Results

See more...

How to Hide Source Code in a Bash Script

Recently I was working on a bash script for automating a SSH/Telnet process. The code I developed worked fine, however I spent quite a lot of time on how to secure my code. I didn't want anyone to tamper/alter my code, well that was easy, I just needed to change permissions via Chmod, but I also wanted that no one should be able to see my bash script since I worked very hard on it :) I wasn’t able to find a proper solution, there were couple of solutions available but they were PRO solutions i-e they were costing, I wanted a free solution.

The conclusion of my digging on this issue was that there isn’t any free solution to this, but there are few workarounds with which you can hide your source to some extend. I will explain these workaround in detail below:

First, little description about how to use Chmod to edit permissions of your bash script, following is a nicely complied tutorial I found on internet about Chmod with examples:

Syntax


    * chmod [OPTION]... MODE[,MODE]... FILE...
    * chmod [OPTION]... OCTAL-MODE FILE...
    * chmod [OPTION]... --reference=RFILE FILE...

    * -c, --changes like verbose but report only when a change is made
    * --no-preserve-root           do not treat `/' specially (the default)
    * --preserve-root Fail to operate recursively on `/'
    * -f, --silent, --quiet suppress most error messages
    * -v, verbose output a diagnostic for every file processed
    * --reference=RFILE use RFILE's mode instead of MODE values
    * -R, --recursive change files and directories recursively
    * --help display this help and exit
    * --version output version information and exit

Permissions:


    * u - User who owns the file.
    * g - Group that owns the file.
    * o - Other.
    * a - All.
    * r - Read the file.
    * w - Write or edit the file.
    * x - Execute or run the file as a program.

Numeric Permissions:

CHMOD can also to attributed by using Numeric Permissions:


    * 400 read by owner
    * 040 read by group
    * 004 read by anybody (other)
    * 200 write by owner
    * 020 write by group
    * 002 write by anybody
    * 100 execute by owner
    * 010 execute by group
    * 001 execute by anybody

Examples:

The above numeric permissions can be added to set a certain permission, for example, a common HTML file on a Unix server to be only viewed over the Internet would be:

chmod 644 file.htm

This gives the file read/write by the owner and only read by everyone else (-rw-r--r--).

Files such as scripts that need to be executed need more permissions. Below is another example of a common permission given to scripts, this is most comenly used in bash scripting

chmod 755 file.cgi

This would be the following 400+040+004+200+020+100+010+001 = 775 where you are giving all the rights but the capability for anyone to edit your file.cgi (-rwxr-xr-x).

Finally, another common CHMOD permission is 666, as shown below, which is read and write by everyone.

chmod 666 file.txt

How to Hide the Code

Now the tricky part, how to hide the bash script code, well I came to find only two workarounds for this:

- Encrypt the Code with dummy cipher data

You can encrypt your source code by entering dummy cipher data in it i-e followed by Hash(#), as # is treated as a comment in bash script, but I will not advice this workaround, as it’s a manual/tiring process and people can identify original code with little bit of concentration on pattern of cipher data :)

- Hide the bash code file

The best thing I found in the end was to hide the bash code/script file, following if the process to do so:

Just rename the file followed by a dot(.)

Example:

mv telnet .telnet

*I used move command, since I didn’t want to retain original file.

Now .telnet would not be listed in the directory along with other files when you list the files in the directory with “ls” command, but if you type “ls –a” i-e list all files in the directory then the files with dot(.) prefix would also be visible, so you have to count on your luck in this workaround, but some thing is better then nothing, so I used this one :)

If anyone has any other better solution, please do share.

Contact Us for News Tips, Corrections and Feedback

Related posts

7 comments
Leave a message...

  •  
    James6 years, 8 months ago

    Alternatively you could create a wrapper script, which simply calls your script. Require users to use SUDO to run the wrapper and change the permission so that the actual script is only readable by root.

    •  
      Jaxov6 years, 8 months ago

      @James: Can you elaborate a bit plz? Any web-links for details?

  •  
    No_limits906 years, 11 months ago

    See especially pages 28-46 on OM. ,

  •  
    Fmigo7 years ago

    Open source can not remain hidden :P

  •  
    Max7 years ago

    Mate,
    Making file hidden is not a solution at all.
    How you are going to run your script? By providing absolute or relative path. In both cases the name of your script will be revealed.
    >How to Hide Source Code In A Bash Script
    write it on c.

    If only you have root privileges on a box and you are the only person who is going to run a script, put in any directory to which only root has access (700), make root an owner of the script and change permissions to 700 (don’t worry it will run with 700 same good as with 755)
    Otherwise if other people is intended to use your script and you use bash, the whole idea is rubbish.
    I can understand why you don’t want other people to modify it. But to hide a source? Can’t thing of any reasonable explanation why that would be needed. That is why you didn’t find anything decent on that topic surfing Internet.

  •  
    custangro7 years, 5 months ago

    You can also do

    vi -x file.txt

    -C

    •  
      Jaxov7 years, 5 months ago

      Hi Custangro,

      Thanks for your reply, I tried this, the command asks for a key after executing it on a bash file, after entering a key and writing/saving the bash file, when I tried to execute it, it gives following error:

      -bash: ./test3: cannot execute binary file

      Can you explain little in detail, what this command do? and how to use it?

      Waiting for our reply, thanks.