I want to make an AppleScript that generates a salted hash with Terminal. Is there a specific Terminal command that can generate a salted hash, preferably a secure one like SHA-512? If possible, I would like one that's a one-liner so I can use it with the do shell script command. I searched the web but didn't find a way to generate a salted hash in Terminal, just a regular one.
I'm running OS X Mavericks 10.9.5.
From what I understand, at least conceptually, what you're asking for requires 2 steps:
Obtain a random salt value.
Concatenate the salt value with the input text (password) and compute the hash for the combined value.
For later verification, you'll have to store the salt along with the resulting hash.
The following AppleScript handlers wrap shell functions that provide the requisite functionality - they're preceded by sample invocations.
Disclaimer: my understanding of this field is limited, so take these functions with a grain of salt (ha!).
The salt-generating function was gratefully adapted from this post.
# Sample text to hash.
set passwd to "somePassword"
# Generate salt value with 10 chars, amounting to about a 64-bit value.
set salt to generateSalt(10)
# Compute hash from combined salt and input value.
set hash to getSha512(salt & passwd)
# SYNOPSIS
# getSha512(text)
# DESCRIPTION
# Calculates and outputs TEXT's hash value using the SHA-512 (SHA-2) algorithm.
# Output is a 128-characters string composed of lowercase hexadecimal digits.
# To create a salted hash, obtain a salt with generateSalt() first and
# prepend it to the text to hash.
# PREREQUISITES
# Requires either the sha512sum or the shasum utility. One or the other should be
# available on BSD/OSX and Linux systems.
# EXAMPLE
# set salt to generateSalt(20)
# set hash to getSha512(salt & passwd)
on getSha512(txt)
do shell script "
getSha512() {
local -a shaCmd
if command -v sha512sum &>/dev/null; then
shaCmd=( sha512sum )
elif command -v shasum &>/dev/null; then
shaCmd=( shasum -a 512 )
else
{ echo 'ERROR: Cannot locate SHA-512-generating utility.' >&2; return 1; }
fi
# Invoke the SHA-generating command and output the first space-separated field.
# (The subsequent fields indicate the mode and input filename.)
\"${shaCmd[#]}\" <<<\"$1\" | cut -d' ' -f1
return \"${PIPESTATUS[0]}\"
}
getSha512 " & quoted form of txt
end getSha512
# SYNOPSIS
# generateSalt(numChars)
# DESCRIPTION
# Generates NUMCHARS random *printable* ASCII characters that can serve as
# cryptographic salt. Due to the range of printable characters, each character
# returned contains ca. 6.55 bits of information.
# Thus, for instance, to get a 64-bit salt value, specify 10 for NUMCHARS.
# For a 128-bit value, specify 20.
# Use /dev/urandom as the source of random data.
# PREREQUISITES
# File /dev/urandom as a source of random bytes.
# The `head` utility must support the -c option to extract a number of *bytes*.
# Both BSD/OSX and Linux systems fulfill these requirements.
# EXAMPLE
# set salt to generateSalt(20) # get a ca. 128-bit salt value as 20 printable ASCII chars.
on generateSalt(numChars)
do shell script "
generateSalt() {
[[ -c /dev/urandom ]] || { echo 'ERROR: Random source /dev/urandom not available.' >&2; return 1; }
LC_ALL=C tr -cd '!\"#$%&'\\''()*+,-./0123456789:;<=>?#ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~' < /dev/urandom | head -c $1
}
generateSalt " & numChars
end generateSalt
Related
I recently upgraded to fish 3.0.1 via Homebrew 2.0.1 on MacOS Mojave 10.14.2. Since the upgrade, the following error message appears every time fish starts:
contains: Unknown option '-gx'
/usr/local/Cellar/fish/3.0.1/share/fish/config.fish (line 426):
if not contains $entry $result
^
in function '__fish_macos_set_env'
called on line 228 of file /usr/local/Cellar/fish/3.0.1/share/fish/config.fish
with parameter list 'PATH /etc/paths /etc/paths.d'
from sourcing file /usr/local/Cellar/fish/3.0.1/share/fish/config.fish
called during startup
contains - test if a word is present in a list
Synopsis
contains [OPTIONS] KEY [VALUES...]
