[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3277
  • Last Modified:

BASH - decrypt an shc encrypted file

Hello, i've encrypted a file with SHC .. but i've lost the source .. is there any way to decrypt it and take the source, or i have to make it again ? :\
0
rares_dumitrescu
Asked:
rares_dumitrescu
  • 5
  • 4
1 Solution
 
ravenplCommented:
0
 
rares_dumitrescuAuthor Commented:
Francisco García, the author of shc, recently released version 3.8. It uses somewhat different data structures and improves upon the security of the previous version ..
so .. seems that that site was helpfull but not any more :d

Does anyone have another ideea ? thanx
0
 
ravenplCommented:
I know.
I just got another idea. Can You kill with SEGV signal the running script? It should dump a core file, and the core hopefully have decrypted script somewhere inside?
And another idea, use strace tool and grab all data passed with write() syscalls - it have to write the script content to real shell execution.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
rares_dumitrescuAuthor Commented:
first one made a file dialog.core

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^$
^@^@^@üÞó¦^O
^@^@^@üÜ÷ÿÿ)M^H}^Ü÷ÿÿE^Lÿt^HÿµÌ÷ÿÿèÄøÿÿÃè=øÿÿXé$^LÜ÷ÿÿÿt^PèÉøÿÿÄ^PPU^Lì^H
v^@ë^DÿÐ^CøÿuôX[ÉÃì^LèpòÿÿÄ^LÃ$FreeBSD: src/lib/csu/i386-elf/crti.S,v 1.7 2005/05/19 07:31:06 dfr Exp $^@0.4^@--create-rc^@--title^@--yesno^@--hline^@-$
ÀÆ^O
dialog version 0.3, by Savio Lam (lam836@cs.cuhk.hk).
À÷patched to version %s by Stuart Herbert (S.Herbert@shef.ac.uk)
ÀuChanges Copyright (C) 1995 by Andrey A. Chernov, Moscow, Russia¦^O
So ... no decrypted text

and for strace .. i dont really know how to work with it

any other ideeas ?
if not pff ... i will remake the script .. and i will remember that i am an idiot because i didn't save the script on my computer too :)
thanx
0
 
ravenplCommented:
I just grabbed shc-3.8.6, compiled simple bash script, killed with SEGV, verified generated core - it have the script code inside.
strace is tricky - the shc generated executeables verifies that it is not traced, terminates otherwise. One would have to create custom trace tool to detach parent as soon as child is forked.
0
 
ravenplCommented:
Of course, You have to look throught all core file for the source.
0
 
rares_dumitrescuAuthor Commented:
hmm .. how did you kill it with SEGV ?
kill -s SEGSEGV pid ?
0
 
ravenplCommented:
yes.

ulimit -c unlimited # make sure it will create the core file
./compiled_script &
sleep 1 #hope it will not finish in one second
kill -SEGV `/sbin/pidof compiled_script`
0
 
rares_dumitrescuAuthor Commented:
didn't actually work but doesn't matter
i will remake it ... even better :)
thanx for your help ravenpl
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now