Hi,

Need to convert a shell script to a binary executable form,so that script is not readable and should not be modifiable.

I used shc (the shell script compiler) , but shc is not working in cygwin.
I am using Cygwin as the linux simulator .

Is there any alternative approach in cygwin?

Are you using the binary version of shc? You can compile it from scratch in cygwin.
Then, it generates a .c file from a bash script, and you can compile it and that should do the trick

if you are resorting to this, you most probably isn't using the correct method. The best way is to restrict who can or cannot use your script using permissions. you might also want to consider creating an interface, such as a web interface where you restrict user actions by a set of buttons and proper authentication.

Thanks for the reply

I have installed Generic Script Compiler(shc) Version 3.8.6 under cygwin env, but it is not encrypting the script file.

$ shc -v -r -T -f test.sh
/usr/local/bin/shc: /usr/local/bin/shc: cannot execute binary file

Not able to view help, but the shc binary is present in /usr/local/bin:

$ /usr/local/bin/shc --help
/usr/local/bin/shc: /usr/local/bin/shc: cannot execute binary file

The same setup works in Linux.

I have compiled the code from scratch under cygwin, Din't use any Binary version.

0 members found this post helpful.

Dear All,

I am sitting on CentOS 5.4 64 Bit servers.

I need to convert a bash shell script to a binary since it has my passwords (for sudo / ssh) hardcoded.

I have found a way to get this done on the same server through this link.

Binary works well on the same server, but if I scp it to another server it works sometime and at time it does not. However, in the non working server if I execute the script (not binary) it works fine.

Any alternative method to get the binary working on all Linux servers (at least of same flavor) ?

I'm sorry I cannot help you with your request, but I'm replying because I want you to be aware that converting a shell-script to binary is not going to mask your hard-coded passwords. The string literals will still be visible to anyone who can read the binary file. All they would have to do is use /usr/bin/od or other similar tool for dumping the contents of the binary file.

Thus, as one person hinted at earlier in this thread, the best security to prevent someone from perusing your file is to set the file permissions to the most restrictive setting. But the better choice would be to remove the passwords from the file; surely there are alternatives.

Thanks dwhitney67, I just checked through od and hexdump command, none of them showed the password.

$ hexdump swapcpu.sh.x | grep -i peter
$ od swapcpu.sh.x | grep -i peter

Surely, I can harden the permissions but I do not have an option to remove passwords.

Please help me with other alternatives. Thanks in advance.

you need to save the password in another file with minimal access rights and the shell will read info from that file. Also you can try to hide the path with some tricks (for example it is generated), but that can be catched by strace. Also you can use a server app to send such info, but you need to protect the communication also. And there can be other possibilities, but we do not know what this script do with that pw.

Well the manpage for shc says it "encodes and encrypts" the shell script. Of course the decryption key is inside the resultant file so it's still easy to get the password but you need to do a bit more than just dump the contents.

Yes, my bad... thoughts entered my mind before I actually did any research on the shc application.

Ok. Realy old, but I was looking for it and decide to do my self and make it public.
http://goo.gl/M1NSY
Compile your bash script under cygwin!

strings command would most likely work in this case.

No, that won't work for the same reason grep won't work, see my post #10.