How do I encrypt a bash script file as aes 256 base64 and convert it to a linux executable?
I encrypted it as aes 256 base64 but I can't run it
Asked
Active
Viewed 135 times
3 Answers
3
You can't encrypt your source code and run it. You can use obfuscation techniques to make the code harder to read. Or if you want the executable to be (kind of) secure against side channels, you can use white-box cryptography techniques.
Mairon
- 621
- 8
- 21
-
someone i know managed to do this, encrypted it with aes 256 and converted it into an elf linux executable I have the file but I can't read it – Saracens Nov 07 '22 at 10:02
-
If I send you the encrypted file I have, can you understand how you encrypted it? – Saracens Nov 07 '22 at 10:07
-
3@Saracens: by definition if you can get a computer to run code, you can also get a computer to inspect that code, since running the code requires *reading* the code. You might make it non-obvious what the code does by adding various levels of obfuscation, but if it's encrypted, then the code must be able to decrypt itself before executing and that decryption can be hijacked to view the code. – Joachim Sauer Nov 07 '22 at 10:40
-
2Also (and this might be painful to hear): just because *you* can't read it, doesn't mean that it can't be read. What you're describing is basically obfuscation (i.e. making it *harder* to read the code, but not impossible). – Joachim Sauer Nov 07 '22 at 11:05
0
A way to do it is to build a self-extracting application, like AppImage format, or a simple self-extracting script.
Basically, a self-extracting application is composed of a specific executable (ELF binary or bash script or whatever) in charge of unpacking an archive file embedded in the executable file and execute the unpacked application. In your case, a decryption step must be added.
mouviciel
- 66,855
- 13
- 106
- 140
-
my main point is if i can encrypt my bash script file with aes 256 they will not be able to access my file's source code. shc is breaking, if there is another method you know, I would be happy – Saracens Nov 07 '22 at 10:25
-
Only the payload is encrypted, not the extractor. This is the extractor's duty to decrypt the payload. – mouviciel Nov 07 '22 at 12:58
0
You can't encrypt whole script there have to be a part to decrypt it. Create a script like this:
$ cat enc
#!/bin/bash
sed '1,/encrypted part/d;1,/encrypted part/d' $0 | base64 -d > test2
chmod +x test2
./test2
exit
#-------------{ encrypted part }---------------
And the one that will be encrypted like this:
$ cat test
#!/bin/bash
echo ok
$ base64 test >> enc
The result:
$ cat enc
#!/bin/bash
sed '1,/encrypted part/d;1,/encrypted part/d' $0 | base64 -d > test2
chmod +x test2
./test2
exit
#-------------{ encrypted part }---------------
IyEvYmluL2Jhc2gKZWNobyBvawo=
Now try it:
$ ./enc
ok
Ivan
- 6,188
- 1
- 16
- 23
-
1Of course, if the decryption is in clear text, it is trivial for the user to extract it and run only that to see what the decrypted script looks like. – tripleee Nov 07 '22 at 10:40
-
2
-