摘要
以前写看到别人写的脚本用shc加密的,我也有就了解了下。

SHC代表shell script compiler,即shell脚本编译器。通过SHC编译过的脚本程序对普通用户而言是不读的,因此如果你想保护你的代码(例如含有密钥),则可以考虑SHC;然而有些人可以通过反向编译的方式破解SHC加密过的脚本。
下面我们开始介绍:

一、使用SHC加密bash脚本程序
1.下载并编译SHC
# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
你可以在SHC官方网站找到其最新源代码。
现在我们验证SHC是否正确安装:
$ ./shc -v
shc parse(-f): No source file specified

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
2.建立一个测试bash脚本
#!/bin/bash

echo -n “How many random numbers do you want to generate? “
read max

for (( start = 1; start <= $max; start++ ))
do
  echo -e $RANDOM
done
3.使用SHC加密bash脚本
$ ./shc -f random.sh
之后我们可以看到多出两个文件:
$ ll random.sh*
-rwxr-xr-x 1 lesca lesca   153 2012-05-16 06:34 random.sh*
-rwx–x–x 1 lesca lesca 10512 2012-05-16 06:34 random.sh.x*
-rw-r–r– 1 lesca lesca 10145 2012-05-16 06:34 random.sh.x.c
 random.sh 是原始的未加密的bash脚本
 random.sh.x 是加密的二进制格式的bash脚本
 random.sh.x.c 是random.sh的C源代码。该文件是从random.sh转换而来的,SHC就是通过将bash脚本转为C语言再编译之进行加密的。
$ file random.sh*
random.sh:     Bourne-Again shell script text executable
random.sh.x:   ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
random.sh.x.c: ASCII C program text
4.执行加密的bash脚本
$ ./random.sh.x
How many random numbers do you want to generate? 3
15146
20741
17825
二、SHC的其他功能
1.设置脚本使用期限
我们可以通过SHC指定程序的有效期,过期后程序将失效,任何尝试运行的用户将收到错误消息。SHC使用-e dd/mm/yyyy来开启该功能:
$ ./shc -e 31/12/2011 -f random.sh
如果程序过期了,将会得到以下消息:
$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider
结合-m “message”选项,我们可以指定发生错误时输出的消息:
$ ./shc -e 31/12/2011 -m “Contact admin@lesca.me for new version of this script” -f random.sh

$ ./random.sh.x
./random.sh.x: has expired!
Contact admin@lesca.me for new version of this script
2.创建可重复发布的加密脚本
 -r: 允许该脚本在同操作系统的不同硬件平台上运行
 -T: 允许让ltrace, strace那样的程序追踪脚本运行
 -v: 输出详细信息
通常-r与-T一起使用,用于创建可重复发布且可追踪的加密脚本,例如:
$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec ‘%s’ “$@”
shc [-l]=
shc opts=
shc: cc  random.sh.x.c -o random.sh.x
shc: strip random.sh.x
shc: chmod go-r random.sh.x

$ ./random.sh.x
How many random numbers do you want to generate? 3
1311
19637
14891

Q: How do I encrypt my bash shell script on Linux environment? The shell script contains password, and I don’t want others who have execute access to view the shell script and get the password. Is there a way to encrypt my shell script?

A: First, as a best practice you should not be encrypting your shell script. You should really document your shell script properly so that anybody who views it understands exactly what it does. If it contains sensitive information like password, you should figure out a different approach to write the shell script without having to encrypt it.
That being said, if you still insist on encrypting a shell script, you can use SHC utility as explained below. Please note that encrypted shell script created by shc is not readable by normal users. However someone who understands how this works can extract the original shell script from the encrypted binary created by shc.
SHC stands for shell script compiler.
1. Download shc and install it
Download shc and install it as shown below.
# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
Verify that shc is installed properly.
$ ./shc -v
shc parse(-f): No source file specified

