BASH - decrypt an shc encrypted file

Posted on 2007-12-03
Medium Priority
Last Modified: 2013-12-26
Hello, i've encrypted a file with SHC .. but i've lost the source .. is there any way to decrypt it and take the source, or i have to make it again ? :\
Question by:rares_dumitrescu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 43

Expert Comment

ID: 20401493

Author Comment

ID: 20404318
Francisco García, the author of shc, recently released version 3.8. It uses somewhat different data structures and improves upon the security of the previous version ..
so .. seems that that site was helpfull but not any more :d

Does anyone have another ideea ? thanx
LVL 43

Expert Comment

ID: 20404408
I know.
I just got another idea. Can You kill with SEGV signal the running script? It should dump a core file, and the core hopefully have decrypted script somewhere inside?
And another idea, use strace tool and grab all data passed with write() syscalls - it have to write the script content to real shell execution.
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.


Author Comment

ID: 20411436
first one made a file dialog.core

v^@ë^DÿÐ^CøÿuôX[ÉÃì^LèpòÿÿÄ^LÃ$FreeBSD: src/lib/csu/i386-elf/crti.S,v 1.7 2005/05/19 07:31:06 dfr Exp $^@0.4^@--create-rc^@--title^@--yesno^@--hline^@-$
dialog version 0.3, by Savio Lam (lam836@cs.cuhk.hk).
À÷patched to version %s by Stuart Herbert (S.Herbert@shef.ac.uk)
ÀuChanges Copyright (C) 1995 by Andrey A. Chernov, Moscow, Russia¦^O
So ... no decrypted text

and for strace .. i dont really know how to work with it

any other ideeas ?
if not pff ... i will remake the script .. and i will remember that i am an idiot because i didn't save the script on my computer too :)
LVL 43

Expert Comment

ID: 20414499
I just grabbed shc-3.8.6, compiled simple bash script, killed with SEGV, verified generated core - it have the script code inside.
strace is tricky - the shc generated executeables verifies that it is not traced, terminates otherwise. One would have to create custom trace tool to detach parent as soon as child is forked.
LVL 43

Expert Comment

ID: 20414504
Of course, You have to look throught all core file for the source.

Author Comment

ID: 20426486
hmm .. how did you kill it with SEGV ?
kill -s SEGSEGV pid ?
LVL 43

Accepted Solution

ravenpl earned 2000 total points
ID: 20426641

ulimit -c unlimited # make sure it will create the core file
./compiled_script &
sleep 1 #hope it will not finish in one second
kill -SEGV `/sbin/pidof compiled_script`

Author Comment

ID: 20431158
didn't actually work but doesn't matter
i will remake it ... even better :)
thanx for your help ravenpl

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question