对SHELL脚本加密的方法非常多,本文将介绍的是一个法国人开发的小工具:SHC。
该工具的官方网址为:
http://www.datsi.fi.upm.es/~frosal/
历史上,该软件的各个版本的下载路径:
http://www.datsi.fi.upm.es/~frosal/sources/
最新版本为:3.8.9b
这是:2005年2月16日更新的,已经很久没有更新了。
下面将呈现该工具是如何对SHELL脚本加密的。
一、在CENTOS上的安装方法:
下载后,上传服务器:
[root@center-linux software]# ls -ltr total 24 -rw-r--r--. 1 root root 20687 Jan 12 14:38 shc-3.8.9b.tgz [root@center-linux software]#
解压安装包:
[root@center-linux software]# tar xvf shc-3.8.9b.tgz shc-3.8.9b/CHANGES shc-3.8.9b/Copying shc-3.8.9b/match shc-3.8.9b/pru.sh shc-3.8.9b/shc-3.8.9b.c shc-3.8.9b/shc.c shc-3.8.9b/shc.1 shc-3.8.9b/shc.README shc-3.8.9b/shc.html shc-3.8.9b/test.bash shc-3.8.9b/test.csh shc-3.8.9b/test.ksh shc-3.8.9b/makefile shc-3.8.9b/testit [root@center-linux software]# [root@center-linux software]# cd shc-3.8.9b/ [root@center-linux shc-3.8.9b]# ls CHANGES makefile pru.sh shc-3.8.9b.c shc.html test.bash testit Copying match shc.1 shc.c shc.README test.csh test.ksh [root@center-linux shc-3.8.9b]# [root@center-linux shc-3.8.9b]# ls -ltr total 96 -rw-r-----. 1 adamhuan adamhuan 17982 May 10 1996 Copying -rwxr-x---. 1 adamhuan adamhuan 336 Feb 22 2003 match -rw-r-----. 1 adamhuan adamhuan 1544 Jun 19 2003 shc.README -rwxr-x---. 1 adamhuan adamhuan 155 Jun 20 2003 pru.sh -rwxr-x---. 1 adamhuan adamhuan 52 Jun 20 2003 test.csh -rw-r-----. 1 adamhuan adamhuan 3136 Jul 8 2004 shc.1 -rw-r-----. 1 adamhuan adamhuan 4558 Jul 8 2004 shc.html -rwxr-x---. 1 adamhuan adamhuan 138 Nov 13 2004 test.bash -rwxr-x---. 1 adamhuan adamhuan 142 Jan 18 2008 test.ksh -rwxr-x---. 1 adamhuan adamhuan 67 Sep 8 2015 testit lrwxrwxrwx. 1 adamhuan adamhuan 12 Sep 8 2015 shc.c -> shc-3.8.9b.c -rw-r-----. 1 adamhuan adamhuan 2027 Sep 8 2015 makefile -rw-r-----. 1 adamhuan adamhuan 3947 Sep 8 2015 CHANGES -rw-r-----. 1 adamhuan adamhuan 24893 Sep 8 2015 shc-3.8.9b.c [root@center-linux shc-3.8.9b]#
执行安装:
make test
[root@center-linux shc-3.8.9b]# make test cc -Wall shc.c -o shc *** Compiling script "match" CFLAGS="-Wall " ./shc -v -T -f match shc shll=sh shc [-i]=-c shc [-x]=exec '%s' "$@" shc [-l]= shc opts= shc: cc -Wall match.x.c -o match.x shc: strip match.x shc: chmod go-r match.x *** Running a compiled test script! *** It must show files with substring "sh" in your PATH... ./match.x sh /usr/sbin/alsa-info.sh /usr/sbin/btrfs-show-super /usr/sbin/cacertdir_rehash /usr/sbin/capsh /usr/sbin/handle-sshpw /usr/sbin/ownership /usr/sbin/pm-utils-bugreport-info.sh /usr/sbin/setroubleshootd /usr/sbin/showmount /usr/sbin/shutdown /usr/sbin/sshd /usr/sbin/sshd-keygen /usr/sbin/sushell /usr/bin/amuFormat.sh /usr/bin/bash /usr/bin/bashbug /usr/bin/bashbug-64 /usr/bin/cgsnapshot /usr/bin/chsh /usr/bin/crash /usr/bin/csh /usr/bin/fipshmac /usr/bin/gdm-screenshot /usr/bin/gettext.sh /usr/bin/git-shell /usr/bin/gnome-screenshot /usr/bin/gnome-shell /usr/bin/gnome-shell-extension-prefs /usr/bin/gnome-shell-extension-tool /usr/bin/gnome-shell-perf-tool /usr/bin/gvfs-trash /usr/bin/idevicescreenshot /usr/bin/ksshell /usr/bin/lchsh /usr/bin/ldns-nsec3-hash /usr/bin/lesspipe.sh /usr/bin/lprsetup.sh /usr/bin/mshortname /usr/bin/mshowfat /usr/bin/nettle-hash /usr/bin/packagekit-bugreport.sh /usr/bin/pax11publish /usr/bin/regshell /usr/bin/setup-nsssysinit.sh /usr/bin/sh /usr/bin/sha1sum /usr/bin/sha224sum /usr/bin/sha256sum /usr/bin/sha384sum /usr/bin/sha512sum /usr/bin/sharesec /usr/bin/shotwell /usr/bin/shotwell-video-thumbnailer /usr/bin/show-changed-rco /usr/bin/showconsolefont /usr/bin/show-installed /usr/bin/showkey /usr/bin/showrgb /usr/bin/shred /usr/bin/shuf /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-copy-id /usr/bin/ssh-keygen /usr/bin/ssh-keyscan /usr/bin/sss_ssh_authorizedkeys /usr/bin/sss_ssh_knownhostsproxy /usr/bin/stapsh /usr/bin/sushi /usr/bin/tcsh /usr/bin/unix-lpr.sh /usr/bin/unshare /usr/bin/virsh /usr/bin/xrefresh [99942] PAUSED... Hit return! *** you want to see strings in the generated binary? *** Please try... make strings [root@center-linux shc-3.8.9b]#
make strings
[root@center-linux shc-3.8.9b]# make strings *** Running: "strings -n 5 match.x" *** It must show no sensible information... strings -n 5 match.x /lib64/ld-linux-x86-64.so.2 libc.so.6 sprintf __isoc99_sscanf getpid strdup calloc strlen memset __errno_location memcmp putenv memcpy malloc getenv stderr execvp fprintf atoll strerror __libc_start_main __environ __xstat __gmon_start__ GLIBC_2.7 GLIBC_2.14 GLIBC_2.2.5 []A\A]A^A_ =%lu %d %lu %d%c %s%s%s: %s ;*3$" vev8 /.-(8 *** you want to probe expiration date? *** Please try... make expiration [root@center-linux shc-3.8.9b]#
make install
[root@center-linux shc-3.8.9b]# make install *** Installing shc and shc.1 on /usr/local *** you want to continue? y install -c -s shc /usr/local/bin/ install -c -m 644 shc.1 /usr/local/man/man1/ [root@center-linux shc-3.8.9b]#
这里安装有可能会报错,如果是因为没有【/usr/local/man/man1】目录,那么就需要手动创建,然后再次执行安装过程:
mkdir -p /usr/local/man/man1/
安装过程是交互的,你需要输入【y】,以确认你确实要执行安装。
注意,这里,回车并不能默认的触发【y】的键入。
安装完成后:
[root@center-linux shc-3.8.9b]# ls -ltr /usr/local/bin/
total 36
-rwxr-xr-x. 1 root root 34344 Jan 12 14:40 shc
[root@center-linux shc-3.8.9b]#
[root@center-linux shc-3.8.9b]# shc -h
shc Version 3.8.9b, Generic Script Compiler
shc Copyright (c) 1994-2015 Francisco Rosales
shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
-e %s Expiration date in dd/mm/yyyy format [none]
-m %s Message to display upon expiration ["Please contact your provider"]
-f %s File name of the script to compile
-i %s Inline option for the shell interpreter i.e: -e
-x %s eXec command, as a printf format i.e: exec('%s',@ARGV);
-l %s Last shell option i.e: --
-r Relax security. Make a redistributable binary
-v Verbose compilation
-D Switch ON debug exec calls [OFF]
-T Allow binary to be traceable [no]
-C Display license and exit
-A Display abstract and exit
-h Display help and exit
Environment variables used:
Name Default Usage
CC cc C compiler command
CFLAGS C compiler flags
Please consult the shc(1) man page.
