F.A.Q - Bash Script Obfuscation (Obfuscate, Protect Shell Script Source Code)
All atshai.com protected bash scripts are designed to send out notifications by default in the event of a hack attempt. Notifications will NOT be sent out IF the user runs the protected script as "expected" and "does not" try to figure out how it works!
Why are notifications sent out to begin with?
Think of it as an alarm system. The reason you're on this particular website is because you want to keep your source code hidden and secure. In some cases, you may wish to know precisely where your code is and how it is being used. For such scenarios, the automatic notifications are very useful. But don't worry. This is a configurable option. You can enable/disable auto-notify during obfuscation of each bash script/project.
To obfuscate bash shell scripts, you have two options.
- Online Submissions
- This option is ideal if you wish to simply upload your bash scripts to the enscrypt.io web interface. With this option, you can submit up to the number of unique scripts allowed under the plan you purchased.
- OnPrem Licenses
- This option allows for the usage of the bash script obfuscator on your own private hosts. No need to upload any script to our web portal.
- This is a great option for users who do NOT wish to externally upload bash scripts they believe to be extremely sensitive.
- You will be permitted to use the AtShai bash obfuscator for as long as the license period is valid. And yes, there is currently NO limit to the number of bash scripts you can obfuscate using the OnPrem license.
For licenses, upon payment verification, the latest version of the bash obfuscator will be automatically generated and the download link for it will be sent to you. You'll receive it within 30 to 60 seconds of payment completion. If you do not receive it within 5 minutes, shoot us an email at Support@EnScryption.com.
Unless requested otherwise, the download link will be sent to the email address of the account that payment was made with.
For online submission accesses, after payment is confirmed, an email will be sent to you with the login details needed to access the web interface for uploading bash scripts.
No. You do not need to obfuscate bash scripts on the server or host they will run on. There's no need for that.
You can obfuscate a bash script on any Mac, Ubuntu or Red Hat system and then be able to run the obfuscated script on other systems.
Scripts obfuscated by us have been tested and verified to work on Ubuntu, Red Hat, CentOS, SunOS, AIX and Embedded (watered-down) Unix systems...i.e. busybox or Android.
There are two main reasons an obfuscated bash script would fail to work:
- It has either expired or had its name changed to a name different from the name given to it during obfuscation.
- Once a bash script is obfuscated, you cannot rename the obfuscated script. If you do, it will not function.
- Once a bash script expires, to regain the functionaility it provides, you must re-obfuscate it and be mindful of the expiration date.
- An attempt was made to tamper with it in order to figure out how it works.
- We are quite aware that our obfuscation methodology is unique and there is absolutely nothing like it anywhere else on the internet. For this reason, there will be many hackers who will try to break it apart in an effort to replicate it or for some other nefarious reason.
- To successfully combat this, a series of sensitivity checks are included in all AtShai.com protected bash scripts. What that means is, whenever our obfuscation algorithm detects that a user is attempting hack an obfuscated script, we will automatically cause the script to self destruct.
- We take the security of every bash script obfuscated through us very seriously and we do not tolerate hack attempts.
If your bash script self-destructs, the only way to get it working again is to replace it with a new copy that has not been altered.
Contact us at [ Support@EnScryption.com ] if you need additional help. In your email, make sure to provide a copy and paste of all the steps (and their results) that you performed.
There is no "install". Yes, it is safe to use an AtShai.com protected script on your system.
Yes you can. If you're uploading your bash scripts to the web interface, you're authorized to upload as many unique scripts as your chosen plan allows.
If you're using the OnPrem license, you can simply point the obfuscator to the directory containing the bash/shell scripts you wish to obfuscate and the obfuscator will take over.
Yes. After obfuscation, you can expect your shell script to behave exactly as it was before it was obfuscated. Only difference will be, after obfuscation, no one will be able to view the actual code.
No. Once obfuscated, it cannot be de-obfuscated. We recommend creating backups of your original plain text script before submitting it to the bash obfuscator.
Currently, our obfuscation algorithm can be used to protect shell, perl, ruby, python, rcode, javascript, powershell and php scripts. Those were the most commonly requested languages for obfuscation.
If the script you wish to obfuscate is written in a language currently not supported, dont worry. Just contact us at [ Support@EnScryption.com ] and provide the following information:
- The name of the interpreted language your script is written in
- A sample code written in this interpreted language
- How you normally go about running the script
- The OS(es) you intend to run the obfuscated scripts on
- Date Management - Assign expiration dates to your bash scripts
- License Management - Regulate the redistribution of all obfuscated bash scripts
- User Management - Restrict usage of protected bash scripts to specific Users
- Host Management - Restrict usage of obfuscated bash scripts to specific Hosts
- Duplication Prevention - Prevent multiple functional copies of your bash scripts
- Instance Management - Restrict simultaneous or multiple running instances of your scripts
- Tamper Resistance - Auto self-destructs whenever a user tries to figure out how it works
- We monitor for this and we block them at every turn.
- Access Management - Remotely disable script usage if user is found to be in violation of licensing terms.
- Some users have nefarious intentions when they purchase online software. Upon purchasing a software, these users typically request a refund immediately after. And after the refund is given, they continue to use the software.
- AtShai.com puts an end to this. Our customers have the option to make their script require internet connectivity.
- If a customer opts to make her script require internet connection, then users of the script will NOT be able to run the script if they're not connected to the internet.
- Report Generator - Get a dashboard that details where your script(s) are being used.
- If your script(s) were meant to be used at the office in San Francisco but you find out they are now being used in France as well, you might want to know how that happened.
