shc加密shell脚本总结
shc介绍shc是shell编译器(Shell Compiler)的缩写, 它可以对shell脚本进行编译和加密。它能够将shell脚本编译为可实行的二进制文件,其中包含了脚本的功能和逻辑,而不袒露源代码。可以说shc就是一个加密shell脚本的工具。shc的官方网址为:http://www.datsi.fi.upm.es/~frosal/sources/。shc在github上没有对应的链接。实在也能理解,不是每一个人都喜欢将本身的项目上传到github上。
官方文档关于shc的描述说明如下:
shc creates a stripped binary executable version of the
script specified with -f on the command line.
The binary version will get a .x extension appended and will
usually be a bit larger in size than the original ascii
code. Generated C source code is saved in a file with the
extension .x.c
If you supply an expiration date with the -e option the com-
piled binary will refuse to run after the date specified.
The message "Please contact your provider" will be displayed
instead. This message can be changed with the -m option.
You can compile any kind of shell script, but you need to
supply valid -i, -x and -l options.
The compiled binary will still be dependent on the shell
specified in the first line of the shell code (i.e.
#!/bin/sh), thus shc does not create completely independent
binaries.
shc itself is not a compiler such as cc, it rather encodes
and encrypts a shell script and generates C source code with
the added expiration capability. It then uses the system
compiler to compile a stripped binary which behaves exactly
like the original script. Upon execution, the compiled
binary will decrypt and execute the code with the shell -c
option. Unfortunatelly, it will not give you any speed
improvement as a real C program would.
shc's main purpose is to protect your shell scripts from
modification or inspection. You can use it if you wish to
distribute your scripts but don't want them to be easily
readable by other people.shc安装
sqc的安装有多种方式,可以根据适合本身的方式来安装,由于各自环境不一样,可能选择的安装方式不一样。
yum安装
# yum -y install shc不外有些Linux版本的yum源可能没有shc包,所以这种方式只适用yum源有shc包的环境。
离线安装
根据对应的Linux发行版本,从https://pkgs.org/ 搜索shc对应平台的rpm包,如下所示,当前测试环境的rpm包下载地点
# yum install -y shc-4.0.3-1.el8.x86_64.rpms源码安装
源码下载地点http://www.datsi.fi.upm.es/~frosal/sources/
mkdir /usr/local/man
mkdir /usr/local/man/man1 #install时会把man文件放入该目录。
tar vxf shc-3.8.9.tgz && cd shc-3.8.9
make test
make strings
make installshc利用
下面是shc比较常用的参数说明,更多参数说明请参考man手册或官方文档。
参数参数说明-h显示帮助信息并退出-f指定需要加密的shell脚本-v参数-v表现verbose模式,输出更详细的编译日志-r可以在相同操作系统的差别系统中实行,也就是放宽安全限制,天生可再分发的二进制文件-o输出文件名,也可以不指定-f指定shell脚本名称-e指定过期日期-m指定过期后的提示信息-U使二进制无法被追踪,默认不开启-H强化:额外的安全保护,默认不开启,它需要shell不支持参数加密shell脚本的例子
# shc -v -f monitor_long_trx.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc monitor_long_trx.sh.x.c -o monitor_long_trx.sh.x
shc: strip monitor_long_trx.sh.x
shc: chmod ug=rwx,o=rx monitor_long_trx.sh.x如下所示,脚本实行后天生了两个文件,其中monitor_long_trx.sh.x是加密事后的可实行的二进制文件。monitor_long_trx.sh.x.c是天生monitor_long_trx.sh.x的原文件(C语言),也就是说编译这个C源代码文件可以创建上面加密的monitor_long_trx.sh.x文件。
# ls -lrt monitor_long_trx*
-rw-r--r-- 1 root root 10185 Sep 27 15:51 monitor_long_trx.sh
-rw-r--r-- 1 root root 70193 Sep 29 22:16 monitor_long_trx.sh.x.c
-rwxrwxr-x 1 root root 24584 Sep 29 22:16 monitor_long_trx.sh.x
# file monitor_long_trx.sh.x
monitor_long_trx.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID=906ccbd32b4e0fa3307be46ff7736bbfac9be25c, stripped
# file monitor_long_trx.sh.x.c
monitor_long_trx.sh.x.c: ASCII text不外这个C源代码文件,跟你想象的C语言源代码文件可能有点不一样。如下所示,
https://files.mdnice.com/user/234/0331f267-910d-430a-a48d-8751f5e7be88.jpgshc还提供了一种设定有效实行期限的方法,编译天生的可实行二进制文件在过了这个有效性后,就不能实行。
shc -e 09/20/2024 -v -f monitor_long_trx.sh
或
shc -e 09/20/2024 -v -m "the script has expired, please contact your provierder xxx@xxx.com" -f monitor_long_trx.sh # shc -e 09/20/2024 -v -f monitor_long_trx.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc monitor_long_trx.sh.x.c -o monitor_long_trx.sh.x
shc: strip monitor_long_trx.sh.x
shc: chmod ug=rwx,o=rx monitor_long_trx.sh.x一些简单常用的例子
shc -f monitor_long_trx.sh
shc -v -r -f monitor_long_trx.sh -o mon_long_trx.sh
shc -v -r -u -H -f monitor_long_trx.sh -o mon_long_trx.sh
shc -v -r -e 09/20/2025 -m "the script has expired..." -f monitor_long_trx.sh -o mon_long_trx.shshc评测
shc编译出来的二进制可实行文件,可能比原shell脚本在文件巨细上稍微大上一些,相比gzexe和Bashfuscator等工具,它要可靠很多(Bashfuscator就非常不可靠,有些混淆出来的脚本实行会报错)。从个人简单的测试和实践来看,这个工具非常好用,而且用途非常广泛。
那么shc加密事后的可实行二进制文件,能否被解密呢? 答案是低版本sqc天生的加密二进制可实行文件可以被解密,可以被工具UnSHc解密。而高版本shc(4.x)天生加密文件越来越难解密(暂时不能解密,不代表不能被后续的工具或方法解密)。
下面是UnSHc中的介绍说明,有兴趣可以看看相识一下
Due to the many problems since shc 4.0.3, there seems to be a need for clarification. In shc 4.0.3 many structural changes have been incorporated, so that shc now makes use of various security mechanisms provided by the linux-kernel itself. Therefore, it is now almost impossible to extract the original shell script at all with current UnSHc version, if the new shc version was used. This requires a more in-depth approach, which means that a modified bash or a modified linux-kernel is needed to bypass the security measures.`
参考资料 1: https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/s/shc-4.0.3-1.el8.x86_64.rpm
2: https://github.com/yanncam/UnSHc/
扫描上面二维码关注我假如你真心以为文章写得不错,而且对你有所帮助,那就不妨帮助“推荐"一下,您的“推荐”和”打赏“将是我最大的写作动力!本文版权归作者全部,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接.
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]