|
1 | 1 | #!/usr/bin/env bash |
| 2 | +# |
| 3 | +# REQUIRES: coreutils + perl |
| 4 | +# OUTPUT: ${input}.st |
| 5 | +# source <(curl -qfsSL "https://raw.githubusercontent.com/pkgforge/devscripts/refs/heads/main/Misc/remove_upx_info.sh") |
| 6 | +#set -x |
| 7 | +#-------------------------------------------------------# |
| 8 | + |
| 9 | +#-------------------------------------------------------# |
| 10 | +##Main |
| 11 | +purge_upxh() |
| 12 | +{ |
| 13 | + ##Enable Debug |
| 14 | + if [ "${DEBUG}" = "1" ] || [ "${DEBUG}" = "ON" ]; then |
| 15 | + set -x |
| 16 | + fi |
| 17 | + #ENV |
| 18 | + if [[ -z "${SYSTMP+x}" ]] || [[ -z "${SYSTMP##*[[:space:]]}" ]]; then |
| 19 | + SYSTMP="$(dirname "$(mktemp -u)" | tr -d '[:space:]')" |
| 20 | + local SYSTMP="${SYSTMP}" |
| 21 | + fi |
| 22 | + input="$(realpath $1 | tr -d '[:space:]')" ; local input="${input}" |
| 23 | + p_name="$(basename ${input})" ; local p_name="${p_name}" |
| 24 | + c_wd="$(realpath .)" ; local c_wd="${c_wd}" |
| 25 | + input_tmp="${input}.upxtmp" ; local input_tmp="${input_tmp}" |
| 26 | + BIN="${input_tmp}" ; local BIN="${BIN}" |
| 27 | + output="${input}.st" ; local output="${output}" |
| 28 | + rm -f "${BIN}.tmpupx" "${input}.st" "${input}.upxtmp" 2>/dev/null |
| 29 | + cp -f "${input}" "${BIN}" |
| 30 | + #Strip |
| 31 | + if command -v perl &>/dev/null; then |
| 32 | + if [[ -s "${BIN}" ]] && [[ $(stat -c%s "${BIN}") -gt 3 ]]; then |
| 33 | + #Remove Headers: https://github.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet?tab=readme-ov-file |
| 34 | + echo -e "\n[+] Removing UPX Headers (perl) ${input} <==> ${BIN}" |
| 35 | + perl -i -0777 -pe 's/^(.{64})(.{0,256})UPX!.{4}/$1$2\0\0\0\0\0\0\0\0/s' "${BIN}" |
| 36 | + perl -i -0777 -pe 's/^(.{64})(.{0,256})\x7fELF/$1$2\0\0\0\0/s' "${BIN}" |
| 37 | + cat "${BIN}" \ |
| 38 | + | perl -e 'local($/);$_=<>;s/(.*)(\$Info:[^\0]*)(.*)/print "$1";print "\0"x length($2); print "$3"/es;' \ |
| 39 | + | perl -e 'local($/);$_=<>;s/(.*)(\$Id:[^\0]*)(.*)/print "$1";print "\0"x length($2); print "$3"/es;' >"${BIN}.tmpupx" |
| 40 | + mv "${BIN}.tmpupx" "${BIN}" |
| 41 | + grep -Eqm1 "PROT_EXEC\|PROT_WRITE" "${BIN}" \ |
| 42 | + && cat "${BIN}" | perl -e 'local($/);$_=<>;s/(.*)(PROT_EXEC\|PROT_WRI[^\0]*)(.*)/print "$1";print "\0"x length($2); print "$3"/es;' >"${BIN}.tmpupx" \ |
| 43 | + && mv "${BIN}.tmpupx" "${BIN}" |
| 44 | + perl -i -0777 -pe 's/UPX!/\0\0\0\0/sg' "${BIN}" |
| 45 | + #sstrip |
| 46 | + if [[ "${NO_SSTRIP}" != "1" ]]; then |
| 47 | + if ! command -v sstrip &>/dev/null && ! [[ -x "${SYSTMP}/.tmpbin/sstrip" ]]; then |
| 48 | + mkdir -p "${SYSTMP}/.tmpbin" |
| 49 | + curl -qfsSL "https://bin.pkgforge.dev/$(uname -m)-$(uname -s)/sstrip" -o "${SYSTMP}/.tmpbin/sstrip" &&\ |
| 50 | + chmod "a+x" "${SYSTMP}/.tmpbin/sstrip" &&\ |
| 51 | + local PATH="${SYSTMP}/.tmpbin:${PATH}" |
| 52 | + fi |
| 53 | + if command -v sstrip &>/dev/null; then |
| 54 | + echo "[+] Stripping (sstripping) ==> ${BIN}" |
| 55 | + sstrip --zeroes "${BIN}" |
| 56 | + fi |
| 57 | + fi |
| 58 | + #add-sections |
| 59 | + if [[ "${NO_ADD_SECTION}" != "1" ]]; then |
| 60 | + if ! command -v add-section &>/dev/null && ! [[ -x "${SYSTMP}/.tmpbin/add-section" ]]; then |
| 61 | + mkdir -p "${SYSTMP}/.tmpbin" |
| 62 | + curl -qfsSL "https://bin.pkgforge.dev/$(uname -m)-$(uname -s)/add-section" -o "${SYSTMP}/.tmpbin/add-section" &&\ |
| 63 | + chmod "a+x" "${SYSTMP}/.tmpbin/add-section" &&\ |
| 64 | + local PATH="${SYSTMP}/.tmpbin:${PATH}" |
| 65 | + fi |
| 66 | + if command -v add-section &>/dev/null; then |
| 67 | + echo "[+] Adding NULL Header (add-section) ==> ${BIN}" |
| 68 | + mkdir -p "${SYSTMP}/.tmpbin" |
| 69 | + cd "${SYSTMP}/.tmpbin" &&\ |
| 70 | + add-section --input "${BIN}" --output "${BIN}.tmp" &&\ |
| 71 | + mv -f "${BIN}.tmp" "${BIN}" |
| 72 | + cd "${c_wd}" |
| 73 | + fi |
| 74 | + fi |
| 75 | + #Move final executable |
| 76 | + mv -f "${BIN}" "${output}" && rm -f "${BIN}.tmpupx" "${input}.upxtmp" 2>/dev/null |
| 77 | + if [[ ! -s "${output}" ]] || [[ $(stat -c%s "${output}") -lt 3 ]]; then |
| 78 | + echo "[-] FATAL: Output file (${output}) is probably corrupted" |
| 79 | + else |
| 80 | + echo -e "[+] ${input} [$(stat -c'%s' ${input})] ==> ${output} [$(stat -c'%s' ${output})]\n" |
| 81 | + fi |
| 82 | + fi |
| 83 | + else |
| 84 | + echo "[-] FATAL: Requires perl" |
| 85 | + fi |
| 86 | + ##Cleanup |
| 87 | + [[ -d "${SYSTMP}/.tmpbin" ]] && rm -rf "${SYSTMP}/.tmpbin" 2>/dev/null |
| 88 | + cd "${c_wd}" |
| 89 | + ##Disable Debug |
| 90 | + if [ "${DEBUG}" = "1" ] || [ "${DEBUG}" = "ON" ]; then |
| 91 | + set +x |
| 92 | + fi |
| 93 | + } |
| 94 | +export -f purge_upxh |
| 95 | +#Call func directly if not being sourced |
| 96 | +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then |
| 97 | + purge_upxh "$@" <&0 |
| 98 | +fi |
| 99 | +#-------------------------------------------------------# |
0 commit comments