How to obfuscate or hide code from our bash scripts

Sometimes we program a script in Bash and we want the code of this to be NOT visible, that is, not to be plain text. When we talk about hiding code the correct term is obfuscate, in my case I wanted to obfuscate the code a script that I did some time ago, the utility I found for this is called: shc

shc It allows us to obfuscate code, here are the steps to use it:

1. First we must download it

Download SHC v3.8.9

2. Once we have downloaded it, we right click on the compressed file and select the option that says «Extract here" or something similar. This will make us see a folder called shc-3.8.9, here I show you a screenshot of its content

3. OK, let's say the folder is at /home/usuario/Downloads/shc-3.8.9 Well, we open a terminal and go to that route (cd "/home/usuario/Downloads/shc-3.8.9"), and the installation begins here.

 4. In the terminal being located (as I already told you) in the folder shc-3.8.9, in order to install this application we need to make a symbolic link of the file shc-3.8.9.c a shc.c so we execute the following:

ln -s shc-3.8.9.c shc.c

 4. Once the link is made, we execute make install with root permissions (we will use sudo):

 sudo make install

 4. It will ask us for our password and it will wait a moment, it will be waiting for us to press the key [AND] and press [enter], that is, that we confirm that we do want to install the software. Once this is done it will install without problems. I leave you a screenshot of the entire preparation and installation process:

 

As you can see at the end I get an error, the error is referring to the fact that a certain folder does not exist on my system, if you see this, simply do not give it importance ... even so SHC installed successfully 😉
So they can run sudo make install es NECESSARY have the packages installed: gcc y make

5. Done, this is it for the installation 😀

When we have it installed, we just need to learn how to use it. Suppose we have a script in our home called script.sh and that its content is as follows:

#!/bin/bash
echo "Script de prueba para DesdeLinux.net"
exit

When executing this script it will obviously show us the message in the terminal: «Test script for FromLinux.net" or not? … But, now we are going to obfuscate that code.

In a terminal we put the following and press [enter]:

shc -v -f $HOME/script.sh

And bingo !! ready 😀

This created us two new files together with our script, now we have script.sh.x y script.sh.xc

script.sh.x - » This is our obfuscated bash script, this when we execute it will do exactly the same as the first one we created, the difference between these is that the first one if we opened it with a text editor (nano, kate, gedit, etc) we could see clearly its content, while if we open to script.sh.x we will clearly see that we do not see anything ... LOL !!!, that is, the code is 'encrypted' 🙂

script.sh.xc - » This is our script but in C language ... we can delete this without worry because we don't really need it, well, at least I wouldn't need it at all 🙂

There's not much else to add actually on the technical side, just clarify that as far as I know with this (hiding or obfuscating bash script code) it is not violating licenses or something like that. I clarify this because a few months ago on Facebook when I mentioned that I had learned to obfuscate bash code, some users alerted me that this was violating licenses or something like that ... well, as far as I understand, licenses are not violated with this 😉

Thank you very much to Matias Gaston for having mentioned this utility to me some time ago

Nothing more to add, any doubt or question, complaint or suggestion let me know.

regards


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

44 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   xykyz said

    It is not that licenses are violated, it is that it stops being free software ...

    1.    KZKG ^ Gaara said

      Yes of course. The point is that there are certain personal scripts of mine that I do not want others to see, for example because one of these script has a password in plain text of my local MySQL, or something similar.

        1.    KZKG ^ Gaara said

          Actually I keep my passwords 'hidden' using SHA (https://blog.desdelinux.net/como-saber-la-suma-md5-o-sha-de-una-palabra-oracion-o-archivo/), then in the script I keep the password hash and what I do is compare the password that the user enters (I save it with read), I get the SHA sum and compare both at the end 🙂

          Anyway, thank you very much for the link, I'm already reviewing it 😀

          regards

        2.    Let's use Linux said

          Exact! A shell prompt asking for the password is a good alternative.
          Cheers! Paul.

          1.    msx said

            But it does not provide an automatic and unattended execution as it does the other way. 🙂

      1.    Willians vivanco said

        Putting passwords and other access or compromising data in the script is a big mistake. This information has to be saved in another file, with its proper permissions, so you will not have to obfuscate your bash script. Easy huh?

        1.    KZKG ^ Gaara said

          The problem with having the data (login variables, confs, etc) in another file is that then the 'system' or 'application' needs 2 files to function, whereas if I store as 'secure' as possible everything in one single file, well I would only need that ... a single file.

