Commit ca402e19 authored by TheOuterLinux's avatar TheOuterLinux

...

parent f9cfbc40
Francisco Garcia <frosal@fi.upm.es>
MD. JAHIDUL HAMID <jahidulhamid@yahoo.com>
This diff is collapsed.
CHANGES
4.0.1 Tue Nov 20 08:22:20 UTC 2018
* Add LDFLAGS environment variable (Thanks to zboszor <https://github.com/zboszor>)
4.0.0 Mon Nov 12 16:54:56 UTC 2018
* Add -H option for extra security without root (Thanks to intika <https://github.com/intika>). It protects against dumping, code injection, `cat /proc/pid/cmdline`, ptrace, etc.. (only works with Bourne shell (sh) scripts with no parameter)
* Add -s option to force single process for hardening features (requires -H) <https://github.com/intika>. (only works with Bourne shell (sh) scripts with no parameter)
* dash support
3.9.8 Sat Oct 20 17:49:28 UTC 2018
* Add setuid option -S (Thanks to Boon Pang <https://github.com/wombat78>)
3.9.7 Sat Oct 20 15:25:13 UTC 2018
* Fix issue #58
3.9.6 Sat Jun 3 10:05:03 UTC 2017
* Fix issue #38
3.9.5 Wed May 31 01:35:33 UTC 2017
* Fix issue #36
3.9.4 Sat May 13 18:46:05 UTC 2017
* Fix issue #23 (debian bug #861180) (Thanks to original author Francisco Rosales <frosal@fi.upm.es>)
3.9.3 Sat Jul 30 18:46:34 BDT 2016
* zsh support
* Fix issue #13 (https://github.com/neurobin/shc/issues/13)
3.9.2 Fri Aug 21 16:12:33 BDT 2015
Added BusyBox support with patch taken from:
https://onedrive.live.com/prev?cid=18a41d08a9f3c543&id=18A41D08A9F3C543!231&authkey=!AJQ6Iah_5D3WJ60&v=TextFileEditor
as suggested by https://github.com/marcoburatto
3.9.1 Fri Apr 03 00:22:11 GMT 2015
Renamed option -T to -U and reversed it's logic.
So now, the executable prepared will execute without using sudo,
by default.
3.9.0 Wed Apr 01 08:35:22 AM GMT 2015
(http://github.com/neurobin)
Added output file option with [-o filename]
and fixed bug on make install (manual install failed)
Now you can access manual by entering command: man shc
in a terminal.
3.8.9 Wed Apr 25 09:24:25 CEST 2012
Thanks to Giacomo Picconi <giacomo.picconi@gpstudio.com> for:
- Fixing a long standing bug making the source not hidden.
3.8.8 Mon Nov 28 11:26:25 CEST 2012
"me".
3.8.7 Wed Feb 10 20:40:37 CET 2010
- Bug on 64bit systems with expiration dates.
3.8.6 Fri Jul 7 15:54:39 CEST 2006
Thanks to George Danchev <danchev@spnet.net> for:
- License clarification about the rc4 implementation.
3.8.5 Fri Oct 21 13:11:36 CEST 2005
Thanks to Jukka A. Ukkonen <jau(a)iki.fi> for:
- Fixed untraceable() problems on FreeBSD.
3.8.4 Tue Oct 4 16:52:15 CEST 2005
Thanks to Ron McOuat for:
- Fixed sma11 -d option bug.
3.8.3 Tue Jun 28 21:29:06 CEST 2005
Thanks to Jacek Kalinski <jacek@dyski.one.pl> for:
- Fixed bug: "vfork" fails on multiprocessor systems.
3.8.2 Thu Jun 16 17:15:59 CEST 2005
Thanks to Arjen Visser <arjen.visser@avisit.co.nz> for:
- Fixed bug: "rlax" used after encryption.
Thanks to Nalneesh Gaur <Nalneesh.Gaur@accenture.com> for:
- Read permision of the script.x exposes it to disassembling.
- Group and others read permision is now removed by default.
3.8 Thu Nov 4 20:33:52 CET 2004
Fixed incorrect implementation on rc4.
Hidden all the binary executable symbols but one.
Expiration date and most strings are encrypted too.
All the encrypted payload is now randomized.
3.7 Wed Jun 18 16:32:26 CEST 2003
Thanks to Philipp Koller <philipp@open.ch> for:
- Removed all strings in the compiled script.
- Improved program output and error messages.
- The -m option allows to define the *complete* expiration message.
