Linux - Shell script compiler

Shell script compiler
Website #1 / Website #2

Informatie (ENG)

Shell Script Compiler

A generic shell script compiler. Shc takes a script, which is specified on the command line and produces C source code. The generated source code is then compiled and linked to produce a stripped binary executable.

The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e shebang) (i.e. #!/bin/sh), thus shc does not create com‐ pletely independent binaries.

shc itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell -c option.

Install:

./configure
make
sudo make install

Note: If make fails due to automake version, run ./autogen.sh before running the above commands.

On Ubuntu:

sudo add-apt-repository ppa:neurobin/ppa
sudo apt-get update
sudo apt-get install shc

sudo add-apt-repository ppa:neurobin/ppa

sudo apt-get update

sudo apt-get install shc

If the above installation method seems like too much work, then just copy the compiled binary from bin/x32 or bin/x64 to /usr/bin and put the shc.1 file in /usr/share/man/man1.

Usage:

shc [options]
shc -f script.sh -o binary
shc -U -f script.sh -o binary # Untraceable binary (prevent strace, ptrace etc..)

shc [options]

shc -f script.sh -o binary

shc -U -f script.sh -o binary # Untraceable binary (prevent strace, ptrace etc..)

Testing:

cd to test directory: cd test
Try: shc -f test.bash -o test, where test.bash is the bash source.
output binary file will be test. If no output file is specified by the -o option, then it will create an executable with .xextension by default.

Known bugs:

The one (and I hope the only) limitation using shc is the _SC_ARG_MAX system configuration parameter.

It limits the maximum length of the arguments to the exec function, limiting the maximum length of the runnable script of shc.

!! – CHECK YOUR RESULTS CAREFULLY BEFORE USING – !!

Manpage for shc

     shc [ -e date ] [ -m addr ] [ -i iopt ] [ -x cmnd ]

1	shc [ -e date ] [ -m addr ] [ -i iopt ] [ -x cmnd ]

     [ -l lopt ] [ -ACDhTv ] -f script

1	[ -l lopt ] [ -ACDhTv ] -f script

     shc creates a stripped  binary  executable  version  of  the
     script specified with -<i>f</i> on the command line.

     The binary version will get a .<i>x</i> extension appended and will
     usually  be  a  bit  larger  in size than the original ascii
     code. Generated C source code is saved in a  file  with  the
     extension .<i>x</i>.<i>c</i>

     If you supply an expiration date with the -<i>e</i> option the com-
     piled  binary  will  refuse to run after the date specified.
     The message "Please contact your provider" will be displayed
     instead.  This message can be changed with the -<i>m</i> option.

     You can compile any kind of shell script, but  you  need  to
     supply valid -<i>i</i>, -<i>x</i> and -<i>l</i> options.

     The compiled binary will still be  dependent  on  the  shell
     specified  in  the  first  line  of  the  shell  code  (i.e.
     #!/bin/sh), thus shc does not create completely  independent
     binaries.

     shc itself is not a compiler such as cc, it  rather  encodes
     and encrypts a shell script and generates C source code with
     the added expiration capability. It  then  uses  the  system
     compiler  to compile a stripped binary which behaves exactly
     like the  original  script.  Upon  execution,  the  compiled
     binary  will  decrypt and execute the code with the shell -<i>c</i>
     option.  Unfortunatelly, it will  not  give  you  any  speed
     improvement as a real C program would.

     shc's main purpose is to protect  your  shell  scripts  from
     modification  or  inspection.  You can use it if you wish to
     distribute your scripts but don't want  them  to  be  easily
     readable by other people.

shc creates a stripped binary executable version of the

script specified with -f on the command line.

The binary version will get a .x extension appended and will

usually be a bit larger in size than the original ascii

code. Generated C source code is saved in a file with the

extension .x.c

If you supply an expiration date with the -e option the com-

piled binary will refuse to run after the date specified.

The message "Please contact your provider" will be displayed

instead. This message can be changed with the -m option.

You can compile any kind of shell script, but you need to

supply valid -i, -x and -l options.

