Dwarf : Full Featured Multi Arch/OS Debugger Built On Top Of PyQt5 & Frida

Dwarf is a debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code.

Features

  • breakpoints
  • watchpoints without hardware support
  • visual emulation with auto map from target, reporting memory accesses
  • breaks module loading cycle, java classes
  • set breaks conditions and custom logics
  • inject code on each breakpointed thread
  • exchange data with your target and display it in UI
  • digging through memory, disassembly and jvm fields/functions
  • backtrace both native and java
  • takes your whole frida agent in script editor, convert hooks to breakpoints etc
  • more…
  • all of this can be done through scripting to build custom debugging logic

Also Read – Regipy : An OS Independent Python Library For Parsing Offline Registry Hives

Pre requisites

A frida server running anywhere.

Android Session

  • make sure you can use ‘adb’ command in console or Read here
  • root on the device/emulator is required!
  • make sure frida is in /system/bin|xbin with a+x permissions or eventually use Dwarf to automatically install latest frida server

Setup & Run

git clone https://github.com/iGio90/Dwarf
cd Dwarf
pip3 install -r requirements.txt
python3 dwarf.py

Optionally

You can install keystone-engine to enable assembler:

Windows
 x86: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win32.msi
x64: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win64.msi

OSX / Unix
pip3 install keystone-engine

dex2jar tools (required for baksmali/decompiling)

Guide: https://sourceforge.net/p/dex2jar/wiki/UserGuide/
Files: https://github.com/pxb1988/dex2jar/releases

On Windows add d2j folder to %PATH% and change:
‘java -Xms512m -Xmx1024m -cp “%CP%” %‘ in d2j_invoke.bat to ‘java -Xms512m -Xmx4096m -cp “%CP%” %

Settings

You can change in .dwarf

“dwarf_ui_hexedit_bpl”: 32 (default: 16) – Bytes per line in hexview
“dwarf_ui_hexstyle”: “upper”, “lower” (default: “upper”) – overall hexstyle 0xabcdef or 0xABCDEF (note: click on the “Offset (X)” in hexview to change)
“dwarf_ui_font_size”: 12 (default: 12) – (note: hexview/disasm use other font wait for settingsdlg or change lib/utils.py get_os_monospace_font())

Download
R K

Share
Published by
R K
Tags: DwarfFridaMulti Arch/OS DebuggerPyQt5
7 years ago

Recent Posts

This Android Bug Can Crack Your Lock Screen in 60 Seconds

A newly disclosed Android vulnerability is making noise for a good reason. Researchers showed that…

2 days ago

How to Fix MyISAM Table Corruption in MySQL?

In MySQL Server 5.5 and earlier versions, the MyISAM was the default storage engine. So,…

3 days ago

Microsoft Authenticator Flaw Could Leak Login Codes

A newly disclosed vulnerability in Microsoft Authenticator could expose one time sign in codes or…

3 days ago

Modrinth – A Comprehensive Overview of Tools and Functions

Modrinth is a modern platform that’s rapidly changing the landscape of Minecraft modding, providing an…

4 days ago

BlackSanta Malware A Stealthy Threat Targeting Recruiters and HR Teams

A new, highly sophisticated malware campaign named BlackSanta has emerged, primarily targeting HR and recruitment…

4 days ago

Perplexity Launches Personal Computer Features

Perplexity has unveiled an exciting new feature, Personal Computer, which allows AI agents to seamlessly…

4 days ago