liberize / ssc Goto Github PK

edit

Hi,

I tested with a relatively small one of my shell script, which is only ~ 1.3k in size (1323).

The generated file is nearly 70k (68384). In comparison, the shc generated file is about 20k (21120).

This somewhat surprises me, as the shc generated file is a standalone one that can be executed by itself, yet the ssc generated one still needs an interpreter.

I know people would say that disk space is nothing, but I'm just wondering why there's such huge differences between the two. thanks.

UPDATE:

Tried a normal-sized of my script, close to 30k (29906), and the size different is less than doubled (58704 vs 97064), just FTA.

When I launch the bin file generated by ssc, I need to be at least sudoer, that I would like to avoid as non root or sudoer user should launch the bin file. How I can do that ? Do I have any parameters that I need to set when I launch ssc ?
For information, I compile bash scripts.
Thank you for your reply.

ho uno script shell dove all'interno mi serve recuperare il nome dello script, esempio:

#!/bin/bash
script_name=$(basename "$0")
echo "$script_name"

./test.sh
test.sh

ssc -u test.sh test
./test
3

once the script has been compiled with ssc, it seems that it no longer retrieves basename... how can this be remedied?

Thanks

There is an issue when a Bash script is encrypted using ./ssc -s -u

if it contains any block structures inside, such as JSON, nginx.conf, etc.
The structure changes to a single line

This problem also affects other configuration files with block structures, such as nginx.conf, etc.

could you please fix the issue ?
thanks

example block structures inside bash script:
cat > example.json << END
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "info"
}
END

output run script encrypted:
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "info"
}

What does the "in this case" mean here?
Does it means only for busybox?
Why the test bash-static one has to do it in the end please? thx.

Unless I'm missing something here is a simple way to bypass the '-u' flag:

#!/bin/sh

strace -vf -p $$ -s 256 -o strace.log &
exec ./ssc-script

ssc-script is the real script compiled by the SSC utility.

Can we make that SSC will abort execution if strace is attached already to its process?

Thank you.

Hello,

I'm compiling my script with following options:
ssc -0 -4 -u -s -r -i /bin/bash -e ./bash script.src script

I know the interpreter gets unpacked to a subfolder in /tmp upon execution.
Is there a way to find a real path to the unpacked interpreter from the script?

I want to run MD5 sum check on it before executing the main part of the script.

Or maybe to force a path where the interpreter should be unpacked?
(must overwrite the existing file)

Thanks

apt install g++-aarch64-linux-gnu binutils-aarch64-linux-gnu
CROSS_COMPILE=aarch64-linux-gnu- ./ssc script binary

is this willl make a script support and run for aarch64 & x64/86_64 ?

/tmp/ssc/
必须手动创建。。。。工具没有自动创建这个目录
mux/files/home/ssc/二进制; exit &>/dev/null <
create output directory failed: No such file or directory

[进程已结束 (error 1) - 按回车关闭]

mux/files/home/ssc/二进制; exit &>/dev/null <
create output directory failed: No such file or directory

[进程已结束 (error 1) - 按回车关闭]

-e sh

When I was trying to convert a file in another directory, It threw an error in Perl Regex:

Used command:

 ./ssc -u -s ~/exec.sh mains -v

Result:

+ CXXFLAGS=' -DUNTRACEABLE -static -static-libgcc -static-libstdc++ -v'
+ shift
+ '[' -n '' ']'
+ eval set -- '"/home/oem/exec.sh"' '"mains"'
++ set -- /home/oem/exec.sh mains
+ '[' -n '' -o 2 '!=' 2 ']'
++ dirname ./ssc
+ DIR=.
+ perl -pe 's/SCRIPT_FILE_NAME//home/oem/exec.sh/g; s/SCRIPT_CONTENT/`cat '\''/home/oem/exec.sh'\''`/ge' ./main.cpp
Unknown regexp modifier "/h" at -e line 1, at end of line
Unknown regexp modifier "/h" at -e line 1, near "; "
Can't find string terminator "`" anywhere before EOF at -e line 1.
+ exit 1

Maybe need to escape \ character?

