linux下利用SHC加密shell教程详解

SHC代表shell script compiler,即shell脚本编译器。通过SHC编译过的脚本程序对普通用户而言是不读的,因此如果你想保护你的代码(例如含有密钥),则可以考虑SHC;然而有些人可以通过反向编译的方式破解SHC加密过的脚本。
下面我们开始介绍:

一、使用SHC加密bash脚本程序
1.下载并编译SHC
# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
你可以在SHC官方网站找到其最新源代码。
现在我们验证SHC是否正确安装:
$ ./shc -v
shc parse(-f): No source file specified

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
2.建立一个测试bash脚本
#!/bin/bash

echo -n "How many random numbers do you want to generate? "
read max

for (( start = 1; start <= $max; start++ ))
do
  echo -e $RANDOM
done
3.使用SHC加密bash脚本
$ ./shc -f random.sh
之后我们可以看到多出两个文件:
$ ll random.sh*
-rwxr-xr-x 1 lesca lesca   153 2012-05-16 06:34 random.sh*
-rwx--x--x 1 lesca lesca 10512 2012-05-16 06:34 random.sh.x*
-rw-r--r-- 1 lesca lesca 10145 2012-05-16 06:34 random.sh.x.c
• random.sh 是原始的未加密的bash脚本
• random.sh.x 是加密的二进制格式的bash脚本
• random.sh.x.c 是random.sh的C源代码。该文件是从random.sh转换而来的,SHC就是通过将bash脚本转为C语言再编译之进行加密的。
$ file random.sh*
random.sh:     Bourne-Again shell script text executable
random.sh.x:   ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
random.sh.x.c: ASCII C program text
4.执行加密的bash脚本
$ ./random.sh.x
How many random numbers do you want to generate? 3
15146
20741
17825
二、SHC的其他功能
1.设置脚本使用期限
我们可以通过SHC指定程序的有效期,过期后程序将失效,任何尝试运行的用户将收到错误消息。SHC使用-e dd/mm/yyyy来开启该功能:
$ ./shc -e 31/12/2011 -f random.sh
如果程序过期了,将会得到以下消息:
$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider
结合-m "message"选项,我们可以指定发生错误时输出的消息:
$ ./shc -e 31/12/2011 -m "Contact admin@lesca.me for new version of this script" -f random.sh

$ ./random.sh.x
./random.sh.x: has expired!
Contact admin@lesca.me for new version of this script
2.创建可重复发布的加密脚本
• -r: 允许该脚本在同操作系统的不同硬件平台上运行
• -T: 允许让ltrace, strace那样的程序追踪脚本运行
• -v: 输出详细信息
通常-r与-T一起使用,用于创建可重复发布且可追踪的加密脚本,例如:
$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc  random.sh.x.c -o random.sh.x
shc: strip random.sh.x
shc: chmod go-r random.sh.x

$ ./random.sh.x
How many random numbers do you want to generate? 3
1311
19637
14891

Q: How do I encrypt my bash shell script on Linux environment? The shell script contains password, and I don’t want others who have execute access to view the shell script and get the password. Is there a way to encrypt my shell script?

A: First, as a best practice you should not be encrypting your shell script. You should really document your shell script properly so that anybody who views it understands exactly what it does. If it contains sensitive information like password, you should figure out a different approach to write the shell script without having to encrypt it.
That being said, if you still insist on encrypting a shell script, you can use SHC utility as explained below. Please note that encrypted shell script created by shc is not readable by normal users. However someone who understands how this works can extract the original shell script from the encrypted binary created by shc.
SHC stands for shell script compiler.
1. Download shc and install it
Download shc and install it as shown below.
# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
Verify that shc is installed properly.
$ ./shc -v
shc parse(-f): No source file specified

