Question How secure is BAT to EXE (de-compilation point of view)

[mmp09]

Hi,
I have an app Advanced BAT to EXE converter. The free version works fine, just that the EXE is not portable.

https://www.battoexeconverter.com/

It compiles BATCH file to EXE and also claims that it encrypts the source code when EXE is created. I have a batch file where I have hardcoded a password.
While I know it's not a good practice to hardcode passwords in code, for personal use how secure is the encrypted code from general security point of view. Does anyone have any idea?

Free version may not offer any email support so I do not know if developer would ever respond to my query.
Basically if I give my laptop to my relatives or leave it at the repair shop etc.

I do not have knowledge of de-compilation. However I tried opening it (the EXE) in Hex Editor and just scanned it for plain text password but I could not find any.
Thanks

 

[USAFRet]

1. Why is the pwd in the BAT file?

2. What is the actual threat model? Who is likely to gain access to this, and what does it do?

 

[mmp09]

It's FTP upload BAT script. Simple convenience of running it unattended.
If someone can figure out the password, they will know the access to FTP account.

There are several BAT to EXE converters I have tried. Whatever I tried reveal the hardcoded values in plain text in EXE.

However this one simply does not. So I am curious what is the level of protection here!

 

[USAFRet]

It's FTP upload BAT script. Simple convenience of running it unattended.
If someone can figure out the password, they will know the access to FTP account.

There are several BAT to EXE converters I have tried. Whatever I tried reveal the hardcoded values in plain text in EXE.

However this one simply does not. So I am curious what is the level of protection here!

And why is this not using SFTP?
https://www.precisely.com/glossary/sftp

SSH File Transfer Protocol - Wikipedia

en.wikipedia.org

 

[mmp09]

@USAFRet Thanks for your responses.
Do you know answer to my question?

The file I upload is already encrypted. I do not need SFTP.

 

[USAFRet]

@USAFRet Thanks for your responses.
Do you know answer to my question?

The file I upload is already encrypted. I do not need SFTP.

No, I don't know the specific answer.
But, at some point, the pwd needs to get to the FTP server unencrypted, correct?

 

[USAFRet]

How secure is that exe created from the batch file, using that utility? Unknown.

How secure is your entire data chain? It appears, not very.
But, depending on exactly what you're doing, that may be acceptable.

 

[ex_bubblehead]

It's FTP upload BAT script. Simple convenience of running it unattended.
If someone can figure out the password, they will know the access to FTP account.

There are several BAT to EXE converters I have tried. Whatever I tried reveal the hardcoded values in plain text in EXE.

However this one simply does not. So I am curious what is the level of protection here!

If one of the "bad guys" gets ahold of your script you can consider the password as already having been compromised. It's very doubful the encryption used is all that secure. That script at some point obviously has to transmit the (unencrypted) password to the server for authentication. At that point the unencrypted password sits in memory where it can be conveniently snooped at leisure.