Can we hide the code of a Shell Script?

kushalkoolwal · 10-06-2005, 10:24 AM

Hi Guys,

I have written a shell script called install.sh consisting of various commands(around 200 lines). The script works fine.
Now, what I would like to know is that if there is any way by which I can hide the code of the script by using some encryption? If not encryption then, will it make sense to put the entire script in a C program and then compile it to just get a binary file and then execute it in a shell?

Basically, all I want is that my code in the shell script should not be seen? Is it possible to do that?

thanks

MensaWater · 10-06-2005, 10:52 AM

If you want to hide it you could just set it up so that it can only be read by root then give sudo access to execute it to the users you intend to run it.

You could do C and run the various lines as "system ..." but it seems if you know C well enough it would be best to create a C binary.

Once upon a time there was a company called Lone-Tar that made various little products for Unix one of which I evaluated was to make binaries out of shell scripts. It worked fine but on running tests it didn't operate any more quickly than the original shell script so I suspected it just did the multiple system calls I mentioned above. However it did hide the code so would have worked for the application I'd intended (didn't know about sudo then and not even sure it existed then).

Their web site is www.cactus.com - Just had a look and don't see the product listed and I don't recall what it was called. Perhaps if you phone them they still have it and can give you details.

kushalkoolwal · 10-06-2005, 10:57 AM

Thanks for reply and the website. Actually, my script just contains a bunch of Linux system administration commands.And also the root user option that you have sugested would not work because the people who are going to run the script will have the root access so that option is ruled out.

Is there a significant disadvantage is I put all the commands using system("command-name") in the C file? Is there any other way by which I can do this in a C Program?

Also I will check the website and let you know.

thanks

MensaWater · 10-06-2005, 11:04 AM

Only disadvantage of embedding "system" in your C code is that it is slower than a binary needs to be. Binaries are machine code so don't need to be interpreted. Shell scripts do and "system" calls essentially do the same thing as a shell.

That is to say a C program you wrote from scratch using C libraries would normally be much faster than a shell script that had the same purpose. This is one of the reasons Perl is around. It tries to combine the speed of C with the accessibility of shell scripting.

Unfortunately I've never spent much time in C so can't really give you good coding tips for it.

kushalkoolwal · 10-06-2005, 11:12 AM

Well I guess then 'C' is the way to go unless someone has any other suggestion to give?

Guys if anyone has any idea or has done something similar in past please let me know?

thank you.

sirclif · 10-06-2005, 11:30 AM

http://www.google.com/search?hl=en&q...script&spell=1

kushalkoolwal · 10-06-2005, 11:43 AM

Quote:

Originally posted by sirclif
http://www.google.com/search?hl=en&q...script&spell=1

Thanks that's awesome. Something which I wanted exactly. although I will have to try it out for performance testing? have you tried before?

sirclif · 10-06-2005, 11:45 AM

No, i've never needed to hide my code from someone.

jlliagre · 10-06-2005, 11:54 AM

Quote:

No, i've never needed to hide my code from someone.

Right, and this is the way to follow !
Hiding code is wanted only for wrong reasons, and is doomed anyway.
Anyone wanting to crack it will succeed doing it sooner or later ...

MensaWater · 10-06-2005, 11:54 AM

Looks like shc does what he wants. However further google on shc itself indicates it isn't that hard to hack the encryption but for preventing casual view of your shell code it looks like it would do the trick. It sounds like it does pretty much what the product I'd gotten from Cactus previously was doing.

Hko · 10-06-2005, 01:11 PM

If you only want to hide it for the ignorant user, you "encrypt" your script with rot13.