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
2. Create a Sample Shell Script
Create a sample bash shell script that you like to encrypt using shc for testing purpose.
For testing purpose, let us create the following random.sh shell script which generates random numbers. You have to specify how many random numbers you like to generate.
$ vi random.sh
#!/bin/bash

echo -n "How many random numbers do you want to generate? "
read max

for (( start = 1; start <= $max; start++ ))
do
  echo -e $RANDOM
done

$ ./random.sh
How many random numbers do you want to generate? 3
24682
1678
491
3. Encrypt the Shell Script Using shc
Encrypt the random.sh shell scripting using shc as shown below.
$ ./shc -f random.sh
This will create the following two files:
$ ls -l random.sh*
-rwxrw-r--. 1 ramesh ramesh   149 Mar 27 01:09 random.sh
-rwx-wx--x. 1 ramesh ramesh 11752 Mar 27 01:12 random.sh.x
-rw-rw-r--. 1 ramesh ramesh 10174 Mar 27 01:12 random.sh.x.c
• random.sh is the original unencrypted shell script
• random.sh.x is the encrypted shell script in binary format
• random.sh.x.c is the C source code of the random.sh file. This C source code is compiled to create the above encrypted random.sh.x file. The whole logic behind the shc is to convert the random.sh shell script to random.sh.x.c C program (and of course compile that to generate the random.sh.x executable)
$ file random.sh
random.sh: Bourne-Again shell script text executable

$ file random.sh.x
random.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

$ file random.sh.x.c
random.sh.x.c: ASCII C program text
4. Execute the Encrypted Shell Script
Now, let us execute the encrypted shell script to make sure it works as expected.
$ ./random.sh.x
How many random numbers do you want to generate? 3
7489
10494
29627
Please note that the binary itself is still dependent on the shell (the first line provided in the random.sh. i.e /bin/bash) to be available to execute the script.
5. Specifying Expiration Date for Your Shell Script
Using shc you can also specify an expiration date. i.e After this expiration date when somebody tries to execute the shell script, they'll get an error message.
Let us say that you don't want anybody to execute the random.sh.x after 31-Dec-2011 (I used last year date for testing purpose).
Create a new encrypted shell script using "shc -e" option to specify expiration date. The expiration date is specified in the dd/mm/yyyy format.
$ ./shc -e 31/12/2011 -f random.sh
In this example, if someone tries to execute the random.sh.x, after 31-Dec-2011, they'll get a default expiration message as shown below.
$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider
If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).
$ ./shc -e 31/12/2011 -m "Contact admin@thegeekstuff.com for new version of this script" -f random.sh

$ ./random.sh.x
./random.sh.x: has expired!
Contact admin@thegeekstuff.com for new version of this script
6. Create Redistributable Encrypted Shell Scripts
Apart from -e, and -m (for expiration), you can also use the following options:
• -r will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
• -T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
• -v is for verbose
Typically you might want to use both -r and -T option to craete a redistributable and tracable shell encrypted shell script as shown below.
$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc  random.sh.x.c -o random.sh.x
shc: strip random.sh.x
shc: chmod go-r random.sh.x

$ ./random.sh.x
How many random numbers do you want to generate? 3
28954
1410
15234
Finally, it is worth repeating again: You should not be encrypting your shell script in the first place. But, if you decided to encrypt your shell script using shc, please remember that a smart person can still generate the original shell script from the encrypted binary that was created by shc.

时间: 2024-11-02 16:34:09

linux下利用SHC加密shell教程详解的相关文章

使用shc工具加密shell脚本详解_linux shell

Shc可以用来对shell脚本进行加密,可以将shell脚本转换为一个可执行的二进制文件.经过shc对shell脚本进行加密后,会同时生成两种个新的文件,一个是加密后的可执行的二进制文件(文件名以.x结束),另一个是C语言的原文件(文件名以.x.c结束).   下面就说明一下shc的安装,参数,以及使用示例: 下载安装: (官网下载地址: http://www.datsi.fi.upm.es/~frosal/sources/) 复制代码 代码如下: # wget http://www.datsi

linux下的yum命令原理和详解_Linux

yum(全称为 Yellow dog Updater, Modified)是一个在Fedora和RedHat以及SUSE中的Shell前端软件包管理器.基於RPM包管理,能够从指定的服务器自动下载RPM包并且安装,可以自动处理依赖性关系,并且一次安装所有依赖的软体包,无须繁琐地一次次下载.安装.yum提供了查找.安装.删除某一个.一组甚至全部软件包的命令,而且命令简洁而又好记. yum的命令形式一般是如下:yum [options] [command] [package ...] 其中的[opt

