Protobuf
Protobuf¶
Version 2 and 3
https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries/
https://gist.github.com/dunhamsteve/224e26a7f56689c33cea4f0fa7632c3d
https://github.com/mildsunrise/protobuf-inspector
Header Byte¶
Parse the Header block of the current position of the binary data
Header Byte:
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
|---|---|---|---|---|---|---|---|
| Continue Bit | Field Type | Wire Type |
FieldType¶
Basically the index number for the element in the specific protocol. This is used to match up the name of the element to the protobuf definition file.
WireType¶
| Type | Meaning | Used For |
|---|---|---|
| 0 | Varint | int32, int64, uint32, uint64, sint32, sint64, bool, enum |
| 1 | 64-bit | fixed64, sfixed64, double |
| 2 | Length-delimited | string, bytes, embedded messages, packed repeated fields |
| 3 | Start group | groups (deprecated) |
| 4 | End group | groups (deprecated) |
| 5 | 32-bit | fixed32, sfixed32, float |
Groups:
- Varint
- Length Delimited
- Has Sub Objects
- 32bit
- 64bit