Tool for converting scripts into C code
cc shellc.c -O2 -o shellcshellchas been open source for about a year and has been released about 20 times, but due to technical issues that cannot be solved, no new versions will be released in the future. If the code protection requirements are not high, this tool can be used. If there are high protection requirements, do not use such tools. The encryption method of transmitting the source code to the interpreter through pipeline cannot technically solve the problem of obtaining the source code through strace. For the method of cracking the source code, please refer to decrypt. The purpose of releasing cracking methods is to hope that someone can solve the vulnerabilities in cracking tools, while also informing about the risks of using shellc tools. If the scripting language is bash, please use xbash Tools.
shellc sh example.sh
cc example.sh.c -O2 -o exampleThe generated C code is example.sh.c, which is the original file name followed by .c.
For programs that require source code protection, it is recommended to use static compilation and the stripcommand to remove symbol tables, and enable the -i or -a options.
-
The source code can be seen through the
ps -efcommand,such as the default option generated byshc. -
Obtaining source code by forging interpreters, such as changing the script interpreter to
echo. -
For code generated by non static compilation, it can be obtained by dynamically loading and intercepting the
readfunction. -
kill -SIGSEGV, Obtaining script source code through methods such as memory dump. -
Obtaining script source code by reading the file descriptor
/proc/<pid>/fd/*. -
Obtaining script source code by reading memory files or strace.
Version 1.8 has resolved issues 1-3, but technically cannot solve issue 4-6. If the scripting language is bash, xbashcan solve issue 4-6.
Version 1.0 or above not only support shell, but also other scripting languages, which can completely replace shc. Version 1.6 adds the function of obtaining script source code through anti-counterfeiting interpreter or memory dump. Version 1.8 solves the problem of obtaining source code through file descriptors. Version 1.8 does not support ruby, and ruby requires version 1.7.
At present, the program has practical applications in AIX, UNIX, Linux environments. It is recommended to conduct comprehensive testing on the compiled program to prevent production failures.
-
Generate C code command
shellc command inputfile [-t] [-a] [-x] [-f fix-format] [-e fix-file] [-p parameter] [-i interpreter] [-b 8|16|32|64] [-d YYYYMMDD] [-m message]command: Execute script commands, such
sh,perl,python,node,Rscript,php, etc.inputfile: Script file name
-t option: For systems that do not support anti debugging functionality, this option is required for generated code.
-a option: Anti forgery interpreter requires the MD5 value of the interpreter in the runtime environment to be the same as that of the interpreter in the compilation environment.
-x option: New version xbash It has become a pure code conversion tool, and -x is no longer valid.
-f option: Fix parameter 0 value.
-e option: Fix parameter 0 value by custom external file.
-p option: Command parameter, such as
busybox shellusing byshellc busybox example.sh -p sh.-b option: Operating system bits setting.
-i option: Built in interpreter,
interpreteris the file name corresponding to the runtime environment, such as/usr/bin/sh, or a custom file name can be used, such as/tmp/myshell. If there is no corresponding interpreter in the runtime environment, the interpreter file will be automatically generated at runtime. Built in interpreter with anti-counterfeiting function.-d option: Program expiration date, formatted as YYYYMMDD
-m option: Program expiration information prompt.
-
Fix arguments
Fix arguments 0 supports
BASH,FISH,ZSH,PERL,PYTHON,JAVASCRIPT,LUA,RUBY.In addition to built-in fix format, external file can also be used to fix arguments 0. File format:
?Indicates parameter 0 value, line breaks must be explicitly used\n, Double quotes require an escape character\.Referencetest/fix.txt.
Version 0.3 or above has added untraceable and tested the following tools for untraceable
| OS | TOOL | SUPPORTED |
|---|---|---|
| AIX 7.1 | dbx sdb | YES |
| SCO UNIX 5.0.6 | dbx sdb adb | YES |
| Red Hat Linux7.8 | gdb | YES |
| CentOS Linux6.4 | gdb | YES |
| debian 12.4.0 | gdb | YES |
| Fedora 39 | gdb lldb | YES |
| FreeBSD 14.0 | gdb | YES |
| openSUSE Leap 15.5 | gdb | YES |
| OracleLinux R9 | gdb | YES |
| ubuntu 22.04.3 | gdb lldb | YES |
| openEuler | gdb | YES |
| Debian | gdb | YES |
| NetBSD 10.0 | gdb | NO |
| DragonFly 6.4 | gdb | NO |
| macOS 13 | lldb | NO |
-
v1.8.2 2024-11-25
Fix Issue #27
-
v1.8.1 2024-11-11
Fix memory detection errors in special scenarios
-
v1.8 2024-11-10
Merge normal mode and safe mode
Add support for xbash
Prevent debugging by using the ptrace method
Add program expiration
-
v1.7 2024-09-18
Fix Issue #18
Safe mode SHELL human-machine interaction support does not modify the source script program
Add support for safe mode aliases
-
v1.6.2 2024-09-01
Fix memory overflow
-
v1.6.1 2024-09-01
Fix the array length to be empty
-
v1.6 2024-09-01
Add built-in interpreter
Add anti-counterfeiting interpreter
Add anti memory dump
-
v1.5 2024-08-25
Fix the incorrect exit status issue in safe mode
-
v1.4 2024-08-17
Fix memory leak
-
v1.3 2024-06-28
Add command parameter
-
v1.2 2024-06-22
Add operating system bits setting
-
v1.1 2024-06-12
Expand functions in safe mode
-
v1.02 2024-06-06
Removing macro definitions from generated code makes it easier for professional tools to generate more complex and confusing code
-
v1.01 2024-06-02
Remove special handling of FreeBSD
-
v1.0 2024-06-01
Add support for non SHELL scripting languages
Add fix parameter 0
Remove BSD and LINUX variant system thread requirements
-
v0.3 2023-12-25
Add untraceable
Fix compilation warnings in some systems
-
v0.21 2023-12-13
Fix program bugs in the
zshenvironment -
v0.2 2023-12-12
Changing the data structure from a structured structure to a string array reduces compilation time for large files
Add code character encryption function
-
v0.1 2023-12-01
Initial version