Get plain text script from compiled bash script

Question

Get plain text script from compiled bash script

Some time ago I wrote some bash scripts for my school. I thought it would be very smart to “protect” them, so I compiled them from shcinto a binary file. A few weeks later, I lost the non-compiled scripts, and now I only have my binaries left.

Is there a way to get scripts from binary files shc? I searched the source code shcto find a way to decompile binaries without any luck.

+5

linux scripting bash compilation

user410989 Aug 4 '10 at 18:02

source share

4 answers

!:)

, sh, cat sh shc . , script .

+3

belousov 13 . '13 14:28

.. , , , strace - , .

shc (http://www.datsi.fi.upm.es/~frosal/sources/shc.html).

PS

, - deshc (http://www.linuxjournal.com/article/8256)

+1

pmod 04 . '10 18:25

UnSHc, script *.sh.x , SHc, github .

UnSHc is a tool to change the encryption of any SHc-encrypted * .sh.x script. It is based on the automatic extraction of all cryptographic data embedded in * .sh.x by automatically changing it. Using this cryptographic data (used for encryption), the tool regenerates the source * .sh file in clear text.

How to use UnSHc:

[root@server:~/unshc]$ ./unshc.sh -h
 _   _       _____ _   _
| | | |     /  ___| | | |
| | | |_ __ \ `--.| |_| | ___
| | | | '_ \ `--. \  _  |/ __|
| |_| | | | /\__/ / | | | (__
 \___/|_| |_\____/\_| |_/\___|

--- UnSHc - The shc decrypter.
--- Version: 0.6
------------------------------
UnSHc is used to decrypt script encrypted with SHc
Original idea from Luiz Octavio Duarte (LOD)
Updated and modernized by Yann CAM
- SHc   : [http://www.datsi.fi.upm.es/~frosal/]
- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]
------------------------------

[*] Usage : ./unshc.sh [OPTIONS] <file.sh.x>
         -h | --help                          : print this help message
         -a OFFSET | --arc4 OFFSET            : specify the arc4() offset arbitrarily (without 0x prefix)
         -d DUMPFILE | --dumpfile DUMPFILE    : provide an object dump file (objdump -D script.sh.x > DUMPFILE)
         -s STRFILE | --stringfile STRFILE    : provide a string dump file (objdump -s script.sh.x > STRFILE)
         -o OUTFILE | --outputfile OUTFILE    : indicate the output file name

[*] e.g :
        ./unshc.sh script.sh.x
        ./unshc.sh script.sh.x -o script_decrypted.sh
        ./unshc.sh script.sh.x -a 400f9b
        ./unshc.sh script.sh.x -d /tmp/dumpfile -s /tmp/strfile
        ./unshc.sh script.sh.x -a 400f9b -d /tmp/dumpfile -s /tmp/strfile -o script_decrypted.sh

A demo video can be seen here (in English and French).

-1

ycam Jul 11 '16 at 13:11

source share

sloth · Accepted Answer · 2010-08-04T18:42:50+0000

Using shc to compile your scripts does not protect them. Thus, you do not get more security. The compiled shc binary decrypts and loads the script into memory at startup. Then, right after you run the binary, just split it and extract the script from coredump.

Here is a small example script called test.sh:

#! /bin/bash
echo "starting script and doing stuff"
sleep 1
echo "finished doing stuff"

Compile it with shc:

shc -f test.sh

Run it as a background process and immediately execute it:

./test.sh.x&  ( sleep 0.2 && kill -SIGSEGV $! )

sleep 0.2 will give the binary enough time to run and decrypt the original script. Variable $! contains the pid of the last background process, so we can easily kill it with a SIGSEGV segmentation failure signal (just like kill -11 $!).

[1]  + segmentation fault (core dumped)  ./test.sh.x

Now we can do a dump search for the original script:

cat core | strings

dumpfile , , script :

...
4.0.37(2)-release
BASH_VERSINFO
BASH_VERSINFO
release
i686-pc-linux-gnu
BASH_EXECUTION_STRING
BASH_EXECUTION_STRING
                           #! /bin/bash
echo "starting script and doing stuff"
sleep 1
echo "finished doing stuff"
1000
EUID
EUID
1000
...

script , , ulimit. , ?

Get plain text script from compiled bash script

More articles: