LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 09-26-2008, 06:03 AM   #1
madhi
Member
 
Registered: May 2008
Posts: 31

Rep: Reputation: 15
convert shell script to a binary executable


Hi,

Need to convert a shell script to a binary executable form,so that script is not readable and should not be modifiable.

I used shc (the shell script compiler) , but shc is not working in cygwin.
I am using Cygwin as the linux simulator .

Is there any alternative approach in cygwin?
 
Old 09-26-2008, 07:42 AM   #2
clvic
Member
 
Registered: Feb 2008
Location: Rome, Italy
Distribution: OpenSuSE 11.x, vectorlinux, slax, Sabayon
Posts: 206
Blog Entries: 2

Rep: Reputation: 44
Are you using the binary version of shc? You can compile it from scratch in cygwin.
Then, it generates a .c file from a bash script, and you can compile it and that should do the trick
 
Old 09-26-2008, 07:46 AM   #3
ghostdog74
Senior Member
 
Registered: Aug 2006
Posts: 2,695
Blog Entries: 5

Rep: Reputation: 240Reputation: 240Reputation: 240
if you are resorting to this, you most probably isn't using the correct method. The best way is to restrict who can or cannot use your script using permissions. you might also want to consider creating an interface, such as a web interface where you restrict user actions by a set of buttons and proper authentication.
 
Old 09-26-2008, 09:08 AM   #4
madhi
Member
 
Registered: May 2008
Posts: 31

Original Poster
Rep: Reputation: 15
Thanks for the reply

I have installed Generic Script Compiler(shc) Version 3.8.6 under cygwin env, but it is not encrypting the script file.

$ shc -v -r -T -f test.sh
/usr/local/bin/shc: /usr/local/bin/shc: cannot execute binary file

Not able to view help, but the shc binary is present in /usr/local/bin:

$ /usr/local/bin/shc --help
/usr/local/bin/shc: /usr/local/bin/shc: cannot execute binary file

The same setup works in Linux.
 
Old 09-26-2008, 09:15 AM   #5
madhi
Member
 
Registered: May 2008
Posts: 31

Original Poster
Rep: Reputation: 15
I have compiled the code from scratch under cygwin, Din't use any Binary version.
 
0 members found this post helpful.
Old 06-25-2012, 05:10 AM   #6
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian
Posts: 1,266

Rep: Reputation: 99
Unhappy Does not works for other server where binary is built

Dear All,

I am sitting on CentOS 5.4 64 Bit servers.

I need to convert a bash shell script to a binary since it has my passwords (for sudo / ssh) hardcoded.

I have found a way to get this done on the same server through this link.

Binary works well on the same server, but if I scp it to another server it works sometime and at time it does not. However, in the non working server if I execute the script (not binary) it works fine.

Any alternative method to get the binary working on all Linux servers (at least of same flavor) ?
 
Old 06-25-2012, 05:24 AM   #7
dwhitney67
Senior Member
 
Registered: Jun 2006
Location: Maryland
Distribution: Kubuntu, Fedora, RHEL
Posts: 1,507

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Quote:
Originally Posted by vikas027 View Post
I need to convert a bash shell script to a binary since it has my passwords (for sudo / ssh) hardcoded.
I'm sorry I cannot help you with your request, but I'm replying because I want you to be aware that converting a shell-script to binary is not going to mask your hard-coded passwords. The string literals will still be visible to anyone who can read the binary file. All they would have to do is use /usr/bin/od or other similar tool for dumping the contents of the binary file.

Thus, as one person hinted at earlier in this thread, the best security to prevent someone from perusing your file is to set the file permissions to the most restrictive setting. But the better choice would be to remove the passwords from the file; surely there are alternatives.
 
Old 06-25-2012, 05:34 AM   #8
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian
Posts: 1,266

Rep: Reputation: 99
Quote:
Originally Posted by dwhitney67 View Post
I'm sorry I cannot help you with your request, but I'm replying because I want you to be aware that converting a shell-script to binary is not going to mask your hard-coded passwords. The string literals will still be visible to anyone who can read the binary file. All they would have to do is use /usr/bin/od or other similar tool for dumping the contents of the binary file.

Thus, as one person hinted at earlier in this thread, the best security to prevent someone from perusing your file is to set the file permissions to the most restrictive setting. But the better choice would be to remove the passwords from the file; surely there are alternatives.
Thanks dwhitney67, I just checked through od and hexdump command, none of them showed the password.

