https://stackoverflow.com/questions/20913210
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe article you linked describes extracting the FileDescriptorProtos embedded as string literals in a C++ application that uses Protobufs. The Java code generator embeds similar string literals into Java code. If you ran the Java classes through a decompiler, you should be able to recover the descriptor strings and decode them.
However, note that this only works if the application uses the standard, Google-authored Java protobuf implementation and does not use "lite mode". In lite mode, descriptors are not included in the generated code. Implementations other than the Google-authored ones may or may not include the descriptor. I would guess that most Android developers prefer to use lite mode or some alternative lightweight implementation that doesn't include descriptors, so you might have trouble extracting from APKs. (I don't know about objective C.)
That said, note that you can actually decode a lot of the information in a protobuf message without having the schema at all. If you use protoc with the --decode-raw command-line option and feed it a protobuf message on stdin, it will decode it to tag/value pairs. You'll only get numbered fields (not names) and some type information is lost, but you'll find it much easier to reverse-engineer the format from there than you would with just the raw bytes.
