I don’t know if you’ve ever used draftsight-- its a free or low cost 2D drafting program. I’m trying to write an article that inter alia explains the differences between a binary and an ascii file.
For the binary file, I decided to use a dwg file produced by Draftsight. So I whip up a really simple drawing, no embedding-- just lines and simple notes.
When I open it up in hexfiend. this shows up in the ASCII transcript.
Why are there file names in my dwg files? Why does a fellow maker need to know that I’ve been reading up on supercomputing designs of the 1990s? Why does Dassault need to know?
you might try seeing how many bytes are contained in the file; and then see if that run of file names is outside that span. or, if it seems within the size of the expected file:
you might try putting a bunch of unnecessary data (shapes, whatever) in your draft, saving, then deleting that cruft, then saving again, and then view the file.
re: 1. potentially, it could be previous data from something previously written to disk. the whole, write zeros to a hard drive to make the data unrecoverable thing.
re: 2. this is really an expansion of 1. draftsight might ask for a file of a certain size, maybe using a memory mapped file, and may only be writing to a small chunk of that space to save your draft. ( that sort of thing is sometimes done for fast file access if its known the files are going to get really large. ) in asking for a big chunk up front, it may get some recycled data off your drive.
…
some things i trawled up in a super quick search:
it looks like dwg is the autocad binary format.
the ac1027 ( first bytes in your pic ) indicate the autocad 2013 format.
that’s probably the one draftsight either reverse engineered or used some library for. so it probably wouldn’t be them doing anything on purpose.
my first guess would have been it stores some sort of zip-like filesystem; but a quick look at the format seems to say no. so see the other theories above.
This seems like the sort of thing, in the context of RAM, where it starts by looking sloppy and ends with a remote host able to prod vulnerable software into obligingly stashing the private keys there…
If the main incentive is Dassault’s interest(which would, given the delightful world of contemporary software, be counted as more than enough reason) the output file would be an odd place to stash the data: too visible and more chance of leakage to random 3rd parties than to the mothership. That’s what an encrypted network connection definitely associated with the activation process is for.
However, as in the RAM case, nothing good can come of anything that causes a computer to unexpectedly spill bits of state where people might stumble across them. Not having an easy way to scrub your own metadata is bad enough; silently absorbing ambient metadata… Not good.
