F5F Stay Refreshed Software General Software How safe is BAT from EXE from a decompilation perspective?

How safe is BAT from EXE from a decompilation perspective?

How safe is BAT from EXE from a decompilation perspective?

C
CalphClient
Member
Find
197
03-08-2016, 07:01 AM
#1
Hi,
I’m working with an Advanced BAT to EXE converter. The free version functions properly, but the resulting EXE isn’t portable.
https://www.battoexeconverter.com/
It converts batch files into executables and says it encrypts the source code during creation.
I have a batch file with a hardcoded password.
Although I understand it’s not ideal to embed passwords in code, I’m curious about its security from a general perspective. Is anyone aware of how secure this encrypted version really is?
The free version might lack email support, so I’m unsure if the developers would respond to my questions.
In short, if I hand over my laptop or leave it with a repair shop, I’d be worried.
I don’t have experience with decompilation, but I tried opening the EXE in a hex editor and didn’t find any readable password.
Reply
Reply
C
CalphClient
03-08-2016, 07:01 AM #1

Hi,
I’m working with an Advanced BAT to EXE converter. The free version functions properly, but the resulting EXE isn’t portable.
https://www.battoexeconverter.com/
It converts batch files into executables and says it encrypts the source code during creation.
I have a batch file with a hardcoded password.
Although I understand it’s not ideal to embed passwords in code, I’m curious about its security from a general perspective. Is anyone aware of how secure this encrypted version really is?
The free version might lack email support, so I’m unsure if the developers would respond to my questions.
In short, if I hand over my laptop or leave it with a repair shop, I’d be worried.
I don’t have experience with decompilation, but I tried opening the EXE in a hex editor and didn’t find any readable password.

Reply
Reply
D
DatBoii
Member
Find
144
03-08-2016, 12:58 PM
#2
1. The pwd in the BAT file serves as a reference for the operating system's path.
2. The true threat model involves potential unauthorized access, with individuals likely seeking to exploit this information.
Reply
Reply
D
DatBoii
03-08-2016, 12:58 PM #2

1. The pwd in the BAT file serves as a reference for the operating system's path.
2. The true threat model involves potential unauthorized access, with individuals likely seeking to exploit this information.

Reply
Reply
D
DolphinMan2000
Junior Member
Find
11
03-08-2016, 02:54 PM
#3
It's an FTP upload BAT script designed for easy automated use without manual intervention. If someone discovers the password, they'll gain access to the FTP account. I've experimented with various BAT to EXE converters, but none exposed the hardcoded details in plain text within the EXE. This suggests a strong level of protection is in place!
Reply
Reply
D
DolphinMan2000
03-08-2016, 02:54 PM #3

It's an FTP upload BAT script designed for easy automated use without manual intervention. If someone discovers the password, they'll gain access to the FTP account. I've experimented with various BAT to EXE converters, but none exposed the hardcoded details in plain text within the EXE. This suggests a strong level of protection is in place!

Reply
Reply
P
PumaMan2007
Junior Member
Find
17
03-08-2016, 09:26 PM
#4
And why isn't this utilizing SFTP?
Reply
Reply
P
PumaMan2007
03-08-2016, 09:26 PM #4

And why isn't this utilizing SFTP?

Reply
Reply
I
ionescunelutu
Member
Find
160
03-15-2016, 12:19 PM
#5
Thank you for your reply.
Are you aware of the answer to my question?
The file I uploaded is already encrypted, so I don't need SFTP.
Reply
Reply
I
ionescunelutu
03-15-2016, 12:19 PM #5

Thank you for your reply.
Are you aware of the answer to my question?
The file I uploaded is already encrypted, so I don't need SFTP.

Reply
Reply
R
RoyalUmbreon
Member
Find
162
03-15-2016, 04:48 PM
#6
Yes, at some stage the password must reach the FTP server without encryption.
Reply
Reply
R
RoyalUmbreon
03-15-2016, 04:48 PM #6

Yes, at some stage the password must reach the FTP server without encryption.

Reply
Reply
1
1Kigzey1
Member
Find
63
03-21-2016, 06:07 PM
#7
The security of that executable produced by the batch file remains uncertain. Using the provided tool might offer some assurance, but overall it seems questionable. Depending on the specific task, it could still be considered safe.
Reply
Reply
1
1Kigzey1
03-21-2016, 06:07 PM #7

The security of that executable produced by the batch file remains uncertain. Using the provided tool might offer some assurance, but overall it seems questionable. Depending on the specific task, it could still be considered safe.

Reply
Reply
I
ItzLeiaMoshi
Member
Find
121
03-21-2016, 07:30 PM
#8
If a "bad guy" gains access to your script, the password is likely already compromised. It's quite unlikely the encryption is truly secure. The script probably needs to send the (unencrypted) password to the server for verification. At that stage, the unencrypted password remains in memory and can be easily accessed.
Reply
Reply
I
ItzLeiaMoshi
03-21-2016, 07:30 PM #8

If a "bad guy" gains access to your script, the password is likely already compromised. It's quite unlikely the encryption is truly secure. The script probably needs to send the (unencrypted) password to the server for verification. At that stage, the unencrypted password remains in memory and can be easily accessed.

Reply
Reply