UnSHc-MIPS - the UnSHc decrypter for MIPS arch
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 1 commit ahead, 1 commit behind yanncam:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
latest first commit for mips Aug 25, 2017
release first commit for mips Aug 25, 2017
sample First commit Mar 2, 2016
README.md first commit for mips Aug 25, 2017

README.md

UnSHc

UnSHc - How to decrypt SHc *.sh.x encrypted file ?

This version of script only works for MIPS binaries. For x86/x64, please use the original version https://github.com/yanncam/UnSHc .

Please note

I will not decrypt any file for people. Issues on GitHub are only to discuss about bug and/or improvement of the tool "UnSHc".

If you think you have found a bug, please provide me the encrypted file AND the unencrypted file corresponding. Without these two files I can't reverse it and analyze it. Add some information about the architecture where the encrypted file has been created (what linux distribution and version, what architecture x86 or x64, etc.).

All others "file decryption issues" will be closed directly.

SHc review

SHc (SHell compiler) is a fabulous tool created and maintained by Francisco Javier Rosales Garcia (http://www.datsi.fi.upm.es/~frosal/). This tool protect any shell script with encryption (ARC4).

wget -q http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9.tgz
tar zxvf shc-3.8.9.tgz
cd shc-3.8.9
make

How to use SHc ?

root@server:~/shc/shc-3.8.9# shc -h
shc Version 3.8.9, Generic Script Compiler
shc Copyright (c) 1994-2012 Francisco Rosales <frosal@fi.upm.es>
shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script
-e %s Expiration date in dd/mm/yyyy format [none]
-m %s Message to display upon expiration [&quot;Please contact your provider&quot;]
-f %s File name of the script to compile
-i %s Inline option for the shell interpreter i.e: -e
-x %s eXec command, as a printf format i.e: exec('%s',@ARGV);
-l %s Last shell option i.e: --
-r Relax security. Make a redistributable binary
-v Verbose compilation
-D Switch ON debug exec calls [OFF]
-T Allow binary to be traceable [no]
-C Display license and exit
-A Display abstract and exit
-h Display help and exit
Environment variables used:
Name Default Usage
CC cc C compiler command
CFLAGS C compiler flags
Please consult the shc(1) man page.

Encrypted shell script are named "*.sh.x" by default.

UnSHc is a tool to reverse the encryption of any SHc encrypted *.sh.x script.

How to use UnSHc ?

[root@server:~/unshc]$ ./unshc.sh -h
 _   _       _____ _   _
| | | |     /  ___| | | |
| | | |_ __ \ `--.| |_| | ___
| | | | '_ \ `--. \  _  |/ __|
| |_| | | | /\__/ / | | | (__
 \___/|_| |_\____/\_| |_/\___|

--- UnSHc - The shc decrypter.
--- Version: 0.6
------------------------------
UnSHc is used to decrypt script encrypted with SHc
Original idea from Luiz Octavio Duarte (LOD)
Updated and modernized by Yann CAM
- SHc   : [http://www.datsi.fi.upm.es/~frosal/]
- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]
------------------------------

[*] Usage : ./unshc.sh [OPTIONS] <file.sh.x>
         -h | --help                          : print this help message
         -a OFFSET | --arc4 OFFSET            : specify the arc4() offset arbitrarily (without 0x prefix)
         -d DUMPFILE | --dumpfile DUMPFILE    : provide an object dump file (objdump -D script.sh.x > DUMPFILE)
         -s STRFILE | --stringfile STRFILE    : provide a string dump file (objdump -s script.sh.x > STRFILE)
         -o OUTFILE | --outputfile OUTFILE    : indicate the output file name

[*] e.g :
        ./unshc.sh script.sh.x
        ./unshc.sh script.sh.x -o script_decrypted.sh
        ./unshc.sh script.sh.x -a 400f9b
        ./unshc.sh script.sh.x -d /tmp/dumpfile -s /tmp/strfile
        ./unshc.sh script.sh.x -a 400f9b -d /tmp/dumpfile -s /tmp/strfile -o script_decrypted.sh

Note for UnSHc-MIPS

  • This script has been modified to not automatically run objdump. You will need to run objdump -D and objdump -s at first. If your mips platform is not able to run objdump, run mipsel-linux-gnu-objdump on other platform (for example your x86/x64 desktop or server)