Skip to content
/ binsh Public

Shell script obfuscation tool (compile, encrypt and passphrase-protect)

License

GPL-3.0 license
19 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

olbat/binsh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
binsh.c
binsh.c
 
 
build.sh
build.sh
 
 
encrypt.c
encrypt.c
 
 

Repository files navigation

binsh - obfuscate shell scripts

Overview

This tool allows to obfuscate shell scripts by embedding them in a compiled program, encrypting and passphrase-protect them.

The script is included in the compiled C program as a constant, when you run the program the script is executed using the specified shell's command (by default: /bin/sh -c --).

The running environment (arguments, environement variables, fds) is "forwarded" to the script.

Usage

To build the program that embeds the script

build.sh <script> <passphrase>|- [<output>] [<shell> <exec> <command> <...>]"

To run the program that embeds the script (compiled as binsh)

./binsh <passphrase>|- [<script> <arguments> <...>]

How does it work

The main idea is not to be able to determine what does the script do just by opening the script file.

First of all, the script is included as a constant in a compiled program so it's harder to understand what it does by just opening the file.

The script is encrypted using a simple key-based symetric encryption algorithm before the compilation so it's not possible to determine what the binary file does using softwares such as strings.

In the end, the script is decrypted at run time using the key in order to avoid the binary to be analysed using softwares such a strace (without the key you can't run the script).

Examples

Compile then run a script using a passphrase

./build.sh script.sh p4ssphras3 script
# Build of 'script' successful

./script p4ssphras3 --opt 123
# ...

Compile then run a script using a key file

dd if=/dev/urandom of=keyfile bs=512 count=1
# 512 bytes (512 B) copied, ...

./build.sh script.sh - script < keyfile
# Build of 'script' successful

./script - --opt 123 < keyfile
# ...

Compile then run a Perl script

cat <<'EOF' > script.pl
use strict;
print 'ARGV: ["' . join('", "', @ARGV) . "\"]\n";
print 'ENV["TEST"]: ' . $ENV{"TEST"} . "\n";
EOF

./build.sh script.pl p4ssphras3 script /usr/bin/perl -w -- -
# Build of 'script' successful

TEST=123 ./script p4ssphras3 --abc "def hij" --klm
#ARGV: ["--abc", "def hij", "--klm"]
#ENV["TEST"]: 123

Compile then run a Python script

cat <<'EOF' > script.py
import sys
import os
print 'ARGV: ' + repr(sys.argv[1:])
print 'ENV["TEST"]: ' + os.environ.get('TEST')
EOF

./build.sh script.py p4ssphras3 script /usr/bin/python -Wall -
# Build of 'script' successful

TEST=123 ./script p4ssphras3 --abc "def hij" --klm
#ARGV: ['--abc', 'def hij', '--klm']
#ENV["TEST"]: 123

Compile then run a Ruby script

cat <<'EOF' > script.rb
puts "ARGV: " + ARGV.inspect
puts 'ENV["TEST"]: ' + ENV['TEST']
EOF

./build.sh script.rb p4ssphras3 script /usr/bin/ruby -w -- -
# Build of 'script' successful

TEST=123 ./script p4ssphras3 --abc "def hij" --klm
#ARGV: ["--abc", "def hij", "--klm"]
#ENV["TEST"]: 123

About

Shell script obfuscation tool (compile, encrypt and passphrase-protect)

Topics

obfuscation shell-script

Resources

Readme

License

GPL-3.0 license
Activity

Stars

19 stars

Watchers

3 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages