Shulou(Shulou.com)06/02 Report--

This article mainly shows you "what a tool PBTK is". The content is simple and clear. I hope it can help you solve your doubts. Let the editor lead you to study and learn this article "what is PBTK?"

Introduction to the package

Protobuf is a serialization format designed by Google, which has been widely used in a variety of Android-side, web-side and desktop-side applications. It consists of a language for declaring data structures and can compile code and other types of structural data for the target according to how it is implemented.

PBTK (Protobuf toolkit) is a full-featured set of scripts that can be accessed through a unified GUI. PBTK mainly provides the following two important functions:

First, extract the Protobuf structure from the target program, convert it back to readable .protos format, and support the following implementation:

1. All major Java runtimes (base, Lite, Nano, Micro, J2ME) and full Proguard support

2. The binary code contains embedded reflection metadata (usually cymbals, sometimes Java and other bindings)

3. Web applications that use the JsProtoUrl runtime

Second, through a convenient graphical interface to edit, replay and blur the data sent to Protobuf network endpoints, which allows you to edit the fields of Protobuf messages in real time and view the results.

Tool installation

PBTK requires that the extraction script be run using Python > = v3.5, PyQt 5, Python-Protobuf 3, and other dependent components such as Chromium, jad, dex2jar, and so on.

Archlinux users can directly run the following command to complete the installation:

$yaourt-S pbtk-git$ pbtk

On other Linux distribution systems, we can directly run the following command to complete the installation of the tool:

$sudo apt install python3-pip git openjdk-9-jre$ sudo pip3 install protobuf pyqt5 requests websocket-client$ git clone https://github.com/marin-m/pbtk$ cd pbtk$. / gui.py

Of course, PBTK also supports killing on the Windows platform. After we install the dependent components and run GUI, the tool will remind us to proceed to the next step, just follow the prompts.

Command line usin

GUI can be started through the master script:

. / gui.py

The following scripts can also be used separately and do not need to be started through GUI:

. / extractors/jar_extract.py [- h] input_file [output_dir]. / extractors/from_binary.py [- h] input_file [output_dir]. / extractors/web_extract.py [- h] input_url [output_dir] regular workflow

Suppose we need to reverse analyze an Android application, we can first choose a decompilation tool that we are familiar with, and then send Protobuf format content to the target in the form of POST data in the usual way and through HTTP.

Open PBTK and we will see the interface shown in the following figure:

The first step is to convert the .protos file to text format. If the target is an Android application, we can open an APK file and leave the rest to PBTK.

When you are finished, switch to the "~ / .pbtk / protos/" path in the command line editor, where the App's .protos files are located.

Going back to our decompilation tool, we can send the data of interest to the target node through HTTPS and serialize the Protobuf message by calling a class made up of the generated code.

The latter class should correspond directly to a structure in our .protos directory, for example, com.foo.bar.a.b will correspond to com/foo/bar/a/b.proto. So next, we select the .proto file that we need as input, and then fill in some relevant node information:

We can also provide some sample raw Protobuf data and send it to the target node, which can be captured by mitmproxy or Wireshark, or pasted in hexadecimal coding.

Step three, click the button to see how miracles happen! The tool generates a tree diagram representing the Protobuf structure (duplicate fields are suffixed with "+" and required fields have no check boxes):

Just hover over an area to get focus, if the field is an integer type, use the mouse wheel to increment / decrement it, and enumeration information is displayed when hovering.

Local data storage

PBTK stores the extracted .proto information under the "~ / .pbtk / protos/" (Linux) or "% APPDATA%\ pbtk\ protos" (Windows) path. The data store based on HTTP node is in the form of JSON object in "~ / .pbtk / endpoints/":

[{"request": {"transport": "pburl", "proto": "www.google.com/VectorTown.proto", "url": "https://www.google.com/VectorTown","pb_param":" pb "," samples ": [{" pb ":"! "," hl ":" fr "}]} "response": {"format": "other"}}] these are all the contents of the article "what is PBTK?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.