Making your shell script non alpha numeric
Ever had the need to obfuscate your complete shellscript by using non alpha numeric code? Now there is a tool for that ;)
I already wrote some time ago about how to start writing non alpha numeric shellscript, but this would not support shell internals like if statements etc. But some days ago I found out that there exists an eval in bash, which makes it possible to support shell internals.
The basic steps my script does are the following:
1. Get via Regex enough characters to build echo -e \0
2. Increase a counter
3. Concat the counter with echo -e \0 to create needed characters
4. Step 3 is repeated to get every character.
5. create eval
6. concat all characters and pass them to eval
Take this shellscript as an example:
____________________________________________________________________
echo "Enter the password: ";
read test;
if [ $test == "correct" ]; then echo "You cracked it;)"; else echo "HAHA, wrong!"; fi
After processing it, it will look like this (abbreviated)
/????\+?????
__=$_
. .
___=$?
____=___
____=$[++____]
____=$[++____]
____=$[++____]
_____=${__:____:___}
_______=${__:___+___:___}
__=/?${_____}?
$__
__=$_
______=${__:___:___}
________=${__:___+___+___:___}
__=/?${_______}?${______}
$__
__=$_
_________=${__:___:___}
__________=${______}${________}${_________}${_______}" -"${______}" "\\$[___-___] ___=$[++___]
[..]
___=$[++___]
___________=${__________}$___;___________=$($___________)
___=$[++___]
____________=${__________}$___;____________=$($____________)
___=$[++___]
_____________=${__________}$___;_____________=$($_____________)
___=$[++___]
___=$[++___]
______________=${__________}$___;______________=$($______________)
___=$[++___]
[..]
___=$[++___]
_______________=${__________}$___;_______________=$($_______________)
___=$[++___]
___=$[++___]
___=$[++___]
________________=${__________}$___;________________=$($________________)
___=$[++___]
___=$[++___]
___=$[++___]
[..]
___=$[++___]
___=$[++___]
_________________=${__________}$___;_________________=$($_________________)
___=$[++___]
__________________=${__________}$___;__________________=$($__________________)
___=$[++___]
___=$[++___]
___________________=${__________}$___;___________________=$($___________________)
___=$[++___]
[..]
___=$[++___]
____________________=${__________}$___;____________________=$($____________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
_____________________=${__________}$___;_____________________=$($_____________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
______________________=${__________}$___;______________________=$($______________________)
___=$[++___]
___=$[++___]
[..]
___=$[++___]
___=$[++___]
_______________________=${__________}$___;_______________________=$($_______________________)
___=$[++___]
___=$[++___]
________________________=${__________}$___;________________________=$($________________________)
___=$[++___]
_________________________=${__________}$___;_________________________=$($_________________________)
___=$[++___]
__________________________=${__________}$___;__________________________=$($__________________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___________________________=${__________}$___;___________________________=$($___________________________)
___=$[++___]
___=$[++___]
____________________________=${__________}$___;____________________________=$($____________________________)
___=$[++___]
_____________________________=${__________}$___;_____________________________=$($_____________________________)
___=$[++___]
______________________________=${__________}$___;______________________________=$($______________________________)
___=$[++___]
_______________________________=${__________}$___;_______________________________=$($_______________________________)
___=$[++___]
________________________________=${__________}$___;________________________________=$($________________________________)
___=$[++___]
___=$[++___]
___=$[++___]
_________________________________=${__________}$___;_________________________________=$($_________________________________)
___=$[++___]
__________________________________=${__________}$___;__________________________________=$($__________________________________)
___=$[++___]
___=$[++___]
___________________________________=${__________}$___;___________________________________=$($___________________________________)
___=$[++___]
____________________________________=${__________}$___;____________________________________=$($____________________________________)
___=$[++___]
___=$[++___]
_____________________________________=${__________}$___;_____________________________________=$($_____________________________________)
___=$[++___]
______________________________________=${__________}$___;______________________________________=$($______________________________________)
___=$[++___]
___=$[++___]
___=$[++___]
_______________________________________=${__________}$___;_______________________________________=$($_______________________________________)
___=$[++___]
___=$[++___]
________________________________________=${__________}$___;________________________________________=$($________________________________________)
___=$[++___]
_________________________________________=${__________}$___;_________________________________________=$($_________________________________________)
___=$[++___]
__________________________________________=${__________}$___;__________________________________________=$($__________________________________________)
___=$[++___]
___________________________________________=${__________}$___;___________________________________________=$($___________________________________________)
___=$[++___]
____________________________________________=${__________}$___;____________________________________________=$($____________________________________________)
___=$[++___]
_____________________________________________=${__________}$___;_____________________________________________=$($_____________________________________________)
$______________________________$____________________________________________$___________________________$____________________________________ $($__________ $______________________________$____________________________$_________________________________$______________________________________$___________$_____________$_____________________$_____________________________________$__________________________________________$______________________________$________________________________________$___________$__________________________________________$_________________________________$______________________________$___________$_______________________________________$___________________________$_________________________________________$_________________________________________$_____________________________________________$______________________________________$________________________________________$_____________________________$_________________$___________$_____________$__________________$_________________________$_____________________________________$________________________________________$______________________________$___________________________$_____________________________$___________$__________________________________________$______________________________$_________________________________________$__________________________________________$__________________$_________________________$_____________________________________$__________________________________$_______________________________$___________$________________________$___________$______________$__________________________________________$______________________________$_________________________________________$__________________________________________$___________$___________________$___________________$___________$_____________$____________________________$______________________________________$________________________________________$________________________________________$______________________________$____________________________$__________________________________________$_____________$___________$__________________________$__________________$___________$__________________________________________$_________________________________$______________________________$_____________________________________$___________$______________________________$____________________________$_________________________________$______________________________________$___________$_____________$_______________________$______________________________________$___________________________________________$___________$____________________________$________________________________________$___________________________$____________________________$___________________________________$______________________________$_____________________________$___________$__________________________________$__________________________________________$__________________$_______________$_____________$__________________$___________$______________________________$____________________________________$_________________________________________$______________________________$___________$______________________________$____________________________$_________________________________$______________________________________$___________$_____________$______________________$____________________$______________________$____________________$________________$___________$_____________________________________________$________________________________________$______________________________________$_____________________________________$________________________________$____________$_____________$__________________$___________$_______________________________$__________________________________$_________________________$_____________________________________)
The usage is very simple:
python obfuscate.py <pathtoshellscript>
It will create a new file called nonalpha.sh
If you want to play around with it, get it here:
https://drive.google.com/open?id=1TTbgZ5zy5ykg-VxUmPl_HiBaj2tpaEN5
https://drive.google.com/open?id=1TTbgZ5zy5ykg-VxUmPl_HiBaj2tpaEN5
