| Previous Post | Top | Next Post |
TOC
This was originally written and created around 2013 and may require to be updated. (2021)
Shell code with GnuPG
Here are code examples which I thought interesting.
Encrypted code
Let’s make an obfuscated shell code by encrypting its real code contents.
The following creates an encrypted ASCII file hello.asc (passphrase used was
“secret”) from hello.
Encrypting hello shell script into hello.asc
$ cat ./hello
#!/bin/sh
# my first shell program
echo "Hello, world!"
$ gpg -ca ./hello
Enter passphrase:
Repeat passphrase:
$ cat ./hello.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (GNU/Linux)
jA0EAwMCz+Uhs2ZYpdRgyU8jzGO2hKSDOpQgXmUxsIJqgrjo+CQFiGw8z0CU5YIk
163JjuP2U4IXl+np8z0TiVqzl1exf5zn1cExELFhuv8yho2RkvINGq0zXYYVDaqd
=DjhI
-----END PGP MESSAGE-----
Let’s add decrypting shell code to this hello.asc to make an obfuscated
Shell hello-secret as follows.
Obfuscated Shell hello-secret
#!/bin/sh
cat - <<EOF | gpg -d --no-mdc-warning | while read x ;do eval "$x"; done
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (GNU/Linux)
jA0EAwMCzD3qgP+sk8RgyU+RoomNr++CuLZb0IC4xELogppqajA2V6IrGAg8Vh5w
IEhoJXm8FqA6QuaT7+sqnf5GzvYy8JkiSr4Ucd1cL0xCF6F+yLmbjFh/L5k68LLa
=Kx5I
-----END PGP MESSAGE-----
EOF
This script can be executed if you know the secret passphrase as follows.
Executing hello-secret while providing the passphrase
$ chmod 755 ./hello-secret
$ ./hello-secret
gpg: CAST5 encrypted data
Entere passphrase:
gpg: encrypted with 1 passphrase
Hello, world!
Check modification
The identity verification of a file can be simplified by using cryptographic hash function such as:
Sometimes, you wish to check non-malicious user modifications to a configuration file from the configuration helper script. Here is a very light weight check method without GPG signature which I deployed for the im-config package.
An example of configuration file test.conf
# im-config(8) generated on Sat, 26 Jun 2010 11:41:39 +0900
run_im default
You can add a signature generated by the MD5 cryptographic hash function to
this configuration file test.conf.
Add the MD5 hush value
$ echo "# config signiture: $(md5sum < test.conf)" >> test.conf
$ cat test.conf
# im-config(8) generated on Sat, 26 Jun 2010 11:41:39 +0900
run_im default
# config signiture: b4adf8baabbc92cf765f58e30f74c5e5 -
Let’s verify that this has not been inadvertently modified by users with the MD5 hush value.
Check the MD5 hush value before modification
$ if [ "# config signiture: $(head -n -1 test.conf | md5sum)" = \
"$(tail -n 1 test.conf)" ]; then \
echo "... UNchanged" ; \
else \
echo "*** changed" ; \
fi
... UNchanged
Let’s make a modification to test.conf and check with the same method.
Check the MD5 hush value after modification
$ sed -i -e "s/r/R/" test.conf
$ cat test.conf
# im-config(8) geneRated on Sat, 26 Jun 2010 11:41:39 +0900
Run_im default
# config signituRe: b4adf8baabbc92cf765f58e30f74c5e5 -
$ if [ "# config signiture: $(head -n -1 test.conf | md5sum)" = \
"$(tail -n 1 test.conf)" ]; then \
echo "... UNchanged" ; \
else \
echo "*** changed" ; \
fi
*** changed
This method is only good for detecting non-malicious user modifications.
| Previous Post | Top | Next Post |