tags:

views:

85

answers:

2
+1  Q: 

Retrieve plain text script from compiled bash script

Some time ago, i wrote some bash scripts for my school. I thought it would be very clever to 'protect' them, so i compiled them with shc into a binary file. Some weeks later, i lost the uncompiled scripts and now i have only my binarys left.

Is there a way to retrieve the scripts back from the shc generated binarys? I looked into the source code of shc to find a way to decompile the binarys with no luck.

A: 

Just a guess.. you can record system calls using for example strace or something similar and then try to restore at least basic functionality.

Or, you can ask author of shc (http://www.datsi.fi.upm.es/~frosal/sources/shc.html).

PS

The rumour has that somebody has written deshc (http://www.linuxjournal.com/article/8256)

Pmod  2010-08-04 18:25:00
+8  A: 

Using shc to compile your scripts does not protect them. You don't get more security this way. The shc compiled binary decrypts and loads the script into memory when started. You could then, right after you started the binary, just segfault it and retrieve your script from the coredump.

Here's a little example script named test.sh:

#! /bin/bash
echo "starting script and doing stuff"
sleep 1
echo "finished doing stuff"

Compile it with shc:

shc -f test.sh

Start it as background process and segfault it right away:

./test.sh.x&  ( sleep 0.2 && kill -SIGSEGV $! )

sleep 0.2 will give the binary enough time to start up and decrypt the original script. The variable $! contains the pid of the last background process started, so we can easily kill it with the segmentation fault signal SIGSEGV (same as kill -11 $!).

[1]  + segmentation fault (core dumped)  ./test.sh.x

Now me can search the dump for the original script:

cat core | strings

We pipe the data in the dumpfile to strings, which will then show us all the printable characters in the file and we can now see the original script between the garbage:

...
4.0.37(2)-release
BASH_VERSINFO
BASH_VERSINFO
release
i686-pc-linux-gnu
BASH_EXECUTION_STRING
BASH_EXECUTION_STRING
                           #! /bin/bash
echo "starting script and doing stuff"
sleep 1
echo "finished doing stuff"
1000
EUID
EUID
1000
...

If the script is pretty big, maybe you have to adjust the core file size with ulimit. Pretty easy, right?

dkson  2010-08-04 18:42:50
I'd up vote this more than once if I could. Great Answer!
Kaleb Pederson  2010-08-04 18:49:32

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?