shc

Compile a shell script

$ shc -f [script]

$ shc -f [script] -o [binary]

$ shc -f [script] -e [dd/mm/yyyy]

$ shc -f [script] -e [dd/mm/yyyy] -m "[Please contact your provider]"

shc [-v] [-f script_file] [-o outfile] [-i i_suffix] [-x e_suffix] [-l l_file] [-m message] [-r] [-U] [-V] [-D] [-B begin] [-E end] [-w wrapper] script_file

-v
    Verbose output.

-f script_file
    Specify the script file to compile.

-o outfile
    Specify the output file name.

-i i_suffix
    Specify the suffix for the intermediate C file (default .c).

-x e_suffix
    Specify the suffix for the executable file (default is null).

-l l_file
    Specify the filename for the license file.

-m message
    Specify a message to be displayed if the compiled script expires. This requires setting an expiration date within the script.

-r
    Relax security.
This option permits the compiled binary to be copied and executed on another machine (not recommended).

-U
    Make the compiled binary untraceable.

-V
    Show version information.

-D
    Turn on debugging mode.

-B begin
    Specify the begin date for the script to run using the format YYYYMMDD.

-E end
    Specify the end date for the script to run using the format YYYYMMDD.

-w wrapper
    Specify a custom C wrapper file.

The shc command is a shell script compiler. It takes a shell script as input and generates a compiled binary that executes the script. This compiled binary is intended to obscure the original source code, making it more difficult (but not impossible) for others to reverse engineer the script's logic. shc encrypts the script with a key generated based on the machine it will run on and compiles it into a binary file that needs that key to run. It's important to understand that shc does not provide true encryption or security, it mainly provides a level of obfuscation. It is typically used to protect proprietary or sensitive shell scripts from casual inspection or modification, although skilled reverse engineers can often bypass this protection. The level of obfuscation can be adjusted based on the compiler and OS used. shc does not offer license management functionality; it must be implemented independently.

shc provides obfuscation, not true encryption. Determined attackers can reverse engineer the compiled script.
The resulting binary is platform-dependent and may not be portable between different operating systems or architectures.
shc relies on the system's C compiler (typically gcc) to compile the intermediate C code. It is a requirement for the build process.

shc allows embedding expiration dates within the compiled script. This can be used to control the lifespan of the script. The `-m` option lets you specify a custom message to display upon expiration. Note that this is not a comprehensive licensing solution and can be bypassed if the binary is modified.

Avoid the `-r` option unless strictly necessary, as it weakens the security by allowing the compiled script to run on different machines. Always consider the security implications of using shc and remember that it is not a substitute for robust security measures.

The history of shc is not well documented in publicly available sources. It has been around for many years, serving as a useful tool for simple shell script obfuscation. The exact origins and initial development remain somewhat obscure, but it has been widely adopted by system administrators and developers looking for a basic way to protect their shell scripts from casual scrutiny.

openssl(1), gcc(1)