Tuesday, November 12, 2013

Non Alpha Numeric Shellscript


Making your shell script non alpha numeric


Ever had the need to obfuscate your complete shellscript by using non alpha numeric code? Now there is a tool for that ;) 

I already wrote some time ago about how to start writing non alpha numeric shellscript, but this would not support shell internals like if statements etc. But some days ago I found out that there exists an eval in bash, which makes it possible to support shell internals.

The basic steps my script does are the following:
1. Get via Regex enough characters to build echo -e \0
2. Increase a counter
3. Concat the counter with echo -e \0 to create needed characters
4. Step 3 is repeated to get every character. 
5. create eval
6. concat all characters and pass them to eval

Take this shellscript as an example:
____________________________________________________________________

echo "Enter the password: ";
read test;
if [ $test == "correct" ]; then echo "You cracked it;)"; else echo "HAHA, wrong!"; fi

After processing it, it will look like this (abbreviated)



/????\+?????
__=$_
. .
___=$?
____=___
____=$[++____]
____=$[++____]
____=$[++____]
_____=${__:____:___}
_______=${__:___+___:___}
__=/?${_____}?
$__
__=$_
______=${__:___:___}
________=${__:___+___+___:___}
__=/?${_______}?${______}
$__
__=$_
_________=${__:___:___}
__________=${______}${________}${_________}${_______}" -"${______}" "\\$[___-___] ___=$[++___]
[..]
___=$[++___]
___________=${__________}$___;___________=$($___________)
___=$[++___]
____________=${__________}$___;____________=$($____________)
___=$[++___]
_____________=${__________}$___;_____________=$($_____________)
___=$[++___]
___=$[++___]
______________=${__________}$___;______________=$($______________)
___=$[++___]
[..]
___=$[++___]
_______________=${__________}$___;_______________=$($_______________)
___=$[++___]
___=$[++___]
___=$[++___]
________________=${__________}$___;________________=$($________________)
___=$[++___]
___=$[++___]
___=$[++___]
[..]
___=$[++___]
___=$[++___]
_________________=${__________}$___;_________________=$($_________________)
___=$[++___]
__________________=${__________}$___;__________________=$($__________________)
___=$[++___]
___=$[++___]
___________________=${__________}$___;___________________=$($___________________)
___=$[++___]
[..]
___=$[++___]
____________________=${__________}$___;____________________=$($____________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
_____________________=${__________}$___;_____________________=$($_____________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
______________________=${__________}$___;______________________=$($______________________)
___=$[++___]
___=$[++___]
[..]
___=$[++___]
___=$[++___]
_______________________=${__________}$___;_______________________=$($_______________________)
___=$[++___]
___=$[++___]
________________________=${__________}$___;________________________=$($________________________)
___=$[++___]
_________________________=${__________}$___;_________________________=$($_________________________)
___=$[++___]
__________________________=${__________}$___;__________________________=$($__________________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___________________________=${__________}$___;___________________________=$($___________________________)
___=$[++___]
___=$[++___]
____________________________=${__________}$___;____________________________=$($____________________________)
___=$[++___]
_____________________________=${__________}$___;_____________________________=$($_____________________________)
___=$[++___]
______________________________=${__________}$___;______________________________=$($______________________________)
___=$[++___]
_______________________________=${__________}$___;_______________________________=$($_______________________________)
___=$[++___]
________________________________=${__________}$___;________________________________=$($________________________________)
___=$[++___]
___=$[++___]
___=$[++___]
_________________________________=${__________}$___;_________________________________=$($_________________________________)
___=$[++___]
__________________________________=${__________}$___;__________________________________=$($__________________________________)
___=$[++___]
___=$[++___]
___________________________________=${__________}$___;___________________________________=$($___________________________________)
___=$[++___]
____________________________________=${__________}$___;____________________________________=$($____________________________________)
___=$[++___]
___=$[++___]
_____________________________________=${__________}$___;_____________________________________=$($_____________________________________)
___=$[++___]
______________________________________=${__________}$___;______________________________________=$($______________________________________)
___=$[++___]
___=$[++___]
___=$[++___]
_______________________________________=${__________}$___;_______________________________________=$($_______________________________________)
___=$[++___]
___=$[++___]
________________________________________=${__________}$___;________________________________________=$($________________________________________)
___=$[++___]
_________________________________________=${__________}$___;_________________________________________=$($_________________________________________)
___=$[++___]
__________________________________________=${__________}$___;__________________________________________=$($__________________________________________)
___=$[++___]
___________________________________________=${__________}$___;___________________________________________=$($___________________________________________)
___=$[++___]
____________________________________________=${__________}$___;____________________________________________=$($____________________________________________)
___=$[++___]
_____________________________________________=${__________}$___;_____________________________________________=$($_____________________________________________)
$______________________________$____________________________________________$___________________________$____________________________________ $($__________ $______________________________$____________________________$_________________________________$______________________________________$___________$_____________$_____________________$_____________________________________$__________________________________________$______________________________$________________________________________$___________$__________________________________________$_________________________________$______________________________$___________$_______________________________________$___________________________$_________________________________________$_________________________________________$_____________________________________________$______________________________________$________________________________________$_____________________________$_________________$___________$_____________$__________________$_________________________$_____________________________________$________________________________________$______________________________$___________________________$_____________________________$___________$__________________________________________$______________________________$_________________________________________$__________________________________________$__________________$_________________________$_____________________________________$__________________________________$_______________________________$___________$________________________$___________$______________$__________________________________________$______________________________$_________________________________________$__________________________________________$___________$___________________$___________________$___________$_____________$____________________________$______________________________________$________________________________________$________________________________________$______________________________$____________________________$__________________________________________$_____________$___________$__________________________$__________________$___________$__________________________________________$_________________________________$______________________________$_____________________________________$___________$______________________________$____________________________$_________________________________$______________________________________$___________$_____________$_______________________$______________________________________$___________________________________________$___________$____________________________$________________________________________$___________________________$____________________________$___________________________________$______________________________$_____________________________$___________$__________________________________$__________________________________________$__________________$_______________$_____________$__________________$___________$______________________________$____________________________________$_________________________________________$______________________________$___________$______________________________$____________________________$_________________________________$______________________________________$___________$_____________$______________________$____________________$______________________$____________________$________________$___________$_____________________________________________$________________________________________$______________________________________$_____________________________________$________________________________$____________$_____________$__________________$___________$_______________________________$__________________________________$_________________________$_____________________________________)



