LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-07-2008, 09:49 AM   #1
muazfarooqaslam
LQ Newbie
 
Registered: Dec 2007
Posts: 22

Rep: Reputation: 15
Encrypting scripts into Binary Executables


Hi,

Can anyone please tell me how to encrypt/encode shell scripts into binary executables so that scripts can be protected from modification or inspection. There is a good utility on the following link,

http://www.datsi.fi.upm.es/~frosal/

I have tried it successfully on RedHat Linux but its not working on HP-Unix.

Is there any other way to achieve this?
 
Old 01-07-2008, 10:15 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
BTW[0]: If it's about HP-UX it should be in the "other *NIX" forum. This one's for GNU/Linux.

BTW[1]: saying "its not working" doesn't help us help you. Provide exact details could help.

BTW[2]: Just so you don't think encrypting scripts provides protection against inspection search the Linux Security forum for threads about script encryption and its pitfalls or see http://tldp.org/LDP/abs/html/securityissues.html under "Hiding Shell Script Source".
 
Old 01-08-2008, 01:40 AM   #3
muazfarooqaslam
LQ Newbie
 
Registered: Dec 2007
Posts: 22

Original Poster
Rep: Reputation: 15
Its not only about Unix. I wanted to know if there exits any method to encrypt shell scripts on any *nix platform besides the utility i mentioned in my last post.

As far as error is concerned, when i try to run binary executable on HP-Unix, it gives following error,

psa1a: ...tmp20080104/shc-3.8.6 64 > shc -e 01/06/2008 -m "License Expired on 01/06/2008. Please contact Muaz Farooq." -f trstat
shc: Exec format error. Binary file not executable.
Exit 1

psa1a: ...tmp20080104/shc-3.8.6 65 >

Here trstat is my script for which I want to create an executable and shc is the utility which creates binary executables. Besides encrypting this utility (shc) also creates license. -e and -m are flags for creating license.


The script for which i am trying to create binary executable is written by me so no threat of virus or something. If encryption is not a good idea, is there any other way scripts can be protected from inspection.
 
Old 01-08-2008, 02:30 AM   #4
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
I would advise against using script obfuscation methods such as shc. These techniques will make it more difficult than is necessary to maintain your scripts, and more difficult to solve problems if they occur.

They also add a false sense of security. For example, someone taking security seriously would not consider compiling C code into a binary to add any security at all, and you should not consider a script obfuscator a security measure either. Just because the behaviour of the program is a little less readable doesn't help to secure it - a half competent analyst will be able to work out what such a program does fairly easily, and recover the likes of embedded passwords from such a script.
 
Old 01-08-2008, 07:03 AM   #5
muazfarooqaslam
LQ Newbie
 
Registered: Dec 2007
Posts: 22

Original Poster
Rep: Reputation: 15
Alright, then what do you recommend should be done to protect a script from inspection/modification provided chmod cant be used as all users have same access?
 
Old 01-08-2008, 07:39 AM   #6
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
If you are trying to prevent someone from copying your proprietary code, that is one use of copyright. You probably cannot stop them from reversing your obfuscated program and working out how to do it themselves (or from modifying it to make it do something else), but you can copyright your work to make it illegal for them to do so. Then you have legal recourse. You can also use contracts to agree what can and cannot be done with a program you provide to someone else.

If you are really interested in security (very different from protecting your revenue) there is not a reliable software-only method. A more reliable method is to use encrypted binaries and TPM, and even then there are going to be hardware attacks.

The problem boils down to the same one as trying to distribute "DRM-protected" media - the attacker and the recipient are the same person.
 
Old 01-08-2008, 08:01 AM   #7
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
Why do you want to do it by the way?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
encrypting tariq07 Linux - Security 1 03-13-2007 02:35 AM
LXer: To binary or not to binary, that is the question LXer Syndicated Linux News 0 12-31-2006 10:33 AM
Do I need binary 1 and binary 2 dvd iso for base install? salah-ad-din Debian 5 08-15-2006 05:43 PM
encrypting emails WannaLearnLinux Linux - Security 6 07-12-2004 02:57 AM
encrypting im1crazyassmofo Linux - General 1 04-20-2003 10:15 PM


All times are GMT -5. The time now is 06:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration