1shc(1) shc(1)
2
6 shc - Generic shell script compiler
7
9 shc [ -e date ] [ -m addr ] [ -i iopt ] [ -x cmnd ] [ -l lopt ] [ -o
10 outfile ] [ -ABCDhUHvSr ] -f script
11
13 shc creates a stripped binary executable version of the script speci‐
14 fied with -f on the command line.
15 The binary version will get a .x extension appended by default if out‐
17 file is not defined with [-o outfile] option and will usually be a bit
18 larger in size than the original ascii code. Generated C source code
19 is saved in a file with the extension .x.c or in a file specified with
20 appropriate option.
21 If you supply an expiration date with the -e option, the compiled
23 binary will refuse to run after the date specified. The message Please
24 contact your provider will be displayed instead. This message can be
25 changed with the -m option.
26 You can compile any kind of shell script, but you need to supply valid
28 -i, -x and -l options.
29 The compiled binary will still be dependent on the shell specified in
31 the first line of the shell code (i.e. #!/bin/sh), thus shc does not
32 create completely independent binaries.
33 shc itself is not a compiler such as cc, it rather encodes and encrypts
35 a shell script and generates C source code with the added expiration
36 capability. It then uses the system compiler to compile a stripped
37 binary which behaves exactly like the original script. Upon execution,
38 the compiled binary will decrypt and execute the code with the shell -c
39 option. Unfortunately, it will not give you any speed improvement as a
40 real C program would.
41 shc's main purpose is to protect your shell scripts from modification
43 or inspection. You can use it if you wish to distribute your scripts
44 but don't want them to be easily readable by other people.
45
47 -e date : Expiration date in dd/mm/yyyy format [none]
48 -m message : message to display upon expiration ["Please con‐
50 tact your provider"]
51 -f script_name : File path of the script to compile
53 -i inline_option : Inline option for the shell interpreter i.e: -e
55 -x command : eXec command, as a printf format i.e:
57 exec(\\'%s\\',@ARGV);
58 -l last_option : Last shell option i.e: --
60 -o outfile : output to the file specified by outfile
62 -r : Relax security. Make a redistributable binary which executes on
64 different systems running the same operating system. You can release
65 your binary with this option for others to use
66 -v : Verbose compilation
68 -S : Switch ON setuid for root callable programs [OFF]
70 -D : Switch on debug exec calls
72 -U : Make binary to be untraceable (using strace, ptrace, truss, etc.)
74 -H : Hardening. Extra security flag without root access requirement
76 that protects against dumping, code injection, cat /proc/pid/cmdline,
77 ptrace, etc.. This feature is experimental and may not work on all
78 systems. it require bourne shell (sh) scripts any positional parame‐
79 ters.
80 -C : Display license and exit
82 -A : Display abstract and exit
84 -B : Compile for BusyBox
86 -h : Display help and exit
88
90 CC : C compiler command [cc]
91 CFLAGS : C compiler flags [none]
93 LDFLAGS : Linker flags [none]
95
97 Compile a script which can be run on other systems with the trace
98 option enabled (without -U flag):
99 shc -f myscript -o mybinary
101 Compile an untraceable binary:
103 shc -Uf myscript -o mybinary
105 Compile an untraceable binary that doesn't require root access (experi‐
107 mental):
108 shc -Hf myscript -o mybinary
110
112 The maximum size of the script that could be executed once compiled is
113 limited by the operating system configuration parameter _SC_ARG_MAX
114 (see sysconf(2))
115
117 Francisco Rosales <frosal@fi.upm.es>
118 intika <intika@librefox.org>
120 Md Jahidul Hamid <jahidulhamid@yahoo.com>
122
124 <https://github.com/neurobin/shc/issues>
125shc user manual January 14, 2019 shc(1)