3.55 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
[![build status image](](
[![GitHub stars](](
[![GitHub forks](](
[![GitHub issues](](

# Shell Script Compiler

A generic shell script compiler. Shc takes a script, which is specified on the command line and produces C source code. The generated source code is then compiled and linked to produce a stripped binary executable.

The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e shebang) (i.e. #!/bin/sh), thus shc does not create completely independent binaries.

shc itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell -c option.

## Install

sudo make install

**Note** If `make` fails due to *automake* version, run `./` before running the above commands.

### Ubuntu-specific

sudo add-apt-repository ppa:neurobin/ppa
sudo apt-get update
sudo apt-get install shc

If the above installation method seems like too much work, then just download a compiled binary package from [release page]( and copy the `shc` binary to `/usr/bin` and `shc.1` file to `/usr/share/man/man1`.

## Usage

shc [options]
shc -f -o binary
shc -U -f -o binary # Untraceable binary (prevent strace, ptrace etc..)
shc -H -f -o binary # Untraceable binary, does not require root (only bourne shell (sh) scripts with no parameter)

## The hardening flag -H

This flag is currently in an experimental state and may not work in all systems. This flag only works for **default** shell. For example, if you compile a **bash** script with `-H` flag then the resultant executable will only work in systems where the default shell is **bash**. You may change the default shell which generally is `/bin/sh` which further is just a link to another shell like bash or dash etc.

**Also `-H` does not work with positional parameters (yet)**

## Testing

make check

## Known limitations

The one (and I hope the only) limitation using shc is the _SC_ARG_MAX system configuration parameter.
It limits the maximum length of the arguments to the exec function, limiting the maximum length of the runnable script of shc.


## Links

1. [Man Page](
2. [Web Page](

# Contributing

If you want to make pull requests, please do so against the **master** branch. The default branch is **release** which should contain clean package files ready to be used.

If you want to edit the manual, please edit the **** file (available in the master branch) instead and then generate the manual file from it with the command (requires `pandoc` to be installed):

pandoc -s -t man -o shc.1
#also run this command to generate the html manual
pandoc -s -t html -o man.html

If you change anything related to autotools, please run `./` afterwards.