I have a bash script that I would like to obfuscate the best I can (without encrypting it, but I could use a fingerprint reader), and I would like to know a good modern way to do that as of 2024 (e.g., solving shc
vulnerabilities). All references that I’ve found are quite old or unreliable.
I’m the only user of my Linux installation, but I would like to protect my script from malicious software/memory inspection/etc.
What I have done so far is to compile it with the old shc
, and to prevent the script for waiting or running anything but immediate tasks (so hopefully no ps
would see its source code). I have it in my encrypted HOME partition, but of course it is always open if I am working at the computer.
A few years back there was some way of still getting the source code of the original script when compiled with shc
, but I don’t know if shc
still has that vulnerability.
I know there is obash
, but I don’t know if it is better.
Is there a better way today?
EDIT
I am asking the best way to obfuscate, not an inviolable one, in which case it would not be called just an “obfuscation”. I am aware that a skilled attacker can read obfuscated code. But if the obfuscated code then stops some attackers, then it is already better than nothing. That is why I use seat belt in my car, despite the fact that it does not make me immortal. See https://security.stackexchange.com/a/219348