This is a discussion on SHC protected shell script is vulnerable - Linux ; SHC protected shell scripts are vulnerable to debugging. SHC does not truly "compile" your script into a binary: the generated binary still needs the interpreter program to run your original script, so it is possible that original script can be ...
SHC protected shell scripts are vulnerable to debugging.
SHC does not truly "compile" your script into a binary: the generated binary
still needs the interpreter program to run your original script, so it is
possible that original script can be captured.
The problem is almost every (sh/ksh/csh/bash/tcsh/zsh, etc) shell scripts
(if not all scripts) protected by SHC can be easily captured.
The following is the procedure to capture the original script from SHC
Lets assume the original script is written in bash.
1. create a link for the program:
ln -s the-shc-protected-program ./-bash
2. in your ~/.profile, add in following statements:
if [ -f ~/.shc_capture ]
rm -f ~/.shc_capture
echo "Now you can attach to $$, press Enter to continue"
3. in terminal 1, run
4. in terminal 2, run
gdb -p PID
the PID should be the number displayed in terminal 1 in "Now you can attach
type "bt" to display the frames.
type "s" here and then press the Enter key in terminal 1.
in terminal 2, type "bt" again, now you should see the #Frame number for
lets assume it's frame number 14.
type "fr 14".
type "info f".
find the Arglist address "Arglist at 0x*******", lets assume it's 0xbfffe6c8.
adding 0xc (decimal number 12) to the above number, now we get 0xbfffe6d4.
type "print (char **)* 0xbfffe6d4".
now you will get a HEX number, lets assume 0xbfffe724.
adding 8 to 0xbfffe724, we get 0xbfffe72c.
type "print (char *)* 0xbfffe72c", now you get another address, lets assume
type "printf "%s", 0xbfffe892".
when you see "---Type
to continue, or q to quit---" at the
bottom of the terminal screen, type the Enter key, until you see something
different: that is the original script!!!
So, now you can see, like Cactus' SHELL-LOCK, SHC can not provide adequate
protection for your shell scripts and both of them do not truly compile your
script into binary code, and as such you will not get any performance gain,
instead, performance will be downgraded due to the extra work.
I also tested the just released wzshSDK V4.4, it seems not vulnerable to
temp-watch, and I tried to use the similar method described here to capture the
original script without success.