[root@center-linux shc-3.8.9b]#
二、在UBUNTU上的安装方法:
卸载:
root@blockchain-01:/software_me/about_shell# apt-get remove shc Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: shc 0 upgraded, 0 newly installed, 1 to remove and 3 not upgraded. After this operation, 49.2 kB disk space will be freed. Do you want to continue? [Y/n] y (Reading database ... 174814 files and directories currently installed.) Removing shc (3.8.9b-1) ... Processing triggers for man-db (2.7.5-1) ... root@blockchain-01:/software_me/about_shell#
安装:
root@blockchain-01:/software_me/about_shell# ls -ltr --time-style="+|%Y-%m-%d|%H:%M:%S|" /usr/bin | grep shc root@blockchain-01:/software_me/about_shell# root@blockchain-01:/software_me/about_shell# apt-get install shc Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: shc 0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded. Need to get 0 B/14.1 kB of archives. After this operation, 49.2 kB of additional disk space will be used. Selecting previously unselected package shc. (Reading database ... 174811 files and directories currently installed.) Preparing to unpack .../shc_3.8.9b-1_amd64.deb ... Unpacking shc (3.8.9b-1) ... Setting up shc (3.8.9b-1) ... Processing triggers for man-db (2.7.5-1) ... root@blockchain-01:/software_me/about_shell# root@blockchain-01:/software_me/about_shell# ls -ltr --time-style="+|%Y-%m-%d|%H:%M:%S|" /usr/bin | grep shc -rwxr-xr-x 1 root root 34296 |2015-10-24|14:28:48| shc root@blockchain-01:/software_me/about_shell#
查看一下:
root@blockchain-01:/software_me/about_shell# whereis shc
shc: /usr/bin/shc /usr/share/man/man1/shc.1.gz
root@blockchain-01:/software_me/about_shell#
root@blockchain-01:/software_me/about_shell# shc -h
shc Version 3.8.9b, Generic Script Compiler
shc Copyright (c) 1994-2015 Francisco Rosales
shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
-e %s Expiration date in dd/mm/yyyy format [none]
-m %s Message to display upon expiration ["Please contact your provider"]
-f %s File name of the script to compile
-i %s Inline option for the shell interpreter i.e: -e
-x %s eXec command, as a printf format i.e: exec('%s',@ARGV);
-l %s Last shell option i.e: --
-r Relax security. Make a redistributable binary
-v Verbose compilation
-D Switch ON debug exec calls [OFF]
-T Allow binary to be traceable [no]
-C Display license and exit
-A Display abstract and exit
-h Display help and exit
Environment variables used:
Name Default Usage
CC cc C compiler command
CFLAGS C compiler flags
Please consult the shc(1) man page.
root@blockchain-01:/software_me/about_shell#
三、使用SHC对SHELL脚本加密
我当前系统中有这样的一个脚本:
root@blockchain-01:/software_me/about_shell# cd /script/bash_shell_script/ root@blockchain-01:/script/bash_shell_script# ls hello_world.sh root@blockchain-01:/script/bash_shell_script# cat hello_world.sh echo "Hello world." echo "Date is:: "`date "+|%Y-%m-%d|%H:%M:%S|"` root@blockchain-01:/script/bash_shell_script# root@blockchain-01:/script/bash_shell_script# sh hello_world.sh Hello world. Date is:: |2017-01-12|14:55:58| root@blockchain-01:/script/bash_shell_script#
很简单的一个脚本,输出“Hello world.”。
SHC,第一次执行:
root@blockchain-01:/script/bash_shell_script# shc -v -f hello_world.sh shc: invalid first line in script: echo "Hello world." shc: Success root@blockchain-01:/script/bash_shell_script# ls -ltr total 4 -rw-r--r-- 1 root root 67 Jan 12 14:14 hello_world.sh root@blockchain-01:/script/bash_shell_script#
