There is no way to infer attribute names from on the wire representation. In fact, there is no 100% sure way to distinguish between strings and embedded messages.
Because it doesn't deserialize protocol buffers, but protocol buffer descriptors. Descriptors are serialized protos of this type: https://github.com/google/protobuf/blob/master/src/google/pr... . Each descriptor is a parsed representation of a ".proto" file, including the message names and field names.
I am very suprised for the feedback. I need to clarify my intentions for this project.
This tool is a side effect of my main project. I am working on hacking embedded device. During my work, I found out, that device is using Google Protocol Buffers to communicate with Android app and windows C/C++ application.
It was my first time with protocol buffers.
I was looking for any tool, which would help me analyze protobuf messages.
It seems there is none, so I had to learn it by myself :P.
"Protocol buffers are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data – think XML, but smaller, faster, and simpler."
How it works:
1. Developer wants to exchange data between different applications/systems.
2. One describes data in human readable form in proto file:
message Person {
required string name = 1;
required int32 id = 2;
optional string email = 3;
}
3. This file can now be compiled by protoc.
4. Generated code (Java, C++, Python) is then imported to an application.
5. Develoepr can use this code to decode serialized stream.
Now - the most important thing. Protoc output code contains serialized descritor of proto file. This descriptor (in serialized way) is included in every application using protobuffs.
Once extracted (strings, debugger, any other tool), one can run pbd to disassemble it.
In short: Pbd allows to go from point 4. to point 2.
Once descriptors are disassembled, one can rerun pbd to generate code and deserialize protobuffs messages.
Hope it clarifies it a bit.
This project is in beta. Further work depends on interest and needs. I am very happy to hear more comments and ideas. Thank you for your interest.
PS. Pbd name was chosen with premeditaion. It is a bit confusing, but hey - hackers need to be focused :P.
10 comments
[ 2.0 ms ] story [ 43.1 ms ] threadEDIT: Misread this. My mistake.
There is no way to infer attribute names from on the wire representation. In fact, there is no 100% sure way to distinguish between strings and embedded messages.
We worked on something like this for C# protobufs. Check it out:
https://github.com/HearthSim/proto-extractor
I'd be curious to see if we can work together on this stuff.
Thank you very much for all comments.
I am very suprised for the feedback. I need to clarify my intentions for this project.
This tool is a side effect of my main project. I am working on hacking embedded device. During my work, I found out, that device is using Google Protocol Buffers to communicate with Android app and windows C/C++ application. It was my first time with protocol buffers. I was looking for any tool, which would help me analyze protobuf messages. It seems there is none, so I had to learn it by myself :P.
"Protocol buffers are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data – think XML, but smaller, faster, and simpler."
How it works: 1. Developer wants to exchange data between different applications/systems. 2. One describes data in human readable form in proto file: message Person { required string name = 1; required int32 id = 2; optional string email = 3; } 3. This file can now be compiled by protoc. 4. Generated code (Java, C++, Python) is then imported to an application. 5. Develoepr can use this code to decode serialized stream.
Now - the most important thing. Protoc output code contains serialized descritor of proto file. This descriptor (in serialized way) is included in every application using protobuffs.
Once extracted (strings, debugger, any other tool), one can run pbd to disassemble it.
In short: Pbd allows to go from point 4. to point 2. Once descriptors are disassembled, one can rerun pbd to generate code and deserialize protobuffs messages.
Hope it clarifies it a bit.
This project is in beta. Further work depends on interest and needs. I am very happy to hear more comments and ideas. Thank you for your interest.
PS. Pbd name was chosen with premeditaion. It is a bit confusing, but hey - hackers need to be focused :P.
BR Rsc
I'd look for a name less likely to be confused with other existing things.
[1] https://github.com/SteamRE/SteamKit/tree/master/Resources/Pr...