Say your script is called "script.sh". You can "encrypt" it with:

Code:

shell$ cat script.sh | tr 'a-zA-Z' 'n-za-mN-ZA-M' >skrypt.sh

Then put this code at the very start of the encrypted script "skrypt.sh":

Code:

#!/bin/sh
FIFO=/tmp/__skrypt_$(date +%F)_$$
mkfifo $FIFO
sh $FIFO &
tr 'a-zA-Z' 'n-za-mN-ZA-M' >$FIFO <<EOF_EOF

...and put these lines at the very end of the "encrypted" script:

Code:

EOF_EOF
rm $FIFO >/dev/null 2>/dev/null

E.g. this is a complete "ecnrypted" script:

Code:

#!/bin/sh
FIFO=/tmp/__skrypt_$(date +%F)_$$
rm $FIFO >/dev/null 2>/dev/null
mkfifo $FIFO
sh $FIFO &
tr 'a-zA-Z' 'n-za-mN-ZA-M' >$FIFO <<EOF_EOF

# BEGIN of ecrypted script
#!/ova/fu

rpub "Tbbq zbeavat"
rpub "Tbrqrazbetra"
rpub "Thgragnt"
rpub "Ohrabf qvnf"
rpub "Nybun"

# END of ecrypted script

EOF_EOF
rm $FIFO >/dev/null 2>/dev/null

P.S. Rot13 "encryption" is weak. Repeat the steps above for the already "encrypted" script to get double rot13 "encryption".

kushalkoolwal · 10-06-2005, 01:25 PM

Quote:

Originally posted by jlliagre
Right, and this is the way to follow !
Hiding code is wanted only for wrong reasons, and is doomed anyway.
Anyone wanting to crack it will succeed doing it sooner or later ...

Well, there is not bad intent to hide the code in my case if you believe me. . I have a constraint because if novice user modify my scripts, there is a quite a possibility that they might screw their own systems(since the script does some sysadmin tasks) and that;s the reason I wanted to hide the code in the script.

Anyways thank you for your suggestion

kushalkoolwal · 10-06-2005, 01:27 PM

Quote:

Originally posted by Hko
If you only want to hide it for the ignorant user, you "encrypt" your script with rot13.

Say your script is called "script.sh". You can "encrypt" it with:

Code:

shell$ cat script.sh | tr 'a-zA-Z' 'n-za-mN-ZA-M' >skrypt.sh

Then put this code at the very start of the encrypted script "skrypt.sh":

Code:

#!/bin/sh FIFO=/tmp/__skrypt_$(date +%F)_$$ mkfifo $FIFO sh $FIFO & tr 'a-zA-Z' 'n-za-mN-ZA-M' >$FIFO <<EOF_EOF

...and put these lines at the very end of the "encrypted" script:

Code:

EOF_EOF rm $FIFO >/dev/null 2>/dev/null

E.g. this is a complete "ecnrypted" script:

Code:

#!/bin/sh FIFO=/tmp/__skrypt_$(date +%F)_$$ rm $FIFO >/dev/null 2>/dev/null mkfifo $FIFO sh $FIFO & tr 'a-zA-Z' 'n-za-mN-ZA-M' >$FIFO <<EOF_EOF # BEGIN of ecrypted script #!/ova/fu rpub "Tbbq zbeavat" rpub "Tbrqrazbetra" rpub "Thgragnt" rpub "Ohrabf qvnf" rpub "Nybun" # END of ecrypted script EOF_EOF rm $FIFO >/dev/null 2>/dev/null

P.S. Rot13 "encryption" is weak. Repeat the steps above for the already "encrypted" script to get double rot13 "encryption".

First of all thank you for your suggestion and effort. I appreciate that. Hko, What do u think is a better way to go?

1. To put the script in a C file and use system calls
2. To use the 'SHC' utility
3. To use your method of Rot13

Which one is more robust?

Thanks

paulsm4 · 10-06-2005, 01:32 PM

Uh - let me get this straight:

- These users are so ignorant they're likely to trash their systems ... but you're giving them root privileges?

- And you're worried that they'll read your code (which does some task correctly) and deliberately
hack it, and hack it incorrectly, and so that's why you need to "lock it up"???

Encryption might help.

But it sounds like a written "System Use" policy, together with a solid user training and support program, might be a much better overall solution in the long run.

IMHO .. PSM

kushalkoolwal · 10-06-2005, 01:51 PM

Guys i have another related question which you might find it silly.But that;s how we learn.

What difference is the difference between:
1. When we encrypt a file with some algorithm or
2. Write a C code and get a binary file.

Are there any utilities which can get the C source code from the C binary file? I always use to wonder about this.

Thank you guys for all your help and suggestion.