shc - Generic shell script compiler
\f[B]shc\f[] [ -e \f[I]date\f[] ] [ -m \f[I]addr\f[] ] [ -i \f[I]iopt\f[] ] [ -x \f[I]cmnd\f[] ] [ -l \f[I]lopt\f[] ] [ -o \f[I]outfile\f[] ] [ -ABCDhUHvSr ] -f \f[I]script\f[]
\f[B]shc\f[] creates a stripped binary executable version of the script specified with \f[C]-f\f[] on the command line.
The binary version will get a \f[C].x\f[] extension appended by default if \f[I]outfile\f[] is not defined with [-o \f[I]outfile\f[]] option and will usually be a bit larger in size than the original ascii code. Generated C source code is saved in a file with the extension \f[C].x.c\f[] or in a file specified with appropriate option.
If you supply an expiration date with the \f[C]-e\f[] option, the compiled binary will refuse to run after the date specified. The message \f[B]Please contact your provider\f[] will be displayed instead. This message can be changed with the \f[C]-m\f[] option.
You can compile any kind of shell script, but you need to supply valid \f[C]-i\f[], \f[C]-x\f[] and \f[C]-l\f[] options.
The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e. \f[C]#!/bin/sh\f[]), thus \f[B]shc\f[] does not create completely independent binaries.
\f[B]shc\f[] itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell \f[C]-c\f[] option. Unfortunately, it will not give you any speed improvement as a real C program would.
\f[B]shc\f[]\[aq]s main purpose is to protect your shell scripts from modification or inspection. You can use it if you wish to distribute your scripts but don\[aq]t want them to be easily readable by other people.
-e \f[I]date\f[] : Expiration date in \f[I]dd/mm/yyyy\f[] format \f[C][none]\f[]
-m \f[I]message\f[] : message to display upon expiration \f[C]["Please contact your provider"]\f[]
-f \f[I]script_name\f[] : File path of the script to compile
-i \f[I]inline_option\f[] : Inline option for the shell interpreter i.e: \f[C]-e\f[]
-x \f[I]command\f[] : eXec command, as a printf format i.e: \f[C]exec(\\\\\[aq]%s\\\\\[aq],\@ARGV);\f[]
-l \f[I]last_option\f[] : Last shell option i.e: \f[C]--\f[]
-o \f[I]outfile\f[] : output to the file specified by outfile
-r : Relax security. Make a redistributable binary which executes on different systems running the same operating system. You can release your binary with this option for others to use
-v : Verbose compilation
-S : Switch ON setuid for root callable programs [OFF]
-D : Switch on debug exec calls
-U : Make binary to be untraceable (using \f[I]strace\f[], \f[I]ptrace\f[], \f[I]truss\f[], etc.)
-H : Hardening. Extra security flag without root access requirement that protects against dumping, code injection, \f[C]cat /proc/pid/cmdline\f[], ptrace, etc.. This feature is \f[B]experimental\f[] and may not work on all systems. it require bourne shell (sh) scripts any positional parameters.
-C : Display license and exit
-A : Display abstract and exit
-B : Compile for BusyBox
-h : Display help and exit
CC : C compiler command \f[C][cc]\f[]
CFLAGS : C compiler flags \f[C][none]\f[]
LDFLAGS : Linker flags \f[C][none]\f[]
Compile a script which can be run on other systems with the trace option enabled (without \f[C]-U\f[] flag):
\f[C] shc -f myscript -o mybinary \f[]
Compile an untraceable binary:
\f[C] shc -Uf myscript -o mybinary \f[]
Compile an untraceable binary that doesn\[aq]t require root access (experimental):
\f[C] shc -Hf myscript -o mybinary \f[]
The maximum size of the script that could be executed once compiled is limited by the operating system configuration parameter \f[C]_SC_ARG_MAX\f[] (see sysconf(2))
Francisco Rosales <frosal@fi.upm.es>
intika <intika@librefox.org>
Md Jahidul Hamid <jahidulhamid@yahoo.com>
<https://github.com/neurobin/shc/issues>