raise key error 6

[nanshihui]

when i use it it got following msg like value, message_type = decode_message(buf, messagetype) value, typedef, = blackboxprotobuf.lib.types.length_delim.decode_message(buf, message_type) field_typedef['type'] = blackboxprotobuf.lib.types.wire_type_defaults[wire_type] KeyError: 6

[rwinkelmaier-ncc]

Hi!

I think a key error on that line probably indicates it's not a valid protobuf. It's trying to lookup the wiretype that it decoded from the data and that only goes up to 5.

You could try decoding it with protoc --decode_raw and see if that is able to decode it. If you feel comfortable sharing the payload, I could try running it through on my side and try to see what's happening.

[nanshihui]

@rwinkelmaier-ncc

thanks anyway. it comes from https://www.google.com/recaptcha/api2/demo. there is a application/x-protobuffer request called https://www.google.com/recaptcha/api2/reload?k=XXXXXX

For instance ,the protobuf byte blow: 8G7OPK94bhCRbT0VqyEVpQNjÎ 03AFY_a8XSpeiWkFpMt8cGw1g9UUsYQWlbQyVzslA_ORpwheTrr5nlExd82CjsbjJS-uK3d1NAG-dTTQ4RKAF9QyMN4My6R9wFtng8Me2a2yEmJAVChjz0cJ3UTFDZ3JB2DIUeS26Bw3kvH88eF-rbvUc274uxtTsfK6NB25rV6Vx53J65cWRyEHlunn9ahEO2gB9X-E7-5Wy5H0tWeoxx2Oi_duxfN-G147-muLMHuTr5YrFO95KiigrNX9-rembiUmRGssdFkoE9zB8z61PVYd7SnDl4BpA1oNftKiieYPwSqLN6IOBoIh717l66YSBSIDTgPxIlsHYbLac-NiKSedskVtq0DsF-3JCxHdYKdJrYcQh1yHJR6OHlRxJ3niDHQbvKMZABREWIF5TPA0wavZHRcfZil23Vkmnni-GKTIfeSTD8Qi_M4RdMZKDtAyzOKPAmeFV1y02v1T0m3EV3XWyNj51tAxxDr9Cao_mHVE130j8-NiI5NF-3fyMNGmn36rsASBRZaYtC-lLpzWOiVKd8PPz4zG6ROCvGaPwpm9bCTQFalPQPZjJBeyvM-uV9js3M-yxu7WI6LZGsqErd17H5gMTX8D_BYmKUdcn0hSRvdIjHJRoyySSVK-5syo-o_sNoN7uOpvVvTctgksfwjxsyWXnTduxRA00pdaHZIZKxhh2lh4KYup2oKATRcP3GkvFxrc44Y4ja6_AYJ9qotUUFqAQa4bY9Mnoo6bzh5Bc008He-l9hn5L3tonO7AulZJEfcQB_T-WVaHlb4i1znx02VGFG6O9x-b0NgcCEUIMM29i95AIfejfRmarBtRkRmo-DddJKh_fmTTHK_YSjVcCvh67tYMm458pN7A8vK9R6jtcO5IeJ8pYyhmuka6xPkenDcm4auQDydetKOZZCHGbeiz7jcprxdKA2DsACiBtGpqF6s2YNRi94hHwSMWnkpBmz4jBmuuiOlG8mZwmxrjal47DhpJBmxxms4qwapfK-m1QErQ47JqEh270_m-9uG5fDRVs--HfZWFoZKwd7ujZyPAPfOSXV75f5SR5Z7HgpuhdPDKdLDlUFfynLaKfveXaeIOp1sXC95ACHL7CJ_CEyrQH4vMlwSOAwhrRjFOjMhw4b0VrP_IVOmIduNvbj2SYasloNB0VGM0nv2WQxIfTpOIGrfx6ezDSpG8GAK2cWWlbRVLWOSvXFClnrxo41XtblSqptGsuE [48,71,17]"É!wcegx8IKAAQeAtUVbQEHnAgEwTylHgDnMhmLlplwtRlabAIvcO4gn9lE0V-3EQHyX_qWe1BnV2JBm_bdbdc8eEC7S3GH5Jeu_vFmc1WaXi7HX5GCEDtQxLfR1WeCNTPCfo6HQxyN_tNForLBGc4DliHFZRMLABByNrJgazc20IJrGQLGrwPSdNs1PC9RquDE2Sdp1K7w8IB09SEPuNxFpWdlQ6r98Pm7_oIfiqiPOdX2X8EzprYol7s3HxmobfE0aGO6bQH0gre_8IZjvdbpOE4WC3SreFMelsjpovALGJEXn6Ci1vVHxfYSpec1Sem90i6vuQUL8OwHT6fl0vbFAmKugK21xw1EEZx5BUr2OXXke1hiR-0czfAGwy30HzxVnOFZkuCwA4bZE7eNFVhqF78HeS9wHQ3FbZlqVNHYPsJQ-6sKf6z0qRpDbmYvb2XzUmkwvsaiu4vtVyUsPRxbFhLgrDq1_NJdfef1hKV8d13LmUJI4XpWNByLt3RVE3ORGsFc2yi66hUEEoBmn-34L5L9V0OEfT6jZ5w3IWA2GhISeKYdvqsdv79bYFxlyh7HCN1cpUhg022YubF4HZbFX4pOmRN19duYXPADdC8vY6TpGd7CXg_a8iR91amJ8ZoC92T61naWJUXwAx528lL3P6kEkd4CyZvfOaL5Ft_4WamhO90XXRdKncRACzEF5iG3_m-q8rnNNp3fK7Swx0SQSqZuvxUq2Lfs9KmsstFYDSPLpRfTZYxM8ZSGCNb0ELQq7os4IewDJeNpPOotbF954cuKxE7q5UHCIjbHVt279SFF5DlpsAijSQ3lu3SK6Dwreobiqm8If62fZOSzKgiKMKdiiQvVnjZ5hIL4E7ppMsls5nhZMDJ8jC_I3UYT4Pfx9gNS703Hi8wIzE19Lpfh29RGB8zXMeCRqOcTrsqCH26pKNwPFGKvjNiL51KF1-WHvfNBVfrhuIb35gEj6gXK1pqBTqqgbBM8sr9GlBlrVx6Z5a5FO2ksfto-LlbkbEYCRzDxAGWSpNmDhAVGAv4kcPVn_AS6TOTp_tvWIhupjFBEE8jKo7qMqjJco3zzORv3P-dt8zYsXiSjAYHNDbdReBQHh7-KZYA7rzmj4wW1GCEKegWLbRjGDjdS2yoLvRy48glapZJA6Nu18YuEx1S0_if4fD2UQFk512FRwAIJ6nn0b6Ajgsoo3p2uc9KgywrnWilYcgkG1UQOi5r0AGfFMl1ApX65qjFE50FL2mP9uLqaH55R0r7aAD2ukNZMc6JMvMrHYypJ6nNU46vSIBfFVLKSsrV_Pewmt_oHXY6uoqLFQv67Kv51_w4EX-dGVaD35at9WOV_3mneNqTvnNC2ESt1coqYiegQrwJCpHIf1Ai3Cx4y0YKylpZ2P714oJCt9wvDsGjoUWOKjrSikdpW54dBuVzmmBHKiRCEL8mZhP8ZO6Q-FQAEsHA-JX1BqDatlYEc1mboYl2vbU7FtMW4JRETUxjfpIkBLb3OVkK_MZQPUsrRQYkualgik9ugxOpiKAuCVmQRVs6IhegzRuDjiQiXMtB8yh34p_FZhjRYiwgKvkmuvMHRG210E2VqrlMdLetG6iaAmmimk1VdnfPeQRE4e5b5ZS6Js2j9eawjxxBWARawuz4fFs0hL2vKJHtYeNKO0YwFaYE6Un9_DucXNl3Kc1sbbpbI5LmJLAfiilDKAgvKMa0GBuls-0PDcWVc8ZZlvAg2PuMtc1FApU-QMl0xRN9iHSf6IpEjgYlj6u3Rd28aFrvqHcBOzQMf9J6Kp_BzBKckIg8lKOWsqwujgEi5OrAW2f1-3Da2TqLL6dNjBvjV6XYV4oRKrAD7ch9wioqklodawt_CzSNDCeWA4MA1285A0HwCUMLDuQX5Q2RYcOPAPZeOvZOfLcuuOWaR_QyF05Qx-2DKzT-WUl0Gcyxt9R0S0CxqNHao_gWRMNyJ4CJdUjqbk3QVWt3CpnFfY-tdVvgf6kPW34bOa1ueH-7LP6OGl1wDAZfjzExcCBHJGs6r2bZsfFMbvWNwRy7RLgUSLpr-XsZCKDajLsHxaAlcMNP_8NzC5zjq4sW4COkOk3_V_5Gotcvcv5bWOBGcFSvS0uFgyMWdEFMDrxTXld2orXhljisUd7xeS_ZENUIFnGthO7uISgt1pkwzzMtq_ybKvuuLzTk8777K-Ix3WyoXb6UvWhro1haiO6vUAfxWZpzZCw81_wzqrItHmuaTmOL2aq84t6a5nryoyfRdgmoB26hd-ZK6hCdBJJB8uK8yMsyfSnF-X0nJ5-f3_JfCxMBUdpVCx80ZNhSdssGLll5t5v8VqdXpKGhtdlNNmK7zIEjBfgkLsFaD2h8na8CGmAJtZopoyHtgfRc8ev_Pc6ZbSBtn3NdeQh_pxLc_Na_YFljBFykuwwghekZL5cV39YFR_IeYavws3A86ad8D0PI9docFhrkO7ZQ9Q9XNmGSEG_Sd8F1OhO70F_EhR00udtpj_yUZPP19s5iZDgVj8k3QpRvxEoGpikFK_tb3uA_3QJTHus04IKMysp6I25etlnNk3H1AqMgQFQ9BCWufvBIzNg5UYcCCx_3qz5X6qyJN43zdz0cee9V-2vGQ8Q3XDkyLkQjukHLLG3KquG2qcb9FV2KIUUHyVxUEU81W307HQND-SjRruRzT9OHg92_gXDy-R6XklMutGVBLcgCxm--DTXD3YS2qN2oM0lVWT3zRbsBxkm0JhJNAP9Kg3riR3tqy-A*-1485252778‚
è$0eGdSMQDYcIppOBCowqFwSOD62aiAGObNpIRWHgDetoiigVAowNq5iGD4EvHAmDBKKfjQaIJhMAiguploQNjy0aB4ECoJ2LBIYkEQ6ICaeUgguL9eWVMr57aNZj8ZDda9fz07DdXlu3BOJQ-9onVsIvfRt4l9LSsKu41qPfYJsI1gLjEp-KGmcF_888OFYVIP-b6GaIJhMAiguploQNjy0aB4ECoJ2LBIYkEQ6ICaeUgguNKxgFjwCum4kCgvzuareW0zA97kpmhfPBrkhoI0LwHTqJVJHyrktoRzZjj-t7FtTkwI-9magGQ09MeJkDssJL3UnoFB_APNgEYoB-O0lGA9HfXJyXB3Fi766cyTUzMJrpBvSyD1yKWFXTAx2N9-lmQrC_elsV4oI_DWvXxr_uC_nG9MGPXVrYGBKCO5rWbLhDtyp93SCUF3bCxWF-Ft_MoElQBuXirXxgGAS7lWcuEO_MnHZIJQXdr7FYX_4W1ZRwNhj11KyFUC0N5be5YGcGHsi9ZkglA9ywgF09FefpkJc2TgrUtpKTLgXf1Yx6eTXu98VmSCUC17KAXT0V5-mQlzZOBxbGlWp0CNzRx3p5PATt3oxzNhPy5Z1OMA3sw51oRSX9ztF4fx42DeidrmFb3sCdelAl-NW1jV5hCA-uxpN7DvDNrH5YKAXlvY6ROD_e9sarPiD_3KyGWDUV7b3BaG8OJuHFblAtCty3iGVFHezxmJ8-ViQbnoBfOQ7luJV1TRwhyM9uhkgV9s-vd1s6JOuysW9tEdTotaBFNgzvhmhHIfbQrH1VLg3YtZVtQ0Ho746mb2ESD-CYcVAjLQOZkGEhHr6gf1wsBti1lW08QegC4bCIICfG3pduUDIH1JSgWzoS48uUh3T22LWUZkAQ7c2lenkgJ8berZMmCOfElG5AHf3VpKlQV_YOz9aBa0gS5eKoYzZA7tSeYVEx5fetfYVSJeO6rXNAGx3ZjoFWPfTInK5gSDr93simbEwn68Wpe1EdzsK0kWYX2eikhnZUCg2wjnBoI_bAjWVpM_rUvrNsXQ30zYVcYwYN3o-FPDP95d2zZ2T_Ea-ulHdK3IqYtEKPPGxFVyKc6wkGY_HezNoHxMIP3UrISJMDfW7r2zNhj30al_UC0N5bS5YHpZKACYnz5WGBHBho57_uDAlXNLH_nPpIVQNQ3j4YiPLkYW2N61aUc87rKsbVA2GNOdimRCEOjJj35HTfLq04dRXQ_6xKiEJj_l9YiBcB8u3tuMWzAq5taxnnNO8vTTq1BYFejapmVHER69tXd0Pwnl3YhbMibS66VXbkHl-MB-e1sz5ty6