可以看到,执行并没有成功。
原因是,脚本第一行没有声明脚本类型。
需要作出如下修改:
root@blockchain-01:/script/bash_shell_script# cat hello_world.sh #!/bin/bash echo "Hello world." echo "Date is:: "`date "+|%Y-%m-%d|%H:%M:%S|"` root@blockchain-01:/script/bash_shell_script#
如上,你需要【#!/bin/bash】,来声明你脚本的语言类型。
然后,再来执行SHC加密:
root@blockchain-01:/script/bash_shell_script# pwd /script/bash_shell_script root@blockchain-01:/script/bash_shell_script# root@blockchain-01:/script/bash_shell_script# ls -ltr total 4 -rw-r--r-- 1 root root 79 Jan 12 14:57 hello_world.sh root@blockchain-01:/script/bash_shell_script# root@blockchain-01:/script/bash_shell_script# shc -v -f hello_world.sh shc shll=bash shc [-i]=-c shc [-x]=exec '%s' "$@" shc [-l]= shc opts= shc: cc hello_world.sh.x.c -o hello_world.sh.x shc: strip hello_world.sh.x shc: chmod go-r hello_world.sh.x root@blockchain-01:/script/bash_shell_script# root@blockchain-01:/script/bash_shell_script# ls -ltr total 28 -rw-r--r-- 1 root root 79 Jan 12 14:57 hello_world.sh -rw-r--r-- 1 root root 9543 Jan 12 14:58 hello_world.sh.x.c -rwx--x--x 1 root root 10848 Jan 12 14:58 hello_world.sh.x root@blockchain-01:/script/bash_shell_script#
这样,就执行成功了。
主要生成了两个文件:
xxx.X
xxx.X.C
关于这两个文件:
*.x的文件,是二进制文件,赋予执行权限后,就可以直接执行。
*.x.c的文件,是C源文件,没有太大的用处。
看看这些文件的类型:
root@blockchain-01:/script/bash_shell_script# pwd /script/bash_shell_script root@blockchain-01:/script/bash_shell_script# ls -ltr total 28 -rw-r--r-- 1 root root 79 Jan 12 14:57 hello_world.sh -rw-r--r-- 1 root root 9543 Jan 12 14:58 hello_world.sh.x.c -rwx--x--x 1 root root 10848 Jan 12 14:58 hello_world.sh.x root@blockchain-01:/script/bash_shell_script# root@blockchain-01:/script/bash_shell_script# file * hello_world.sh: Bourne-Again shell script, ASCII text executable hello_world.sh.x: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=8ca0de50d7f58dbcd8d0a47e88f5e6b6d1ad2f7e, stripped hello_world.sh.x.c: C source, ASCII text root@blockchain-01:/script/bash_shell_script# root@blockchain-01:/script/bash_shell_script#
x.c文件的内容:
root@blockchain-01:/script/bash_shell_script# strings hello_world.sh.x.c
#if 0
shc Version 3.8.9b, Generic Script Compiler
Copyright (c) 1994-2015 Francisco Rosales
shc -v -f hello_world.sh
#endif
static char data [] =
#define tst1_z 22
#define tst1 ((&data[3]))
"\116\275\303\260\160\277\000\157\050\270\273\357\222\160\365\257"
"\266\242\170\270\337\257\060\357\152\320\174\210\065\353"
#define chk1_z 22
#define chk1 ((&data[30]))
"\044\212\034\135\327\167\360\262\223\372\127\272\070\247\154\277"
"\162\061\125\230\210\315\212\234"
#define shll_z 10
#define shll ((&data[54]))
"\315\251\241\304\341\355\026\276\134\264\206\277"
#define msg2_z 19
#define msg2 ((&data[67]))
"\343\372\173\375\146\212\107\262\231\370\346\101\202\021\165\117"
"\075\004\241\232\231"
#define opts_z 1
#define opts ((&data[87]))
"\237"
#define rlax_z 1
#define rlax ((&data[88]))
"\063"
#define xecc_z 15
#define xecc ((&data[90]))
"\032\041\316\341\161\176\220\257\030\233\357\210\377\050\057\261"
"\012\216"
#define text_z 80
#define text ((&data[119]))
"\202\035\336\331\250\172\020\350\144\226\247\346\043\027\044\021"
"\002\064\257\051\347\305\116\327\264\177\372\257\262\115\201\154"
