How to compile a linux shell script to be a standalone executable *binary* (i.e. not just e.g. chmod 755)?

Question

I'm looking for a free open source tool-set that will compile various "classic" scripting languages, e.g. Korn Shell, ksh, csh, bash etc. as an executable -- and if the script calls other programs or executables, for them to be included in the single executable.

Reasons:

1. To obfuscate the code for delivery to a customer so as not to reveal our Intellectual Property - for delivery onto a customer's own machine/systems for which I have no control over what permissions I can set regarding access, so the program file has to be binary whereby the workings cannot be easily seen by viewing in a text editor or hexdump viewer.

2. To make a single, simply deployed program for the customer without/or a minimal amount of any external dependencies.

I would prefer something simple without the need for package manager since:

1. I can't rely on the customer's knowledge to carry out (un) packaging instructions and

2. I can't rely on the policies governing their machines regarding installing packages (and indeed from third parties).

The simplest preferred approach is to be able to compile to proper machine code a single executable that will run out of the box without any dependencies.

Answer 1

The solution that fully meets my needs would be SHC - a free tool, or CCsh a commercial tool. Both compile shell scripts to C, which then can be compiled using a C compiler.

Links about SHC:

• https://github.com/neurobin/shc
• http://www.datsi.fi.upm.es/~frosal/
• http://www.downloadplex.com/Linux/System-Utilities/Shell-Tools/Download-shc_70414.html

Links about CCsh:

• http://www.comeaucomputing.com/faqs/ccshlit.html

Answer 2

You could use this: http://megastep.org/makeself/

This generates a shell script that auto-extracts a bundled tar.gz archive into the temporary directory, and then can run an arbitrary command upon extraction.

Using this tool, you can provide only one shell script to the client.

This script will then extract your ofbsh obfuscated scripts and binaries into /tmp, and run them transparently.

Answer 3

You can obfuscate shell scripts with something like ofbsh. You won't easily bundle other programs into a single executable for unix, though. Normally the approach for installation would be to buld a package for your platform's package manager (e.g. rpm, deb, pkg) or to provide a tarball to unravel in the appropriate directory.

If you need an executable file that unpacks the contents you might be able to use a shell archive. Take a look at the docs for shar(1) and see if that will get what you want

If you really need a scripting capability to glue multiple C programs together, take a look at the Tcl language. It has an API that is designed to trivially wrap C programs that expect to see argv[] style parameters. You can even embed the chunks of C code into a custom Tcl interpreter and glue it together with various Tcl scripts.

If you really need to make it opaque, you could encrypt the tcl scripts and wrap the whole thing in something that unencrypts the tcl scripts to a buffer and then runs the Tcl interpreter on them. Tcl can accept scripts from a file or a char* buffer, so the unencrypted scripts never have to hit the file system.

Answer 4

shc

I have modified the original source and upgraded to a new version with some feature addition and bug fixes. It's here.

Example Usage:

shc -f script.sh -o binary_name

script.sh will be compiled to a binary named binary_name

Note that, you still need the required shell to be installed in your system to run this executable.