Solved

BASH - decrypt an shc encrypted file

Posted on 2007-12-03
9
3,006 Views
Last Modified: 2013-12-26
Hello, i've encrypted a file with SHC .. but i've lost the source .. is there any way to decrypt it and take the source, or i have to make it again ? :\
0
Comment
Question by:rares_dumitrescu
  • 5
  • 4
9 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 20401493
0
 

Author Comment

by:rares_dumitrescu
ID: 20404318
Francisco García, the author of shc, recently released version 3.8. It uses somewhat different data structures and improves upon the security of the previous version ..
so .. seems that that site was helpfull but not any more :d

Does anyone have another ideea ? thanx
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 20404408
I know.
I just got another idea. Can You kill with SEGV signal the running script? It should dump a core file, and the core hopefully have decrypted script somewhere inside?
And another idea, use strace tool and grab all data passed with write() syscalls - it have to write the script content to real shell execution.
0
 

Author Comment

by:rares_dumitrescu
ID: 20411436
first one made a file dialog.core

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^$
^@^@^@üÞó¦^O
^@^@^@üÜ÷ÿÿ)M^H}^Ü÷ÿÿE^Lÿt^HÿµÌ÷ÿÿèÄøÿÿÃè=øÿÿXé$^LÜ÷ÿÿÿt^PèÉøÿÿÄ^PPU^Lì^H
v^@ë^DÿÐ^CøÿuôX[ÉÃì^LèpòÿÿÄ^LÃ$FreeBSD: src/lib/csu/i386-elf/crti.S,v 1.7 2005/05/19 07:31:06 dfr Exp $^@0.4^@--create-rc^@--title^@--yesno^@--hline^@-$
ÀÆ^O
dialog version 0.3, by Savio Lam (lam836@cs.cuhk.hk).
À÷patched to version %s by Stuart Herbert (S.Herbert@shef.ac.uk)
ÀuChanges Copyright (C) 1995 by Andrey A. Chernov, Moscow, Russia¦^O
So ... no decrypted text

and for strace .. i dont really know how to work with it

any other ideeas ?
if not pff ... i will remake the script .. and i will remember that i am an idiot because i didn't save the script on my computer too :)
thanx
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 43

Expert Comment

by:ravenpl
ID: 20414499
I just grabbed shc-3.8.6, compiled simple bash script, killed with SEGV, verified generated core - it have the script code inside.
strace is tricky - the shc generated executeables verifies that it is not traced, terminates otherwise. One would have to create custom trace tool to detach parent as soon as child is forked.
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 20414504
Of course, You have to look throught all core file for the source.
0
 

Author Comment

by:rares_dumitrescu
ID: 20426486
hmm .. how did you kill it with SEGV ?
kill -s SEGSEGV pid ?
0
 
LVL 43

Accepted Solution

by:
ravenpl earned 500 total points
ID: 20426641
yes.

ulimit -c unlimited # make sure it will create the core file
./compiled_script &
sleep 1 #hope it will not finish in one second
kill -SEGV `/sbin/pidof compiled_script`
0
 

Author Comment

by:rares_dumitrescu
ID: 20431158
didn't actually work but doesn't matter
i will remake it ... even better :)
thanx for your help ravenpl
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now