Shell Programming and Scripting

ok. i have an extensive program written predominantly in borne shell. i have to give an "evaluation" copy of this program to a user so she can test it out and see if she wants it. problem is, i dont have an evaluation copy. and even if i did, im worried the evaluation copy can be edited to override whatever logic i built into it to prevent it from being used as though it were the full product.

my question is, how can i edit the script so that the user can only run it on a specific number of hosts? or how do i package the script altogether so as to prevent unauthorized use?

Use script compiler such as shc to creates a executable version of your script and pass the same to your colleague.

refer this link for example:

Code:

http://nixcraft.com/shell-scripting/15784-secure-script-code-hide-bash-source-code.html

Well, have the script check the host name and/or datem and embed the script into C. To prevent tampering and keep the C simple, run the script through a compressor and an encryption and a base 64 encoder into a static string variable. The C can run it backwards from string to decoder to uncompress to sh, so it only exists on the pipe, and the values in the script cannot be patched over in the C object file. I am not sure even a crypto layer is necessary after compression and base 64.

I like the script compiler! Unfortunately you can find strings in code and change them, and it still runs, so you may need to do more. For instance, I had a lib with a trapdoor password so I changed the trapdoor password to be different and invalid. I worte a simple c program to copy binary files finding and replacing strings $1 to $2 (same length).

thank you guys. i'll check these out.

If you cannot find base64, uuencode or even hex is an alternative. Put the host and date checks inside the encrypted/encoded/compressed script.

can you please provide an example?

Well, encoding usually means taking 6 bits at a time of the binary and encoding them in some of the innocuous ascii valuse between ' ' and '~', for instance adding them to '!'. Hex is just a 4 bit version of the same. Nobody has been desperate enough to find a way to encode using 96 characters for 6.5 bits a character. Here is an example of what a hacker sees if you compress plain text and then convert it to hex:

Code:

$ echo hidden data string |bzip2|od -x
0000000 425a 6839 3141 5926 5359 e937 8426 0000
0000020 0551 8000 1040 0026 e11c 0020 0031 0340
0000040 d029 a635 3c45 9ac0 17b9 7f4d 8256 68bb
0000060 9229 c284 8749 bc21 3000
0000071

Encoding 4 bits is easy:

Code:

$ vim hexify 
 
#include <stdio.h>
main(){
int c ;
int o ;
int llen = 0;
 while ( EOF != ( c = getchar())){
   putchar( '0' + ( c & 15 ));
   putchar( '0' + ( c >> 4 ));
   if ( 70 < ( llen += 2 )){
        putchar( '\n' );
        llen = 0 ;
    }
  }
 if ( llen ) putchar( '\n' );
}
~
~
~
"mysrc/hexify.c" 21 lines, 264 characters 
$ mycc hexify
$ echo hidden data string | bzip2 | hexify
24:586931314956235959>734862000050150800010400621><10002001330040=926:53
<354:90<719;?7=4286586;;29922<487894<;1203
$

It seems bzip2 expands small things a lot!