Tuesday, November 12, 2013

Non Alpha Numeric Shellscript


Making your shell script non alpha numeric


Ever had the need to obfuscate your complete shellscript by using non alpha numeric code? Now there is a tool for that ;) 

I already wrote some time ago about how to start writing non alpha numeric shellscript, but this would not support shell internals like if statements etc. But some days ago I found out that there exists an eval in bash, which makes it possible to support shell internals.

The basic steps my script does are the following:
1. Get via Regex enough characters to build echo -e \0
2. Increase a counter
3. Concat the counter with echo -e \0 to create needed characters
4. Step 3 is repeated to get every character. 
5. create eval
6. concat all characters and pass them to eval

Take this shellscript as an example:
____________________________________________________________________

echo "Enter the password: ";
read test;
if [ $test == "correct" ]; then echo "You cracked it;)"; else echo "HAHA, wrong!"; fi

After processing it, it will look like this (abbreviated)



/????\+?????
__=$_
. .
___=$?
____=___
____=$[++____]
____=$[++____]
____=$[++____]
_____=${__:____:___}
_______=${__:___+___:___}
__=/?${_____}?
$__
__=$_
______=${__:___:___}
________=${__:___+___+___:___}
__=/?${_______}?${______}
$__
__=$_
_________=${__:___:___}
__________=${______}${________}${_________}${_______}" -"${______}" "\\$[___-___] ___=$[++___]
[..]
___=$[++___]
___________=${__________}$___;___________=$($___________)
___=$[++___]
____________=${__________}$___;____________=$($____________)
___=$[++___]
_____________=${__________}$___;_____________=$($_____________)
___=$[++___]
___=$[++___]
______________=${__________}$___;______________=$($______________)
___=$[++___]
[..]
___=$[++___]
_______________=${__________}$___;_______________=$($_______________)
___=$[++___]
___=$[++___]
___=$[++___]
________________=${__________}$___;________________=$($________________)
___=$[++___]
___=$[++___]
___=$[++___]
[..]
___=$[++___]
___=$[++___]
_________________=${__________}$___;_________________=$($_________________)
___=$[++___]
__________________=${__________}$___;__________________=$($__________________)
___=$[++___]
___=$[++___]
___________________=${__________}$___;___________________=$($___________________)
___=$[++___]
[..]
___=$[++___]
____________________=${__________}$___;____________________=$($____________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
_____________________=${__________}$___;_____________________=$($_____________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
______________________=${__________}$___;______________________=$($______________________)
___=$[++___]
___=$[++___]
[..]
___=$[++___]
___=$[++___]
_______________________=${__________}$___;_______________________=$($_______________________)
___=$[++___]
___=$[++___]
________________________=${__________}$___;________________________=$($________________________)
___=$[++___]
_________________________=${__________}$___;_________________________=$($_________________________)
___=$[++___]
__________________________=${__________}$___;__________________________=$($__________________________)
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___=$[++___]
___________________________=${__________}$___;___________________________=$($___________________________)
___=$[++___]
___=$[++___]
____________________________=${__________}$___;____________________________=$($____________________________)
___=$[++___]
_____________________________=${__________}$___;_____________________________=$($_____________________________)
___=$[++___]
______________________________=${__________}$___;______________________________=$($______________________________)
___=$[++___]
_______________________________=${__________}$___;_______________________________=$($_______________________________)
___=$[++___]
________________________________=${__________}$___;________________________________=$($________________________________)
___=$[++___]
___=$[++___]
___=$[++___]
_________________________________=${__________}$___;_________________________________=$($_________________________________)
___=$[++___]
__________________________________=${__________}$___;__________________________________=$($__________________________________)
___=$[++___]
___=$[++___]
___________________________________=${__________}$___;___________________________________=$($___________________________________)
___=$[++___]
____________________________________=${__________}$___;____________________________________=$($____________________________________)
___=$[++___]
___=$[++___]
_____________________________________=${__________}$___;_____________________________________=$($_____________________________________)
___=$[++___]
______________________________________=${__________}$___;______________________________________=$($______________________________________)
___=$[++___]
___=$[++___]
___=$[++___]
_______________________________________=${__________}$___;_______________________________________=$($_______________________________________)
___=$[++___]
___=$[++___]
________________________________________=${__________}$___;________________________________________=$($________________________________________)
___=$[++___]
_________________________________________=${__________}$___;_________________________________________=$($_________________________________________)
___=$[++___]
__________________________________________=${__________}$___;__________________________________________=$($__________________________________________)
___=$[++___]
___________________________________________=${__________}$___;___________________________________________=$($___________________________________________)
___=$[++___]
____________________________________________=${__________}$___;____________________________________________=$($____________________________________________)
___=$[++___]
_____________________________________________=${__________}$___;_____________________________________________=$($_____________________________________________)
$______________________________$____________________________________________$___________________________$____________________________________ $($__________ $______________________________$____________________________$_________________________________$______________________________________$___________$_____________$_____________________$_____________________________________$__________________________________________$______________________________$________________________________________$___________$__________________________________________$_________________________________$______________________________$___________$_______________________________________$___________________________$_________________________________________$_________________________________________$_____________________________________________$______________________________________$________________________________________$_____________________________$_________________$___________$_____________$__________________$_________________________$_____________________________________$________________________________________$______________________________$___________________________$_____________________________$___________$__________________________________________$______________________________$_________________________________________$__________________________________________$__________________$_________________________$_____________________________________$__________________________________$_______________________________$___________$________________________$___________$______________$__________________________________________$______________________________$_________________________________________$__________________________________________$___________$___________________$___________________$___________$_____________$____________________________$______________________________________$________________________________________$________________________________________$______________________________$____________________________$__________________________________________$_____________$___________$__________________________$__________________$___________$__________________________________________$_________________________________$______________________________$_____________________________________$___________$______________________________$____________________________$_________________________________$______________________________________$___________$_____________$_______________________$______________________________________$___________________________________________$___________$____________________________$________________________________________$___________________________$____________________________$___________________________________$______________________________$_____________________________$___________$__________________________________$__________________________________________$__________________$_______________$_____________$__________________$___________$______________________________$____________________________________$_________________________________________$______________________________$___________$______________________________$____________________________$_________________________________$______________________________________$___________$_____________$______________________$____________________$______________________$____________________$________________$___________$_____________________________________________$________________________________________$______________________________________$_____________________________________$________________________________$____________$_____________$__________________$___________$_______________________________$__________________________________$_________________________$_____________________________________)



The usage is very simple:
python obfuscate.py <pathtoshellscript>

It will create a new file called nonalpha.sh
If you want to play around with it, get it here: