shc is a shell script compiler for Unix-like operating systems written in the C programming language. The Shell Script Compiler (SHC) encodes and encrypts shell scripts into executable binaries. Compiling shell scripts into binaries provides protection against accidental changes and source code modification, and is a way of hiding shell script source code.[1]
shc takes a shell script which is specified on the command line by the -f option and produces a C source code of the script with added encryption. The generated source code is then compiled and linked to produce a binary executable. It is a two step process where, first, it creates a filename.x.c file of the shell script file filename. Then it is compiled with cc -$CFLAGS filename.x.c to create the binary from the C source code with the default C compiler.[1]
shc
-f
filename.x.c
filename
cc -$CFLAGS filename.x.c
The compiled binary will still be dependent on the shell specified in the shebang (eg. #!/bin/sh), thus shc does not create completely independent binaries.[2]
#!/bin/sh
shc itself is not a compiler such as the C compiler, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system C compiler to compile the source shell script and build a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shells'-c option.[2]
-c
Group and others read permission is now removed by default.
The -m option allows to define the *complete* expiration message. Updated manpage shc.1
-D switch on Debug exec calls. -T switch off unTraceable.
Where exists, use /proc/<pid>/as in untraceable.
(i.e. #!/bin/sh -- ) GCC "warning: return type of `main' is not `int'" removed
{{cite web}}