protocol buffer decoding in C:
/* protocol buffers are a series of key-value pairs.
* each key-value is encoded in a single byte.
* this byte is encoded as follows. */
typedef struct _proto_head {
uint8_t wire : 3;
uint8_t number : 5;
} __attribute__((packed)) proto_head_t;
/* wire is the type of the data in the next bytes,
* number is the id that you define in the .proto files for a key-value pair.
* all the possible values of wire can be found below */
#define WIRE_VARINT 0 // int32, int64, uint32, uint64, sint32, sint64, bool, enum
#define WIRE_64_BIT 1 // fixed64, sfixed64, double
#define WIRE_LEN_DELIM 2 // string, bytes, embedded messages, packed repeated fields
#define WIRE_START_GRP 3 // groups (deprecated)
#define WIRE_END_GRP 4 // groups (deprecated)
#define WIRE_32_BIT 5 // fixed32, sfixed32, float
/* WIRE_VARINT is a variable-length code (also known as LEB128) compression to store a large integer in a small number of bytes.
* WIRE_64_BIT is a fixed sized 64 bit number, it can be a [u]int64_t or double
* WIRE_32_BIT is a fixed sized 32 bit number, it can be a [u]int32_t or float
* WIRE_LEN_DELIM can be string, bytes, packed/repeated structs/fields
* WIRE_START_GRP and WIRE_END_GRP are deprecated structures.
*
* strings can be easily spotted in the decoding by checking if the bytes are utf-8 encoded printable chars
* repeated are hard to be spotted since they are arrays of a specific type and look like normal bytes.
* the full implementation i wrote for r2 can be found here: https://github.com/radareorg/radare2/blob/master/libr/util/protobuf.c */
}
# References:
https://developers.google.com/protocol-buffers/docs/encoding