- Updated manpage shc.1.
Thanks to Bryan <bryan.hogan@dstintl.com> for:
- Fix wrong $0 on ksh.
3.6 Fri Feb 21 09:40:32 CET 2003
Two new options:
-D switch on Debug exec calls.
-T switch off unTraceable.
Bash does not need -- after -c.
3.5 Mon Jan 20 19:08:43 CET 2003
Rewrite of large strings to silence the ISO C89 compiler
warnings about strings larger than 509 characters.
3.4 Tue Apr 16 17:43:12 CEST 2002
Remove "bad alignment" problem on AIX and other systems.
Where exists, use /proc/<pid>/as in untraceable.
3.3 Thu Jan 24 21:27:07 CET 2002
Prevent to ptrace the process.
3.2 Tue Mar 9 19:03:54 CET 1999
Find ancient pclose that must be fclose.
3.1 Tue Feb 16 21:36:59 CET 1999
Fixed a misbehavior on scripts with a in-frist-line option
equal to "end of options" (i.e. #!/bin/sh -- )
(Thanks to Bernard Blundell <blundell@lts.sel.alcatel.de>)
Stupid GCC "warning: return type of `main' is not `int'" removed.
3.0 Tue Oct 14 14:20:52 MET DST 1997
Added a new option "-r" to force a relaxed security and
so make a redistributable binary.
Modified expiration day format. Now is dd/mm/yyyy.
3.0b3 Fri Jun 6 22:09:05 WET DST 1997
Yet other few bugs fixed.
Output format simplified.
-pedantic compilation.
3.0b2 Tue Jun 3 17:51:51 GMT 1997
Some explicit type conversions removed.
Fixed the bug "END_OF_FILE" when compiling the generated code.
A flush is needed before a pclose.
st_blksize and st_blocks struct stat fields does not exist on
SCO, both not used now.
3.0b1 Wed Feb 26 14:27:22 WET 1997
The main difference with 2.4 is that in it the script was
compressed an then shuffle around, now int 3.0 the script is encripted
with an inline code, so not needend any external comand to work, and been
faster at startup. Other related adventage is that the only information
not encripted in .x.c is an stamp, expiration date and provider email
address.
Something equivalent to cheksums have been used to enforced at
execution that the executing shell has not been modified from the time
the script was compiled. If anybody tries to change the excuting shell,
.x will refuse to execute.
The generated .x.c source code is now readable.
This diff is collapsed.
[![build status image](https://travis-ci.org/neurobin/shc.svg?branch=release)](https://travis-ci.org/neurobin/shc)
[![GitHub stars](https://img.shields.io/github/stars/neurobin/shc.svg)](https://github.com/neurobin/shc/stargazers)
[![GitHub forks](https://img.shields.io/github/forks/neurobin/shc.svg)](https://github.com/neurobin/shc/network)
[![GitHub issues](https://img.shields.io/github/issues/neurobin/shc.svg)](https://github.com/neurobin/shc/issues)
# Shell Script Compiler
A generic shell script compiler. Shc takes a script, which is specified on the command line and produces C source code. The generated source code is then compiled and linked to produce a stripped binary executable.
The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e shebang) (i.e. #!/bin/sh), thus shc does not create completely independent binaries.
shc itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell -c option.
## Install
```bash
./configure
make
sudo make install
```
**Note** If `make` fails due to *automake* version, run `./autogen.sh` before running the above commands.
### Ubuntu-specific
```
sudo add-apt-repository ppa:neurobin/ppa
sudo apt-get update
sudo apt-get install shc
```
If the above installation method seems like too much work, then just download a compiled binary package from [release page](https://github.com/neurobin/shc/releases/latest) and copy the `shc` binary to `/usr/bin` and `shc.1` file to `/usr/share/man/man1`.
## Usage
```
shc [options]
shc -f script.sh -o binary
shc -U -f script.sh -o binary # Untraceable binary (prevent strace, ptrace etc..)
shc -H -f script.sh -o binary # Untraceable binary, does not require root (only bourne shell (sh) scripts with no parameter)
shc -H -s -f script.sh -o binary # Untraceable binary running in a singe process, does not require root (only bourne shell (sh) scripts with no parameter)
```
## The hardening flag -H
This flag is currently in an experimental state and may not work in all systems. This flag only works for **default** shell. For example, if you compile a **bash** script with `-H` flag then the resultant executable will only work in systems where the default shell is **bash**. You may change the default shell which generally is `/bin/sh` which further is just a link to another shell like bash or dash etc.
