Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

How to get plain text source from shc compiled bash script?

published on 2013-08-25 07:39:00 UTC by nirav desai
Content:
Shc is used to protect your shell script from modification or inspection. If you created bash script want to distribute it , but dono`t want them to easily readble by other people , then you can use it.

First we see how to compiled bash script to binary?


wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz

tar -xvzf shc-3.8.7.tgz

cd shc-3.8.7

make

./shc

You can see shc usage message.
shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script

Now we have script which we want to convert in binary.

./shc -f /script_path

So now you can see that it will convert plain text bash source into binary which extension is  .sh.x.


How to retrieve plain text from binary?


The shc compiled binary decrypts and loads the script into memory when started right after we started the binary, just segfault it and retrieve our script from the core dump.


Core dumps are often used to  debug errors in Linux or UNIX programs. A core file is generated when an application program abnormally terminates due to bug, operating system security protection schema, or program simply try to write beyond the area of memory it has allocated.

By default most of linux distributions turn off core file creation.
So we need to turn on core file creation.

ulimit -c

If output is zero means that core file is not created.

Now we set core file size limit to 70000 byte

ulimit -c 70000

Now we start binary & segfault it right away.I used IP-Digger binary to get plain text from it.

./IP-Digger4.sh.x&  ( sleep 0.02 && kill -SIGSEGV $! )

 sleep 0.02 will give the binary enough time to start up and decrypt the original script. The variable $! contains the pid of the last background process started, so we can easily kill it with the segmentation fault signal SIGSEGV (same as kill -11 $!). 
+ segmentation fault (core dumped)  ./IP-Digger4.sh.x
cat core | strings >plain_text

shc-plain-text

Now open plain_text file which we created & find plain text source of bash script.I upload source code of ip-digger here .

But if your script is too large then adjust core file size.

Article: How to get plain text source from shc compiled bash script? - published about 11 years ago.

https://tipstrickshack.blogspot.com/2013/08/how-to-get-plain-text-source-from-shc.html   
Published: 2013 08 25 07:39:00
Received: 2021 06 06 09:05:03
Feed: Hacking and Tricks
Source: Hacking and Tricks
Category: Cyber Security
Topic: Cyber Security
Views: 4

Custom HTML Block

Click to Open Code Editor