          1.    Morpheus said

            It is good practice to separate the application from the data.
            Or rather it is a terrible practice to hardcode the data!
            http://es.wikipedia.org/wiki/Hard_code
            It has nothing to do with security putting code and data in the same file. And even more, quite the opposite if you have your passwords there !!

          2.    Willians vivanco said

            The cost of reading sensitive information from another file is negligible next to the processor cost needed to "unobtain" your code.

            On the other hand, you are throwing away a whole paradigm of modular development, betting on a monolithic model that, more than proven, there are more problems than solutions.

          3.    msx said

            And also that if you use permissions that are necessarily going to involve other groups / users, you will still need an initial password to execute the first script.

          4.    msx said

            @KZKG the comment above is in response to your comment
            @morpheus: it is absolutely relative to the particular need.

    2.    Morpheus said

      But there is free software compiled in binary (which is more than obfuscate). The fact that it is free implies that it also has the source, but it has nothing to do with obfuscating (or compiling, which is essential if I want to run a C program, for example)

      1.    Willians vivanco said

        In the case of compiled free software, it is a question of the requirement of the language that is used (if you program in C, you have to compile for your application to work). And the same, always, if it really is Free Software, the source code will be available.

  2.   Hyuuga_Neji said

    humm I denote a certain degree of apathy to share code lol to see how many end up beginning to "obfuscate their codes" to make us more dependent on their solutions ...

    1.    KZKG ^ Gaara said

      I'm not saying that code should be obfuscated or not ... I give the tools, each one to use them according to their needs.

      1.    commentator said

        Obfuscate code on this page?

        I think it is a good idea to distance readers, since I consider that many of the people who visit this blog are followers of free software, and therefore we do not share the practice of obfuscating code.

        1.    msx said

          You obviously didn't read the reason KZKG argues and why it explains its need to obfuscate its script.

          Thanks KZKG for sharing your find!

  3.   Gabriel said

    And so viruses start to circulate in Linux ...

    Personally I would NEVER use any obfuscated scripts. Not only because of the security risks involved, but because if your script is too precious to you to share then better put it in the * ulo; I can surely find someone who does want to share their knowledge.

    1.    KZKG ^ Gaara said

      Would you ever use an obfuscated script ?, Well, VERY good for you, I would NEVER use an obfuscated script ... the detail is that, I have NEVER shared an obfuscated script, far from it, and there dear friend is where the mistake is present presente

      Whenever I do something in Bash I share it without weighing or bothering me, which I have already done in many articles here 😀

      Welcome to the blog, a pleasure to read you 😉

  4.   Percaff_TI99 said

    Gabriel, KZKG ^ Gaara is already sharing knowledge, he is not creating any linux package with obfuscated scripts which if it could be a license violation, it only reveals applications that one can use or not for their own use, it is not necessary be rude, as for viruses in linux is not that simple, here is a good article about it https://blog.desdelinux.net/virus-en-gnulinux-realidad-o-mito/.
    KZKG ^ Gaara I would like you to write a post about encfs and cryptography using images, it is a topic that I really like.
    Cheers !!!

    1.    KZKG ^ Gaara said

      Thank you
      Actually, it is not that I have enough knowledge about encfs and cryptography, at least I do not feel confident enough to make a post and assume the doubts that users may have 😀
      In this topic it is not that I am an advanced user ...
      The most I've done is using GPG to encrypt files, and as for images, the most I've done is 'insert' or hide a file inside an image, making it obvious that when the image is opened with an image viewer, everything is shown correctly, is this what you mean?

      Once again, thank you very much for your comment 🙂

  5.   ratakruel said

    If I remember correctly, there are obfuscated C championships, but it is not worth using an "obfuscator" but they have to obfuscate their sources bareback.

    As for shc and your script's with passwords… very bad way to work!

    Interesting article, as always.

    1.    KZKG ^ Gaara said

      Yes, more than one have already told me LOL !!
      Thank you for your comment 🙂

  6.   eVeR said

    Basically, if you share the application without sharing the visible script you would be violating the GPL, which requires that anything generated with a GPL application be GPL. That's why SHC generates the C, because that's the code that you can share.

    regards

  7.   Let's use Linux said

    I agree with the comments of other readers: not only is it not a good practice to store data and script all together but it is also not conducive to the development of free software.
    A hug! Paul.

    1.    KZKG ^ Gaara said

      Hello Pablo 🙂
      I have some other obfuscated script that works internally on my laptop, I obfuscate it because I simply do not want that if someone for some reason managed to copy my script to another computer, I simply do not want them to be able to see what it contains, it is a 'security measure 'I take.

      However, here in DesdeLinux I make public everything or almost everything that I program in Bash that may be interesting.

