forked from neurobin/shc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
man.html
415 lines (415 loc) · 13.3 KB
/
man.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="author" content="" />
<meta name="dcterms.date" content="2024-08-19" />
<title>shc(1) shc user manual</title>
<style>
html {
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 12px;
}
h1 {
font-size: 1.8em;
}
}
@media print {
html {
background-color: white;
}
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
svg {
height: auto;
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, Consolas, 'Lucida Console', monospace;
font-size: 85%;
margin: 0;
hyphens: manual;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
div.columns{display: flex; gap: min(4vw, 1.5em);}
div.column{flex: auto; overflow-x: auto;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
/* The extra [class] is a hack that increases specificity enough to
override a similar rule in reveal.js */
ul.task-list[class]{list-style: none;}
ul.task-list li input[type="checkbox"] {
font-size: inherit;
width: 0.8em;
margin: 0 0.8em 0.2em -1.6em;
vertical-align: middle;
}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
/* CSS for syntax highlighting */
pre > code.sourceCode { white-space: pre; position: relative; }
pre > code.sourceCode > span { line-height: 1.25; }
pre > code.sourceCode > span:empty { height: 1.2em; }
.sourceCode { overflow: visible; }
code.sourceCode > span { color: inherit; text-decoration: inherit; }
div.sourceCode { margin: 1em 0; }
pre.sourceCode { margin: 0; }
@media screen {
div.sourceCode { overflow: auto; }
}
@media print {
pre > code.sourceCode { white-space: pre-wrap; }
pre > code.sourceCode > span { display: inline-block; text-indent: -5em; padding-left: 5em; }
}
pre.numberSource code
{ counter-reset: source-line 0; }
pre.numberSource code > span
{ position: relative; left: -4em; counter-increment: source-line; }
pre.numberSource code > span > a:first-child::before
{ content: counter(source-line);
position: relative; left: -1em; text-align: right; vertical-align: baseline;
border: none; display: inline-block;
-webkit-touch-callout: none; -webkit-user-select: none;
-khtml-user-select: none; -moz-user-select: none;
-ms-user-select: none; user-select: none;
padding: 0 4px; width: 4em;
color: #aaaaaa;
}
pre.numberSource { margin-left: 3em; border-left: 1px solid #aaaaaa; padding-left: 4px; }
div.sourceCode
{ }
@media screen {
pre > code.sourceCode > span > a:first-child::before { text-decoration: underline; }
}
code span.al { color: #ff0000; font-weight: bold; } /* Alert */
code span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
code span.at { color: #7d9029; } /* Attribute */
code span.bn { color: #40a070; } /* BaseN */
code span.bu { color: #008000; } /* BuiltIn */
code span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
code span.ch { color: #4070a0; } /* Char */
code span.cn { color: #880000; } /* Constant */
code span.co { color: #60a0b0; font-style: italic; } /* Comment */
code span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
code span.do { color: #ba2121; font-style: italic; } /* Documentation */
code span.dt { color: #902000; } /* DataType */
code span.dv { color: #40a070; } /* DecVal */
code span.er { color: #ff0000; font-weight: bold; } /* Error */
code span.ex { } /* Extension */
code span.fl { color: #40a070; } /* Float */
code span.fu { color: #06287e; } /* Function */
code span.im { color: #008000; font-weight: bold; } /* Import */
code span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
code span.kw { color: #007020; font-weight: bold; } /* Keyword */
code span.op { color: #666666; } /* Operator */
code span.ot { color: #007020; } /* Other */
code span.pp { color: #bc7a00; } /* Preprocessor */
code span.sc { color: #4070a0; } /* SpecialChar */
code span.ss { color: #bb6688; } /* SpecialString */
code span.st { color: #4070a0; } /* String */
code span.va { color: #19177c; } /* Variable */
code span.vs { color: #4070a0; } /* VerbatimString */
code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
</style>
</head>
<body>
<header id="title-block-header">
<h1 class="title">shc(1) shc user manual</h1>
<p class="author"></p>
<p class="date">August 19, 2024</p>
</header>
<hr>
<h1 id="name">NAME</h1>
<p>shc - Generic shell script compiler</p>
<h1 id="synopsis">SYNOPSIS</h1>
<p><strong>shc</strong> [ -e <em>DATE</em> ] [ -m <em>MESSAGE</em> ] [
-i <em>IOPT</em> ] [ -x <em>CMD</em> ] [ -l <em>LOPT</em> ] [ -o
<em>OUTFILE</em> ] [ -2ABCDHpPSUhrv ] -f <em>SCRIPT</em></p>
<h1 id="description">DESCRIPTION</h1>
<p><strong>shc</strong> creates a stripped binary executable version of
the script specified with <code>-f</code> on the command line.</p>
<p>The binary version will get a <code>.x</code> extension appended by
default if <em>OUTFILE</em> is not defined with [-o <em>OUTFILE</em>]
option and will usually be a bit larger in size than the original ascii
code. Generated C source code is saved in a file with the extension
<code>.x.c</code> or in a file specified with appropriate option.</p>
<p>If you provide an expiration DATE with the <code>-e</code> option,
the compiled binary will refuse to run after the date specified. The
message <strong>Please contact your provider</strong> will be displayed
instead. This message can be changed with the <code>-m</code>
option.</p>
<p>You can compile any kind of shell script, but you need to supply
valid <code>-i</code>, <code>-x</code> and <code>-l</code> options.</p>
<p>The compiled binary will still require the shell specified in the
first line of the shell code (i.e. <code>#!/bin/sh</code>) to be
available on the system, therefore <strong>shc</strong> does not create
completely independent binaries, it mainly obfuscates the source
script.</p>
<p><strong>shc</strong> itself is not a compiler such as cc, it rather
encodes and encrypts a shell script and generates C source code with the
added expiration capability. It then uses the system compiler to compile
a stripped binary which behaves exactly like the original script. Upon
execution, the compiled binary will decrypt and execute the code with
the shell <code>-c</code> option. It will not give you any speed
improvement as a real C program would.</p>
<p><strong>shc</strong>’s main purpose is to protect your shell scripts
from modification or inspection. You can use it if you wish to
distribute your scripts but don’t want them to be easily readable by
other people.</p>
<h1 id="options">OPTIONS</h1>
<dl>
<dt>-e <em>DATE</em></dt>
<dd>
Expiration date in <em>dd/mm/yyyy</em> format <code>[none]</code>
</dd>
<dt>-m <em>MESSAGE</em></dt>
<dd>
message to display upon expiration
<code>["Please contact your provider"]</code>
</dd>
<dt>-f <em>SCRIPT</em></dt>
<dd>
File path of the script to compile
</dd>
<dt>-P</dt>
<dd>
Use a pipe to feed the script, with ARGV fixes. Enabled automatically
for <code>python</code>, <code>perl</code> and <code>csh</code>.
