.c
file of the shell script file filename
. Then it is compiled with cc -$CFLAGS filename.x.c
to create the binary from the C source code with the default C compiler.[1]
The compiled binary will still be dependent on the shell specified in the shebang (eg. #!/bin/sh
), thus shc
does not create completely independent binaries.[2]
shc
itself is not a compiler such as the C compiler, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system C compiler to compile the source shell script and build a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shells'-c
option.[2]
Versions
[edit]Version | Release Date | Changes | |
---|---|---|---|
shc-3.9.3 | 30-Jul-2016 | zsh support and fix for ksh shell[4] | |
shc-3.9.2 | 21-Aug-2015 | Added Busybox support ( -B flag to compile for Busybox[2]). | |
shc-3.9.1 | 03-Apr-2015 | Set -T option as default, and renaming it to -U to its counter logic | |
shc-3.9.0 | 01-Apr-2015 | Adding output file option with [-o filename] and bug fixes | |
shc-3.8.9 | 04-Dec-2013 | Fixing a long-standing bug making the source not hidden | |
shc-3.8.7 | 10-Feb-2010 | Bug on 64bit systems with expiration dates | |
shc-3.8.5 | 10-Feb-2010 | ||
shc-3.8.3 | 10-Jul-2006 | Fixed untraceable() problems on FreeBSD | |
shc-3.8.2 | 06-Jul-2006 | Read permission of the script.x exposes it to disassembling.
Group and others read permission is now removed by default. | |
shc-3.7 | 28-Jun-2005 | Removed all strings in the compiled script. Improved program output and error messages.
The -m option allows to define the *complete* expiration message. Updated manpage shc.1 | |
shc-3.6 | 16-Jun-2005 | Two new options:
-D switch on Debug exec calls. -T switch off unTraceable. | |
shc-3.4 | 19-Jun-2003 | Remove "bad alignment" problem on AIX and other systems.
Where exists, use /proc/<pid>/as in untraceable. | |
shc-3.3 | 21-Apr-2003 | Prevent to ptrace the process | |
shc-3.2 | 05-Aug-2002 | Find ancient pclose that must be fclose | |
shc-3.1 | 05-Aug-2002 | Fixed a misbehavior on scripts with a in-first-line option equal to "end of options"
(i.e. #!/bin/sh -- ) GCC "warning: return type of `main' is not `int'" removed | |
shc-2.4 | 05-Aug-2002 |
Alternatives
[edit]- obash
- obfsh[5]
- shellcrypt
References
[edit]- ^ a b Günther, Karsten. "SHC Shell Compiler » Linux Magazine".
- ^ a b c "Man page of shc". neurobin.github.io. Retrieved 2015-08-25.
- ^ "Index of /~frosal/sources".
- ^ a b "Archived copy". Archived from the original on 2015-04-02. Retrieved 2015-04-01.
{{cite web}}
: CS1 maint: archived copy as title (link) - ^ "shell script obfuscator".