A Bash script is a text file containing commands executed by the Bash shell interpreter. Running these scripts requires the Bash interpreter, and the script’s source code remains visible to anyone with access. In some cases, it is preferable to hide the source code and create a standalone executable. This can be achieved by converting the script into a binary file.
Using a tool like shc, you can compile Bash scripts into binary executables. The compiled binary obfuscates the source code, making it less accessible to users. Additionally, this allows the script to be distributed as a self-contained executable, reducing dependency on the Bash interpreter. However, keep in mind that this is not true encryption, and the original script can still be reverse-engineered with enough effort.
It is important to note that shc does not compile the script into machine code. Instead, it wraps the script in an obfuscated C program that is compiled into an executable. This method ensures the functionality of the original script remains intact while making it harder to view or modify the code directly.
Steps to compile bash script to binary:
- Install shc and required libraries.
$ sudo apt update && sudo apt install gcc shc #For //Ubuntu// / //Debian// systems. [sudo] password for user: Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: gcc shc 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 27.8 MB of archives. After this operation, 99.7 MB of additional disk space will be used. Do you want to continue? [Y/n] y ...
For other Linux distributions, install gcc and the required development tools. You can download the source code for shc from: https://github.com/neurobin/shc. Ensure you have a working C compiler (such as gcc) installed before attempting to compile shc from source.
- Compile your script using shc.
$ shc -f hello.sh $ ls -l hello* -rw-rw-r-- 1 user user 29 Mar 14 07:37 hello.sh -rwxrwxr-x 1 user user 14960 Mar 14 07:39 hello.sh.x -rw-rw-r-- 1 user user 10047 Mar 14 07:39 hello.sh.x.c
shc generates three files: the original Bash script (.sh), the compiled binary (.sh.x), and the intermediate C source code (.sh.x.c). The binary will be generated based on the platform architecture (e.g., x86-64). This file will execute the original script’s logic but in an obfuscated form.
- Verify the generated files.
$ ls -l hello* -rw-rw-r-- 1 user user 29 Mar 14 07:37 hello.sh -rwxrwxr-x 1 user user 14960 Mar 14 07:39 hello.sh.x -rw-rw-r-- 1 user user 10047 Mar 14 07:39 hello.sh.x.c
The .sh.x binary file is the compiled executable, while the .sh.x.c file is the generated C source code from your original script. The original .sh script remains unchanged. If you want to distribute the binary, you can ignore the .sh.x.c file.
- Check the type of the compiled file (optional).
$ file hello.sh.x hello.sh.x: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=22ba5ae2974d014bc0336e5888d076c82c697d64, stripped
The file output shows the compiled binary as an ELF 64-bit executable. The architecture and compatibility of the binary depend on the platform on which the script was compiled. This example output shows an x86-64 architecture on a Linux system.
- Rename the compiled binary (optional).
$ mv hello.sh.x hello
Renaming the binary makes it easier to distribute and execute. The file extension is unnecessary once it has been compiled into a standalone executable.
- Make the binary executable, if not already.
$ chmod +x hello
In most cases, the binary will already have the appropriate execute permissions set. Use chmod to ensure the binary is executable.
- Run the binary.
$ ./hello Alice Hello, Alice!
The binary now executes just like any other compiled program. It runs the logic defined in the original Bash script but without exposing the source code. Note that the compiled binary still relies on certain system libraries, so the target system should have compatible architecture and dependencies.
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.