      In short, it is not that I am now a detractor of the SWL for obfuscating a personal script, for doing this for personal purposes 😀

      Greetings friend

  8.   codelab said

    Good information. Apart from the controversies that are being generated in the comments, it seems to me information to continue investigating a little more.

    I think that the author at no point in the article tells us if it is good or bad done or if we should or should not do it, he simply tells us the tool with which it can be done in case it is of benefit to someone.

    A greeting.

    codelab

    1.    F3niX said

      In Linuxeros blogs everything is controversial, haha ​​it has always been like that.

      1.    msx said

        @ F3niX I'm going to cut a screenshot with your comment to put it every time someone makes some stupid mention of the subject.

        Note: let's see when I find you through the irc and Chakra forums 😉

    2.    KZKG ^ Gaara said

      EXACT!!
      I simply show / teach / explain something new that I learned, it is up to you to use this knowledge or not, I do not force you far from it.

      As far as I know, sharing knowledge is a good thing, right? 0_oU

      Thank you for your comment, it is good to know that there are more than one or two who understand the true purpose of this article.

  9.   Percaff_TI99 said

    There you put me in a tight spot xD, a few weeks ago I have been preparing a post that was going to be titled «Installation and testing of Crux» and despite the fact that the installation was carried out successfully, I am a normal user and I don't know if I will be able to cope with the doubts from third parties, the intention is that it serves as an instrument of discussion about the virtues and defects of this distro and the possible solutions to problems that may arise helping us among all users and readers. When I finish it and send it for review, you (Administrators) will decide. As for the cryptography issue in images it was the same, thanks KZKG ^ Gaara for answering.

    Regards!!!

    1.    KZKG ^ Gaara said

      Ok with pleasure, I'll make a post about that 😉

  10.   makubex uchiha said

    excellent tuto bro I found it very useful: 3
    for those who want to install it in manjaro linux and derivatives of archlinux the package is in aur with the name: shc

    regards

  11.   frameworks said

    Excuse me, friend, I had a small script that converted CAPITAL LETTERS TO lowercase letters that were in the clipboard

    the script works normal when not obfuscated

    #! / Bin / bash
    xclip -o> R1.txt
    cat R1.txt | tr [: upper:] [: lower:]
    threw out ""
    rm R1.txt

    but when i want to run the obfuscated script
    tells me

    ./M2m.sh: Operation not permitted
    Completed (killed)

    Please help

    1.    KZKG ^ Gaara said

      Do you have xclip installed?

  12.   SynFlag said

    It should be noted that it is actually a bash compiler, as there are .bat compilers or .php.
    I do not know if the code that produces is encrypted and obfuscated and does not withstand a decompiler, it would be necessary to try, since it is not my field I do not say yes or no, but what I see that it does is compile a bash, in the .c it is You can see the code, which, within the obfuscated, I see that it is in lines that look like an exploit shell, I do not know if they are really obfuscated, since, no password is requested or a I do not know, master.config where a previous keyword.

  13.   juan david said

    friends it happens that when I obfuscate my script he creates the new script with ex ending, I execute it and there is even perfect. But when I take it to another computer with linuz it does not run, it already has all the permissions, I create a launcher and tell it that it is a terminal application, but it does not work, please wait for a prompt response

    1.    KZKG ^ Gaara said

      Did you compile it and are you running it on a system with the same architecture? That is, it will give you an error if you compiled it to obfuscate it on a 32-bit system, and then you try to run it on a 64-bit system, or vice versa. You understand?

      1.    juan david said

        No, but I already provided formatting the same computer, with the same operating system and it does not run, it does not even send an error.
        I call it by console like this: sudo /home/operations/script.x and I get this error

        /home/operaciones/script.x: e } 8- q , K

        a whole case

        1.    KZKG ^ Gaara said

          Try to run it WITHOUT compiling to see if it is an error in the code

    2.    Nick said

      In order for you to run the obfuscated script on other computers you have to compile it with the option «-r Relax security. Make a redistributable binary ', otherwise it will only run on the machine where the script was obfuscated with SHC.
      Example:

      shc -r -f script.sh

  14.   william said

    Hello, I have a query, the shc can be installed in any type of Linux distribution ?, for example red hat, how would the installation be for this one?
    Thank you!

  15.   ruyzz said

    Hello everyone, your comments have helped me a lot, but I have the following problem, when obfuscation does not work for me in the same system but with different architecture, that is, if I do it in 32 bits it cannot run in 64 bits. Does anyone know if it can really be run on different architectures (32 and 64 bit)?