A debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code.
Checkout the website for features, api and examples
Something you can do with Dwarf
- watchpoints without hardware support
- visual emulation with auto map from target, reporting memory accesses
- breaks module loading cycle, java classes
- set breaks conditions and custom logics
- inject code on each breakpointed thread
- exchange data with your target and display it in UI
- digging through memory, disassembly and jvm fields/functions
- backtrace both native and java
- takes your whole frida agent in script editor, convert hooks to breakpoints etc
- all of this can be done through scripting to build custom debugging logic
A frida server running anywhere.
- make sure you can use 'adb' command in console or Read here
- root on the device/emulator is required!
- make sure frida is in /system/bin|xbin with a+x permissions or eventually use Dwarf to automatically install latest frida server
Setup and run
git clone https://github.com/iGio90/Dwarf
pip3 install -r requirements.txt
You can install keystone-engine to enable assembler:
Windowsdex2jar tools (required for baksmali/decompiling)
OSX / Unix
pip3 install keystone-engine
On Windows add d2j folder to %PATH% and change:
'java -Xms512m -Xmx1024m -cp "%CP%" %*'
in d2j_invoke.bat to
'java -Xms512m -Xmx4096m -cp "%CP%" %*'
You can change in .dwarf
"dwarf_ui_hexedit_bpl": 32 (default: 16) - Bytes per line in hexview
"dwarf_ui_hexstyle": "upper", "lower" (default: "upper") - overall hexstyle 0xabcdef or 0xABCDEF (note: click on the "Offset (X)" in hexview to change)
"dwarf_ui_font_size": 12 (default: 12) - (note: hexview/disasm use other font wait for settingsdlg or change lib/utils.py get_os_monospace_font())