**Also `-H` does not work with positional parameters (yet)**
## Testing
```bash
./configure
make
make check
```
## Known limitations
The one (and I hope the only) limitation using shc is the _SC_ARG_MAX system configuration parameter.
It limits the maximum length of the arguments to the exec function, limiting the maximum length of the runnable script of shc.
!! - CHECK YOUR RESULTS CAREFULLY BEFORE USING - !!
## Links
1. [Man Page](http://neurobin.github.io/shc/man.html)
2. [Web Page](http://neurobin.github.io/shc)
# Contributing
If you want to make pull requests, please do so against the **master** branch. The default branch is **release** which should contain clean package files ready to be used.
If you want to edit the manual, please edit the **man.md** file (available in the master branch) instead and then generate the manual file from it with the command (requires `pandoc` to be installed):
```bash
pandoc -s man.md -t man -o shc.1
#also run this command to generate the html manual
pandoc -s man.md -t html -o man.html
```
If you change anything related to autotools, please run `./autogen.sh` afterwards.
shc(1) shc(1)
NAME
shc - Generic shell script compiler
SYNOPSIS
shc [ -e date ] [ -m addr ] [ -i iopt ] [ -x cmnd ] [ -l lopt ] [ -o outfile ] [ -ABCD‐
hUHsvSr ] -f script
DESCRIPTION
shc creates a stripped binary executable version of the script specified with -f on the
command line.
The binary version will get a .x extension appended by default if outfile is not defined
with [-o outfile] option and will usually be a bit larger in size than the original ascii
code. Generated C source code is saved in a file with the extension .x.c or in a file
specified with appropriate option.
If you supply an expiration date with the -e option, the compiled binary will refuse to
run after the date specified. The message Please contact your provider will be displayed
instead. This message can be changed with the -m option.
You can compile any kind of shell script, but you need to supply valid -i, -x and -l
options.
The compiled binary will still be dependent on the shell specified in the first line of
the shell code (i.e. #!/bin/sh), thus shc does not create completely independent bina‐
ries.
shc itself is not a compiler such as cc, it rather encodes and encrypts a shell script and
generates C source code with the added expiration capability. It then uses the system
compiler to compile a stripped binary which behaves exactly like the original script.
Upon execution, the compiled binary will decrypt and execute the code with the shell -c
option. Unfortunatelly, it will not give you any speed improvement as a real C program
would.
shc's main purpose is to protect your shell scripts from modification or inspection. You
can use it if you wish to distribute your scripts but don't want them to be easily read‐
able by other people.
OPTIONS
-e date : Expiration date in dd/mm/yyyy format [none]
-m message : message to display upon expiration ["Please contact your provider"]
-f script_name : File path of the script to compile
-i inline_option : Inline option for the shell interpreter i.e: -e
-x command : eXec command, as a printf format i.e: exec(\\'%s\\',@ARGV);
-l last_option : Last shell option i.e: --
-o outfile : output to the file specified by outfile
-r : Relax security. Make a redistributable binary which executes on different systems
running the same operating system. You can release your binary with this option for oth‐
ers to use
-v : Verbose compilation
-S : Switch ON setuid for root callable programs [OFF]
-D : Switch on debug exec calls
-U : Make binary to be untraceable (using strace, ptrace, truss, etc.)
-H : Hardening. Extra security flag without root access requirement that protects against
dumping, code injection, cat /proc/pid/cmdline, ptrace, etc.. This feature is experimen‐
tal and may not work on all systems. This option currently only works with Bourne shell
(sh) scripts without any positional parameters.
-s : Hardening with single process. Requires -H option, runs the binary in a single
process, shell is called in the main process otherwise its called in a child process.
This feature is experimental (may hang) and may not work on all systems. This option cur‐
rently only works with Bourne shell (sh) scripts without any positional parameters.
