-
Notifications
You must be signed in to change notification settings - Fork 776
drozer Protocol
The drozer system consists of 2 components, the Console and the Agent, with an optional Server between them. The communication between these components takes place over a TCP connection, currently unencrypted.
These components interact with each other using a binary protocol, built using the Google Protocol Buffers library.
The drozer protobuf definition is maintained in the drozer-common
repository.
It defines a single format to be transferred on the wire of Message
, which can be specialised into one of four message types:
- System Messages
Are used to control sessions, and query the server and agent about their state. There is a request and a response format for this type:- SystemRequest
- SystemResponse
- Reflection Messages
Are used in an active session to send commands to interact with reflected objects in the agent. There is a request and a response format for this type:- ReflectionRequest
- ReflectionResponse
Every message has an id
field, which used to match responses to requests. All reflection messages, and some system messages, also have a session_id
which represents the drozer session to which the message belongs.
When transmitting protocol buffers on-the-wire, we need a custom frame to indicate the length of the packet. This is an 8-byte header, containing two 32-bit, unsigned integers followed by the payload encoded as a protocol buffer:
| 0 1 2 3 | | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | | version | | payload length | | payload | | ... |
The byte order is little-endian.
The current protocol version number is 2. For compatibility purposes, some protocol version numbers are reserved. In particular:
- Version 1
To avoid confusion with the original, XML-based protocol in documentation. - Version 60
To avoid problems if the drozer v1 client connected to a newer Agent and started sending XML.
This header, theoretically, allows a max packet size of 4GiB. In practice this would cause a DoS condition on the Android device. A future version update may introduce a hard limit on the frame size.