从编译的 bash 脚本中检索纯文本脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3408373/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Retrieve plain text script from compiled bash script
提问by sloth
Some time ago, i wrote some bash scripts for my school. I thought it would be very clever to 'protect' them, so i compiled them with shcinto a binary file. Some weeks later, i lost the uncompiled scripts and now i have only my binarys left.
前段时间,我为我的学校写了一些 bash 脚本。我认为“保护”它们会非常聪明,所以我将它们编译shc成一个二进制文件。几周后,我丢失了未编译的脚本,现在我只剩下二进制文件了。
Is there a way to retrieve the scripts back from the shcgenerated binarys? I looked into the source code of shcto find a way to decompile the binarys with no luck.
有没有办法从shc生成的二进制文件中检索脚本?我查看了 的源代码shc以找到一种反编译二进制文件的方法,但没有运气。
回答by sloth
Using shc to compile your scripts does not protect them. You don't get more security this way. The shc compiled binary decrypts and loads the script into memory when started. You could then, right after you started the binary, just segfault it and retrieve your script from the coredump.
使用 shc 编译您的脚本并不能保护它们。您不会以这种方式获得更多安全性。shc 编译的二进制文件在启动时解密并将脚本加载到内存中。然后,您可以在启动二进制文件后立即对其进行段错误并从核心转储中检索您的脚本。
Here's a little example script named test.sh:
这是一个名为 test.sh 的小示例脚本:
#! /bin/bash
echo "starting script and doing stuff"
sleep 1
echo "finished doing stuff"
Compile it with shc:
用 shc 编译它:
shc -f test.sh
Start it as background process and segfault it right away:
将其作为后台进程启动并立即对其进行段错误:
./test.sh.x& ( sleep 0.2 && kill -SIGSEGV $! )
sleep 0.2 will give the binary enough time to start up and decrypt the original script. The variable $! contains the pid of the last background process started, so we can easily kill it with the segmentation fault signal SIGSEGV (same as kill -11 $!).
sleep 0.2 将为二进制文件提供足够的时间来启动和解密原始脚本。变量 $! 包含上次启动的后台进程的 pid,因此我们可以使用分段错误信号 SIGSEGV 轻松杀死它(与 kill -11 $! 相同)。
[1] + segmentation fault (core dumped) ./test.sh.x
Now we can search the dump for the original script:
现在我们可以在转储中搜索原始脚本:
cat core | strings
We pipe the data in the dumpfile to strings, which will then show us all the printable characters in the file and we can now see the original script between the garbage:
我们将转储文件中的数据通过管道传输到字符串,然后它会向我们显示文件中的所有可打印字符,我们现在可以看到垃圾之间的原始脚本:
...
4.0.37(2)-release
BASH_VERSINFO
BASH_VERSINFO
release
i686-pc-linux-gnu
BASH_EXECUTION_STRING
BASH_EXECUTION_STRING
#! /bin/bash
echo "starting script and doing stuff"
sleep 1
echo "finished doing stuff"
1000
EUID
EUID
1000
...
If the script is pretty big, maybe you have to adjust the core file size with ulimit. Pretty easy, right?
如果脚本很大,也许你必须用 ulimit 调整核心文件的大小。很容易,对吧?
回答by belousov
Keep it simple! :)
把事情简单化!:)
To retrieve the scripts back from the shc generated binaries just save the copy of original sh system executable, then rename cat system executable to sh and run the shc generated binary :) So you will see the decrypted source of the shell script in the console.
要从 shc 生成的二进制文件中检索脚本,只需保存原始 sh 系统可执行文件的副本,然后将 cat 系统可执行文件重命名为 sh 并运行 shc 生成的二进制文件:) 这样您就可以在控制台中看到 shell 脚本的解密源。
回答by ycam
UnSHc, an automatic script to recover *.sh.x encrypted file encrypted with SHc tool has been released on github here.
UnSHc,一个自动恢复用SHc工具加密的*.sh.x加密文件的脚本已经在github上发布在这里。
UnSHc is a tool to reverse the encryption of any SHc encrypted *.sh.x script. It's based on auto-extraction of all cryptographic data embeded in the *.sh.x by reversing it automaticaly. With these cryptographic data (used at encryption), the tool regenerate the initial *.sh file in plaintext.
UnSHc 是一个工具,可以逆转任何 SHc 加密的 *.sh.x 脚本的加密。它基于通过自动反转来自动提取嵌入在 *.sh.x 中的所有加密数据。使用这些加密数据(用于加密),该工具以明文形式重新生成初始 *.sh 文件。
How to use UnSHc :
如何使用 UnSHc :
[root@server:~/unshc]$ ./unshc.sh -h
_ _ _____ _ _
| | | | / ___| | | |
| | | |_ __ \ `--.| |_| | ___
| | | | '_ \ `--. \ _ |/ __|
| |_| | | | /\__/ / | | | (__
\___/|_| |_\____/\_| |_/\___|
--- UnSHc - The shc decrypter.
--- Version: 0.6
------------------------------
UnSHc is used to decrypt script encrypted with SHc
Original idea from Luiz Octavio Duarte (LOD)
Updated and modernized by Yann CAM
- SHc : [http://www.datsi.fi.upm.es/~frosal/]
- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]
------------------------------
[*] Usage : ./unshc.sh [OPTIONS] <file.sh.x>
-h | --help : print this help message
-a OFFSET | --arc4 OFFSET : specify the arc4() offset arbitrarily (without 0x prefix)
-d DUMPFILE | --dumpfile DUMPFILE : provide an object dump file (objdump -D script.sh.x > DUMPFILE)
-s STRFILE | --stringfile STRFILE : provide a string dump file (objdump -s script.sh.x > STRFILE)
-o OUTFILE | --outputfile OUTFILE : indicate the output file name
[*] e.g :
./unshc.sh script.sh.x
./unshc.sh script.sh.x -o script_decrypted.sh
./unshc.sh script.sh.x -a 400f9b
./unshc.sh script.sh.x -d /tmp/dumpfile -s /tmp/strfile
./unshc.sh script.sh.x -a 400f9b -d /tmp/dumpfile -s /tmp/strfile -o script_decrypted.sh
Demonstration video can be seen here(in english and french).
演示视频可以在这里看到(英语和法语)。
回答by pmod
Just a guess.. you can record system calls using for example straceor something similar and then try to restore at least basic functionality.
只是猜测......您可以使用例如strace或类似的东西记录系统调用,然后尝试至少恢复基本功能。
Or, you can ask author of shc(http://www.datsi.fi.upm.es/~frosal/sources/shc.html).
或者,您可以询问shc 的作者(http://www.datsi.fi.upm.es/~frosal/sources/shc.html)。
PS
聚苯乙烯
The rumour has that somebody has written deshc (http://www.linuxjournal.com/article/8256)
传闻有人写了 deshc ( http://www.linuxjournal.com/article/8256)
