1. Download shc and install it
Download shc and install it as shown
below.
# wget http://www.encryptsystem.com/
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
Verify that shc is installed properly.
$ ./shc -v
shc parse(-f): No source file specified
shc parse(-f): No source file specified
shc Usage: shc [-e date] [-m addr] [-i
iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
2. Create a Sample Shell Script
$ vi script.sh
#!/bin/bash
#!/bin/bash
echo “Hello friends my first encrypt
bash script.”
$ ./script.sh
Hello friends my first encrypt bash script.
Hello friends my first encrypt bash script.
3. Encrypt the Shell Script Using shc
Encrypt the script.sh shell scripting
using shc as shown below.
$ ./shc -f script.sh
This will create the following two files:
This will create the following two files:
$ ls -l script.sh*
-rwxrw-r–. 1 shashi shashi 149 Mar 27 01:09 script.sh
-rwx-wx–x. 1 shashi shashi 11752 Mar 27 01:12 script.sh.x
-rw-rw-r–. 1 shashi shashi 10174 Mar 27 01:12 script.sh.x.c
-rwxrw-r–. 1 shashi shashi 149 Mar 27 01:09 script.sh
-rwx-wx–x. 1 shashi shashi 11752 Mar 27 01:12 script.sh.x
-rw-rw-r–. 1 shashi shashi 10174 Mar 27 01:12 script.sh.x.c
4. Execute the Encrypted Shell Script
$ ./linux.sh.x
Hello friends my first encrypt bash script
Hello friends my first encrypt bash script
5. Specifying Expiration Date for Your Shell Script
Using shc you can also specify an
expiration date. i.e After this expiration date when somebody tries to execute
the shell script, they’ll get an error message.
Let us say that you don’t want anybody
to execute the script.sh.x after 31-Dec-2014 (I used last year date for testing
purpose).
Create a new encrypted shell script
using “shc -e” option to specify expiration date. The expiration date is
specified in the dd/mm/yyyy format.
$ ./shc -e 31/12/2014 -f script.sh
In this example, if someone tries to execute the random.sh.x, after 31-Dec-2014, they’ll get a default expiration message as shown below.
In this example, if someone tries to execute the random.sh.x, after 31-Dec-2014, they’ll get a default expiration message as shown below.
$ ./script.sh.x
./script.sh.x: has expired!
Please contact your provider
If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).
./script.sh.x: has expired!
Please contact your provider
If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).
$ ./shc -e 31/12/2014 -m “Contact admin@encryptsystem.com for
new version of this script” -f script.sh
$ ./script.sh.x
./script.sh.x: has expired!
Contact admin@encryptsystem.com for new version of this script
./script.sh.x: has expired!
Contact admin@encryptsystem.com for new version of this script
6. Create Redistributable Encrypted Shell Scripts
Apart from -e, and -m (for expiration),
you can also use the following options:
-r will relax security to create a
redistributable binary that executes on other systems that runs the same
operating system as the one on which it was compiled.
-T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
-v is for verbose
Typically you might want to use both -r and -T option to craete a redistributable and tracable shell encrypted shell script as shown below.
-T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
-v is for verbose
Typically you might want to use both -r and -T option to craete a redistributable and tracable shell encrypted shell script as shown below.
$ ./shc -v -r -T -f script.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec ‘%s’ “$@”
shc [-l]=
shc opts=
shc: cc script.sh.x.c -o script.sh.x
shc: strip script.sh.x
shc: chmod go-r script.x
shc shll=bash
shc [-i]=-c
shc [-x]=exec ‘%s’ “$@”
shc [-l]=
shc opts=
shc: cc script.sh.x.c -o script.sh.x
shc: strip script.sh.x
shc: chmod go-r script.x
$ ./script.sh.x
Hello friends my first encrypt bash script.
Hello friends my first encrypt bash script.
Finally, it is worth repeating again:
You should not be encrypting your shell script in the first place. But, if you
decided to encrypt your shell script using shc, please remember that a smart
person can still generate the original shell script from the encrypted binary
that was created by shc.