"\243\103\073\363\144\251\253\036\031\325\145\235\176\214\166\370"
"\364\302\010\220\024\307\266\154\045\021\337\174\023\150\154\207"
"\106\246\270\254\366\011\274\300\161\112\021\170\154\126\141\311"
"\373\334\205\026\106\317\101\233\231\355\357\174\342\370\311\173"
"\275\377\153\171\106\333\326\215\231\360\230\047"
#define tst2_z 19
#define tst2 ((&data[215]))
"\076\375\321\160\326\077\134\107\363\247\326\355\361\107\316\246"
"\305\361\034\012\111\311\343"
#define chk2_z 19
#define chk2 ((&data[239]))
"\331\127\316\273\104\215\122\257\247\064\060\276\021\072\211\147"
"\360\330\154\300\250\212\200\216"
#define lsto_z 1
#define lsto ((&data[262]))
"\342"
#define pswd_z 256
#define pswd ((&data[276]))
"\123\257\236\057\205\054\310\166\304\357\376\357\333\354\257\007"
"\274\212\305\006\333\072\276\073\221\245\211\352\375\045\321\242"
"\032\251\126\261\204\057\247\154\006\301\257\252\255\137\261\152"
"\352\167\160\305\262\056\000\104\323\212\056\321\260\000\163\313"
"\252\312\174\056\371\044\233\000\345\113\252\223\253\134\375\225"
"\324\155\132\207\234\133\313\157\346\372\101\226\373\265\142\245"
"\177\337\324\171\003\160\172\351\273\044\174\147\201\172\374\126"
"\350\127\335\204\263\251\364\231\243\065\060\237\352\223\104\152"
"\162\031\344\165\211\136\136\105\203\333\254\005\126\251\133\076"
"\000\071\303\264\342\270\115\206\355\176\045\330\022\152\102\204"
"\203\047\371\015\206\130\122\011\064\377\016\213\250\152\312\250"
"\243\215\134\205\105\252\013\063\051\061\013\073\233\116\277\037"
"\166\271\054\374\022\177\005\107\176\024\322\046\176\234\317\041"
"\052\054\246\160\327\262\243\001\343\257\074\176\375\374\236\163"
"\266\313\157\311\112\165\021\311\211\344\360\007\201\300\050\253"
"\354\317\033\304\201\277\305\145\156\002\344\154\377\202\337\265"
"\115\117\177\230\304\220\141\116\165\122\126\366\022\010\070\245"
"\353\052\351\337\003\222\151\204\040\325\375\170\275\063\320\021"
"\343\156\100"
#define msg1_z 42
#define msg1 ((&data[560]))
"\340\137\370\336\116\323\230\013\317\235\365\036\207\365\275\266"
"\004\353\007\003\040\203\262\277\014\033\222\237\220\162\105\104"
"\140\014\142\343\340\341\353\115\201\356\226\365\063\317\337\313"
#define date_z 1
#define date ((&data[602]))
"\152"
#define inlo_z 3
#define inlo ((&data[603]))
"\137\357\122"/* End of data[] */;
#define hide_z 4096
#define DEBUGEXEC 0 /* Define as 1 to debug execvp calls */
#define TRACEABLE 0 /* Define as 1 to enable ptrace the executable */
/* rtc.c */
#include stat.h>
#include types.h>
#include
#include
#include
#include
#include
#include
/* 'Alleged RC4' */
static unsigned char stte[256], indx, jndx, kndx;
* Reset arc4 stte.
void stte_0(void)
indx = jndx = kndx = 0;
do {
stte[indx] = indx;
} while (++indx);
* Set key. Can be used more than once.
void key(void * str, int len)
unsigned char tmp, * ptr = (unsigned char *)str;
while (len > 0) {
do {
tmp = stte[indx];
kndx += tmp;
kndx += ptr[(int)indx % len];
stte[indx] = stte[kndx];
stte[kndx] = tmp;
} while (++indx);
ptr += 256;
len -= 256;
* Crypt data.
void arc4(void * str, int len)
unsigned char tmp, * ptr = (unsigned char *)str;
while (len > 0) {
indx++;
tmp = stte[indx];
jndx += tmp;
stte[indx] = stte[jndx];
stte[jndx] = tmp;
tmp += stte[indx];
*ptr ^= stte[tmp];
ptr++;
len--;
/* End of ARC4 */
* Key with file invariants.
