LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   can i encrypt a shell script (https://www.linuxquestions.org/questions/linux-general-1/can-i-encrypt-a-shell-script-828096/)

HuMan-BiEnG 08-23-2010 08:11 PM
can i encrypt a shell script
 
Hello everyone ,

is there any good way to encrypt a bash script

to make no one view its contents & so cant edit it

thanks for everyone

sag47 08-23-2010 08:35 PM
You're looking for code obfuscation.

Google "obfuscate shell script"

The first entry leads you here...
http://www.comp.eonworks.com/scripts...-20011012.html

I duno why you'd want to do that though. Kinda goes against the open source spirit amiright?

HuMan-BiEnG 08-24-2010 01:42 AM
Quote:
Originally Posted by sag47 (Post 4075609)
You're looking for code obfuscation.

Google "obfuscate shell script"

The first entry leads you here...
http://www.comp.eonworks.com/scripts...-20011012.html

I duno why you'd want to do that though. Kinda goes against the open source spirit amiright?
Hello SAG ,

first thank you for helping me man ,& i really apreciate this so much

second ,no i like open source, but i want this to encrypt a shell script that will do a project in our company & i want to be the only responsible one for this project ,as the company fired me since one month ago & returned me again then asked for this project, so i didnt want the company to take it,cuz it may fire me again or even if they did ,then they will feel that they really loose me,,

maybe i'm bad in this thing ,but life is hard & i have a house & wife

thanks again SAG & accept my best regards man

EricTRA 08-24-2010 01:49 AM
Hello,

This also may be helpfull:
Encrypting shell scripts
Encrypting shell scripts 2

Kind regards,

Eric

PankajRasuni 08-24-2010 02:23 AM
You can encrypt them using openssl modules.

but in that case running them in openssl requires password to decrypt them & execute it..Make an entry on crontab with some prerequisite details. May it works

konsolebox 08-24-2010 03:40 AM
I wonder. They probably do the encryption this way:

Encrypt:

1) Encrypt text of script.
2) Bind the encrypted text with an executable.

Decrypt and Run:

1) Executable decrypts bound text.
2) Open a pipe. Run bash making it read the pipe just like a file. Send decrypted text to pipe.

However I think the decrypted text sent to pipe can be intercepted.. somewhere or somehow.

sag47 08-24-2010 08:33 AM
Quote:
Originally Posted by konsolebox (Post 4075874)
I wonder. They probably do the encryption this way:

Encrypt:

1) Encrypt text of script.
2) Bind the encrypted text with an executable.

Decrypt and Run:

1) Executable decrypts bound text.
2) Open a pipe. Run bash making it read the pipe just like a file. Send decrypted text to pipe.

However I think the decrypted text sent to pipe can be intercepted.. somewhere or somehow.
Do you mean for code obfuscation? If so then you're getting way too complicated. It's not encrypted with a key or anything like that. It's rewritten into such a way that it is unreadable for humans to easily edit.

There's two main methods of obfuscation that I can think of off of the top of my head.
1) take out all white spaces and comments and compact the code to a single line. (aka compacting)
2) Do same as #1 but in addition take and create an inhuman amount of variables and scramble them up in a confusing manner.

Here's an example using Javascript...
Plain text
PHP Code:
var a="Hello World!";
function MsgBox(msg)
{
    alert(msg+"\n"+a);
}
MsgBox("OK"); 
Obfuscated JavaScript
PHP Code:
var _0x41a8=["\x48\x65\x6C\x6C\x6F\x20\x57\x6F\x72\x6C\x64\x21","\x0A","\x4F\x4B"];var a=_0x41a8[0];function MsgBox(_0x786dx3){alert(_0x786dx3+_0x41a8[1]+a);} ;MsgBox(_0x41a8[2]); 
When you run both of them in a browser they do the exact same thing. Now imagine a JavaScript program with 1500 lines of code which has been obfuscated. It would be nearly impossible to decrypt by a human. Hundreds of man hours would be wasted doing it even if it were decrypted. Either way the person trying to get the code has wasted time and money.

Quote:
Originally Posted by HuMan-BiEnG (Post 4075812)
maybe i'm bad in this thing ,but life is hard & i have a house & wife
Ethically I don't think you're wrong. It all breaks down to company loyalty and the misunderstanding relationship between employee and company. If the company is not required to show loyalty to it's employees and fire them at any time then why should the employee have to show loyalty to the company? You should look into "whistle blowing" for more information on what I mean.

