Author presents protodump, a tool for extracting protobuf definitions from compiled binaries, useful for reverse engineering closed-source APIs. By analyzing the byte array generated by protoc (Google’s protoc compiler), the field names and types can be extracted and decoded. A search strategy involving the ASCII string “.proto” is employed to locate FileDescriptors, which can be used to reconstruct original “.proto” files. Limitations include compiler dependency and potential obfuscation techniques. Despite these issues, author reports a high success rate in extracting protobuf definitions from binaries. Unique content includes unmarshalling FileDescriptors and creating a source “.proto” file. Follow author on Twitter @arkadiyt for more content.
https://arkadiyt.com/2024/03/03/reverse-engineering-protobuf-definitiions-from-compiled-binaries/