</dd>
<dt>-p</dt>
<dd>
Use a pipe to feed the script, without ARGV fixing.
</dd>
<dt>-i <em>IOPT</em></dt>
<dd>
Inline option for the shell interpreter i.e: <code>-e</code>
</dd>
<dt>-x <em>CMD</em></dt>
<dd>
eXec command, as a printf format i.e: <code>exec(\\'%s\\',@ARGV);</code>
</dd>
<dt>-l <em>LOPT</em></dt>
<dd>
Last shell option i.e: <code>--</code>
</dd>
<dt>-o <em>OUTFILE</em></dt>
<dd>
output to the file specified by OUTFILE
</dd>
<dt>-r</dt>
<dd>
Relax security. Make a redistributable binary which executes on
different systems running the same operating system. You can release
your binary with this option for others to use
</dd>
<dt>-v</dt>
<dd>
Verbose compilation
</dd>
<dt>-S</dt>
<dd>
Enable setuid for root callable programs
</dd>
<dt>-D</dt>
<dd>
Enable debug (show exec calls, etc.)
</dd>
<dt>-U</dt>
<dd>
Make binary execution untraceable (using <em>strace</em>,
<em>ptrace</em>, <em>truss</em>, etc.)
</dd>
<dt>-H</dt>
<dd>
Hardening. Extra security flag without root access requirement that
protects against dumping, code injection,
<code>cat /proc/pid/cmdline</code>, <code>ptrace</code>, etc… This
feature is <strong>experimental</strong> and may not work on all
systems. it requires bourne shell (sh) scripts
</dd>
<dt>-C</dt>
<dd>
Display license and exit
</dd>
<dt>-A</dt>
<dd>
Display abstract and exit
</dd>
<dt>-2</dt>
<dd>
Use <code>mmap2</code> system call.
</dd>
<dt>-B</dt>
<dd>
Compile for BusyBox
</dd>
<dt>-h</dt>
<dd>
Display help and exit
</dd>
</dl>
<h1 id="environment-variables">ENVIRONMENT VARIABLES</h1>
<p>These can be used to provide options to the GCC Compiler. Examples:
static compilation, machine architecture, sanitize options.</p>
<dl>
<dt>CC</dt>
<dd>
C compiler command <code>[cc]</code>
</dd>
<dt>CFLAGS</dt>
<dd>
C compiler flags <code>[none]</code>
</dd>
<dt>LDFLAGS</dt>
<dd>
Linker flags <code>[none]</code>
</dd>
</dl>
<h1 id="examples">EXAMPLES</h1>
<p>Compile a script which can be run on other systems with the trace
option enabled (without <code>-U</code> flag):</p>
<div class="sourceCode" id="cb1"><pre
class="sourceCode bash"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="ex">shc</span> <span class="at">-f</span> myscript <span class="at">-o</span> mybinary</span></code></pre></div>
<p>Compile an untraceable binary:</p>
<div class="sourceCode" id="cb2"><pre
class="sourceCode bash"><code class="sourceCode bash"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="ex">shc</span> <span class="at">-Uf</span> myscript <span class="at">-o</span> mybinary</span></code></pre></div>
<p>Compile an untraceable binary that doesn’t require root access
(experimental):</p>
<div class="sourceCode" id="cb3"><pre
class="sourceCode bash"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="ex">shc</span> <span class="at">-Hf</span> myscript <span class="at">-o</span> mybinary</span></code></pre></div>
<h1 id="limitations">LIMITATIONS</h1>
<p>The maximum size of the script that could be executed once compiled
is limited by the operating system configuration parameter
<code>_SC_ARG_MAX</code> (see sysconf(2))</p>
<h1 id="main-authors">MAIN AUTHORS</h1>
<p>Francisco Rosales <a href="mailto:frosal@fi.upm.es"
class="email">frosal@fi.upm.es</a> Md Jahidul Hamid <a
href="mailto:jahidulhamid@yahoo.com"
class="email">jahidulhamid@yahoo.com</a></p>
<p>Note: Do not contact them, they are no longer actively involved</p>
<h1 id="report-bugs-to">REPORT BUGS TO</h1>
<p>https://github.com/neurobin/shc/issues</p>
</body>
</html>