The usage is very simple:
python obfuscate.py <pathtoshellscript>

It will create a new file called nonalpha.sh
If you want to play around with it, get it here:












3 comments:

  1. Hello
    The resulting script doesn't work:
    karim@karimnote ~ $ bash nonalpha.sh
    nonalpha.sh: line 1: /????+?????: No such file or directory
    nonalpha.sh: line 3: .: .: is a directory
    nonalpha.sh: line 12: /bin: Is a directory
    nonalpha.sh: line 17: /???v: No such file or directory
    nonalpha.sh: line 59: vr??: command not found
    nonalpha.sh: line 61: vr??: command not found
    nonalpha.sh: line 63: vr??: command not found
    nonalpha.sh: line 66: vr??: command not found
    nonalpha.sh: line 74: vr??: command not found
    nonalpha.sh: line 78: vr??: command not found
    nonalpha.sh: line 97: vr??: command not found
    nonalpha.sh: line 99: vr??: command not found
    nonalpha.sh: line 102: vr??: command not found
    nonalpha.sh: line 129: vr??: command not found
    nonalpha.sh: line 134: vr??: command not found
    nonalpha.sh: line 140: vr??: command not found
    nonalpha.sh: line 162: vr??: command not found
    nonalpha.sh: line 165: vr??: command not found
    nonalpha.sh: line 167: vr??: command not found
    nonalpha.sh: line 169: vr??: command not found
    nonalpha.sh: line 176: vr??: command not found
    nonalpha.sh: line 179: vr??: command not found
    nonalpha.sh: line 181: vr??: command not found
    nonalpha.sh: line 183: vr??: command not found
    nonalpha.sh: line 185: vr??: command not found

    ReplyDelete
    Replies
    1. Do you have a /lost+found directory??
      Is your bash able to do a eval??
      I tested it on Ubuntu, whats your OS?

      Delete
  2. After creating /lost+found it works, thank you!
    I use gentoo with reiserfs

    ReplyDelete