shc

shc [-f script] [-o output] [-e date] [-m message] [-r] [-U] [-H] [-v]

shc converts shell scripts into compiled binary executables by encrypting the script content and wrapping it in auto-generated C code. The resulting C source is compiled with the system's C compiler to produce a standalone binary that decrypts and executes the original script at runtime.
The tool provides basic source code obfuscation rather than true security, since the script can be recovered from the binary with sufficient effort. Optional features include expiration dates that make the binary refuse to run after a specified date, and strict mode that binds the binary to the current host to prevent redistribution. Relaxed mode (-r) allows the binary to run on different systems.
An intermediate .x.c file containing the generated C source is produced alongside the binary and can be inspected, modified, or compiled manually with different options.

-f SCRIPT

Input shell script to compile

Output binary filename

Expiration date in dd/mm/yyyy format

Message to display upon expiration (default: "Please contact your provider")

Relaxed security, allow redistributable binary across systems

Verbose compilation output

Make binary untraceable (blocks truss, strace, ltrace, etc.)

Hardening: extra protection against dumping, code injection, and ptrace

Switch on setuid for root callable programs

Compile for BusyBox

Switch on debug exec calls

Inline option for the shell interpreter

Exec command, as a printf format

Not true compilation - script is recoverable. Security is obfuscation, not encryption. Requires C compiler.

shc (Shell Compiler) was created by Francisco Javier Rosales Garcia. It's used for basic shell script protection and distribution.

bash(1), gcc(1)