The compiled binary will still be dependent on the shell

specified in the first line of the shell code (i.e.

#!/bin/sh), thus shc does not create completely independent

binaries.

shc itself is not a compiler such as cc, it rather encodes

and encrypts a shell script and generates C source code with

the added expiration capability. It then uses the system

compiler to compile a stripped binary which behaves exactly

like the original script. Upon execution, the compiled

binary will decrypt and execute the code with the shell -c

option. Unfortunatelly, it will not give you any speed

improvement as a real C program would.

shc's main purpose is to protect your shell scripts from

modification or inspection. You can use it if you wish to

distribute your scripts but don't want them to be easily

readable by other people.

     The command line options are:

     -e date
          Expiration date in dd/mm/yyyy format [none]

     -m message
          message to display  upon  expiration  ["Please  contact
          your provider"]

     -f script_name
          File name of the script to compile

     -i inline_option
          Inline option for the shell interpreter i.e: -e

     -x comand
          eXec    command,    as    a    printf    format    i.e:
          exec(\\'%s\\',@ARGV);

     -l last_option
          Last shell option i.e: --

     -r   Relax security. Make  a  redistributable  binary  which
          executes  on different systems running the same operat-
          ing system.

     -v   Verbose compilation

     -D   Switch on debug exec calls

     -T   Allow binary to be  traceable  (using  strace,  ptrace,
          truss, etc.)

     -C   Display license and exit

     -A   Display abstract and exit

     -h   Display help and exit

The command line options are:

-e date

Expiration date in dd/mm/yyyy format [none]

-m message

message to display upon expiration ["Please contact

your provider"]

-f script_name

File name of the script to compile

-i inline_option

Inline option for the shell interpreter i.e: -e

-x comand

eXec command, as a printf format i.e:

exec(\\'%s\\',@ARGV);

-l last_option

Last shell option i.e: --

-r Relax security. Make a redistributable binary which

executes on different systems running the same operat-

ing system.

-v Verbose compilation

-D Switch on debug exec calls

-T Allow binary to be traceable (using strace, ptrace,

truss, etc.)

-C Display license and exit

-A Display abstract and exit

-h Display help and exit

CHANGES

3.9.3 Jul 30 2016
zsh support
Fixed shc not working with ksh 93u+
automake 1.15
Fix file permissions

3.9.2 Aug 25 2015
Busybox support

3.9.1 Apr 3 2015
-T option altered

3.9.0 Apr 2 2015
Shell script compiler
version 3.9.0

3.8.9b	Fri, 4 Jan 2013 12:10:42 +0100 (CET)

	Lee Chisnall <lee@dnuk.com>
	- To work as daemon.  



3.8.9	Wed Apr 25 09:24:25 CEST 2012

	Thanks to Giacomo Picconi <giacomo.picconi@gpstudio.com> for:
	- Fixing a long standing bug making the source not hidden.



3.8.8	Mon Nov 28 11:26:25 CEST 2012

	"me".



3.8.7	Wed Feb 10 20:40:37 CET 2010

	- Bug on 64bit systems with expiration dates.



3.8.6	Fri Jul  7 15:54:39 CEST 2006

	Thanks to George Danchev <danchev@spnet.net> for:
	- License clarification about the rc4 implementation.



3.8.5	Fri Oct 21 13:11:36 CEST 2005

	Thanks to Jukka A. Ukkonen <jau(a)iki.fi> for:
	- Fixed untraceable() problems on FreeBSD.



3.8.4	Tue Oct  4 16:52:15 CEST 2005

	Thanks to Ron McOuat for:
	- Fixed sma11 -d option bug.



3.8.3	Tue Jun 28 21:29:06 CEST 2005

	Thanks to Jacek Kalinski <jacek@dyski.one.pl> for:
	- Fixed bug: "vfork" fails on multiprocessor systems.



3.8.2	Thu Jun 16 17:15:59 CEST 2005

	Thanks to Arjen Visser <arjen.visser@avisit.co.nz> for:
	- Fixed bug: "rlax" used after encryption.