int key_with_file(char * file)
struct stat statf[1];
struct stat control[1];
if (stat(file, statf) < 0)
return -1;
/* Turn on stable fields */
memset(control, 0, sizeof(control));
control->st_ino = statf->st_ino;
control->st_dev = statf->st_dev;
control->st_rdev = statf->st_rdev;
control->st_uid = statf->st_uid;
control->st_gid = statf->st_gid;
control->st_size = statf->st_size;
control->st_mtime = statf->st_mtime;
control->st_ctime = statf->st_ctime;
key(control, sizeof(control));
return 0;
#if DEBUGEXEC
void debugexec(char * sh11, int argc, char ** argv)
int i;
fprintf(stderr, "shll=%s\n", sh11 ? sh11 : "");
fprintf(stderr, "argc=%d\n", argc);
if (!argv) {
fprintf(stderr, "argv=\n");
} else {
for (i = 0; i <= argc ; i++)
fprintf(stderr, "argv[%d]=%.60s\n", i, argv[i] ? argv[i] : "");
#endif /* DEBUGEXEC */
void rmarg(char ** argv, char * arg)
for (; argv && *argv && *argv != arg; argv++);
for (; argv && *argv; argv++)
*argv = argv[1];
int chkenv(int argc)
char buff[512];
unsigned long mask, m;
int l, a, c;
char * string;
extern char ** environ;
mask = (unsigned long)&chkenv
mask ^= (unsigned long)getpid() * ~mask;
sprintf(buff, "x%lx", mask);
string = getenv(buff);
#if DEBUGEXEC
fprintf(stderr, "getenv(%s)=%s\n", buff, string ? string : "");
#endif
l = strlen(buff);
if (!string) {
/* 1st */
sprintf(&buff[l], "=%lu %d", mask, argc);
putenv(strdup(buff));
return 0;
c = sscanf(string, "%lu %d%c", &m, &a, buff);
if (c == 2 && m == mask) {
/* 3rd */
rmarg(environ, &string[-l - 1]);
return 1 + (argc - a);
return -1;
#if !defined(TRACEABLE)
#define _LINUX_SOURCE_COMPAT
#include ptrace.h>
#include types.h>
#include wait.h>
#include
#include
#include
#include
#if !defined(PTRACE_ATTACH) && defined(PT_ATTACH)
# define PTRACE_ATTACH PT_ATTACH
#endif
void untraceable(char * argv0)
char proc[80];
int pid, mine;
switch(pid = fork()) {
case 0:
pid = getppid();
* For problematic SunOS ptrace */
#if defined(__FreeBSD__)
sprintf(proc, "/proc/%d/mem", (int)pid);
#else
sprintf(proc, "/proc/%d/as", (int)pid);
#endif
close(0);
mine = !open(proc, O_RDWR|O_EXCL);
if (!mine && errno != EBUSY)
mine = !ptrace(PTRACE_ATTACH, pid, 0, 0);
if (mine) {
kill(pid, SIGCONT);
} else {
perror(argv0);
kill(pid, SIGKILL);
_exit(mine);
case -1:
break;
default:
if (pid == waitpid(pid, 0, 0))
return;
perror(argv0);
_exit(1);
#endif /* !defined(TRACEABLE) */
char * xsh(int argc, char ** argv)
char * scrpt;
int ret, i, j;
char ** varg;
char * me = argv[0];
stte_0();
key(pswd, pswd_z);
arc4(msg1, msg1_z);
arc4(date, date_z);
if (date[0] && (atoll(date)
*.x文件的内容:
root@blockchain-01:/script/bash_shell_script# strings hello_world.sh.x /lib64/ld-linux-x86-64.so.2 libc.so.6 sprintf __isoc99_sscanf time __stack_chk_fail getpid strdup calloc strlen memset __errno_location memcmp putenv memcpy malloc getenv stderr execvp fprintf __cxa_finalize atoll strerror __libc_start_main __environ __xstat _ITM_deregisterTMCloneTable __gmon_start__ _Jv_RegisterClasses _ITM_registerTMCloneTable GLIBC_2.7 GLIBC_2.14 GLIBC_2.4 GLIBC_2.2.5 ATSH [A\] AWAVA AUATL []A\A]A^A_ x%lx =%lu %d %lu %d%c %s%s%s: %s ;*3$" xlVa XR 4 aNuRV rED` GCC: (Ubuntu 6.2.0-5ubuntu12) 6.2.0 20161005 .shstrtab .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .init .plt .plt.got .text .fini .rodata .eh_frame_hdr .eh_frame .init_array .fini_array .jcr .dynamic .data .bss .comment root@blockchain-01:/script/bash_shell_script#
执行一下:
root@blockchain-01:/script/bash_shell_script# ./hello_world.sh.x hello world. data: Thu Jan 12 15:15:57 CST 2017 root@blockchain-01:/script/bash_shell_script#
设置过期:
