Retrieve plain text script from compiled bash script
Using shc to compile your scripts does not protect them. You don't get more security this way. The shc compiled binary decrypts and loads the script into memory when started. You could then, right after you started the binary, just segfault it and retrieve your script from the coredump.
Here's a little example script named test.sh:
#! /bin/bash
echo "starting script and doing stuff"
sleep 1
echo "finished doing stuff"
Compile it with shc:
shc -f test.sh
Start it as background process and segfault it right away:
./test.sh.x& ( sleep 0.2 && kill -SIGSEGV $! )
sleep 0.2 will give the binary enough time to start up and decrypt the original script. The variable $! contains the pid of the last background process started, so we can easily kill it with the segmentation fault signal SIGSEGV (same as kill -11 $!).
[1] + segmentation fault (core dumped) ./test.sh.x
Now we can search the dump for the original script:
cat core | strings
We pipe the data in the dumpfile to strings, which will then show us all the printable characters in the file and we can now see the original script between the garbage:
...
4.0.37(2)-release
BASH_VERSINFO
BASH_VERSINFO
release
i686-pc-linux-gnu
BASH_EXECUTION_STRING
BASH_EXECUTION_STRING
#! /bin/bash
echo "starting script and doing stuff"
sleep 1
echo "finished doing stuff"
1000
EUID
EUID
1000
...
If the script is pretty big, maybe you have to adjust the core file size with ulimit.
Pretty easy, right?
Is it possible to Look at the the original content of a running but modified bash script?
bash
seems to try to put the script it is currently interpreting on file descriptor 255, at least on my system, without any active non-default constraints on file descriptor maximums, etc... That's probably not guaranteed, so you may have to play with it a bit, but given the PID of a running bash /some/script/sh
process, you can look in /proc/<PID>/fd/
at the file descriptor links - 0, 1 and 2 are of course the predefined stdin/stdout/stderr ones, and there may be others depending on what your script does, but it shouldn't be too difficult to sift through the contents of that directory to figure out which file descriptor corresponds to your script file, which you can than cat
or whatever (e.g. cat /proc/12345/fd/255
) to see the original script.
How can I extract the text portion of a binary file in Linux/Bash?
Use the strings
utility - that's exactly what it's designed for.
Extract text from HTML based on table column via Shell Script
#/bin/bash
for i in `cat sample.html | grep '<\/div>' | sed 's/\s\+//'|sed 's/<.*>//'`; do
if [ $i == $1 ];
then
echo $prev
fi
prev=$i
done
Example of using
$ ./filter.sh primary
core6692.myserverdomain.com
P.s: format of the sample.html should be exacly you posted here, server and the name shouldends with tag and starts with whitespace or tab.
How to compile a linux shell script to be a standalone executable *binary* (i.e. not just e.g. chmod 755)?
The solution that fully meets my needs would be SHC - a free tool, or CCsh a commercial tool. Both compile shell scripts to C, which then can be compiled using a C compiler.
Links about SHC:
- https://github.com/neurobin/shc
- http://www.datsi.fi.upm.es/~frosal/
- http://www.downloadplex.com/Linux/System-Utilities/Shell-Tools/Download-shc_70414.html
Links about CCsh:
- http://www.comeaucomputing.com/faqs/ccshlit.html
Related Topics
How to Calculate the Total Size of Certain Files Only, Recursive, in Linux
How to Use Aio and Epoll Together in a Single Event Loop
How to Check If Find Command Didn't Find Anything
Jmeter - Could Not Find the Testplan Class
How to Overcome an Incompatibility Between the Ksh on Linux VS. That Installed on Aix/Solaris/Hpux
Installing Docker on Centos 6.6
Rounding Numbers with Bc in Bash
Mpi_Send Takes Huge Part of Virtual Memory
How to Rename Files in Bash to Increase Number in Name
Grep -Q' Not Exiting with 'Tail -F'
Output the 2Nd Column of a File
Auto Exit Telnet Command Back to Prompt Without Human Intervention ^] Quit Close Exit Code 1
Detect Underlying Platform/Flavour in Cmake
How to Know Which Device Is Connected in Which /Dev/Ttyusb Port
Effects of Removing All Symbol Table and Relocation Information from an Executable