Shc the shell script compiler
SHC is a shell script compiler written in C programming language. The Shell Script Compiler (SHC) encodes and encrypts unix shell scripts into executable binaries. Compiling shell scripts into binaries provides protection against accidental changes, source modification and renders a way of hiding source code written in unix shell scripting language.[1]
Mechanism
SHC takes a shell script which is specified on the command line by [ -f filename ] option and produces a C source code of the script with added cipher. The generated source code is then compiled and linked to produce a binary executable. Thus it's a two step process where, at first step, it creates a filename.x.c file of the shell script file filename. Then it is compiled with cc -$CFLAGS filename.x.c and thus build the binary from a C source code with the default C compiler available in any system.[1]
The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e. Shebang: #!/bin/sh or such), thus shc does not create completely independent binaries.[2]
shc itself is not a compiler such as the C compiler, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system C compiler to compile the source shell script and build a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shells' -c option.[2]
Versions
| Version | Release Date | Changes | |
|---|---|---|---|
| shc-3.9.3 | 30-Jul-2016 | zsh support and fix for ksh shell[4] | |
| shc-3.9.2 | 21-Aug-2015 | Added Busybox support ( -B flag to compile for Busybox[2]). | |
| shc-3.9.1 | 03-Apr-2015 | Set -T option as default, and renaming it to -U to its counter logic | |
| shc-3.9.0 | 01-Apr-2015 | Adding output file option with [-o filename] and bug fixes | |
| shc-3.8.9 | 04-Dec-2013 | Fixing a long-standing bug making the source not hidden | |
| shc-3.8.7 | 10-Feb-2010 | Bug on 64bit systems with expiration dates | |
| shc-3.8.5 | 10-Feb-2010 | ||
| shc-3.8.3 | 10-Jul-2006 | Fixed untraceable() problems on FreeBSD | |
| shc-3.8.2 | 06-Jul-2006 | Read permission of the script.x exposes it to disassembling.
Group and others read permission is now removed by default. | |
| shc-3.7 | 28-Jun-2005 | Removed all strings in the compiled script. Improved program output and error messages.
The -m option allows to define the *complete* expiration message. Updated manpage shc.1 | |
| shc-3.6 | 16-Jun-2005 | Two new options:
-D switch on Debug exec calls. -T switch off unTraceable. | |
| shc-3.4 | 19-Jun-2003 | Remove "bad alignment" problem on AIX and other systems.
Where exists, use /proc/<pid>/as in untraceable. | |
| shc-3.3 | 21-Apr-2003 | Prevent to ptrace the process | |
| shc-3.2 | 05-Aug-2002 | Find ancient pclose that must be fclose | |
| shc-3.1 | 05-Aug-2002 | Fixed a misbehavior on scripts with a in-first-line option equal to "end of options"
(i.e. #!/bin/sh -- ) GCC "warning: return type of `main' is not `int'" removed | |
| shc-2.4 | 05-Aug-2002 |
Alternatives
- obash
- obfs[5]
- shellcrypt
References
- 1 2 Günther, Karsten. "SHC Shell Compiler » Linux Magazine".
- 1 2 3 "Man page of shc". neurobin.github.io. Retrieved 2015-08-25.
- ↑ "Index of /~frosal/sources".
- 1 2 https://raw.githubusercontent.com/neurobin/shc/release/CHANGES
- ↑ "shell script obfuscator".