XelotX
Joined: 01 Dec 2018 Posts: 1
|
Posted: Sat Dec 01, 2018 8:35 am Post subject: Source files exposed in the non allocated sectors |
|
|
Hello,
I'm using IonCube Loader in a VM environment. I've encoded the sourcefiles on a separate VM and transfered the encoded files to the target VM (the one that has IonCube Loader installed).
While at first glance I couldn't find anything related to the original sourcecode, I decided to search a bit more deeper since I really need to make sure that a year's work is not exposed anywere.
The issue: Since using a normal grep (both VMs have Ubuntu linux os installed on them) from an administrator account didn't find anything at the system level, I powered down the virtual machine and started to scan to virtual harddisk at a low level (sector by sector).
Imagine my surprise when I found full decoded files in the non allocated space area of the disk...
So, my question is, has anybody else tried to search at a low level for the original source code (I mean the files contained even my original comments)?
Testing method:
I remade the tests for over 10 times with 10 new virtual machines. I cloned the partitions using Clonezilla and reading only the allocated sectors. Deleted the original hard drive and restored it from the Clonezilla iso. BEFORE powering up the machine, tried to find the source files in the new hard drive. Couldn't find any. Powered up the VM, ran the script, closed the VM and searched again the hard drive at a low level. Found the source files again (in the non-allocated space of the hard drive).
I suspect that the IonCube Loaded somehow stores the file after decoding it, runs it and then deletes the file.
This issue prevents me from shiping a virtual machine containing the encoded files since I don't trust it enough. |
|