SHC:Generic shell script compiler

经常使用脚本,但是在脚本中写入密码明文很不安全,所以考虑加密问题。当前比较普遍、简单的方法为使用shc程序,把脚本使用RC4加密算法再编译一次。
shc的主页:
http://www.datsi.fi.upm.es/~frosal/
当前最新为http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8 .7.tgz
具体操作如下:
# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8 .7.tgz
# tar zxvf shc-3.8.7.tgz
# cd shc-3.8.7
# make test
# make strings
到此,目录下已经有了shc的程序,可以直接使用,如果希望使用方便也可以在安装一下。
# make install
安装完成,非常简单。使用也非常简单。
# ./shc -v -f myshell.sh
编译完成后会产生两个myshell.sh.x和myshell.sh.x.c。myshell.sh.x为二进制文件,
myshell.sh.x.c为C源码文件。

Manpage for shc(1)


NAME

     shc - Generic shell script compiler

SYNOPSIS

     shc [ -e date ] [ -m addr ] [ -i iopt ] [ -x cmnd ]
     [ -l lopt ] [ -ACDhTv ] -f script

DESCRIPTION

     shc creates a stripped  binary  executable  version  of  the
     script specified with -f on the command line.
     The binary version will get a .x extension appended and will
     usually  be  a  bit  larger  in size than the original ascii
     code. Generated C source code is saved in a  file  with  the
     extension .x.c
     If you supply an expiration date with the -e option the com-
     piled  binary  will  refuse to run after the date specified.
     The message "Please contact your provider" will be displayed
     instead.  This message can be changed with the -m option.
     You can compile any kind of shell script, but  you  need  to
     supply valid -i, -x and -l options.
     The compiled binary will still be  dependent  on  the  shell
     specified  in  the  first  line  of  the  shell  code  (i.e.
     #!/bin/sh), thus shc does not create completely  independent
     binaries.
     shc itself is not a compiler such as cc, it  rather  encodes
     and encrypts a shell script and generates C source code with
     the added expiration capability. It  then  uses  the  system
     compiler  to compile a stripped binary which behaves exactly
     like the  original  script.  Upon  execution,  the  compiled
     binary  will  decrypt and execute the code with the shell -c
     option.  Unfortunatelly, it will  not  give  you  any  speed
     improvement as a real C program would.
     shc's main purpose is to protect  your  shell  scripts  from
     modification  or  inspection.  You can use it if you wish to
     distribute your scripts but don't want  them  to  be  easily
     readable by other people.

OPTIONS

     The command line options are:
     -e date
          Expiration date in dd/mm/yyyy format [none]
     -m message
          message to display  upon  expiration  ["Please  contact
          your provider"]
     -f script_name
          File name of the script to compile
     -i inline_option
          Inline option for the shell interpreter i.e: -e
     -x comand
          eXec    command,    as    a    printf    format    i.e:
          exec(\\'%s\\',@ARGV);
     -l last_option
          Last shell option i.e: --
     -r   Relax security. Make  a  redistributable  binary  which
          executes  on different systems running the same operat-
          ing system.
     -v   Verbose compilation
     -D   Switch on debug exec calls
     -T   Allow binary to be  traceable  (using  strace,  ptrace,
          truss, etc.)
     -C   Display license and exit
     -A   Display abstract and exit
     -h   Display help and exit

ENVIRONMENT VARIABLES

     CC   C compiler command [cc]
     CFLAGS
          C compiler flags [none]

EXAMPLES

     Compile a script which can be run on other systems with  the
     trace option enabled:
       example% shc -v -r -T -f myscript

BUGS

     The  maximum  size  of the script that could be executed once com�
     piled is limited by the operating system  configuration  parameter
     _SC_ARG_MAX (see sysconf(2))

AUTHOR

     Francisco Rosales <frosal@fi.upm.es>

REPORT BUGS TO

     the author.

发表评论