如何混淆shell脚本?
[英]How to obfuscate a shell script?
问题描述
I am using Ubuntu 10.04. 
我正在使用Ubuntu 10.04。 i have created a shell script. 我已经创建了一个shell脚本。 After writing the script, the code can be edited when right clicking the file and selecting Gedit. 编写脚本后,右键单击文件并选择Gedit,即可编辑代码。 I want to know how to make the script unreadable in Gedit. 我想知道如何使脚本在Gedit中不可读。
4 个解决方案
解决方案1
3 2016-10-24 08:12:38
GEdit is just another tool that can be used to edit a file, much like "vi" or "nano" is. GEdit只是另一个可用于编辑文件的工具,非常类似于“ vi”或“ nano”。 Only difference is, I believe it is graphical. 唯一的区别是,我相信它是图形的。 Nevertheless, it appears that what the original poster is attempting to do here is to simply make it impossible for others to view certain scripts. 尽管如此,看来原始的发帖人试图在这里做的只是使其他人无法查看某些脚本。 If that's true, there are solutions that may be worth investigating. 如果是真的,那么有些解决方案可能值得研究。
SHC: SHC:
SHC is a great tool to use for this purpose. SHC是用于此目的的出色工具。 and based on the last post in this thread, it appears the OP has already tried it but, it didn't work on certain systems. 并且根据该线程的最后一篇帖子,看来OP已经尝试过了,但是在某些系统上不起作用。 If that's the case, heres's the reason why. 如果是这样,这就是原因。 The way SHC works is actually pretty straight-forward. SHC的工作方式实际上非常简单。 When using it to obfuscate a script, you have to re-compile the script for whichever OS you intend to run it on. 使用它混淆脚本时,必须针对要在其上运行脚本的任何操作系统重新编译该脚本。 What that means is, you cannot run the SHC compiler on a ubuntu box and expect the produced script to work on a Red Hat/CentOS box. 这意味着,您不能在ubuntu框上运行SHC编译器,并且不能期望生成的脚本在Red Hat / CentOS框上运行。 It appears the latest version of SHC can be accessed here . 似乎可以在此处访问 SHC的最新版本。
EnScryption: 加密:
If your main goal is to discourage others from attempting to read your code, you can just paste your script to a site like this one . 如果你的主要目标是从尝试读取你的代码劝阻别人,你可以只贴上你的脚本喜欢的网站这一个 。 This site will automatically generate an obfuscated version of your script that should be able to run without issues on most common Unix systems. 该站点将自动生成脚本的混淆版本,该脚本应能够在大多数常见的Unix系统上运行而不会出现问题。
If you do not wish to paste your code to the above site or use SHC for whatever reason, then, there's yet another solution. 如果您不希望出于任何原因将代码粘贴到上述站点或使用SHC,那么还有另一种解决方案。 Use openssl! 使用openssl!
OpenSSL: OpenSSL:
If your scripts are really that sensitive, then Openssl(or a similar tool) is probably the best option for you. 如果您的脚本确实如此敏感,那么Openssl(或类似工具)可能是您的最佳选择。 Why? 为什么? Because the openssl tool in particular is present on most Unix systems...ie Ubuntu, CentOS, Red Hat, Macs, AIX. 因为特别是在大多数Unix系统上都存在openssl工具,例如Ubuntu,CentOS,Red Hat,Macs,AIX。 It comes as part of the default installation. 它是默认安装的一部分。 If you decide to go this route, note, you will need to write your script in such a way that before it runs, the user has to provide a password. 请注意,如果您决定采用这种方式,则需要以一种方式编写脚本,以便在脚本运行之前,用户必须提供密码。
Encrypting your script with OpenSSL: 使用OpenSSL加密脚本:
cat yourscript.sh | openssl aes-128-cbc -a -salt -k (specify-a-password-here) > yourscript.enc.sh
(OR)
openssl aes-128-cbc -a -salt -in yourscript.sh -k (specify-a-password-here) > yourscript.enc.sh
(OR)
openssl aes-128-cbc -a -salt -in yourscript.sh -out yourscript.enc.sh -k (specify-a-password-here)
Decrypting your script with OpenSSL: 使用OpenSSL解密脚本:
cat yourscript.enc.sh | openssl aes-128-cbc -a -d -salt -k (specify-a-password-here) > yourscript.dec.sh
(OR)
openssl aes-128-cbc -a -d -salt -in yourscript.sh -k (specify-a-password-here) > yourscript.dec.sh
(OR)
openssl aes-128-cbc -a -d -salt -in yourscript.sh -out yourscript.enc.sh -k (specify-a-password-here)
A quick thing to note about the openssl encryption mechanism ' aes-128-cbc ': 关于openssl加密机制“ aes-128-cbc ”的快速注意事项:
There are probably more secure mechanisms out there. 可能存在更安全的机制。 But there is a good chance some of the systems you wish to run your encrypted scripts on wont have those mechanisms, thereby making it impossible to run your script. 但是,您希望在某些系统上运行加密脚本的系统很可能没有这些机制,因此无法运行脚本。 So keep that in mind if you decide to change it. 因此,如果您决定更改它,请记住这一点。
解决方案2
3 2012-03-14 11:43:32
You are probably looking for something like shc. 您可能正在寻找类似shc的东西。 From the man page: 从手册页:
shc creates a stripped binary executable version of the script specified with -f on the command line. shc创建在命令行上用-f指定的脚本的剥离二进制可执行版本。
http://freecode.com/projects/shc http://freecode.com/projects/shc
Disclaimer: I have not tested shc nor do I know how well/if it works 免责声明:我还没有测试过shc,也不知道它是否运作良好
解决方案3
3 2012-03-14 11:49:41
Obfuscation (which is what most people mean when they say they want a "binary" shell script) is a Bad Idea(TM) - Been there, done that. 混淆(大多数人说他们想要“二进制” shell脚本时的意思)是一个坏主意-到那儿去做。 It doesn't provide any security against a determined programmer (they'd just trace the script to figure out what it's doing), and it makes it really, really hard to debug (which, possibly unless you're GreyCat , you will need to do. A lot.). 它对确定的程序员没有提供任何安全性(他们只是跟踪脚本以弄清它在做什么),并且使其调试起来非常非常非常困难(除非您是GreyCat ,否则您将需要它)要做的事情。)
解决方案4
2 2012-03-14 11:45:45
What you want to do is not readily possible. 您想做的事并不容易。 Scripts are interpreted, not compiled, that's why you see text in there. 脚本是解释的,而不是编译的,这就是为什么您在其中看到文本的原因。
For an script to be executed, the effective user must have read access to it. 为了执行脚本,有效用户必须对该脚本具有读取权限。 An alternative to giving execution permission or using shc (as KillerX has nicely proposed), without letting the user look at the contests of the script, would be to use sudo . 在不让用户查看脚本竞赛的情况下,授予执行许可或使用shc的一种替代方法是使用sudo ,而不允许用户查看脚本的竞争。 You would edit the sudoers file like this (remember to use visudo to edit this file!): 您将像这样编辑sudoers文件(请记住使用visudo来编辑此文件!):
username ALL=(ALL) /path/to/your_script.sh
Now the script would be executable by "username" but he wouldn't be able to read its contents. 现在,该脚本可以通过“用户名”执行,但他将无法读取其内容。 Of course, you need to remove all permissions to "username" from this file... 当然,您需要从该文件中删除对“用户名”的所有权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.