How to compile a linux shell script to be a standalone executable *binary* (i.e. not just e.g. chmod 755)?

scripting executable binary compilation obfuscation

I'm looking for a free open source tool-set that will compile various "classic" scripting languages, e.g. Korn Shell, ksh, csh, bash etc. as an executable -- and if the script calls other programs or executables, for them to be included in the single executable.

Reasons:

  1. To obfuscate the code for delivery to a customer so as not to reveal our Intellectual Property - for delivery onto a customer's own machine/systems for which I have no control over what permissions I can set regarding access, so the program file has to be binary whereby the workings cannot be easily seen by viewing in a text editor or hexdump viewer.

  2. To make a single, simply deployed program for the customer without/or a minimal amount of any external dependencies.

I would prefer something simple without the need for package manager since:

  1. I can't rely on the customer's knowledge to carry out (un) packaging instructions and

  2. I can't rely on the policies governing their machines regarding installing packages (and indeed from third parties).

The simplest preferred approach is to be able to compile to proper machine code a single executable that will run out of the box without any dependencies.


Solution 1:

The solution that fully meets my needs would be SHC - a free tool, or CCsh a commercial tool. Both compile shell scripts to C, which then can be compiled using a C compiler.

Links about SHC:

  • https://github.com/neurobin/shc
  • http://www.datsi.fi.upm.es/~frosal/
  • http://www.downloadplex.com/Linux/System-Utilities/Shell-Tools/Download-shc_70414.html

Links about CCsh:

  • http://www.comeaucomputing.com/faqs/ccshlit.html

Solution 2:

You could use this: http://megastep.org/makeself/

This generates a shell script that auto-extracts a bundled tar.gz archive into the temporary directory, and then can run an arbitrary command upon extraction.

Using this tool, you can provide only one shell script to the client.

This script will then extract your ofbsh obfuscated scripts and binaries into /tmp, and run them transparently.

Related

How to reverse geocode without Google? [closed]
Using IConfiguration in C# Class Library
Tree plotting in Python
Draggable div without jQuery UI
Understanding ASP.NET Eval() and Bind()
Upgrade python without breaking yum
CMake: how create a single shared library from all static libraries of subprojects?
Using custom font in a UIWebView
UICollectionView Assertion failure
Noun to describe a person whether easy or not to be influenced by others
"There is a difference between..." vs "there is the difference between..." is there a difference? [closed]
Combination 'and' with 'from'