contains: Type 'help contains' for related documentation
contains: Unknown option '-e'
/usr/local/Cellar/fish/3.0.1/share/fish/config.fish (line 426):
if not contains $entry $result
^
in function '__fish_macos_set_env'
called on line 228 of file /usr/local/Cellar/fish/3.0.1/share/fish/config.fish
with parameter list 'PATH /etc/paths /etc/paths.d'
from sourcing file /usr/local/Cellar/fish/3.0.1/share/fish/config.fish
called during startup
contains - test if a word is present in a list
Synopsis
contains [OPTIONS] KEY [VALUES...]
contains: Type 'help contains' for related documentation
My first reflex was to have a look in the offending file, namely /usr/local/Cellar/fish/3.0.1/share/fish/config.fish, but this file is only 306 lines long, and therefore does not seem to contain the infamous line 426. I am copying this file below, in case it proves useful:
# Main file for fish command completions. This file contains various
# common helper functions for the command completions. All actual
# completions are located in the completions subdirectory.
#
# Set default field separators
#
set -g IFS \n\ \t
set -qg __fish_added_user_paths
or set -g __fish_added_user_paths
#
# Create the default command_not_found handler
#
function __fish_default_command_not_found_handler
printf "fish: Unknown command %s\n" (string escape -- $argv[1]) >&2
end
if status --is-interactive
# The user has seemingly explicitly launched an old fish with too-new scripts installed.
if not contains -- "string" (builtin -n)
set -g __is_launched_without_string 1
# XXX nostring - fix old fish binaries with no `string' builtin.
# When executed on fish 2.2.0, the `else' block after this would
# force on 24-bit mode due to changes to in test behavior.
# These "XXX nostring" hacks were added for 2.3.1
set_color --bold
echo "You appear to be trying to launch an old fish binary with newer scripts "
echo "installed into" (set_color --underline)"$__fish_data_dir"
set_color normal
echo -e "\nThis is an unsupported configuration.\n"
set_color yellow
echo "You may need to uninstall and reinstall fish!"
set_color normal
# Remove this code when we've made it safer to upgrade fish.
else
# Enable truecolor/24-bit support for select terminals
# Ignore Screen and emacs' ansi-term as they swallow the sequences, rendering the text white.
if not set -q STY
and not string match -q -- 'eterm*' $TERM
and begin
set -q KONSOLE_PROFILE_NAME # KDE's konsole
or string match -q -- "*:*" $ITERM_SESSION_ID # Supporting versions of iTerm2 will include a colon here
or string match -q -- "st-*" $TERM # suckless' st
or test -n "$VTE_VERSION" -a "$VTE_VERSION" -ge 3600 # Should be all gtk3-vte-based terms after version 3.6.0.0
or test "$COLORTERM" = truecolor -o "$COLORTERM" = 24bit # slang expects this
end
# Only set it if it isn't to allow override by setting to 0
set -q fish_term24bit
or set -g fish_term24bit 1
end
end
else
# Hook up the default as the principal command_not_found handler
# in case we are not interactive
function __fish_command_not_found_handler --on-event fish_command_not_found
__fish_default_command_not_found_handler $argv
end
end
#
# Set default search paths for completions and shellscript functions
# unless they already exist
#
set -g __fish_config_dir ~/.config/fish
if set -q XDG_CONFIG_HOME
set __fish_config_dir $XDG_CONFIG_HOME/fish
end
set -l userdatadir ~/.local/share
if set -q XDG_DATA_HOME
set userdatadir $XDG_DATA_HOME
end
# __fish_data_dir, __fish_sysconf_dir, __fish_help_dir, __fish_bin_dir
# are expected to have been set up by read_init from fish.cpp
# Grab extra directories (as specified by the build process, usually for
# third-party packages to ship completions &c.
set -l __extra_completionsdir
set -l __extra_functionsdir
set -l __extra_confdir
if test -f $__fish_data_dir/__fish_build_paths.fish
source $__fish_data_dir/__fish_build_paths.fish
end
# Set up function and completion paths. Make sure that the fish
# default functions/completions are included in the respective path.
if not set -q fish_function_path
set fish_function_path $__fish_config_dir/functions $__fish_sysconf_dir/functions $__extra_functionsdir $__fish_data_dir/functions
end
if not contains -- $__fish_data_dir/functions $fish_function_path
set fish_function_path $fish_function_path $__fish_data_dir/functions
end
if not set -q fish_complete_path
set fish_complete_path $__fish_config_dir/completions $__fish_sysconf_dir/completions $__extra_completionsdir $__fish_data_dir/completions $userdatadir/fish/generated_completions
end
if not contains -- $__fish_data_dir/completions $fish_complete_path
set fish_complete_path $fish_complete_path $__fish_data_dir/completions
end
# This cannot be in an autoload-file because `:.fish` is an invalid filename on windows.
function :
