ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> ionCube Loader

Source files exposed in the non allocated sectors
Author Message
XelotX



Joined: 01 Dec 2018
Posts: 1
PostPosted: Sat Dec 01, 2018 8:35 am    Post subject: Source files exposed in the non allocated sectors Reply with quote
Hello,

I'm using IonCube Loader in a VM environment. I've encoded the sourcefiles on a separate VM and transfered the encoded files to the target VM (the one that has IonCube Loader installed).

While at first glance I couldn't find anything related to the original sourcecode, I decided to search a bit more deeper since I really need to make sure that a year's work is not exposed anywere.

The issue: Since using a normal grep (both VMs have Ubuntu linux os installed on them) from an administrator account didn't find anything at the system level, I powered down the virtual machine and started to scan to virtual harddisk at a low level (sector by sector).

Imagine my surprise when I found full decoded files in the non allocated space area of the disk...

So, my question is, has anybody else tried to search at a low level for the original source code (I mean the files contained even my original comments)?


Testing method:

I remade the tests for over 10 times with 10 new virtual machines. I cloned the partitions using Clonezilla and reading only the allocated sectors. Deleted the original hard drive and restored it from the Clonezilla iso. BEFORE powering up the machine, tried to find the source files in the new hard drive. Couldn't find any. Powered up the VM, ran the script, closed the VM and searched again the hard drive at a low level. Found the source files again (in the non-allocated space of the hard drive).

I suspect that the IonCube Loaded somehow stores the file after decoding it, runs it and then deletes the file.

This issue prevents me from shiping a virtual machine containing the encoded files since I don't trust it enough.
Back to top
View user's profile Send private message
alastair



Joined: 23 Feb 2010
Posts: 407
PostPosted: Mon Dec 03, 2018 9:48 am    Post subject: Reply with quote
Hi,

The decoded files will not have been produce by the ionCube Loader and it is important to realise what encoding does.

Encoding compiles sourced code to byte code form and that byte code is then mangled to help prevent decompilation back to source code form. Thus there is no source code remaining in the encoded file. The Loader is not doing any translation back to source code (it would be pointless to do so) but instead executes the byte code.

Did you by any chance encode on that VM? That might explain the source code files you found.
_________________
Alastair

ionCube
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> ionCube Loader All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2002-2018 ionCube Ltd  All rights reserved.
About ionCube | Jobs | Terms and Conditions | Privacy Policy