How can I encrypt or scramble my shell script so that it’s unreadable to the naked eye? Either method would be acceptable, please provide specific steps.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
If you want to encrypt a shell script, use GPG. Whoever wants to run your script will of course have to decrypt it first.
If you want someone to be able to run the script but not read it, that’s a completely different problem which has nothing to do with encryption. It’s called obfuscation.
If you have a password or other confidential information in that script, no amount of obfuscation is going to hide it. Sooner or later the script will use the password to do something and at that point the password will appear clearly to anyone looking for it.
If you want to hide how your script works because you’re afraid someone will copy it, forget about it. Nobody cares.
If you want to hide your script because you’re ashamed of its quality, fix it.
If you want to hide how your script works because you want to hide what it does, it’s not doable. Someone can look at your script while it’s executed and watch what it’s doing.
If you’ve read that far and still want to “encrypt” your script, you’re misunderstanding something major. Don’t send your script to anyone, or send it in plain text.
Method 2
Got this while searching internet,courtesy Claudio P.
-
Write your script (script-base.sh)
#!/bin/sh echo "Hello World"
-
Encrypt your script (give a password):
openssl enc -e -aes-256-cbc -a -in script-base.sh > script-enc
-
Write de Wrapper (script-final.sh):
#!/bin/sh openssl enc -d -aes-256-cbc -a -in script-enc | sh -
- Run “script-final.sh”, enter the password, and the script will run without write the plain text script on disk.
Method 3
SHC
You can try the steps outlined on this website, titled: How to Encrypt Your Bash Shell Script on Linux Using SHC. This article discusses the use of a tool called SHC – Shell script Compiler.
URL resources
This is an executable that you’ll have to build using gcc/g++.
Usage
$ ./shc -f random.sh
Once you run it your shell script, random.sh will get converted into this file:
-rwx-wx--x. 1 ramesh ramesh 11752 Mar 27 01:12 random.sh.x
Is this foolproof?
No there is a good analysis of the method used by the SHC tool which shows that it’s not overly strong and can be circumvented if you know what you’re doing. The article was post on the linuxjournal.com website, titled: Paranoid Penguin – Limitations of shc, a Shell Encryption Utility.
NOTE: These classes of tools are probably better described as obfuscators.
Method 4
Basically you can obfuscate but not compile your script. The simple reason is that shell scripts are interpreted individual commands which needs to be executed one by one by the system, and that you can see those commands as they are executed one by one by the system with the sh -x flag (and perhaps also the -v flag)
For most programmers that will be sufficient to understand what is going on.
You can obfuscate your variables and general flow if you want it, but you cannot obfuscate the indvidual commands executed by your program – which for shell scripts usually are all of them.
The simplest solution is probably rewriting the shell script in a compiled language like C.
Method 5
Please use the new version, grater then 4.0.0 for Ubuntu 18.04 (tested). The old one has a bug that has a workaround. With the new one, this problem was fixed 😉
Use the following command
sudo add-apt-repository ppa:neurobin/ppa sudo apt-get update sudo apt-get install shc
Method 6
try submitting your script to this site if you wish to hide it from public view.
while many may disagree with the idea of encrypting or obfuscating the source code of a script written in an interpreted language, i understand why folks want to do this.
as someone who has had his work stolen many times, i simply do not care if “obfuscation” or “encryption” is a taboo. as long as my script is protected and it works as it did before encryption, Im quite content. never again will i allow someone else to take my ideas and run with it. and no, writing my script in a compiled language is not any option. i do not know how to.
anyway, if you do not want to use the site mentioned above, try the latest version of shc. I believe they’ve updated it in github to address the many security concerns others have mentioned. type the following into google “shc github” and you’ll see a host of available options you can try out.
good luck!
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0