# no-op function for compatibility with sh, bash, and others.
# Often used to insert a comment into a chain of commands without having
# it eat up the remainder of the line, handy in Makefiles.
end
#
# This is a Solaris-specific test to modify the PATH so that
# Posix-conformant tools are used by default. It is separate from the
# other PATH code because this directory needs to be prepended, not
# appended, since it contains POSIX-compliant replacements for various
# system utilities.
#
if test -d /usr/xpg4/bin
if not contains -- /usr/xpg4/bin $PATH
set PATH /usr/xpg4/bin $PATH
end
end
# Add a handler for when fish_user_path changes, so we can apply the same changes to PATH
function __fish_reconstruct_path -d "Update PATH when fish_user_paths changes" --on-variable fish_user_paths
set -l local_path $PATH
for x in $__fish_added_user_paths
set -l idx (contains --index -- $x $local_path)
and set -e local_path[$idx]
end
set -g __fish_added_user_paths
if set -q fish_user_paths
for x in $fish_user_paths[-1..1]
if set -l idx (contains --index -- $x $local_path)
set -e local_path[$idx]
else
set -g __fish_added_user_paths $__fish_added_user_paths $x
end
set local_path $x $local_path
end
end
set -xg PATH $local_path
end
#
# Launch debugger on SIGTRAP
#
function fish_sigtrap_handler --on-signal TRAP --no-scope-shadowing --description "Signal handler for the TRAP signal. Launches a debug prompt."
breakpoint
end
#
# Whenever a prompt is displayed, make sure that interactive
# mode-specific initializations have been performed.
# This handler removes itself after it is first called.
#
function __fish_on_interactive --on-event fish_prompt
__fish_config_interactive
functions -e __fish_on_interactive
end
# Set the locale if it isn't explicitly set. Allowing the lack of locale env vars to imply the
# C/POSIX locale causes too many problems. Do this before reading the snippets because they might be
# in UTF-8 (with non-ASCII characters).
__fish_set_locale
# "." command for compatibility with old fish versions.
function . --description 'Evaluate contents of file (deprecated, see "source")' --no-scope-shadowing
if test (count $argv) -eq 0
# Uses tty directly, as isatty depends on "."
and tty 0>&0 >/dev/null
echo "source: '.' command is deprecated, and doesn't work with STDIN anymore. Did you mean 'source' or './'?" >&2
return 1
else
source $argv
end
end
# Upgrade pre-existing abbreviations from the old "key=value" to the new "key value" syntax.
# This needs to be in share/config.fish because __fish_config_interactive is called after sourcing
# config.fish, which might contain abbr calls.
if not set -q __fish_init_2_3_0
if set -q fish_user_abbreviations
set -l fab
for abbr in $fish_user_abbreviations
set fab $fab (string replace -r '^([^ =]+)=(.*)$' '$1 $2' -- $abbr)
end
set fish_user_abbreviations $fab
end
set -U __fish_init_2_3_0
end
# macOS-ism: Emulate calling path_helper.
if command -sq /usr/libexec/path_helper
# Adapt construct_path from the macOS /usr/libexec/path_helper
# executable for fish; see
# https://opensource.apple.com/source/shell_cmds/shell_cmds-203/path_helper/path_helper.c.auto.html .
function __fish_macos_set_env -d "set an environment variable like path_helper does (macOS only)"
set -l result
for path_file in $argv[2] $argv[3]/*
if test -f $path_file
while read -l entry
if not contains $entry $result
set result $result $entry
end
end <$path_file
end
end
for entry in $$argv[1]
if not contains $entry $result
set result $result $entry
end
end
set -xg $argv[1] $result
end
__fish_macos_set_env 'PATH' '/etc/paths' '/etc/paths.d'
if [ -n "$MANPATH" ]
__fish_macos_set_env 'MANPATH' '/etc/manpaths' '/etc/manpaths.d'
end
functions -e __fish_macos_set_env
end
#
# Some things should only be done for login terminals
# This used to be in etc/config.fish - keep it here to keep the semantics
#
if status --is-login
#
# Put linux consoles in unicode mode.
#
if test "$TERM" = linux
if string match -qir '\.UTF' -- $LANG
if command -sq unicode_start
unicode_start
end
end
end
end
# Invoke this here to apply the current value of fish_user_path after
# PATH is possibly set above.
__fish_reconstruct_path
# Allow %n job expansion to be used with fg/bg/wait
# `jobs` is the only one that natively supports job expansion
function __fish_expand_pid_args
for arg in $argv
if string match -qr '^%\d+$' -- $arg
# set newargv $newargv (jobs -p $arg)
jobs -p $arg
if not test $status -eq 0
return 1
end
else
printf "%s\n" $arg
end
end
end
function bg
builtin bg (__fish_expand_pid_args $argv)
end
function fg
builtin fg (__fish_expand_pid_args $argv)
end
function kill
command kill (__fish_expand_pid_args $argv)
end
function wait
builtin wait (__fish_expand_pid_args $argv)
end
function disown
builtin disown (__fish_expand_pid_args $argv)
end
# As last part of initialization, source the conf directories.
# Implement precedence (User > Admin > Extra (e.g. vendors) > Fish) by basically doing "basename".
set -l sourcelist
for file in $__fish_config_dir/conf.d/*.fish $__fish_sysconf_dir/conf.d/*.fish $__extra_confdir/*.fish
set -l basename (string replace -r '^.*/' '' -- $file)
contains -- $basename $sourcelist
and continue
set sourcelist $sourcelist $basename
# Also skip non-files or unreadable files.
# This allows one to use e.g. symlinks to /dev/null to "mask" something (like in systemd).
[ -f $file -a -r $file ]
and source $file
end
What's going on here? How can I fix this?
What happens here is that a component of your $PATH, $fish_user_paths or a line in /etc/paths looks like an option.
Most likely, this is wrong, and you should remove it.
E.g. try printf '%s\n' $fish_user_paths. If that tells you that one of the entries is "-gx", then you've set it incorrectly and need to use set -e fish_user_paths[number-of-that-entry] to correct it.
Since these are all common options to set, you've probably once done something like set fish_user_paths /something -gx, which adds a "-gx" component (set only reads options before the variable name).
This has been reported upstream at https://github.com/fish-shell/fish-shell/issues/5662, and future fish versions won't spew an error, but the existence of the offending component is most likely an error, so you still want to remove it.
I am trying to write a script that uses the bash line editor to recall a previously entered command. Here's the simple session I'm trying to automate.
$ bash --norc --noprofile
bash4.4$ echo hi
hi
bash4.4$
then type '^P^M'
bash4.4$ echo hi
hi
Here is my first attempt at scripting this using the Expect.pm module off CPAN. The two sleep 1s are in there to guard against the possibility of race conditions when invoking the line editor since I'm not sure what perl sees when that happens.
#!/usr/bin/env perl
use strict;
use warnings FATAL => 'all';
use autodie;
use Expect;
my $timeout = 10;
my $exp = Expect->new();
$exp->spawn('bash --norc --noprofile');
# wait for first prompt
$exp->expect($timeout, '$ ');
# send echo hi
$exp->send("echo hi\n");
# wait for prompt again
$exp->expect($timeout, '$ ');
# use history recall ^P, then send ^M
sleep 1;
$exp->send("\cp\cm");
sleep 1;
print "okay done!\n";
It works up until I hit "\cp\cm" (I've also tried "\cP\cM"). According to the perl documentation, \cX introduces an ASCII control character. (http://perldoc.perl.org/perlrebackslash.html#Character-Escapes)
Control characters \c is used to denote a control character; the
character following \c determines the value of the construct. For
example the value of \cA is chr(1), and the value of \cb is chr(2),
etc. The gory details are in Regexp Quote-Like Operators in perlop. A
complete list of what chr(1), etc. means for ASCII and EBCDIC
platforms is in OPERATOR DIFFERENCES in perlebcdic.
This is what I actually get when I run the script, which strongly suggests that the control characters are not getting passed to the subprocess properly and possibly aren't passed at all.
% perl bash.pl
bash-4.4$ echo hi
hi
bash-4.4$ okay done!