UzwT8MmmhXU1C_i7o1cyJ9Ldl2pCNvK3p2F5TQja0YqOOwXWs6d4O0n5zdega0L96smZdXY7zrCTZkIU8cife04gBd2tsVhf_hbXqrKLZC4PvZprLyv11J1lWRQA4tCKZjYDFdHKeXhQHNrWpV0eHv2muZxHGvHwqolePBHIsr2UYEPc5bh8S08u8q9pVjsZD-StfGRE-PWhpYZONdXBdWQnGQvRx5pbMebeqaCCVCzU3YNxPhj154ytYU0IB8aYYSwr1NWYfUX-4L2ddUgf-dSqfVkoDeC5uWBnBh7hsnQ-IP3ctI1YNRXtwcFobw4mFOtuUC8J5baIZUUd8PGYspFgONDXdo5cIAL0sYB3HxHvwq9tMiD_3KCCbz0z95-XcmtE9vWjZFlHGfWUpF05HN2snHttHg39lGaFKSUN1r2WSUQezoikUCwYvrK1jjwQ6L2dd1M43Pqpp1FTJeHkiYZYNRfrwaVdFCjtvIheMfrhp5hpZ0QV28ejPj0d7s-oTW1F6PSKll4SBNyrnl43MwjstnZJBffejKN2MAHFz5xtLP8e9ImGfjAY9NekYD8Q4dqYVG0eD_fGjYAtNeLavkwoGw3PondbSfzcuKRJWhzevZ2eMh8l0tR-bTcn-dWSVT41--SWkFIMHwDIbHhNPvKll20zHyXXxoRcPjTIv52JPzb9tIymfQ4B9t5thj8c38OEbGdGE9LRpHQwAgTPs4hsFPbKnaZSMxn2qLViTRzp57F2LjgV_MaObTEd3Z6RcVgvGsO4j0ZE_te-bnhVOuq9tppJSBXXzX51LCnd356VJS3wx56VUhUA2NSQbDwQ576RmkJK-MnFqz8pCt7Wkk45P_vvhZRQMiz2rKZaVRzetaWddBYQ0rGGUT0fzNaMh2QX9-2ikGkV_b28g11mCBbBmnxBQ_3zxoFdNuzn0IyHWTbrwcZ6XCLk1rG0X1YzCdemcVE4Dd2NoH8o7QzNnYlXMe2sw6ZcVgvRxrZtZvjy5ph-LAUPtM-obTEfCr-Xh1g6_e-MpFwvBN-nf4xVEOHGn2lmKg_JnmlUOyPM5r2UawDy3s6aW0UD-L2wXV8Q76a1a3QJ9MnOq18pKMTgjIhjLwnpZ3SCO-sIBiTRD-v8VydjbtaNdikm-eWeljn-_L6JlVEO_d-2s0xmFs3cr50tPybbyKs9Vy_E5mZIJ_7dsoBlPTng54aeYUEV6tedfFA47aaIZ0QU7sCdfVQtKdDXdo5JNBjOpYR3MB0TpraHckf1zcmiQEcn6tKMYSju0K2KXjwI5cWcdXEYH77WsIZCBAbSn4pwLA3M4bCPXCXV8cx4ckcp3d6Ciw7wzauAWC4I3rmUYEUd8_GYnz5WGwu0dlg1Eue-kG1NJP35oKdGXjnf3Y-YXD4z-dKnezYyF_HKlVNQAPfMpm5D9hG3k5Av9ti1k2xAEO3NpH15ICfG3p2VWVMF4NB1ekEJD-rGj2wlAcqegVE2_dzXimsnEeXmonFGPRrtraxgTv0AwKFYHgDftZRoOBX1zKWhSE_uBuicekYx4c61g4EtMhPBxVwyHPDGvYVbKd7AnXtOLfjVtYxkYQgPrsZtVR0o5dtuUC0K37uIZUUc9PGYdlIp_NDXdo5NTPUCl5KIVCPj3JVdMC0WpohlQRvtwJ19VCwp0Nd2b1E0G73Gg15UHc6lw4hEQ-Dpw3FJBujFpHxPJgDZtIBlPRMRuL9edjkHE86UkmtM-fu9hng2CQa5iIVGG-7NzXRuUwjTt4Z4MQXlypmOcy3OsI1qPBjoxaV8UlH4_562g1MMAN2dhWlBB-jJkoZzBPjQy5tYUTMBtIplJgUa5Ld4WCwerpBtSiT0yKWFXDIx2N9-llRPH8zYlnVXNBDDuHpbQB0EmJ9BLxL2u498U0bh6daiXV3_8792iyxC5-2kXW1FDvmqg0o3Oe_OjXFrP_3swH5QKgz1r5dsNR4F75Z_VhQr97eyVVEI8MahZ0M9Hri1bVpW9QmxiF86OhXOpqJuFfnSrp9aPR7x6Zp3Yywh7rVkgBzsycWJTSgg5Z6AXzUR5biVbERJ8PeWrm1qRA7PjahwOATHxbSDTi_xrM2BRkMD04ZoRST30aB9XTQJCbC3Vm46AgPld3ZhAfHwpoJPKebZtbZ4TQ8O34FyTwwd88iWVzEC-5y6jSUvHuvLpW4t1riVcUsd8M2thFlZAAfft1ZaUzDzrWReZi0S4HZYJhXtrsFobw4LC-OzkGH07-zOo3lJ3sCOdUwt7gGor05HRCb70aWJWebIln1UNfYJ4YiabVAv-ZhmiVUv8892iTA3D-eab0sc_ciqf1oyCti6j2tFHOjKn31NLfjasIRiOwjqwJZwSxj60KeBXCgK4LeOazga8MidfEgqANi0hlg6EOjBnGhKIPnOpnhaMArdtIhqQBnzyZh6UCv_2KiKYDwP6biacUQc9siqgFw1DNi6kWRDFOjKoXVUKfjasYdhPAjqwZh1Shj60amDVSgK4bqRZTga8cmleEgqAduwilg6EezEmmhKIvTQp3haMgXhvYhqQhXuy5h6UiYA1qiKYjYP67iackcl_MiqglgvBti6kmhAG-jKonpRJvjasopeOgjqwptzTBj60qx9VCgK4ruSZzga8sygd0gqAtyuhFg6Eu3BmWhKI_TPrHhaMwXlvYhqQxXwyJh6Uyb_1aiKYzcO67iac0Yi9siqg1czCti6k2k-FOjKo3pSJPjas4xdOwjqw5txRBj606yEWSgK5LSQazga9MWieEgqBNWwi1g6FObDnWhKJPfTqnhaNAjfuYhqRBnuxJh6VCr81aiKZDoR5biadEoc_MiqhFo0DNi6lGtFGujKpHtRKvjatItkNwjqxJ1ySxj61KyFXSgK5L2VbDga9caceEgqBdW1hlg6FebFmmhKJffQpHhaNQjlt4hqRRrtyJh6VSn-2aiKZTsQ7biadUok9siqhVwwDdi6lW1BGOjLnHVOK_jbrIRdOgjrvJZyRxj7zKd9VSgL3LeTZjgb7MajeEgr_Nivhlg7DOnDlWhLHPvRpHhbLAzht4hrPB3xyJh7TC3926iLXD0V67ibbUQk-MirfVUvCti7jWU9GujLnXVTJPjbrYZjOAjrvZdvRhj7zad8WCgL3beSbDgb7cmdeUgr_di0hlg7DerAlmhLHfvQq3hbLQ3etYhrPRzvyph7TiQA3aiLXjUO5LibbkUj-8irflUvBNi7jmVFGOjLnnZVK_jbrodjPQjqv5pvRknwz9F4knFAGLC3jz8Z7suecE8p_9axsVg1OeDnv25HHfzSoH5XMAXjsI5nPhjt8Zh2eSAn_6-MYzgV4L-cc0ogIcikqVBXL920kWU-QejFyXCKaTgQ2bE2fi:Ø
05AJBLKW2WnqTQOsOKlraihqJvzump6j3c90aLtvGr0fkOzLx5dmtWeKbBCRi4uIEKoqTsPT0XEtIjm1yfwJ4pl9H7-hDjjWO-2rdfszqCDVsmD3q3UcbLffzzQDDvr4H9b_Q7hxzJuAWdp0Q7F3uC59lyF_1mybr2IzAi_YGbvZ8ZkurwY0cXtDAJ4kByX-uZqICbH0qwlVuRP20b6C-h9Ar(6Le-wvkSAAAAAPBMRTvw0Q4Muexq9bi0DJwx_mJ-

[rwinkelmaier-ncc]

You might have to base64 the payload for it to be copy-pastable. I think some of the characters can't be copied out.

However, I was able to visit the site you provided and get the payload from that endpoint. It definitely is a valid protobuf message and my installation of the blackboxprotobuf was able to decode it.

Are you trying to parse with the Burp extension? And if so, are you on the latest version? If you're using the python module, make sure you're using the bbpb pypi package and not blackboxprotobuf.

[nanshihui]

@rwinkelmaier-ncc thanks , i try a lot