使用shc加密bash脚本程序

时间 2019-11-09

标签使用 shc 加密 bash 脚本程序栏目 Unix 繁體版

原文原文链接

SHC表明shell script compiler，即shell脚本编译器。经过SHC编译过的脚本程序对普通用户而言是不读的，所以若是你想保护你的代码（例如含有密钥），则能够考虑SHC；然而有些人能够经过反向编译的方式破解SHC加密过的脚本。
下面咱们开始介绍: redis

1、使用SHC加密bash脚本程序
1.下载并编译SHC
# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
你能够在SHC官方网站找到其最新源代码。
如今咱们验证SHC是否正确安装：
$ ./shc -v
shc parse(-f): No source file specified shell

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
2.创建一个测试bash脚本
#!/bin/bash bash

echo -n "How many random numbers do you want to generate? "
read max app

for (( start = 1; start <= $max; start++ ))
do
echo -e $RANDOM
done
3.使用SHC加密bash脚本
$ ./shc -f random.sh
以后咱们能够看到多出两个文件：
$ ll random.sh*
-rwxr-xr-x 1 lesca lesca   153 2012-05-16 06:34 random.sh*
-rwx--x--x 1 lesca lesca 10512 2012-05-16 06:34 random.sh.x*
-rw-r--r-- 1 lesca lesca 10145 2012-05-16 06:34 random.sh.x.c
• random.sh 是原始的未加密的bash脚本
• random.sh.x 是加密的二进制格式的bash脚本
• random.sh.x.c 是random.sh的C源代码。该文件是从random.sh转换而来的，SHC就是经过将bash脚本转为C语言再编译之进行加密的。
$ file random.sh*
random.sh:     Bourne-Again shell script text executable
random.sh.x:   ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
random.sh.x.c: ASCII C program text
4.执行加密的bash脚本
$ ./random.sh.x
How many random numbers do you want to generate? 3
15146
20741
17825
2、SHC的其余功能
1.设置脚本使用期限
咱们能够经过SHC指定程序的有效期，过时后程序将失效，任未尝试运行的用户将收到错误消息。SHC使用-e dd/mm/yyyy来开启该功能：
$ ./shc -e 31/12/2011 -f random.sh
若是程序过时了，将会获得如下消息：
$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider
结合-m "message"选项，咱们能够指定发生错误时输出的消息：
$ ./shc -e 31/12/2011 -m "Contact admin@lesca.me for new version of this script" -f random.sh dom

$ ./random.sh.x
./random.sh.x: has expired!
Contact admin@lesca.me for new version of this script
2.建立可重复发布的加密脚本
• -r: 容许该脚本在同操做系统的不一样硬件平台上运行
• -T: 容许让ltrace, strace那样的程序追踪脚本运行
• -v: 输出详细信息
一般-r与-T一块儿使用，用于建立可重复发布且可追踪的加密脚本，例如：
$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc random.sh.x.c -o random.sh.x
shc: strip random.sh.x
shc: chmod go-r random.sh.x ide

$ ./random.sh.x
How many random numbers do you want to generate? 3
1311
19637
14891 测试

Q: How do I encrypt my bash shell script on Linux environment? The shell script contains password, and I don’t want others who have execute access to view the shell script and get the password. Is there a way to encrypt my shell script? 网站

A: First, as a best practice you should not be encrypting your shell script. You should really document your shell script properly so that anybody who views it understands exactly what it does. If it contains sensitive information like password, you should figure out a different approach to write the shell script without having to encrypt it.
That being said, if you still insist on encrypting a shell script, you can use SHC utility as explained below. Please note that encrypted shell script created by shc is not readable by normal users. However someone who understands how this works can extract the original shell script from the encrypted binary created by shc.
SHC stands for shell script compiler.
1. Download shc and install it
Download shc and install it as shown below.
# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
Verify that shc is installed properly.
$ ./shc -v
shc parse(-f): No source file specified this

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
2. Create a Sample Shell Script
Create a sample bash shell script that you like to encrypt using shc for testing purpose.
For testing purpose, let us create the following random.sh shell script which generates random numbers. You have to specify how many random numbers you like to generate.
$ vi random.sh
#!/bin/bash 加密

echo -n "How many random numbers do you want to generate? "
read max

for (( start = 1; start <= $max; start++ ))
do
echo -e $RANDOM
done

$ ./random.sh
How many random numbers do you want to generate? 3
24682
1678
491
3. Encrypt the Shell Script Using shc
Encrypt the random.sh shell scripting using shc as shown below.
$ ./shc -f random.sh
This will create the following two files:
$ ls -l random.sh*
-rwxrw-r--. 1 ramesh ramesh 149 Mar 27 01:09 random.sh
-rwx-wx--x. 1 ramesh ramesh 11752 Mar 27 01:12 random.sh.x
-rw-rw-r--. 1 ramesh ramesh 10174 Mar 27 01:12 random.sh.x.c
• random.sh is the original unencrypted shell script
• random.sh.x is the encrypted shell script in binary format
• random.sh.x.c is the C source code of the random.sh file. This C source code is compiled to create the above encrypted random.sh.x file. The whole logic behind the shc is to convert the random.sh shell script to random.sh.x.c C program (and of course compile that to generate the random.sh.x executable)
$ file random.sh
random.sh: Bourne-Again shell script text executable

$ file random.sh.x
random.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

$ file random.sh.x.c
random.sh.x.c: ASCII C program text
4. Execute the Encrypted Shell Script
Now, let us execute the encrypted shell script to make sure it works as expected.
$ ./random.sh.x
How many random numbers do you want to generate? 3
7489
10494
29627
Please note that the binary itself is still dependent on the shell (the first line provided in the random.sh. i.e /bin/bash) to be available to execute the script.
5. Specifying Expiration Date for Your Shell Script
Using shc you can also specify an expiration date. i.e After this expiration date when somebody tries to execute the shell script, they'll get an error message.
Let us say that you don't want anybody to execute the random.sh.x after 31-Dec-2011 (I used last year date for testing purpose).
Create a new encrypted shell script using "shc -e" option to specify expiration date. The expiration date is specified in the dd/mm/yyyy format.
$ ./shc -e 31/12/2011 -f random.sh
In this example, if someone tries to execute the random.sh.x, after 31-Dec-2011, they'll get a default expiration message as shown below.
$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider
If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).
$ ./shc -e 31/12/2011 -m "Contact admin@thegeekstuff.com for new version of this script" -f random.sh

$ ./random.sh.x
./random.sh.x: has expired!
Contact admin@thegeekstuff.com for new version of this script
6. Create Redistributable Encrypted Shell Scripts
Apart from -e, and -m (for expiration), you can also use the following options:
• -r will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
• -T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
• -v is for verbose
Typically you might want to use both -r and -T option to craete a redistributable and tracable shell encrypted shell script as shown below.
$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc random.sh.x.c -o random.sh.x
shc: strip random.sh.x
shc: chmod go-r random.sh.x

$ ./random.sh.x How many random numbers do you want to generate? 3 28954 1410 15234 Finally, it is worth repeating again: You should not be encrypting your shell script in the first place. But, if you decided to encrypt your shell script using shc, please remember that a smart person can still generate the original shell script from the encrypted binary that was created by shc.