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
2. Create a Sample Shell Script
Create a sample bash shell script that you like to encrypt using shc for testing purpose.
For testing purpose, let us create the following random.sh shell script which generates random numbers. You have to specify how many random numbers you like to generate.
$ vi random.sh
#!/bin/bash

echo -n “How many random numbers do you want to generate? “
read max

for (( start = 1; start <= $max; start++ ))
do
  echo -e $RANDOM
done

$ ./random.sh
How many random numbers do you want to generate? 3
24682
1678
491
3. Encrypt the Shell Script Using shc
Encrypt the random.sh shell scripting using shc as shown below.
$ ./shc -f random.sh
This will create the following two files:
$ ls -l random.sh*
-rwxrw-r–. 1 ramesh ramesh   149 Mar 27 01:09 random.sh
-rwx-wx–x. 1 ramesh ramesh 11752 Mar 27 01:12 random.sh.x
-rw-rw-r–. 1 ramesh ramesh 10174 Mar 27 01:12 random.sh.x.c
 random.sh is the original unencrypted shell script
 random.sh.x is the encrypted shell script in binary format
 random.sh.x.c is the C source code of the random.sh file. This C source code is compiled to create the above encrypted random.sh.x file. The whole logic behind the shc is to convert the random.sh shell script to random.sh.x.c C program (and of course compile that to generate the random.sh.x executable)
$ file random.sh
random.sh: Bourne-Again shell script text executable

$ file random.sh.x
random.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

$ file random.sh.x.c
random.sh.x.c: ASCII C program text
4. Execute the Encrypted Shell Script
Now, let us execute the encrypted shell script to make sure it works as expected.
$ ./random.sh.x
How many random numbers do you want to generate? 3
7489
10494
29627
Please note that the binary itself is still dependent on the shell (the first line provided in the random.sh. i.e /bin/bash) to be available to execute the script.
5. Specifying Expiration Date for Your Shell Script
Using shc you can also specify an expiration date. i.e After this expiration date when somebody tries to execute the shell script, they’ll get an error message.
Let us say that you don’t want anybody to execute the random.sh.x after 31-Dec-2011 (I used last year date for testing purpose).
Create a new encrypted shell script using “shc -e” option to specify expiration date. The expiration date is specified in the dd/mm/yyyy format.
$ ./shc -e 31/12/2011 -f random.sh
In this example, if someone tries to execute the random.sh.x, after 31-Dec-2011, they’ll get a default expiration message as shown below.
$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider
If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).
$ ./shc -e 31/12/2011 -m “Contact admin@thegeekstuff.com for new version of this script” -f random.sh

$ ./random.sh.x
./random.sh.x: has expired!
Contact admin@thegeekstuff.com for new version of this script
6. Create Redistributable Encrypted Shell Scripts
Apart from -e, and -m (for expiration), you can also use the following options:
 -r will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
 -T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
 -v is for verbose
Typically you might want to use both -r and -T option to craete a redistributable and tracable shell encrypted shell script as shown below.
$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec ‘%s’ “$@”
shc [-l]=
shc opts=
shc: cc  random.sh.x.c -o random.sh.x
shc: strip random.sh.x
s

使用shc加密bash脚本程序的更多相关文章

  1. shc加密shell脚本

    下载地址:http://www.datsi.fi.upm.es/~frosal/sources/ 安装 .tgz cd shc- mkdir -p /usr/local/man/man1 这步是必须的 ...

  2. 高级Bash脚本编程指南(27):文本处理命令(三)

    高级Bash脚本编程指南(27):文本处理命令(三) 成于坚持,败于止步 处理文本和文本文件的命令 tr 字符转换过滤器. 必须使用引用或中括号, 这样做才是合理的. 引用可以阻止shell重新解释出 ...

  3. Bash 脚本编程语言中的美学与哲学

    我承认,我再一次地当了标题党.但是不可否认,这一定是一篇精华随笔.在这一篇中,我将探讨 Bash 脚本语言中的美学与哲学. 这不是一篇 Bash 脚本编程的教程,但是却能让人更加深入地了解 Bash ...

  4. bash 脚本编程 利用 “=” 赋值时,左右不能留空格

    对脚本变量用“=”赋值时, "=" 左右不能留有空格,否则会提示错误. 比如以下例子: #!/bin/bash BEGIN_TIME = `date +%H:%M:%S` ./a. ...

