/protobuf_decoder

Primary LanguagePythonGNU General Public License v2.0GPL-2.0

protobuf-decoder

This is a protobuf-decoder which can decode protobuf binary file without .proto files. It supports editing to the decoded file and re-encoding to a bianry file. It can also work as a brup plugin.

Have a try

  1. protoc -I=. --python_out=. addressbook.proto

  2. python write_msg.py ADDRESS_BOOK_FILE

    Enter a telephone number and press twice. Now you have a protobuf binary file called ADDRESS_BOOK_FILE.

  3. python parse.py ADDRESS_BOOK_FILE

    Now you can see the decoded field looks like:

    {
        "01:00:embedded message": {
            "01:00:string": "わたし", 
            "02:01:Varint": 1234, 
            "04:02:bytes": "0x5a:0x64:0x3b:0xdf:0x4f:0x8d:0xf3:0x3f:0x2d:0xb2:0x9d:0xef:0xa7:0xc6:0x9:0x40", 
            "05:03:embedded message": {
                "01:00:Varint": 1, 
                "02:01:string": "0800000", 
                "03:02:embedded message": {
                    "01:00:32-bit": 666.7769775390625
                }
            }, 
            "05:04:embedded message": {
                "01:00:Varint": 1, 
                "02:01:string": "0800000"
            }
        }, 
        "02:01:32-bit": 3.140000104904175
    }  
    

    You can compare this result with the google's official decode_raw result using cat ADDRESS_BOOK_FILE | protoc --decode_raw

Burp Plugin

You can also use this script as a burp plugin:

  1. Copy parse.py to your burpsuite's jar directory.
  2. Open burp, load protobuf_decoder.py as a burp extension.
  3. All is done! You are now able to view protobuf binary in json format. You can also modify the value to what you want! But donnot modify the keys unless you know what you are doing.

Use as a module

You can also use this script as python module:

  1. Clone to your project folder
git clone https://github.com/nevermoe/protobuf_decoder.git
  1. import and use.
import protobuf_decoder.parse as pbparser

# decode, data is bytes type, messages returned is json type
messages = pbparser.Decode(data)

#encode, messages's type is json, data's type is bytes
output = list()
bytesWritten = pbparser.ReEncode(messages, output)
data = bytes(bytearray(output) )

Explanation:

img1 img2

Note the keys of this json file is in the format of field_number:id:type. field_number is exactly the field_number in .proto file while id has no meaning. It's just a field that helps to de-duplicate the keys in json.

TODO

  1. Deal with minus number.

Acknowledgements

Thanks Mori for fixing bugs and improve this tool!