search

nccgroup / blackboxprotobuf

Blackbox Protobuf is a set of tools for working with encoded Protocol Buffers (protobuf) without the matching protobuf definition.
MIT License
480 stars 82 forks source link

Will the BBPB tool resume support for GROUP type data? #38

Closed waconde closed 1 month ago

waconde commented 1 month ago

I know Google removed the GROUP type, but damn, they are still using that type of value themselves! If you need a test case, I can provide one. I have put a Protobuf byte stream that triggers the "GROUP wire types not supported" error into the Base64 String. You can observe the error by executing the simple code below:

import base64
import blackboxprotobuf

protobuf_str = "8yBIFGG9UjqyZqTM0/yijHK2osuGG4EJ9Sp1QgV2a4c="
protobuf_bytes = base64.b64decode(protobuf_str)
message, message_type = blackboxprotobuf.decode_message(protobuf_bytes)
print(message)

Exception like this: image

How should I handle a Protobuf containing the GROUP type?

rwinkelmaier-ncc commented 1 month ago

Hi!

I did not have any plans to add support for the GROUP types. I think it would probably be doable, but would make the code a bit more complex, so I’ve been avoiding it if it’s not necessary. I’ve got some ideas for implementing it now, so might give it a shot.

However, are you certain that the payload is protobuf encoded? I often see the group type error when it’s not valid protobuf because that’s one of the first checks that can fail. I will add a todo to make the error messages more clear either way.

I tried decoding with protoc —decode_raw and wasn’t able to decode either. I also did a quick experiment and had bbpb ignore group tags by setting length = 0 instead of throwing an exception, and it failed later on with a different unknown wire type elsewhere in the payload.

I can try doing some more investigating later, but I suspect it’s either not valid protobuf or it could have another layer of encoding, such as compression or encryption. Looks like it’s exactly 32 bytes so could be a hashed or encrypted data.

waconde commented 1 month ago

Hi!

I did not have any plans to add support for the GROUP types. I think it would probably be doable, but would make the code a bit more complex, so I’ve been avoiding it if it’s not necessary. I’ve got some ideas for implementing it now, so might give it a shot.

However, are you certain that the payload is protobuf encoded? I often see the group type error when it’s not valid protobuf because that’s one of the first checks that can fail. I will add a todo to make the error messages more clear either way.

I tried decoding with protoc —decode_raw and wasn’t able to decode either. I also did a quick experiment and had bbpb ignore group tags by setting length = 0 instead of throwing an exception, and it failed later on with a different unknown wire type elsewhere in the payload.

I can try doing some more investigating later, but I suspect it’s either not valid protobuf or it could have another layer of encoding, such as compression or encryption. Looks like it’s exactly 32 bytes so could be a hashed or encrypted data.

Oh, Thanks for your reply! Yes, maybe it's not a Protobuf-encoded byte, and as for causing the GROUP type error, it might just be a coincidence, and I'll continue to look into it.

waconde commented 1 month ago

No more questions, Thanks