How to obfuscate a shell script?

Question

I am using Ubuntu 10.04. i have created a shell script. After writing the script, the code can be edited when right clicking the file and selecting Gedit. I want to know how

Answer 1

GEdit is just another tool that can be used to edit a file, much like "vi" or "nano" is. Only difference is, I believe it is graphical. Nevertheless, it appears that what the original poster is attempting to do here is to simply make it impossible for others to view certain scripts. If that's true, there are solutions that may be worth investigating.

SHC:

SHC is a great tool to use for this purpose. and based on the last post in this thread, it appears the OP has already tried it but, it didn't work on certain systems. If that's the case, heres's the reason why. The way SHC works is actually pretty straight-forward. When using it to obfuscate a script, you have to re-compile the script for whichever OS you intend to run it on. What that means is, you cannot run the SHC compiler on a ubuntu box and expect the produced script to work on a Red Hat/CentOS box. It appears the latest version of SHC can be accessed here.

EnScryption:

If your main goal is to discourage others from attempting to read your code, you can just paste your script to a site like this one. This site will automatically generate an obfuscated version of your script that should be able to run without issues on most common Unix systems.

If you do not wish to paste your code to the above site or use SHC for whatever reason, then, there's yet another solution. Use openssl!

OpenSSL:

If your scripts are really that sensitive, then Openssl(or a similar tool) is probably the best option for you. Why? Because the openssl tool in particular is present on most Unix systems...i.e. Ubuntu, CentOS, Red Hat, Macs, AIX. It comes as part of the default installation. If you decide to go this route, note, you will need to write your script in such a way that before it runs, the user has to provide a password.

Encrypting your script with OpenSSL:

cat yourscript.sh | openssl aes-128-cbc -a -salt -k (specify-a-password-here) > yourscript.enc.sh

(OR)

openssl aes-128-cbc -a -salt -in yourscript.sh -k (specify-a-password-here) > yourscript.enc.sh

(OR)

openssl aes-128-cbc -a -salt -in yourscript.sh -out yourscript.enc.sh -k (specify-a-password-here)

Decrypting your script with OpenSSL:

cat yourscript.enc.sh | openssl aes-128-cbc -a -d -salt -k (specify-a-password-here) > yourscript.dec.sh

(OR)

openssl aes-128-cbc -a -d -salt -in yourscript.sh -k (specify-a-password-here) > yourscript.dec.sh

(OR)

openssl aes-128-cbc -a -d -salt -in yourscript.sh -out yourscript.enc.sh -k (specify-a-password-here)

A quick thing to note about the openssl encryption mechanism 'aes-128-cbc':

There are probably more secure mechanisms out there. But there is a good chance some of the systems you wish to run your encrypted scripts on wont have those mechanisms, thereby making it impossible to run your script. So keep that in mind if you decide to change it.