-C : Display license and exit
-A : Display abstract and exit
-B : Compile for BusyBox
-h : Display help and exit
ENVIRONMENT VARIABLES
CC : C compiler command [cc]
CFLAGS : C compiler flags [none]
LDFLAGS : Linker flags [none]
EXAMPLES
Compile a script which can be run on other systems with the trace option enabled (without
-U flag):
shc -f myscript -o mybinary
Compile an untraceable binary:
shc -Uf myscript -o mybinary
Compile an untraceable binary that doesn't require root access (experimental):
shc -Hf myscript -o mybinary
LIMITATIONS
The maximum size of the script that could be executed once compiled is limited by the
operating system configuration parameter _SC_ARG_MAX (see sysconf(2))
AUTHORS
Francisco Rosales <frosal@fi.upm.es>
Md Jahidul Hamid <jahidulhamid@yahoo.com>
REPORT BUGS TO
<https://github.com/neurobin/shc/issues>
shc user manual January 14, 2019 shc(1)
shc Version 4.0.1, Generic Shell Script Compiler
shc GNU GPL Version 3 Md Jahidul Hamid <jahidulhamid@yahoo.com>
shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-o outfile] [-rvDSUHCABhs] -f script
-e %s Expiration date in dd/mm/yyyy format [none]
-m %s Message to display upon expiration ["Please contact your provider"]
-f %s File name of the script to compile
-i %s Inline option for the shell interpreter i.e: -e
-x %s eXec command, as a printf format i.e: exec('%s',@ARGV);
-l %s Last shell option i.e: --
-o %s output filename
-r Relax security. Make a redistributable binary
-v Verbose compilation
-S Switch ON setuid for root callable programs [OFF]
-D Switch ON debug exec calls [OFF]
-U Make binary untraceable [no]
-H Hardening : extra security protection [no]
untraceable, undumpable, etc. and root is not required
* currently only works with bourne shell (sh)
* does not work with positional parameters
-s Hardening : use a single process (no child) [no]
option available only with -H otherwise its ignored
experimental feature may hang...
* currently only works with bourne shell (sh)
* does not work with positional parameters
-C Display license and exit
-A Display abstract and exit
-B Compile for busybox
-h Display help and exit
Environment variables used:
Name Default Usage
CC cc C compiler command
CFLAGS <none> C compiler flags
LDFLAGS <none> Linker flags
Please consult the shc man page.
......@@ -12,4 +12,5 @@ ncurses - create text-based user interfaces for the terminal
octave - a high-level interactive language for numerical computations
parallel - run programs in parallel
python - an interpreted, interactive, object-oriented programming language
shc - generic shell script compiler
yabasic - yet another Basic
......@@ -75,6 +75,27 @@ curl -X GET --header 'Accept: text/plain' 'https://api.picarto.tv/v1/channel/id/
Get information about a channel by name:
curl -X GET --header 'Accept: application/json' 'https://api.picarto.tv/v1/channel/name/CHANNELNAME'
Viewer count:
curl -s -X GET --header 'Accept: application/json' https://api.picarto.tv/v1/channel/name/CHANNELNAME | cut -d '"' -f15 | sed 's/://g; s/,//g'
Follower count:
curl -s -X GET --header 'Accept: application/json' https://api.picarto.tv/v1/channel/name/CHANNELNAME | cut -d '"' -f37 | sed 's/://g; s/,//g'
Subscriber count:
curl -s -X GET --header 'Accept: application/json' https://api.picarto.tv/v1/channel/name/CHANNELNAME | cut -d '"' -f39 | sed 's/://g; s/,//g'
Adult (True/False):
curl -s -X GET --header 'Accept: application/json' https://api.picarto.tv/v1/channel/name/CHANNELNAME | cut -d '"' -f41 | sed 's/://g; s/,//g'
Category:
curl -s -X GET --header 'Accept: application/json' https://api.picarto.tv/v1/channel/name/CHANNELNAME | cut -d '"' -f44 | sed 's/://g; s/,//g'
Stream Title:
curl -s -X GET --header 'Accept: application/json' https://api.picarto.tv/v1/channel/name/CHANNELNAME | cut -d '"' -f56 | sed 's/://g; s/,//g'
Commissions:
curl -s -X GET --header 'Accept: application/json' https://api.picarto.tv/v1/channel/name/CHANNELNAME | cut -d '"' -f51 | sed 's/://g; s/,//g'
Get all videos for a channel by id:
curl -X GET --header 'Accept: text/plain' 'https://api.picarto.tv/v1/channel/id/CHANNEL_ID/videos'
......
......@@ -267,6 +267,7 @@ sensors - print sensors information
setnet.sh - minimalist shell script for network configuration with dialog
interface
sftp - secure file transfer program
shc - generic shell script compiler
shred - overwrite a file to hide its contents, and optionally delete it
shuf - outputs randomly shuffled line-by-line file content or list of files/folders
soffice - use --headless flag to edit/convert documents; comes with LibreOffice or OpenOffice
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment