[mrastro]

It's unlikely their code is hosted on GitHub because the hackers wouldn't want to leave such an obvious trace there.

I think you're right that unless there is evidence code is hosted there, the judge wouldn't authorize a "fishing" exercise to search random sources for the code. In a hypothetical, what would this even give? The IP addresses of the authors? They are likely running through a proxy anyways so it wouldn't help. The private key? It might have been generated server-side or using an algorithm outside the code so might not help.

What I'm saying is getting the code source might not even be helpful depending on how it was implemented and if only the client code can be found.