Obash

Obash is a bash script obfuscator written in C programming language. The bash obfuscator (obash) encodes and encrypts bash shell scripts into executable binaries much like Shc The Shell script compiler, the project that inspired it, but uses AES-256 encryption and the key and initialization vector are retrieved from the hardware instead of being hard coded into The Binary itself. The obash project was started to address some of the issues that afflict shc, the main one being able to see the original shell script source by simply issuing "ps -ef". Although the objectives ate the same obash shares no code with shc and was built from scratch from the ground up, any code similarities are purely accidental and dictated by the shard objectives.

Obash is still work in ProgresS but the master branch on githob GeneRally has usable sources while the testing branch May Be in a transition state at any given time.

How IT Works internally

Obash takes the input script and aes-256 encodes it, and also base64 encodes the AES cipertex so that it can be used to declare an unsigned char array. It then produces an intermediate c file which is basically the interpreter (see interpreter.c), functions, text array containing the cipher text, the optional raw key and iv for reusable binaries (not bound to the hardware) and the main. The intermediate c file is then compiled into an executable. The intermediate c file is built in the following manner (see mk_sh_c function in functions.c): includes block from interpreter.h crypted_script variable containing the base64 aes-256 encoded script serial and uuid variables (empty if non reusable) functions block from interpreter.h main_body block from interpreter.h

See recreate_interpreter_header script for details on how interpreter.h is created from interpreter.c.

Key and Initialization Vector for AES-256 encoding

The key and iv are not hard-coded into the binary (unless you decide to build a reusable static binary with -r flag) but are retrieved each time from the hardware (hence binding it to a machine). In case of a reusable static binary (built wit -r flag) then the uuid and serial are in the binary itself but will be manipulated anyway by makekey and makeiv so that they are not usable immediately should anyone ever inspect the binary itself. Although the whereabouts from where the serial and uuid are retrieved is traceable and is not a secret (machine uuid and srial number for non reusable and random hex digits for reusable) these should be then manipulated in a way that they are not directly usable as is. In the code there is a comment suggesting where this should be done (see makekey and makeiv functions in functions.c): each and every one of you using obash is encouraged to do so or it would be fairly easy to extract the script source from the obfuscated binary.. In the distributed code, as an example, the "-" are stripped from the uuid and the serial is padded to reach the suggested length for the cipher used.

Alternatives

1. CCsh
2. shellcrypt
3. Shc the shell script compiler

External links

1. https://github.com/louigi600/obash