Paranoid Penguin - Limitations of shc, a Shell Encryption Utility

shc is a popular tool for protecting shell scripts that contain sensitive information such as passwords. Its popularity was driven partly by auditors' concern over passwords in scripts. shc encrypts shell scripts using RC4, makes an executable binary out of the shell script and runs it as a normal shell script. Although the resulting binary contains the encryption password and the encrypted shell script, it is hidden from casual view.

At first, I was intrigued by the shc utility (www.datsi.fi.upm.es/~frosal/sources/shc.html) and considered it as a valuable tool in maintaining security of sensitive shell scripts. However, upon further inspection, I was able to extract the original shell script from the shc-generated executable for version 3.7. Because the encryption key is stored in the binary executable, it is possible for anyone with read access to the executable to recover the original shell script. This article details the process of extracting the original shell executable from the binary generated by shc.

shc is a generic shell script compiler. Fundamentally, shc takes as its input a shell script, converts it to a C program and runs the compiler to compile the C code. The C program contains the original script encrypted by an arbitrary key using RC4 encryption. RC4 is a stream cipher designed in RSA laboratories by Ron Rivest in 1987. This cipher is used widely in commercial applications, including Oracle SQL and SSL. Listing 1 demonstrates running shc.

[user1@shiraz test]# cat pub.sh
#!/bin/sh
echo "Hello World"
user1@shiraz test]# ./pub.sh
Hello World
[user1@shiraz test]# shc -v -r -f pub.sh
shc shll=sh
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc  pub.sh.x.c -o pub.sh.x
shc: strip pub.sh.x
[user1@shiraz test]# ls
pub.sh pub.sh.x pub.sh.x.c
[user1@shiraz test]# ./pub.sh.x
Hello World

The two new files, named with the .x and .x.c extensions to the name of the source shell script, are the executable and an intermediate C version. Upon executing pub.sh.x, the original shell source is executed. shc also specifies a relax option, -r. The relax option is used to make the executable portable. Basically, shc uses the contents of the shell interpreter itself, such as /bin/sh, as a key. If the shell binary were to change, for example, due to system patching or by moving the binary to another system, the shc generated binary does not decrypt nor execute.

I inspected the shell executable using strings and found no evidence of the original shell script. I also inspected the intermediate C source code and noted that it stores the shell script in encrypted octal characters, as depicted in Listing 2.

static  char text[] =
    "\223\004\215\264\102\216\322\060\300\070\101\217\277\161\033\130"
    "\217\145\370\170\106\257\176\301\057\132\172\044\217\247\276\222"
    "\203\076\334\201\323\107\064\334\120\132\001\241\267\052\203\216"
    "\116\232\156\337\121\145\235\003\156\244\142\246\117\200\206\014"
    "\004\153\372\152\030\262\171\275\137\342\247\367\231\315\353\151"
    "\264\241\230\105\344\053\034\247\342\142\156\305\327\255\036\111"
    "\234\061\013\355\300\336\324\257\175\124\222\044\132\040\276\067"
    "\007\002\371\063\021\320\060";

The C source code also includes as arrays the password as well as other encrypted strings. Therefore, anyone with access to the source code easily can decrypt and view the contents of the original shell script. But what about the original shell binary executable generated by shc? Is it possible to extract the original shell script from nothing but the binary executable? The answer to this question is explored in the next section.

I generated and reviewed the C source code for several shell scripts to better understand how the shell source is encrypted and decrypted. Fundamentally, shc uses an implementation of RC4 that was posted to a Usenet newsgroup on September 13, 1994. I set off by first identifying the encryption key and the encryption text. The objdump utility came in handy for this. bjdump, part of GNU binutils, displays information about object files. First, we use objdump to retrieve all static variables, for this is where the encryption key and the encrypted shell text are stored. Listing 3 provides a brief overview of objdump.