When running the binary in the embedded environment I need to create the symlink manually after mounting devtmpfs:
ln -s /proc/self/fd /dev/fd

Perhaps SSC could create this link by itself if its missing?
Once symlink is in place then binary works as expected.

想在shell脚本中包含密码类信息，会被逆向么。执行的时候我用了 -4 -r -s -u 参数

what packages are necessary to successfully build the binary pls?

UTSL, I saw perl, g++, and clang++?

I.e., clang is "C, C++ and Objective-C compiler", if I have clang do I still need g++, or vice versa?

I.e., what are the minimum packages necessary for building under Debian and MacOS (homebrew & macport) please?

Thanks

Please add CXXFLAGS for rc4 otherwise cross compilation fails when '-s' (static) and '-4' flags are used.

Please change:
[ -f ./rc4 ] || $CXX -std=$CXX_STANDARD "$DIR/rc4.cpp" -o rc4 || exit 1

to:
[ -f ./rc4 ] || $CXX $CXXFLAGS -std=$CXX_STANDARD "$DIR/rc4.cpp" -o rc4 || exit 1

Thank you

Hi, love the project, thank you so much for it!

I am trying to use this to hide a process from myself such that I cannot kill it. Using this project I was able to get rid of the script name being listed (and greppable) in ps output. However, all processes spawned that were compiled using ssc are now called /bin/zsh /dev/fd/3. Is there any way I can change this? Ideally I would set it to a random string that mimic or closely resemble existing processes on my PC.

Thanks!

The design of ssc is significantly secure than shc, but one major question --

can the script read from pipe as input, to act as a filter?
I.e., can the compiled binary "behaves exactly like the original script"?

Hi Paul,

Can we mount proc filesystem automatically in case:

a) its not mounted already
b) ssc script was run as root

Right now I need to use another utility to mkdir /proc and mount 'proc' filesystem before I can use SSC compiled script.

Thank you.

This happen while using Termux for compile a shell script, as my attempts to make a working binary on Android environment since binary that compiled on linux won't work in Android, throwing error env: exec mtkfest: No such file or directory.

$ bash ssc -u mtkfest mtkfest.x
mtkfest.cpp:10:10: fatal error: 'wordexp.h' file not found
   10 | #include <wordexp.h>
      |          ^~~~~~~~~~~
1 error generated.

原脚本是source了一个脚本，以加载一些函数，现在这两个脚本都被加密了，由于它们都是二进制文件，所以无法正常source

There are two scripts:

• scriptA
• scriptB, scriptB is called within scriptA with full path.

Use ssc to compile scriptA, got scriptA.x, and compile scriptB, got scriptB.x.

Run the cmd, ./scriptA, and I got the following message,

/bin/bash: --: invalid option
Usage:	/bin/bash [GNU long option] [option] ...
	/bin/bash [GNU long option] [option] script-file ...
GNU long options:
	--debug
	--debugger
	--dump-po-strings
	--dump-strings
	--help
	--init-file
	--login
	--noediting
	--noprofile
	--norc
	--posix
	--pretty-print
	--rcfile
	--rpm-requires
	--restricted
	--verbose
	--version
Shell options:
	-ilrsD or -c command or -O shopt_option		(invocation only)
	-abefhkmnptuvxBCHP or -o option

While the same script works fine with shc.

Many *nix based script use shebang that begins with env, like for my perl script, I'll begin them with

#! /usr/bin/env -S perl -p

Would such scripts be supported, even if they don't have the proper extension with them? thx

我修改了创建位置已经解决了问题，还一个问题就是libandroid-wordexp.so，你有静态库吗？libandroid-wordexp.a

Does it support fish script?

How do we get rid of this message from the kernel log?

Thank you.

Compiling in Termux, it runs normally when execute the encrypted file directly, but when placed in /data/local/tmp on the same phone to run, it prompts: "parse shebang failed: Success." The shell script is as follows:

#!/system/bin/sh
echo "hello world"

please provide a setup tutorial