Dwarf : Full Featured Multi Arch/OS Debugger Built On Top Of PyQt5 & Frida

Dwarf is a debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code.

Features

  • breakpoints
  • watchpoints without hardware support
  • visual emulation with auto map from target, reporting memory accesses
  • breaks module loading cycle, java classes
  • set breaks conditions and custom logics
  • inject code on each breakpointed thread
  • exchange data with your target and display it in UI
  • digging through memory, disassembly and jvm fields/functions
  • backtrace both native and java
  • takes your whole frida agent in script editor, convert hooks to breakpoints etc
  • more…
  • all of this can be done through scripting to build custom debugging logic

Also Read – Regipy : An OS Independent Python Library For Parsing Offline Registry Hives

Pre requisites

A frida server running anywhere.

Android Session

  • make sure you can use ‘adb’ command in console or Read here
  • root on the device/emulator is required!
  • make sure frida is in /system/bin|xbin with a+x permissions or eventually use Dwarf to automatically install latest frida server

Setup & Run

git clone https://github.com/iGio90/Dwarf
cd Dwarf
pip3 install -r requirements.txt
python3 dwarf.py

Optionally

You can install keystone-engine to enable assembler:

Windows
 x86: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win32.msi
x64: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win64.msi

OSX / Unix
pip3 install keystone-engine

dex2jar tools (required for baksmali/decompiling)

Guide: https://sourceforge.net/p/dex2jar/wiki/UserGuide/
Files: https://github.com/pxb1988/dex2jar/releases

On Windows add d2j folder to %PATH% and change:
‘java -Xms512m -Xmx1024m -cp “%CP%” %‘ in d2j_invoke.bat to ‘java -Xms512m -Xmx4096m -cp “%CP%” %

Settings

You can change in .dwarf

“dwarf_ui_hexedit_bpl”: 32 (default: 16) – Bytes per line in hexview
“dwarf_ui_hexstyle”: “upper”, “lower” (default: “upper”) – overall hexstyle 0xabcdef or 0xABCDEF (note: click on the “Offset (X)” in hexview to change)
“dwarf_ui_font_size”: 12 (default: 12) – (note: hexview/disasm use other font wait for settingsdlg or change lib/utils.py get_os_monospace_font())

Download
R K

Share
Published by
R K
Tags: DwarfFridaMulti Arch/OS DebuggerPyQt5
6 years ago

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

1 day ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

1 day ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

1 day ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

1 day ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

1 day ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

2 days ago