shc加密shell腳本總結
2024-09-30 09:28 瀟湘隱者 閱讀(1487) 評論(0) 收藏 舉報shc介紹
shc是shell編譯器(Shell Compiler)的縮寫, 它可以對shell腳本進行編譯和加密。它能夠將shell腳本編譯為可執行的二進制文件,其中包含了腳本的功能和邏輯,而不暴露源代碼。可以說shc就是一個加密shell腳本的工具。shc的官方網址為:http://www.datsi.fi.upm.es/~frosal/sources/。shc在github上沒有對應的鏈接。其實也能理解,不是每一個人都喜歡將自己的項目上傳到github上。
官方文檔關于shc的描述說明如下:
shc creates a stripped binary executable version of the
script specified with -f on the command line.
The binary version will get a .x extension appended and will
usually be a bit larger in size than the original ascii
code. Generated C source code is saved in a file with the
extension .x.c
If you supply an expiration date with the -e option the com-
piled binary will refuse to run after the date specified.
The message "Please contact your provider" will be displayed
instead. This message can be changed with the -m option.
You can compile any kind of shell script, but you need to
supply valid -i, -x and -l options.
The compiled binary will still be dependent on the shell
specified in the first line of the shell code (i.e.
#!/bin/sh), thus shc does not create completely independent
binaries.
shc itself is not a compiler such as cc, it rather encodes
and encrypts a shell script and generates C source code with
the added expiration capability. It then uses the system
compiler to compile a stripped binary which behaves exactly
like the original script. Upon execution, the compiled
binary will decrypt and execute the code with the shell -c
option. Unfortunatelly, it will not give you any speed
improvement as a real C program would.
shc's main purpose is to protect your shell scripts from
modification or inspection. You can use it if you wish to
distribute your scripts but don't want them to be easily
readable by other people.
shc安裝
sqc的安裝有多種方式,可以根據適合自己的方式來安裝,因為各自環境不一樣,可能選擇的安裝方式不一樣。
yum安裝
# yum -y install shc
不過有些Linux版本的yum源可能沒有shc包,所以這種方式只適用yum源有shc包的環境。
離線安裝
根據對應的Linux發行版本,從https://pkgs.org/ 搜索shc對應平臺的rpm包,如下所示,當前測試環境的rpm包下載地址[1]
# yum install -y shc-4.0.3-1.el8.x86_64.rpms
源碼安裝
源碼下載地址http://www.datsi.fi.upm.es/~frosal/sources/
mkdir /usr/local/man
mkdir /usr/local/man/man1 #install時會把man文件放入該目錄。
tar vxf shc-3.8.9.tgz && cd shc-3.8.9
make test
make strings
make install
shc使用
下面是shc比較常用的參數說明,更多參數說明請參考man手冊或官方文檔。
| 參數 | 參數說明 |
|---|---|
| -h | 顯示幫助信息并退出 |
| -f | 指定需要加密的shell腳本 |
| -v | 參數-v表示verbose模式,輸出更詳細的編譯日志 |
| -r | 可以在相同操作系統的不同系統中執行,也就是放寬安全限制,生成可再分發的二進制文件 |
| -o | 輸出文件名,也可以不指定 |
| -f | 指定shell腳本名稱 |
| -e | 指定過期日期 |
| -m | 指定過期后的提示信息 |
| -U | 使二進制無法被追蹤,默認不開啟 |
| -H | 強化:額外的安全保護,默認不開啟,它需要shell不支持參數 |
加密shell腳本的例子
# shc -v -f monitor_long_trx.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc monitor_long_trx.sh.x.c -o monitor_long_trx.sh.x
shc: strip monitor_long_trx.sh.x
shc: chmod ug=rwx,o=rx monitor_long_trx.sh.x
如下所示,腳本執行后生成了兩個文件,其中monitor_long_trx.sh.x是加密過后的可執行的二進制文件。monitor_long_trx.sh.x.c是生成monitor_long_trx.sh.x的原文件(C語言),也就是說編譯這個C源代碼文件可以創建上面加密的monitor_long_trx.sh.x文件。
# ls -lrt monitor_long_trx*
-rw-r--r-- 1 root root 10185 Sep 27 15:51 monitor_long_trx.sh
-rw-r--r-- 1 root root 70193 Sep 29 22:16 monitor_long_trx.sh.x.c
-rwxrwxr-x 1 root root 24584 Sep 29 22:16 monitor_long_trx.sh.x
# file monitor_long_trx.sh.x
monitor_long_trx.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=906ccbd32b4e0fa3307be46ff7736bbfac9be25c, stripped
# file monitor_long_trx.sh.x.c
monitor_long_trx.sh.x.c: ASCII text
不過這個C源代碼文件,跟你想象的C語言源代碼文件可能有點不一樣。如下所示,
shc還提供了一種設定有效執行期限的方法,編譯生成的可執行二進制文件在過了這個有效性后,就不能執行。
shc -e 09/20/2024 -v -f monitor_long_trx.sh
或
shc -e 09/20/2024 -v -m "the script has expired, please contact your provierder xxx@xxx.com" -f monitor_long_trx.sh
# shc -e 09/20/2024 -v -f monitor_long_trx.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc monitor_long_trx.sh.x.c -o monitor_long_trx.sh.x
shc: strip monitor_long_trx.sh.x
shc: chmod ug=rwx,o=rx monitor_long_trx.sh.x
一些簡單常用的例子
shc -f monitor_long_trx.sh
shc -v -r -f monitor_long_trx.sh -o mon_long_trx.sh
shc -v -r -u -H -f monitor_long_trx.sh -o mon_long_trx.sh
shc -v -r -e 09/20/2025 -m "the script has expired..." -f monitor_long_trx.sh -o mon_long_trx.sh
shc評測
shc編譯出來的二進制可執行文件,可能比原shell腳本在文件大小上稍微大上一些,相比gzexe和Bashfuscator等工具,它要可靠很多(Bashfuscator就非常不可靠,有些混淆出來的腳本執行會報錯)。從個人簡單的測試和實踐來看,這個工具非常好用,而且用途非常廣泛。
那么shc加密過后的可執行二進制文件,能否被解密呢? 答案是低版本sqc生成的加密二進制可執行文件可以被解密,可以被工具UnSHc[2]解密。而高版本shc(4.x)生成加密文件越來越難解密(暫時不能解密,不代表不能被后續的工具或方法解密)。
下面是UnSHc中的介紹說明,有興趣可以看看了解一下
Due to the many problems since shc 4.0.3, there seems to be a need for clarification. In shc 4.0.3 many structural changes have been incorporated, so that shc now makes use of various security mechanisms provided by the linux-kernel itself. Therefore, it is now almost impossible to extract the original shell script at all with current UnSHc version, if the new shc version was used. This requires a more in-depth approach, which means that a modified bash or a modified linux-kernel is needed to bypass the security measures. `
1: https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/s/shc-4.0.3-1.el8.x86_64.rpm
[2]2: https://github.com/yanncam/UnSHc/
浙公網安備 33010602011771號