-   Linux - Newbie (
-   -   Encrypting scripts into Binary Executables (

muazfarooqaslam 01-07-2008 08:49 AM

Encrypting scripts into Binary Executables

Can anyone please tell me how to encrypt/encode shell scripts into binary executables so that scripts can be protected from modification or inspection. There is a good utility on the following link,

I have tried it successfully on RedHat Linux but its not working on HP-Unix.

Is there any other way to achieve this?

unSpawn 01-07-2008 09:15 AM

BTW[0]: If it's about HP-UX it should be in the "other *NIX" forum. This one's for GNU/Linux.

BTW[1]: saying "its not working" doesn't help us help you. Provide exact details could help.

BTW[2]: Just so you don't think encrypting scripts provides protection against inspection search the Linux Security forum for threads about script encryption and its pitfalls or see under "Hiding Shell Script Source".

muazfarooqaslam 01-08-2008 12:40 AM

Its not only about Unix. I wanted to know if there exits any method to encrypt shell scripts on any *nix platform besides the utility i mentioned in my last post.

As far as error is concerned, when i try to run binary executable on HP-Unix, it gives following error,

psa1a: ...tmp20080104/shc-3.8.6 64 > shc -e 01/06/2008 -m "License Expired on 01/06/2008. Please contact Muaz Farooq." -f trstat
shc: Exec format error. Binary file not executable.
Exit 1

psa1a: ...tmp20080104/shc-3.8.6 65 >

Here trstat is my script for which I want to create an executable and shc is the utility which creates binary executables. Besides encrypting this utility (shc) also creates license. -e and -m are flags for creating license.

The script for which i am trying to create binary executable is written by me so no threat of virus or something. If encryption is not a good idea, is there any other way scripts can be protected from inspection.

matthewg42 01-08-2008 01:30 AM

I would advise against using script obfuscation methods such as shc. These techniques will make it more difficult than is necessary to maintain your scripts, and more difficult to solve problems if they occur.

They also add a false sense of security. For example, someone taking security seriously would not consider compiling C code into a binary to add any security at all, and you should not consider a script obfuscator a security measure either. Just because the behaviour of the program is a little less readable doesn't help to secure it - a half competent analyst will be able to work out what such a program does fairly easily, and recover the likes of embedded passwords from such a script.

muazfarooqaslam 01-08-2008 06:03 AM

Alright, then what do you recommend should be done to protect a script from inspection/modification provided chmod cant be used as all users have same access?

matthewg42 01-08-2008 06:39 AM

If you are trying to prevent someone from copying your proprietary code, that is one use of copyright. You probably cannot stop them from reversing your obfuscated program and working out how to do it themselves (or from modifying it to make it do something else), but you can copyright your work to make it illegal for them to do so. Then you have legal recourse. You can also use contracts to agree what can and cannot be done with a program you provide to someone else.

If you are really interested in security (very different from protecting your revenue) there is not a reliable software-only method. A more reliable method is to use encrypted binaries and TPM, and even then there are going to be hardware attacks.

The problem boils down to the same one as trying to distribute "DRM-protected" media - the attacker and the recipient are the same person.

matthewg42 01-08-2008 07:01 AM

Why do you want to do it by the way?

All times are GMT -5. The time now is 02:08 PM.