What's going on here? How do I pass a control character to a process with Expect.pm?
The characters escapes you are searching are specific to Perl regex. For your purpose, I would suggest you to pass the hex value for ctrl-M and ctrl-P.
$exp->send("\x10"); # ctrl+P
$exp->send("\x0D"); # ctrl+M
Update(tested):
$exp->send("\x10"); # ctrl+P
$exp->send("\n"); # send newline
sleep 2;
# wait for prompt
$exp->expect($timeout, '$ ');
$exp->send("\x0D"); # ctrl+M
$exp->send("\n"); # send newline
I am trying to take a very large txt file (over a million lines) that I created in Perl and run it through a different statement in Perl that will essentially look something like this (note the following is shell)
a=0
b=1
while read line;
do
echo -n "" > "Write file"${b}
a=($a + 1)
while ( $a <= 5000)
do
echo $line >> "Write file"${b}
a=($a + 1)
done
a=0
b=($b + 1)
done < "read file"
Trying to size it down to 5k lines per file, and incrementing each time (filename1.txt, filename2.txt, filename3.txt, etc)
This doesn't seem to work in shell, possibly due to the size of the input file, and for the life of me I can't think of how to change what file I am writing to in the middle of the loop..
You can just do this in the shell using split.
For example:
split -l 5000 filename.txt filename.txt.
will split filename.txt into multiple files with a max of 5,000 lines each. The output files will be names filename.txt.aa, filename.txt.ab, filename.txt.ac, etc.
From my man split:
NAME
split -- split a file into pieces
SYNOPSIS
split [-a suffix_length] [-b byte_count[k|m]] [-l line_count] [-p pattern] [file [name]]
DESCRIPTION
The split utility reads the given file and breaks it up into files of 1000 lines each. If file is a single dash (`-') or absent, split reads from the stan-
dard input.
The options are as follows:
-a suffix_length
Use suffix_length letters to form the suffix of the file name.
-b byte_count[k|m]
Create smaller files byte_count bytes in length. If ``k'' is appended to the number, the file is split into byte_count kilobyte pieces. If ``m'' is
appended to the number, the file is split into byte_count megabyte pieces.
-l line_count
Create smaller files n lines in length.
-p pattern
The file is split whenever an input line matches pattern, which is interpreted as an extended regular expression. The matching line will be the
first line of the next output file. This option is incompatible with the -b and -l options.
If additional arguments are specified, the first is used as the name of the input file which is to be split. If a second additional argument is specified,
it is used as a prefix for the names of the files into which the file is split. In this case, each file into which the file is split is named by the prefix
followed by a lexically ordered suffix using suffix_length characters in the range ``a-z''. If -a is not specified, two letters are used as the suffix.
If the name argument is not specified, the file is split into lexically ordered files named with the prefix ``x'' and with suffixes as above.
As an aside, this is your fixed script:
#!/bin/sh
a=0
b=1
while read line; do
if [ $a -eq 0 ]; then
echo -n '' > out-file-${b}
fi
echo $line >> out-file-${b}
a=$(( $a + 1 ))
if [ $a -eq 10 ]; then
a=0
b=$(( $b + 1 ))
fi
done < in-file
Tested with bash and dash.
I have a file of environment variables that I source in shell scripts, for example:
# This is a comment
ONE=1
TWO=2
THREE=THREE
# End
In my scripts, I source this file (assume it's called './vars') into the current environment, and change (some of) the variables based on user input. For example:
#!/bin/sh
# Read variables
source ./vars
# Change a variable
THREE=3
# Write variables back to the file??
awk 'BEGIN{FS="="}{print $1=$$1}' <./vars >./vars
As you can see, I've been experimenting with awk for writing the variables back, sed too. Without success. The last line of the script fails. Is there a way to do this with awk or sed (preferably preserving comments, even comments with the '=' character)? Or should I combine 'read' with string cutting in a while loop or some other magic? If possible, I'd like to avoid perl/python and just use the tools available in Busybox. Many thanks.
