All geek questions in one place

How to decode google protobuf binary / raw data

I have a coredump with protobuf encoded data and I want to decode this data and see the contents. I have a .proto file that defines this message in the raw protocol buffer. My proto file looks like this:

$  cat my.proto 
message header {
  required uint32 u1 = 1;
  required uint32 u2 = 2;
  optional uint32 u3 = 3 [default=0];
  optional bool   b1 = 4 [default=true];
  optional string s1 = 5;
  optional uint32 u4 = 6;
  optional uint32 u5 = 7;
  optional string s2 = 9;
  optional string s3   = 10; 
  optional uint32 u6 = 8;
}

And the protoc version:

$  protoc --version
libprotoc 2.3.0

I tried the following:

  • Discard raw data from the kernel

    (gdb) dump memory b.bin 0x7fd70db7e964 0x7fd70db7e96d

  • Pass it to the duct

    //proto file (my.proto) is in the current dir
    $ protoc --decode --proto_path=$pwd my.proto < b.bin
    Missing value for flag: --decode
    To decode an unknown message, use --decode_raw.

    $ protoc --decode_raw < /tmp/b.bin
    Failed to parse input.

Any thoughts on how to decode it? The documentation does not explain how to do this.

Edit : Data in binary format (10 bytes)

(gdb) x/10xb 0x7fd70db7e964
0x7fd70db7e964: 0x08    0xff    0xff    0x01    0x10    0x08    0x40    0xf7
0x7fd70db7e96c: 0xd4    0x38
+15
source share
4 answers

You used correctly --decode_raw, but your input is not a protobuff.

--decode , :

protoc --decode header my.proto < b.bin

, --decode_raw , --decode.

, , gdb, protobuf. , : , , , .

, protobuf 9 , . , ? , .

EDIT:

10 , , --decode_raw:

$ echo 08ffff01100840f7d438 | xxd -r -p | protoc --decode_raw
1: 32767
2: 8
8: 928375

, :

u1: 32767
u2: 8
u6: 928375
+20

protoc --decode [message_name] [.proto_file_path] < [binary_file_path],

  • [message_name] - .proto. .proto, package_name.message_name.
  • [.proto_file_path] - .proto, .
  • [binary_file_path] - , .

( , my.proto b.bin ):

protoc --decode header my.proto < b.bin

+8

Is it possible to decode the onnx binary in the same way? I tried but it will not work

0
source

duct file:

syntax = "proto3";
package response;

// protoc --gofast_out=. response.proto

message Response {
  int64 UID        
  ....
}

use protoc:
protoc --decode=response.Response response.proto < response.bin
protoc --decode=[package].[Message type] proto.file < protobuf.response
0
source

Source: https://habr.com/ru/post/1626263/

More articles:


All Articles