	Thanks to Nalneesh Gaur <Nalneesh.Gaur@accenture.com> for:
	- Read permision of the script.x exposes it to disassembling.
	- Group and others read permision is now removed by default.



3.8	Thu Nov  4 20:33:52 CET 2004

	Fixed incorrect implementation on rc4.
	Hidden all the binary executable symbols but one.
	Expiration date and most strings are encrypted too.
	All the encrypted payload is now randomized.



3.7	Wed Jun 18 16:32:26 CEST 2003

	Thanks to Philipp Koller <philipp@open.ch> for:
	- Removed all strings in the compiled script.
	- Improved program output and error messages.
	- The -m option allows to define the *complete* expiration message.
	- Updated manpage shc.1.

	Thanks to Bryan <bryan.hogan@dstintl.com> for:
	- Fix wrong $0 on ksh.



3.6	Fri Feb 21 09:40:32 CET 2003

	Two new options:
	-D	switch on Debug exec calls.
	-T	switch off unTraceable.

	Bash does not need -- after -c.



3.5	Mon Jan 20 19:08:43 CET 2003

	Rewrite of large strings to silence the ISO C89 compiler
	warnings about strings larger than 509 characters.



3.4	Tue Apr 16 17:43:12 CEST 2002

	Remove "bad alignment" problem on AIX and other systems.
	Where exists, use /proc/<pid>/as in untraceable.



3.3	Thu Jan 24 21:27:07 CET 2002

	Prevent to ptrace the process.



3.2	Tue Mar  9 19:03:54 CET 1999

	Find ancient pclose that must be fclose.



3.1	Tue Feb 16 21:36:59 CET 1999

	Fixed a misbehavior on scripts with a in-frist-line option
	equal to "end of options" (i.e.  #!/bin/sh -- )
	(Thanks to Bernard Blundell <blundell@lts.sel.alcatel.de>)

	Stupid GCC "warning: return type of `main' is not `int'" removed.



3.0	Tue Oct 14 14:20:52 MET DST 1997

	Added a new option "-r" to force a relaxed security and
	so make a redistributable binary.

	Modified expiration day format. Now is dd/mm/yyyy.



3.0b3	Fri Jun  6 22:09:05 WET DST 1997

	Yet other few bugs fixed.
	Output format simplified.
	-pedantic compilation.



3.0b2	Tue Jun  3 17:51:51 GMT 1997

	Some explicit type conversions removed.

	Fixed the bug "END_OF_FILE" when compiling the generated code.
A flush is needed before a pclose.

	st_blksize and st_blocks struct stat fields does not exist on
SCO, both not used now.



3.0b1	Wed Feb 26 14:27:22 WET 1997

	The main difference with 2.4 is that in it the script was
compressed an then shuffle around, now int 3.0 the script is encripted
with an inline code, so not needend any external comand to work, and been
faster at startup. Other related adventage is that the only information
not encripted in .x.c is an stamp, expiration date and provider email
address.

	Something equivalent to cheksums have been used to enforced at
execution that the executing shell has not been modified from the time
the script was compiled. If anybody tries to change the excuting shell,
.x will refuse to execute.

	The generated .x.c source code is now readable.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

CHANGES

3.9.3 Jul 30 2016

zsh support

Fixed shc not working with ksh 93u+

automake 1.15

Fix file permissions

3.9.2 Aug 25 2015

Busybox support

3.9.1 Apr 3 2015

-T option altered

3.9.0 Apr 2 2015

Shell script compiler

version 3.9.0

3.8.9b Fri, 4 Jan 2013 12:10:42 +0100 (CET)

Lee Chisnall <lee@dnuk.com>

- To work as daemon.

3.8.9 Wed Apr 25 09:24:25 CEST 2012

Thanks to Giacomo Picconi <giacomo.picconi@gpstudio.com> for:

- Fixing a long standing bug making the source not hidden.

3.8.8 Mon Nov 28 11:26:25 CEST 2012

"me".

3.8.7 Wed Feb 10 20:40:37 CET 2010

- Bug on 64bit systems with expiration dates.