Edit: perhaps a use case might make clear what my problem is. I keep a configuration file consisting of shell environment variable declarations:
# File: network.config
NETWORK_TYPE=wired
NETWORK_ADDRESS_RESOLUTION=dhcp
NETWORK_ADDRESS=
NETWORK_ADDRESS_MASK=
I also have a script called 'setup-network.sh':
#!/bin/sh
# File: setup-network.sh
# Read configuration
source network.config
# Setup network
NETWORK_DEVICE=none
if [ "$NETWORK_TYPE" == "wired" ]; then
NETWORK_DEVICE=eth0
fi
if [ "$NETWORK_TYPE" == "wireless" ]; then
NETWORK_DEVICE=wlan0
fi
ifconfig -i $NETWORK_DEVICE ...etc
I also have a script called 'configure-network.sh':
#!/bin/sh
# File: configure-network.sh
# Read configuration
source network.config
echo "Enter the network connection type:"
echo " 1. Wired network"
echo " 2. Wireless network"
read -p "Type:" -n1 TYPE
if [ "$TYPE" == "1" ]; then
# Update environment variable
NETWORK_TYPE=wired
elif [ "$TYPE" == "2" ]; then
# Update environment variable
NETWORK_TYPE=wireless
fi
# Rewrite configuration file, substituting the updated value
# of NETWORK_TYPE (and any other updated variables already existing
# in the network.config file), so that later invocations of
# 'setup-network.sh' read the updated configuration.
# TODO
How do I rewrite the configuration file, updating only the variables already existing in the configuration file, preferably leaving comments and empty lines intact? Hope this clears things up a little. Thanks again.
You can't use awk and read and write from the same file (is part of your problem).
I prefer to rename the file before I rewrite (but you can save to a tmp and then rename too).
/bin/mv file file.tmp
awk '.... code ...' file.tmp > file
If your env file gets bigger, you'll see that is is getting truncated at the buffer size of your OS.
Also, don't forget that gawk (the std on most Linux installations) has a built in array ENVIRON. You can create what you want from that
awk 'END {
for (key in ENVIRON) {
print key "=" ENVIRON[key]
}
}' /dev/null
Of course you get everything in your environment, so maybe more than you want. But probably a better place to start with what you are trying to accomplish.
Edit
Most specifically
awk -F"=" '{
if ($1 in ENVIRON) {
printf("%s=%s\n", $1, ENVIRON[$1])
}
# else line not printed or add code to meet your situation
}' file > file.tmp
/bin/mv file.tmp file
Edit 2
I think your var=values might need to be export -ed so they are visible to the awk ENVIRON array.
AND
echo PATH=xxx| awk -F= '{print ENVIRON[$1]}'
prints the existing value of PATH.
I hope this helps.
P.S. as you appear to be a new user, if you get an answer that helps you please remember to mark it as accepted, and/or give it a + (or -) as a useful answer.
I don't exactly know what you are trying to do, but if you are trying to change the value of variable THREE ,
awk -F"=" -vt="$THREE" '$1=="THREE" {$2=t}{print $0>FILENAME}' OFS="=" vars
You can do this in just with bash:
rewrite_config() {
local filename="$1"
local tmp=$(mktemp)
# if you want the header
echo "# File: $filename" >> "$tmp"
while IFS='=' read var value; do
declare -p $var | cut -d ' ' -f 3-
done < "$filename" >> "$tmp"
mv "$tmp" "$filename"
}
Use it like
source network.config
# manipulate the variables
rewrite_config network.config
I use a temp file to maintain the existance of the config file for as long as possible.
I have a variable in a shell script,
var=1234_number
I want to replace all other than integer of $var .. how can I do it using a perl onliner?
You might be looking for something to edit the shell script, in which case, this might be sufficient:
perl -i.bak -e 's/\b(var=\d+).*/$1/' shellscript.sh
The '-i' overwrites the original file, saving a copy in shellscript.sh.bak; the substitute command finds assignments to 'var' (and not any longer name ending 'var') followed by an equals sign, some digits, and any non-digits, and leaves behind just the assignment of digits.
In the example, it gives:
var=1234
Note that the Perl regex is not foolproof - it will mangle this (dropping the closing brace).
: ${var=1234_number}
Dealing with all such possible variants is extremely fairly tricky:
echo $var=$other
OTOH, you might be looking to eliminate digits from a variable within a shell script, in which case:
var=$(echo $var | perl -e 's/\D//g')
You could also use 'sed' for the job:
var=$(echo $var | sed 's/[^0-9]//g')
No need to use anything but the shell for this
var=1234_abcd
var=${var%_*}
echo $var # => 1234
See 'Parameter Expansion' in the bash manual.