0

There are a lot of tips (and warnings) on here for obfuscating various items within scripts. I'm not trying to hide a password, I'm just wondering if I can obfuscate an actuall command within the script to defeat the casual user/grepper. Background: We have a piece of software that helps manage machines within the environment. These machines are owned by the enterprise. The users sometimes get it in their heads that this computer is theirs and they don't want "The Man" looking over their shoulders.

I've developed a little something that will check to see if a certain process is running, and if not, clone it up and replace. Again, the purpose of this is not to defeat anyone other than the casual user.

It was suggested that one could echo an octal value (the 'obfuscated' command) and use it as a variable within the script. e.g.:

strongBad=`echo "\0150\0157\0163\0164\0156\0141\0155\0145"`

I could then use $strongBad within the shell script to slyly call the commands that I wanted to call with arguments?

/bin/$strongBad -doThatThingYouDo -DoEEET

Is there any truth to this? So far it's worked via command line directly into shell (using the -e flag with echo) but not so much within the script. I'm getting unexpected output, perhaps the way I'm using it?

As a test, try this in the command line:

strongBad=`echo -e "\0167\0150\0157"`

And then

$strongBad

You should get the same output as "who".

EDIT

Upon further review, the addition of the path to the echo command in the variable is breaking it. Perhaps that's the source of my issue.

Improve this question
15
  • /usr/sbin//bin/echo? I don't think so. Commented Sep 17, 2013 at 19:28
  • actually the variable contains the contents of the echo.. when called via the secondary command, it actually works. Commented Sep 17, 2013 at 19:29
  • Oh, that's backticks, not ' Commented Sep 17, 2013 at 19:31
  • An easy google search gave me this: sourceforge.net/projects/shellcrypt Commented Sep 17, 2013 at 19:33
  • 1
    None of these techniques will obfuscate the name of the command in the process list, so it doesn't make much sense to me to worry about people doing grep <command> on your invocation script when they can much more easily just do killall <command>... Commented Sep 17, 2013 at 19:54

1 Answer 1

Reset to default
1

You can do a rotate 13 on any command you want hidden beforehand, then just have the the obfuscated command in the shell script.

This little bash script:

#!/bin/bash

function rot13 {
   echo "$@" | tr '[a-m][n-z][A-M][N-Z]' '[n-z][a-m][N-Z][A-M]'
}


rot13 echo hello, world!

`rot13 rpub uryyb, jbeyq!`

Produces:

rpub uryyb, jbeyq!
hello, world!
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The only problems is this is OS X, so the number of useful tools like rot13 is limited. :(
I am using a function. You don't need to have a seperate rot13 tool.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.