$ hexdump swapcpu.sh.x | grep -i peter
$ od swapcpu.sh.x | grep -i peter

Surely, I can harden the permissions but I do not have an option to remove passwords.

Please help me with other alternatives. Thanks in advance.
 
Old 06-25-2012, 06:12 AM   #9
pan64
Senior Member
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 4,500

Rep: Reputation: 1221Reputation: 1221Reputation: 1221Reputation: 1221Reputation: 1221Reputation: 1221Reputation: 1221Reputation: 1221Reputation: 1221
you need to save the password in another file with minimal access rights and the shell will read info from that file. Also you can try to hide the path with some tricks (for example it is generated), but that can be catched by strace. Also you can use a server app to send such info, but you need to protect the communication also. And there can be other possibilities, but we do not know what this script do with that pw.
 
Old 06-25-2012, 09:44 AM   #10
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian
Posts: 2,396

Rep: Reputation: 814Reputation: 814Reputation: 814Reputation: 814Reputation: 814Reputation: 814Reputation: 814
Quote:
Originally Posted by dwhitney67 View Post
I'm sorry I cannot help you with your request, but I'm replying because I want you to be aware that converting a shell-script to binary is not going to mask your hard-coded passwords. The string literals will still be visible to anyone who can read the binary file. All they would have to do is use /usr/bin/od or other similar tool for dumping the contents of the binary file.
Well the manpage for shc says it "encodes and encrypts" the shell script. Of course the decryption key is inside the resultant file so it's still easy to get the password but you need to do a bit more than just dump the contents.
 
Old 06-25-2012, 10:01 AM   #11
dwhitney67
Senior Member
 
Registered: Jun 2006
Location: Maryland
Distribution: Kubuntu, Fedora, RHEL
Posts: 1,507

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
Quote:
Originally Posted by ntubski View Post
Well the manpage for shc says it "encodes and encrypts" the shell script. Of course the decryption key is inside the resultant file so it's still easy to get the password but you need to do a bit more than just dump the contents.
Yes, my bad... thoughts entered my mind before I actually did any research on the shc application.
 
Old 07-24-2012, 07:14 AM   #12
eschuch
LQ Newbie
 
Registered: Dec 2010
Posts: 4

Rep: Reputation: 0
Compile bash under cygwin

Ok. Realy old, but I was looking for it and decide to do my self and make it public.
http://goo.gl/M1NSY
Compile your bash script under cygwin!


Quote:
Originally Posted by madhi View Post
Hi,

Need to convert a shell script to a binary executable form,so that script is not readable and should not be modifiable.

I used shc (the shell script compiler) , but shc is not working in cygwin.
I am using Cygwin as the linux simulator .

Is there any alternative approach in cygwin?
 
Old 07-24-2012, 07:35 AM   #13
schneidz
Senior Member
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-19-live-usb/ aix
Posts: 3,840

Rep: Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590Reputation: 590
Quote:
Originally Posted by vikas027 View Post
Thanks dwhitney67, I just checked through od and hexdump command, none of them showed the password.

$ hexdump swapcpu.sh.x | grep -i peter
$ od swapcpu.sh.x | grep -i peter

Surely, I can harden the permissions but I do not have an option to remove passwords.

Please help me with other alternatives. Thanks in advance.
strings command would most likely work in this case.
 
Old 07-24-2012, 09:36 AM   #14
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian
Posts: 2,396

Rep: Reputation: 814Reputation: 814Reputation: 814Reputation: 814Reputation: 814Reputation: 814Reputation: 814
Quote:
Originally Posted by schneidz View Post
strings command would most likely work in this case.
No, that won't work for the same reason grep won't work, see my post #10.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How Can I convert Hex to Binary in a perl script telecom_is_me Programming 18 10-11-2010 04:34 PM
shell script to execute my c executable cranium2004 Programming 2 04-06-2005 05:26 AM
How do you turn an executable into a shell script? Thaidog Linux - Newbie 1 09-20-2004 07:20 PM
Convert from shell script to binary? Anon123 Linux - General 4 06-26-2004 05:53 AM
Make a shell script executable but not readable davholla Linux - Security 5 03-24-2004 03:44 AM


All times are GMT -5. The time now is 11:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration