UnSHc - How to decrypt SHc *.sh.x encrypted file ?
SHc (SHell compiler) is a fabulous tool created and maintained by Francisco Javier Rosales Garcia (https://www.datsi.fi.upm.es/~frosal/). This tool protect any shell script with encryption (ARC4).
wget -q https://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9.tgz
tar zxvf shc-3.8.9.tgz
cd shc-3.8.9
make
root@server:~/shc/shc-3.8.9# shc -h
shc Version 3.8.9, Generic Script Compiler
shc Copyright (c) 1994-2012 Francisco Rosales <[email protected]>
shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
-e %s Expiration date in dd/mm/yyyy format [none]
-m %s Message to display upon expiration ["Please contact your provider"]
-f %s File name of the script to compile
-i %s Inline option for the shell interpreter i.e: -e
-x %s eXec command, as a printf format i.e: exec('%s',@ARGV);
-l %s Last shell option i.e: --
-r Relax security. Make a redistributable binary
-v Verbose compilation
-D Switch ON debug exec calls [OFF]
-T Allow binary to be traceable [no]
-C Display license and exit
-A Display abstract and exit
-h Display help and exit
Environment variables used:
Name Default Usage
CC cc C compiler command
CFLAGS C compiler flags
Please consult the shc(1) man page.
Encrypted shell script are named "*.sh.x" by default.
UnSHc is a tool to reverse the encryption of any SHc encrypted *.sh.x script.
[root@server:~/unshc]$ ./unshc.sh -h
_ _ _____ _ _
| | | | / ___| | | |
| | | |_ __ \ `--.| |_| | ___
| | | | '_ \ `--. \ _ |/ __|
| |_| | | | /\__/ / | | | (__
\___/|_| |_\____/\_| |_/\___|
--- UnSHc - The shc decrypter.
--- Version: 0.6
------------------------------
UnSHc is used to decrypt script encrypted with SHc
Original idea from Luiz Octavio Duarte (LOD)
Updated and modernized by Yann CAM
- SHc : [https://www.datsi.fi.upm.es/~frosal/]
- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]
------------------------------
[*] Usage : ./unshc.sh [OPTIONS] <file.sh.x>
-h | --help : print this help message
-a OFFSET | --arc4 OFFSET : specify the arc4() offset arbitrarily (without 0x prefix)
-d DUMPFILE | --dumpfile DUMPFILE : provide an object dump file (objdump -D script.sh.x > DUMPFILE)
-s STRFILE | --stringfile STRFILE : provide a string dump file (objdump -s script.sh.x > STRFILE)
-o OUTFILE | --outputfile OUTFILE : indicate the output file name
[*] e.g :
./unshc.sh script.sh.x
./unshc.sh script.sh.x -o script_decrypted.sh
./unshc.sh script.sh.x -a 400f9b
./unshc.sh script.sh.x -d /tmp/dumpfile -s /tmp/strfile
./unshc.sh script.sh.x -a 400f9b -d /tmp/dumpfile -s /tmp/strfile -o script_decrypted.sh
- Demonstration in video :
- SHc (in french) :
- UnSHc (in french) :