A debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code.
visual emulation with auto map from target, reporting memory accesses
breaks module loading cycle, java classes
set breaks conditions and custom logics
inject code on each breakpointed thread
exchange data with your target and display it in UI
digging through memory, disassembly and jvm fields/functions
backtrace both native and java
takes your whole frida agent in script editor, convert hooks to breakpoints etc
all of this can be done through scripting to build custom debugging logic
Pre requisites A frida server running anywhere.
make sure you can use 'adb' command in console or Read here
root on the device/emulator is required!
make sure frida is in /system/bin|xbin with a+x permissions or eventually use Dwarf to automatically install latest frida server
Setup and run
git clone https://github.com/iGio90/Dwarf
pip3 install -r requirements.txt
Optionally You can install keystone-engine to enable assembler:
Windows x86: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win32.msi x64: https://github.com/keystone-engine/keystone/releases/download/0.9.1/keystone-0.9.1-python-win64.msi
On Windows add d2j folder to %PATH% and change: 'java -Xms512m -Xmx1024m -cp "%CP%" %*' in d2j_invoke.bat to 'java -Xms512m -Xmx4096m -cp "%CP%" %*'
Settings You can change in .dwarf
"dwarf_ui_hexedit_bpl": 32 (default: 16) - Bytes per line in hexview "dwarf_ui_hexstyle": "upper", "lower" (default: "upper") - overall hexstyle 0xabcdef or 0xABCDEF (note: click on the "Offset (X)" in hexview to change) "dwarf_ui_font_size": 12 (default: 12) - (note: hexview/disasm use other font wait for settingsdlg or change lib/utils.py get_os_monospace_font())