Compiling Bash Scripts with SHC

Slashdot it! Delicious Share on Facebook Tweet! Digg!

Under Control

You control SHC mainly with options, the most important of which are shown in Table 1. Moreover, SHC evaluates two environment variables. $CC contains the C compiler used – default cc . The second variable in this context is $CFLAGS , which contains the compiler options.

Table 1

SHC Options

-e <date> @#:Limits the time the program can be executed up to the given date, after which a warning appears. The compiler expects the date in the form <DD>/<MM>/<YYYY> .
-m <message> Message that appears after the -e time limit expires.
-f <script> Absolutely necessary, indicates the script name.
-i <shell-options> Special Bash options.
-x <command> The binary program starts the script with exec , by default followed by $@ (all command options and arguments).
-l <option> Defines the last command line option, normally (the default).
-r Loosens the security settings during compilation, so that binaries can run on other computers with the same operating system. Currently mandatory for Arch Linux.
-D Enables debug mode of the binary program, which can generate a lot of additional information.
-T Creates a program traceable by Strace or similar tool.
-A Shows a short info and quits SHC without compiling the script.


Several programs can help conceal the content of shell scripts. A search on Duckduckgo for shell script encrypt or shell script obfuscate returns some alternatives – often partly implemented as shell scripts – that convert code in one way or another. Among them are Obfsh [4] and Shellcrypt [5].

Although the former renders the source code unreadable by inserting or removing spaces and rows and other trash, Shellcrypt goes one step further. The program creates an truly encrypted program with the .bin extension that runs again only after re-decryption. The program used for it also acts as an interpreter (Figure 2).

Figure 2: Shellcrypt converts scripts into unreadable characters that can only be made executable after back conversion.

The disadvantage of this approach is that the program also needs an installed Shellcrypt on the target system. In a similar way, you could use GPG encrypted scripts that you encrypt symmetrically with the -c option and re-decrypt with -d .

Buy this article as PDF

Express-Checkout as PDF

Pages: 3

Price $0.99
(incl. VAT)

Buy Ubuntu User

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content