[root@center-linux script]# shc -e 13/01/2017 -m "Sorry, too late to run." -f helloworld.sh [root@center-linux script]# ls -ltr total 40 -rw-r--r--. 1 root root 5752 Dec 24 2015 script.rpm.sh -rw-r--r--. 1 root root 3261 Jan 11 15:23 auto_deploy_ntp.sh -rw-r--r--. 1 root root 53 Jan 12 15:15 helloworld.sh -rw-r--r--. 1 root root 9595 Jan 12 15:18 helloworld.sh.x.c -rwx--x--x. 1 root root 11216 Jan 12 15:18 helloworld.sh.x [root@center-linux script]# ./helloworld.sh.x hello world. data: Thu Jan 12 15:18:08 CST 2017 [root@center-linux script]# [root@center-linux script]# date -s "20170114" Sat Jan 14 00:00:00 CST 2017 [root@center-linux script]# date Sat Jan 14 00:00:01 CST 2017 [root@center-linux script]# [root@center-linux script]# ./helloworld.sh.x ./helloworld.sh.x: has expired! Sorry, too late to run. [root@center-linux script]#
四、解密:
解密代码:https://github.com/yanncam/UnSHc
解密前:
[root@center-linux script]# ls -ltr total 272 -rw-r--r--. 1 root root 5752 Dec 24 2015 script.rpm.sh -rw-r--r--. 1 root root 3261 Jan 11 15:23 auto_deploy_ntp.sh -rw-r--r--. 1 root root 9595 Jan 12 15:18 helloworld.sh.x.c -rwx--x--x. 1 root root 11216 Jan 12 15:18 helloworld.sh.x -rw-r--r--. 1 root root 238038 Jan 12 15:40 unshc.sh [root@center-linux script]#
执行解密
[root@center-linux script]# /software/unshc.sh helloworld.sh.x
_ _ _____ _ _
| | | | / ___| | | |
| | | |_ __ \ `--.| |_| | ___
| | | | '_ \ `--. \ _ |/ __|
| |_| | | | /\__/ / | | | (__
\___/|_| |_\____/\_| |_/\___|
--- UnSHc - The shc decrypter.
--- Version: 0.7
------------------------------
UnSHc is used to decrypt script encrypted with SHc
Original idea from Luiz Octavio Duarte (LOD)
Updated and modernized by Yann CAM
- SHc : [http://www.datsi.fi.upm.es/~frosal/]
- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]
------------------------------
[*] Input file name to decrypt [helloworld.sh.x]
[+] ARC4 address call candidate : [0x400f2e]
[*] Extracting each args address and size for the 14 arc4() calls with address [0x400f2e]...
[0] Working with var address at offset [0x602156] (0x25 bytes)
[1] Working with var address at offset [0x602143] (0xb bytes)
[2] Working with var address at offset [0x6021da] (0xa bytes)
[3] Working with var address at offset [0x60238b] (0x3 bytes)
[4] Working with var address at offset [0x6021b1] (0xf bytes)
[5] Working with var address at offset [0x6021d7] (0x1 bytes)
[6] Working with var address at offset [0x602390] (0x16 bytes)
[7] Working with var address at offset [0x602194] (0x16 bytes)
[8] Working with var address at offset [0x6021c3] (0x13 bytes)
[9] Working with var address at offset [0x602140] (0x1 bytes)
[10] Working with var address at offset [0x6021e6] (0x1 bytes)
[11] Working with var address at offset [0x6021f2] (0x36 bytes)
[12] Working with var address at offset [0x602238] (0x13 bytes)
[13] Working with var address at offset [0x60217e] (0x13 bytes)
[*] Extracting password...
[+] PWD address found : [0x602252]
[+] PWD size found : [0x100]
[*] Executing [/tmp/bjqwuJ] to decrypt [helloworld.sh.x]
[*] Retrieving initial source code in [helloworld.sh]
[*] All done!
[root@center-linux script]#
[root@center-linux script]# ls -ltr
total 276
-rw-r--r--. 1 root root 5752 Dec 24 2015 script.rpm.sh
-rw-r--r--. 1 root root 3261 Jan 11 15:23 auto_deploy_ntp.sh
-rw-r--r--. 1 root root 9595 Jan 12 15:18 helloworld.sh.x.c
-rwx--x--x. 1 root root 11216 Jan 12 15:18 helloworld.sh.x
-rw-r--r--. 1 root root 238038 Jan 12 15:40 unshc.sh
-rw-r--r--. 1 root root 53 Jan 12 15:41 helloworld.sh
[root@center-linux script]#
解密后,查看一下:
[root@center-linux script]# cat helloworld.sh #!/bin/bash echo "hello world." echo "data: "`date` [root@center-linux script]#
可以看到,已经成功解密了。
——————————————————
Done。