-
a) Ensures an obfuscated script does not function if it detects that a necessary tool on the system has been altered
-
Example:
-
Some users may build a modified version of a binary and then try to use that version to investigate our obfuscation/obfuscation algorithm.
-
- The tamper resistance feature will detect this and will stop the script from working!
-
b) Ensures that a protected script never works if the user is doing anything other than running it.
-
- There are many interesting ways users can attempt to break a protected script.
-
c) Ensures it is impossible for any user to modify a protected script
-
- This provides script owners control of their commercial bash scripts in case a user misbehaves.
-
a). Know when your script is being illegally used
Yes. We offer a 60-Day Money Back Guarantee. Refunds will be granted only under 1 condition:
- If you are actually able to successfully unlock any of our obfuscated bash scripts in under 60 days.
- Under this scenario, to qualify for the refund, we'll need to see proof.
It is highly unlikely for that to happen. One of the many unique attributes which makes our bash obfuscator secure is the fact that it is strenghtened on a very frequent basis and the frequency with which it is updated is based solely on the discovery or detection of newly developed hacking tactics.
Since the inception of our website, many users have attempted to break our obfuscation algorithm. In the very early stages of our tool, some were actually able to crack open a few doors, and once that happened, we detected it and promptly closed the associated loopholes. Given the continous implementations of several countermeasures similar to this, we feel confident that our obfuscation tool as it stands right now and going forward, is strong enough to ensure access to your most sensitive bash scripts is well guarded!
If you want more assurance that our obfuscation is as strong as we claim it to be, email us a sample script. We'll obfuscate it for you and provide you with the obfuscated copy. You can then test it out and see if you can crack it. Take your time. Give it to the most experienced hackers you know. Let them take a stab at it. If they can't get to the source code, well, there goes your answer.
Yes, it is very easy to do.
We provide several automation options. Some are built into the obfuscation tool. Others can be custom developed, at no additional cost, for licensed on-prem users.
If you're a online user, depending on your plan, you will be able to upload as many scripts as you want in one session and have the obfuscated files put in one package (.zip), which can be delivered however you wish.
If you intend to make a purchase, simply shoot us an email with one or two sample scripts. We'll obfuscate them for you with a 24 hour expiration date added to it.
Yes.
Along with other security measures, we allow users to specify how long a script is to be valid for. After the user specified date, the script will no longer function. If you do not wish for your obfuscated bash script to expire, simply specify 7000d for the expiration. 7000d equals approximately 19+ years.
With the OnPrem license, you can obfuscate an unlimited number of shell scripts. With Online submissions, you can upload up to the number of scripts specified for your chosen plan.
- Protect sensitive information and intellectual property
- Eliminate the ability of others to keep tabs on you, if you work in a lab-like environment where everyone has root access
-
Our obfuscation tool ensures even those with root privileges cant view your scripts
- Hide passwords from public view, make it impossible for anyone to access them
- Sell your scripts to a third party without giving away any proprietary information
- Get alert notifications - Create records of attempts of intellectual thievery
-
Our obfuscation tool ensures even those with root privileges cant view your scripts
- A script obfuscated by AtShai.com is protected under the expectation it is only to be executed, not inspected. When a user of an obfuscated script tries to break it apart to see how it works, a record of such attempt will be logged.
Yes. We can obfuscate all forms of shell scripts..i.e. bash, ksh, csh, zsh. Additionally, we can also obfuscate Powershell (.ps1), Perl, Ruby, Python, CLI & Web PHP scripts, Rcode scripts and JavaScript files.
During submission of your scripts, you may specify how long the obfuscated version should be valid for. Examples: 1d (1day), 2w (2weeks), 4mo(4months), 7000d (for 19+ years).
Note, all scripts submitted using the free service will expire and self-destruct within 24 hours.
Get Online Access to our specialized Bash Script Obfuscator.
- This option will allow you to upload shell scripts of all types to our web interface for a quick and easy, point and click obfuscation.
Purchase and download your own personalized (and obfuscated) version of our Obfuscation tool
- This option will enable you to avoid submitting any extremely sensitive bash scripts to our website
-
It allows you to obfuscate as many scripts as you need, right from your own private host and from the command line.
Here are your realistic options:
- Rely on permissions/ownership (chmods/chowns) as your only means of protection
- Use an open-source obfuscation method - which makes your scripts more likely to be successfully hacked!
Yes. If you run into an issue running an obfuscated script on any particular operating system...just shoot us an email. We'll update the obfuscator with the necessary features necessary to accommodate that OS. And, if we're unable to help you, you get a refund. It's that simple.
There are quite a number of different methods a determined hacker can use to attempt to hack a protected script. One of such ways is altering the binary files of the programming language your script is written in.
AtShai.com is aware of these types of tactics and steps have been taken to combat them effectively.
Whenever an AtShai.com protected script is run on a system, it does a variety of checks simultaneously. These checks confirm the validity of the environment in which the obfuscated script is about to be executed. If the our algorithm senses that a component has been tampered with or simply isn't in the expected state it will refuse to run the obfuscated script and will abort immediately.
If you're not trying to hack the script, or figure out how our algorithm works, feel free to shoot us an email. In your email, provide a copy and paste of the exact error messages you encountered and the name of the Operating System your script was run on.
Yes. Your obfuscated scripts can run under Android systems. During obfuscation of the scripts, simply specify "android" instead of "autogenerate" or "embedded" at the command line.
To run an obfuscated script on an android machine, you can utilize the apps known as "Termux", "Terminal Emulator", "Root Browser".