  5. Bash脚本15分钟进阶指导

    首先声明这是网上摘来的.这里的技术技巧最初是来自谷歌的“Testing on the Toilet” (TOTT).这里是一个修订和扩增版本. 脚本安全 我的所有bash脚本都以下面几句为开场白: # ...

  6. Bash脚本实现批量作业并行化

    http://jerkwin.github.io/2013/12/14/Bash%E8%84%9A%E6%9C%AC%E5%AE%9E%E7%8E%B0%E6%89%B9%E9%87%8F%E4%BD ...

  7. 一键自动发布ipa(更新svn,拷贝资源,压缩资源,加密图片资源,加密数据文件,加密lua脚本,编译代码,ipa签名,上传ftp)

    一键自动发布ipa(更新svn,拷贝资源,压缩资源,加密图片资源,加密数据文件,加密lua脚本,编译代码,ipa签名,上传ftp) 程序员的生活要一切自动化,更要幸福^_^. 转载请注明出处http: ...

  8. 【转】如何调试bash脚本

    本文转自:http://coolshell.cn/articles/1379.html Bash 是Linux操作系统的默认Shell脚本.Shell是用来处理操作系统和用户交互的一个程序.Shell ...

  9. 一个很不错的bash脚本编写教程

    转自 http://blog.chinaunix.net/uid-20328094-id-95121.html 一个很不错的bash脚本编写教程,至少没接触过BASH的也能看懂! 建立一个脚本 Lin ...

随机推荐

  1. AsyncLocal 与 ThreadLocal ThreadStatic特性简介

    AsyncLocal 与 ThreadLocal [.NET深呼吸]基于异步上下文的本地变量(AsyncLocal) https://www.cnblogs.com/tcjiaan/p/5007737 ...

  2. WebApi Helper帮助文档 swagger

      http://www.it165.net/pro/html/201602/61437.htmlhttp://www.cnblogs.com/gossip/p/4546630.html       ...

  3. jQuery自动完成插件flexselect

    项目中使用flexselect自动完成插件时遇到一个问题 刚开始以为是js的引用顺序有问题,但是查看后发现不是js引用顺序问题 js引用顺序如下 最后查找资料也没有解决问题,一直提示这个错误 后来在f ...

  4. python 缺失值的向前填充

    method='bfill'可实现按下方值填充

  5. javascript获取浏览器高度与宽度信息

    网页可见区域宽:document.body.clientWidth网页可见区域高:document.body.clientHeight网页可见区域宽:document.body.offsetWidth ...

  6. python3+Appium自动化12-H5元素定位环境搭建

    前言 在混合开发的App中,经常会有内嵌的H5页面.那么这些H5页面元素该如何进行定位操作呢? 针对这种场景直接使用前面所讲的方法来进行定位是行不通的,因为前面的都是基于Andriod原生控件进行元素 ...

  7. Matlab 2013a 和 VS2010 混合编程

    最近由于项目需求,某项目的算法是基于MATLAB完成的,在短时间内需要去调用算法功能.因此,基于MATLAB生成DLL, C 调用的方式完成. 环境:MATLAB 2013a + VS2010 + w ...

  8. 浅入分析Linux

    Linux 操作系统必须完成的两个主要目的 与硬件部分交互, 为包含在硬件平台上的所有底层可编程部件提供服务 为运行在计算机系统上的应用程序(即所谓的用户空间)提供执行环境 一些操作系统运行所有的用户 ...

  9. Python 科学工具使用

    Python 科学工具笔记 numpy a = numpy.array([1,2,3,4]);// 创建一个numpy的数组对象 此时a.shape显示的值为(4,); 由此得出结论在一维的数组中, ...

  10. Qmake 配置自定义编译过程

    Qmake 配置自定义编译过程 需求:动态更换资源文件 在 Windows10 下编写 Qt 项目时,有这样的需求: 程序用到的资源文件可以动态更换而不需要重新编译整个项目 解决方案 0.1 将所有的 ...