SHC v4 Hardening Challange :
With the new hardening experimental features, flags -H -s or just -H that aim to fix all current exploits, the challenge here is to find any new easy exploit.

This is a hacking challenge to reverse, decompile the bash, intercept, crack, or find an exploit in the purpose of decoding the bash source.

The hardening implementation is not perfect, but i did not found any new easy exploit as before... do you have any idea :D ?

Flag (-s) : set the binary to a single process (need -H)
Flag (-H) : enable hardening features

How hardening feature works :

• Check the name of the parent process
• Use ptrace to trace itself and lock tracing as only one process can be the tracer
• Seccomp-Sandboxing to avoid code injection and or function call out of it contexte
• Improved chromatography for used variable.

Known possible exploit (hard - not tested) :

• Injecting code in parent process to ptrace child
• Intercepting decrypted bash variable
• Custom patched kernel
• LD_PRELOAD
• Sandbox-it

Known possible exploit (easy - not tested) :

• Custom patched bash shell

Possible protection improvement :

• Piping bash #51
• Use some techniques from https://github.com/jvoisin/pangu
• Lock the binary to be only runnable in a single defined machine

THE GAME IS OPEN :D

Note : this challenge is only in the spot of hardening features, otherwise the app is easily exploitable... also you may be interested in the old exploit tool https://github.com/yanncam/UnSHc

Bounty : 100 free licenses for pro version ! hahahhahahahahhahahaha (just kidding indeed)

@intika I just fork it in Rust, Please hack it, haha .
currently it's very simple one.
https://github.com/chenyukang/rshc