Hi, I found a really simple way to decompile compiled scripts without strace.
Here is the tool (bash fork) that I have written to do that in a really simple way:
Repo: https://github.com/niansa/bash-shxdumper
Instructions: https://github.com/niansa/bash-shxdumper/blob/master/README.md

Possible solution: include the entire interpreter inside the compiled binary

Closed until my rewrite is done

Rewrite done, reopening now

Nearly impossible to protect against this. And even every script ship its own bash binary, you can also use an modified linux kernel to get the decompiled script. How can you protect from linux itself, that didnt gives you the ability to use ptrace, seccomp and other protections? I would say shc cannot protect against these attack vectors, but for the most cases it works.

Sure, everything is crackable... But also I am sure there are ways to make it even harder... I though of converting it all to actual C code!

Which is something I am actually currently working on. ;-)

bash, sh, zsh, fish, `different syntax. implement every command (because some command in different platform is also different).. if you done this, it would be a great great great work.

My first result converts the code to kind-of C++ code, but with a lot of stuff still being stored as strings and processed by interpretation. So not quite ready.

Edit: for now it's bash only, but implementing different syntaxes should be easy.

First prototype is working, see https://gitlab.com/niansa/simpsh-httpd

The original code is in the root directory, the generated c code is in the cport directory. However, I had to entirely rewrite readrequest and some stuff in config.c got messed up entirely. Otherwise, the generated code works perfectly fine.
I will publish the transpilers source code as soon as it's stable and fast enough.

I gave up.