Some time ago, i wrote some bash scripts for my school. I thought it would be very clever to ‘protect’ them, so i compiled them with shc
into a binary file. Some weeks later, i lost the uncompiled scripts and now i have only my binarys left.
Is there a way to retrieve the scripts back from the shc
generated binarys? I looked into the source code of shc
to find a way to decompile the binarys with no luck.
Advertisement
Answer
Using shc to compile your scripts does not protect them. You don’t get more security this way. The shc compiled binary decrypts and loads the script into memory when started. You could then, right after you started the binary, just segfault it and retrieve your script from the coredump.
Here’s a little example script named test.sh:
#! /bin/bash echo "starting script and doing stuff" sleep 1 echo "finished doing stuff"
Compile it with shc:
shc -f test.sh
Start it as background process and segfault it right away:
./test.sh.x& ( sleep 0.2 && kill -SIGSEGV $! )
sleep 0.2 will give the binary enough time to start up and decrypt the original script. The variable $! contains the pid of the last background process started, so we can easily kill it with the segmentation fault signal SIGSEGV (same as kill -11 $!).
[1] + segmentation fault (core dumped) ./test.sh.x
Now we can search the dump for the original script:
cat core | strings
We pipe the data in the dumpfile to strings, which will then show us all the printable characters in the file and we can now see the original script between the garbage:
... 4.0.37(2)-release BASH_VERSINFO BASH_VERSINFO release i686-pc-linux-gnu BASH_EXECUTION_STRING BASH_EXECUTION_STRING #! /bin/bash echo "starting script and doing stuff" sleep 1 echo "finished doing stuff" 1000 EUID EUID 1000 ...
If the script is pretty big, maybe you have to adjust the core file size with ulimit. Pretty easy, right?