execute commands from an app?

georgi.2022

New Member
Joined
Jun 15, 2022
Messages
1
Reaction score
0
Credits
18
Hi fellas!

Not sure exactly where to place this question but it is related to executing commands, just that they are going to be run from an app.
I would also like to not leave any tracks of the commands that the app executes, so user shouldn't be able to run history in terminal and extract all the commands.

The app is built for a company and their needs, but they want to "protect" the commands.

My thought have been to create an app that is difficult to extract source code from, using c++ perhaps?
The app will also be connected to their server, for checking active license and fetching new commands.
The app will have a collection of commands, example cmd 1, cmd 2 and so on and each cmd will probably be a series of commands in itself.

How would you guys plan this?

I need to protect source-code also, which is why im leaning at c++ but im also able to use python, and js/nodejs/reactnative etc, especially for testing and trial.

Thanks
 


Some random thoughts on the matter which may or may not be useful:
- using acls (access control lists) to control access to files: man acl.
- controlling file attributes: man chattr.
- controlling terminals, for example, running a script in a terminal and deleting the terminal as part of that script can control what appears in history depending on the way history is configured on the system.
- though an executable script name is usually recorded in history when it's run, the commands executed from inside a script are usually not. To get everything that is happening one needs to run a probing app like strace.
- if you want to take a deep dive you could consider mangling the elf executables to hide code in the headers to obscure data from elf readers.
 
The Bash shell typically includes a $HISTFILE variable. When running commands, you should be able to prepend
unset HISTFILE
to disable history.

Depending what commands you're running, they may also store log data, which is typically found in /var/log.

Those with the right tools and desire can de-compile or reverse-engineer compiled code.
 
Those with the right tools and desire can de-compile or reverse-engineer compiled code.
Ah ... if only that was the case now, we'd have linux wifi drivers and high end linux nvidia graphics card's drivers able to use the full functionality of those hardware items. Alas, it's not always the case, but maybe in the future.
 
Last edited:

Staff online


Top