SAM

djsmiley2k 08-24-2010 08:38 AM
I'd fire you for handing in code like that.

Something to concider.

konsolebox 08-24-2010 08:25 PM
@sag47 Then that's more on scrambling not encrypting since it's not intended to be read (decrypted to original source) on later part.

sag47 08-25-2010 12:03 AM
I never said it was encrypted, in fact I stated it was not encryption. He wanted to know how to hide the code. Code obfuscation is how one would do it without compiling it into a binary. People commonly mistake code obfuscation for encryption so usually when they ask for code encryption what they actually want is obfuscation. I seriously doubt the OP wants to enter a password just to have a script decoded each time it was ran. On top of any root level password needed.

EricTRA 08-25-2010 12:30 AM
Quote:
Originally Posted by sag47 (Post 4076860)
I never said it was encrypted, in fact I stated it was not encryption. He wanted to know how to hide the code. Code obfuscation is how one would do it without compiling it into a binary. People commonly mistake code obfuscation for encryption so usually when they ask for code encryption what they actually want is obfuscation. I seriously doubt the OP wants to enter a password just to have a script decoded each time it was ran. On top of any root level password needed.
Hi,

If you don't mind, have a look at the first link I posted in post #4. From that page:
Quote:
The program "shc" creates C source code out of your shell script then encrypts it (script.sh.x.c). The encrypted shell script is: script.sh.x. Now copy the original "script.sh" file to a floppy disk or some other system for backup or in case you need to edit it in the future. Then, delete it from the server and delete the "script.sh.x.c" file it creates.

Neat feature

You can also specify a time limit on the shell script so that it will no longer execute after a certain date and you can specify a custom message to echo back to the user. Run this command on the "script.sh" file we created earlier in this tut:

shc -e 09/10/2004 -m "Dude it is too late to run this script." -f script.sh
./script.sh.x
./script.sh.x has expired!
Dude it is too late to run this script.

In the above command the date October 9, 2004 is set as the expiration date (-e 09/10/2004) and the custom message was set to display to the user (-m "Dude it is too late to run this script.") when the binary is executed. Note the date format is dd/mm/yyyy.
By using shc there's no need at all to decrypt a script before running it. If OP want encryption then I believe this is the easiest way to go. The encrypted script is the only one he has to leave on the server, is executable but unreadable. I've used it on various occasions and it does the trick.

Kind regards,

Eric

HuMan-BiEnG 08-25-2010 01:06 AM
Quote:
yeah, you are right SAM :( , & soon i will leave the company ,but the stillnt come

Quote:

This also may be helpfull:
Encrypting shell scripts
Encrypting shell scripts 2
Hello ERIC :) ,,

thanks alot for you ERIC & SAM

& both of you accept my best regards :hattip:

EricTRA 08-25-2010 01:08 AM
Hi,

You're welcome and I hope all goes well for you. Have a nice day.

Kind regards,

Eric

konsolebox 08-25-2010 02:52 AM
Quote:
Do you mean for code obfuscation? If so then you're getting way too complicated. It's not encrypted with a key or anything like that. It's rewritten into such a way that it is unreadable for humans to easily edit.
No I never meant "code obfuscation". You're the only one who made an assumption for that. And I don't think it is that complicated in fact the concept is way too simple for me.

Quote:
Originally Posted by sag47 (Post 4076860)
I never said it was encrypted, in fact I stated it was not encryption. He wanted to know how to hide the code. Code obfuscation is how one would do it without compiling it into a binary. People commonly mistake code obfuscation for encryption so usually when they ask for code encryption what they actually want is obfuscation. I seriously doubt the OP wants to enter a password just to have a script decoded each time it was ran. On top of any root level password needed.
Yup but unfortunately that was what the OP requested (see title). You're the only one who decided that it's not. Making a reply based on his question I think could never be a bad move on my part.

sag47 08-25-2010 11:34 AM
@konsolebox: why are you breaking my balls man? The OP said it answered his question.

At any rate this is my last reply to this thread since it is now off topic.


All times are GMT -5. The time now is 05:37 PM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page