Dwarf : Full Featured Multi Arch/OS Debugger Built On Top Of PyQt5 & Frida

Dwarf is a debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code.

Features

  • breakpoints
  • watchpoints without hardware support
  • visual emulation with auto map from target, reporting memory accesses
  • breaks module loading cycle, java classes
  • set breaks conditions and custom logics
  • inject code on each breakpointed thread
  • exchange data with your target and display it in UI
  • digging through memory, disassembly and jvm fields/functions
  • backtrace both native and java
  • takes your whole frida agent in script editor, convert hooks to breakpoints etc
  • more…
  • all of this can be done through scripting to build custom debugging logic

Also Read – Regipy : An OS Independent Python Library For Parsing Offline Registry Hives

Pre requisites

A frida server running anywhere.

Android Session

  • make sure you can use ‘adb’ command in console or Read here
  • root on the device/emulator is required!
  • make sure frida is in /system/bin|xbin with a+x permissions or eventually use Dwarf to automatically install latest frida server

Setup & Run

git clone https://github.com/iGio90/Dwarf
cd Dwarf
pip3 install -r requirements.txt
python3 dwarf.py

Optionally

You can install keystone-engine to enable assembler:

Windows
x86: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win32.msi
x64: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win64.msi

OSX / Unix
pip3 install keystone-engine

dex2jar tools (required for baksmali/decompiling)

Guide: https://sourceforge.net/p/dex2jar/wiki/UserGuide/
Files: https://github.com/pxb1988/dex2jar/releases

On Windows add d2j folder to %PATH% and change:
‘java -Xms512m -Xmx1024m -cp “%CP%” %
‘ in d2j_invoke.bat to ‘java -Xms512m -Xmx4096m -cp “%CP%” %

Settings

You can change in .dwarf

“dwarf_ui_hexedit_bpl”: 32 (default: 16) – Bytes per line in hexview
“dwarf_ui_hexstyle”: “upper”, “lower” (default: “upper”) – overall hexstyle 0xabcdef or 0xABCDEF (note: click on the “Offset (X)” in hexview to change)
“dwarf_ui_font_size”: 12 (default: 12) – (note: hexview/disasm use other font wait for settingsdlg or change lib/utils.py get_os_monospace_font())

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

3 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

3 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

3 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

3 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

3 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

3 weeks ago