Linux下配置Shadowsocks服务器的步骤详解

说明: Shadowsocks是一个轻量级的socks5代理软件, 而hadowsocks-libev是一个基于shadowsocks 协议的socks5代理软件, 相比原版,hadowsocks-libev程序体积小.高并发.资源占用更少.跨平台.完全兼容shadowsocks协议. hadowsocks-libev包括三个模块: ss-server:服务器端,部署在远程服务器,提供shadowsocks服务. ss-local:客户端,提供本地socks5协议代理. ss-redir:客户端

Linux下同步工具inotify+rsync使用详解

1. rsync 1.1 什么是rsync rsync是一个远程数据同步工具,可通过LAN/WAN快速同步多台主机间的文件.它使用所谓的"Rsync演算法"来使本地和远程两个主机之间的文件达到同步,这个算法只传送两个文件的不同部分,而不是每次都整份传送,因此速度相当快.所以通常可以作为备份工具来使用. 运行Rsync server的机器也叫backup server,一个Rsync server可同时备份多个client的数据:也可以多个Rsync server备份一个client的数

Linux系统安装配置PHP环境(Apache2)教程详解

在Linux环境下配置安装PHP环境(Apache2),参考了一些别人的配置方法,遇到问题上网查.下面就是安装步骤:   一.安装Apache2.2.22 1.到官网下载  http://httpd.apache.org/download.cgi    2.解压    tar  -zxvf httpd-2.2.22.tar.gz 3.建立目标文件夹(注意以下所有操作都时在root用户下执行的)    mkdir /usr/local/apache2    也就是说等下安装的apache2要安装到

linux下coreseek 安装及使用方法详解

一般站点都需要搜索功能,如果是php+mysql站点,建议选择coreseek,如果是java站点建议使用lucene,coreseek 是一款很好的中文全文检索/搜索软件,支持高速建立索引.有很强的扩展性.支持分布式检索,支持不同的搜索模式('完全匹配','短语匹配','任一匹配'). 一.coreseek 安装 1:安装mmseg分词库 wget http://www.coreseek.cn/uploads/csft/4.0/coreseek-3.2.14-beta.tar.gz tar -

Linux下MongoDB副本集部署步骤详解

说明: 有三台服务器,已经安装好了MongoDB数据库,具体信息如下: MongoDB版本:mongodb-linux-x86_64-2.6.11 MongoDB安装目录:/usr/local/mongodb MongoDB数据库目录:/home/data/mongodb/mongodb_data MongoDB日志目录:/home/data/mongodb/mongodb_log MongoDB配置文件:/usr/local/mongodb/mongodb.conf 三台服务器IP地址: 19

Linux下动态DNS服务配置方法详解

在网络管理中,对于DNS服务的管理是一项基础性的工作.随着用户规模的扩大,频繁地手工修改DNS的区域数据库文件不是一件轻松的工作.关于动态DNS(DDNS)的研究逐渐引起了人们的关注,不同的平台都推出了自己的解决方案.本文将详细介绍Linux环境下DDNS的解决方案,即由Internet Software Consortium(ISC)开发的BIND-DNS和DHCP(Dynamic Host Configure Protocol,动态主机配置协议)协同工作,进而共同实现DDNS的方法. 在Li

Linux下软件包的安装与管理详解

一 源码安装方式 由于linux操作系统开放源代码,因而在其上安装的软件大部分也都是开源软件,例如apache.tomcat.php等软件.开源软件基本都提供源码下载,源码安装的方式:源码安装的好处是用户可以自己定制软件功能,安装需要的模块,不需要的功能可以不用安装,此外,用户还可以自己选择安装路径,方便管理,卸载软件也很方便,只需删除对应的安装目录即可.没有windows所谓的注册表之说. 源码安装软件一般有以下几个步骤组成:下载解压源码.分析安装平台环境(ifconfigure).编译安装软