Dwarf : Full Featured Multi Arch/OS Debugger Built On Top Of PyQt5 & Frida

Dwarf is a debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code.

Features

  • breakpoints
  • watchpoints without hardware support
  • visual emulation with auto map from target, reporting memory accesses
  • breaks module loading cycle, java classes
  • set breaks conditions and custom logics
  • inject code on each breakpointed thread
  • exchange data with your target and display it in UI
  • digging through memory, disassembly and jvm fields/functions
  • backtrace both native and java
  • takes your whole frida agent in script editor, convert hooks to breakpoints etc
  • more…
  • all of this can be done through scripting to build custom debugging logic

Also Read – Regipy : An OS Independent Python Library For Parsing Offline Registry Hives

Pre requisites

A frida server running anywhere.

Android Session

  • make sure you can use ‘adb’ command in console or Read here
  • root on the device/emulator is required!
  • make sure frida is in /system/bin|xbin with a+x permissions or eventually use Dwarf to automatically install latest frida server

Setup & Run

git clone https://github.com/iGio90/Dwarf
cd Dwarf
pip3 install -r requirements.txt
python3 dwarf.py

Optionally

You can install keystone-engine to enable assembler:

Windows
 x86: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win32.msi
x64: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win64.msi

OSX / Unix
pip3 install keystone-engine

dex2jar tools (required for baksmali/decompiling)

Guide: https://sourceforge.net/p/dex2jar/wiki/UserGuide/
Files: https://github.com/pxb1988/dex2jar/releases

On Windows add d2j folder to %PATH% and change:
‘java -Xms512m -Xmx1024m -cp “%CP%” %‘ in d2j_invoke.bat to ‘java -Xms512m -Xmx4096m -cp “%CP%” %

Settings

You can change in .dwarf

“dwarf_ui_hexedit_bpl”: 32 (default: 16) – Bytes per line in hexview
“dwarf_ui_hexstyle”: “upper”, “lower” (default: “upper”) – overall hexstyle 0xabcdef or 0xABCDEF (note: click on the “Offset (X)” in hexview to change)
“dwarf_ui_font_size”: 12 (default: 12) – (note: hexview/disasm use other font wait for settingsdlg or change lib/utils.py get_os_monospace_font())

Download
R K

Share
Published by
R K
Tags: DwarfFridaMulti Arch/OS DebuggerPyQt5
6 years ago

Recent Posts

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

20 hours ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

21 hours ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

2 days ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

2 days ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

3 days ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

1 week ago