3.8.6 Fri Jul 7 15:54:39 CEST 2006

Thanks to George Danchev <danchev@spnet.net> for:

- License clarification about the rc4 implementation.

3.8.5 Fri Oct 21 13:11:36 CEST 2005

Thanks to Jukka A. Ukkonen <jau(a)iki.fi> for:

- Fixed untraceable() problems on FreeBSD.

3.8.4 Tue Oct 4 16:52:15 CEST 2005

Thanks to Ron McOuat for:

- Fixed sma11 -d option bug.

3.8.3 Tue Jun 28 21:29:06 CEST 2005

Thanks to Jacek Kalinski <jacek@dyski.one.pl> for:

- Fixed bug: "vfork" fails on multiprocessor systems.

3.8.2 Thu Jun 16 17:15:59 CEST 2005

Thanks to Arjen Visser <arjen.visser@avisit.co.nz> for:

- Fixed bug: "rlax" used after encryption.

Thanks to Nalneesh Gaur <Nalneesh.Gaur@accenture.com> for:

- Read permision of the script.x exposes it to disassembling.

- Group and others read permision is now removed by default.

3.8 Thu Nov 4 20:33:52 CET 2004

Fixed incorrect implementation on rc4.

Hidden all the binary executable symbols but one.

Expiration date and most strings are encrypted too.

All the encrypted payload is now randomized.

3.7 Wed Jun 18 16:32:26 CEST 2003

Thanks to Philipp Koller <philipp@open.ch> for:

- Removed all strings in the compiled script.

- Improved program output and error messages.

- The -m option allows to define the *complete* expiration message.

- Updated manpage shc.1.

Thanks to Bryan <bryan.hogan@dstintl.com> for:

- Fix wrong $0 on ksh.

3.6 Fri Feb 21 09:40:32 CET 2003

Two new options:

-D switch on Debug exec calls.

-T switch off unTraceable.

Bash does not need -- after -c.

3.5 Mon Jan 20 19:08:43 CET 2003

Rewrite of large strings to silence the ISO C89 compiler

warnings about strings larger than 509 characters.

3.4 Tue Apr 16 17:43:12 CEST 2002

Remove "bad alignment" problem on AIX and other systems.

Where exists, use /proc/<pid>/as in untraceable.

3.3 Thu Jan 24 21:27:07 CET 2002

Prevent to ptrace the process.

3.2 Tue Mar 9 19:03:54 CET 1999

Find ancient pclose that must be fclose.

3.1 Tue Feb 16 21:36:59 CET 1999

Fixed a misbehavior on scripts with a in-frist-line option

equal to "end of options" (i.e. #!/bin/sh -- )

(Thanks to Bernard Blundell <blundell@lts.sel.alcatel.de>)

Stupid GCC "warning: return type of `main' is not `int'" removed.

3.0 Tue Oct 14 14:20:52 MET DST 1997

Added a new option "-r" to force a relaxed security and

so make a redistributable binary.

Modified expiration day format. Now is dd/mm/yyyy.

3.0b3 Fri Jun 6 22:09:05 WET DST 1997

Yet other few bugs fixed.

Output format simplified.

-pedantic compilation.

3.0b2 Tue Jun 3 17:51:51 GMT 1997

Some explicit type conversions removed.

Fixed the bug "END_OF_FILE" when compiling the generated code.

A flush is needed before a pclose.

st_blksize and st_blocks struct stat fields does not exist on

SCO, both not used now.

3.0b1 Wed Feb 26 14:27:22 WET 1997

The main difference with 2.4 is that in it the script was

compressed an then shuffle around, now int 3.0 the script is encripted

with an inline code, so not needend any external comand to work, and been

faster at startup. Other related adventage is that the only information

not encripted in .x.c is an stamp, expiration date and provider email

address.

Something equivalent to cheksums have been used to enforced at

execution that the executing shell has not been modified from the time

the script was compiled. If anybody tries to change the excuting shell,

.x will refuse to execute.

The generated .x.c source code is now readable.

Download SHC @ Github.com

[#/software/shc” ]

Zoeken

Linux – Shell script compiler