Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/iGio90/Dwarf
Full featured multi arch/os debugger built on top of PyQt5 and frida
https://github.com/iGio90/Dwarf
android capstone-engine cracking frida ios keystone-engine linux pyqt5 reverse-engineering unicorn-emulator windows
Last synced: 29 days ago
JSON representation
Full featured multi arch/os debugger built on top of PyQt5 and frida
- Host: GitHub
- URL: https://github.com/iGio90/Dwarf
- Owner: iGio90
- License: gpl-3.0
- Created: 2018-12-18T17:50:07.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-05-16T07:32:52.000Z (7 months ago)
- Last Synced: 2024-11-04T19:41:01.237Z (about 1 month ago)
- Topics: android, capstone-engine, cracking, frida, ios, keystone-engine, linux, pyqt5, reverse-engineering, unicorn-emulator, windows
- Language: Python
- Homepage:
- Size: 3.38 MB
- Stars: 1,271
- Watchers: 56
- Forks: 168
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-ios-security - Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida. (Tools / Dynamic Analysis Tools)
- awesome-apple-security - Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida. (Tools / Dynamic Analysis Tools)
- awesome-hacking-lists - iGio90/Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida (Python)
README
# Dwarf
[![PyPI pyversions](https://img.shields.io/pypi/pyversions/dwarf_debugger.svg)](https://pypi.python.org/pypi/dwarf_debugger/)
[![PyPI version shields.io](https://img.shields.io/pypi/v/dwarf_debugger.svg)](https://pypi.python.org/pypi/dwarf_debugger/)
[![GitHub license](https://img.shields.io/github/license/iGio90/Dwarf.svg)](https://github.com/iGio90/Dwarf/blob/master/LICENSE)
[![GitHub issues](https://img.shields.io/github/issues/iGio90/Dwarf.svg)](https://GitHub.com/iGio90/Dwarf/issues/)A debugger for reverse engineers, crackers and security analyst.
Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like!
Built on top of pyqt5, frida and some terrible code.### Known Issues
+ JavaTraceView is distorted
+ JavaTraceView shows weakref/handle instead of valueWe are working on Dwarf 2.0 release
### Installation
```
pip3 install dwarf-debugger
```
Development
```
pip3 install https://github.com/iGio90/Dwarf/archive/master.zip
```## Usage
#### Debugging UI (attach wizard)
```
dwarf
```#### Debugging UI (straightforward)
```
dwarf -t android com.facebook.katana
dwarf -t android 2145
dwarf -t ios 2145
dwarf -t local /usr/bin/cat /etc/shadow
```#### Debugging UI (own agent)
```
dwarf -t android -s /path/to/agent.js com.facebook.katana
dwarf -t local -s /path/to/agent.js /usr/bin/cat /etc/shadow
```#### Dwarf typings + injector
```
$ dwarf-creator
project path (/home/igio90/test):
>
project name (test):
>
Session type (local)
[*] L (local)
[*] A (android)
[*] I (iOS)
[*] R (remote)append i to use dwarf-injector (ai | android inject)
> ai
target package (com.whatsapp)
> com.whatsapp$ (./intelliJ || ./vsCode).open(/home/igio90/test)
.echo('enjoy scripting with frida and dwarf api autocompletition and in-line doc')$ ./dwarf if myOs == 'unix' else 'dwarf.bat'
```#### Dwarf trace
```
dwarf-trace -t android --java java.io.File.$init com.facebook.katana* Trying to spawn com.facebook.katana
* Dwarf attached to 19337
java.io.File $init
/data - java.io.File
miscjava.io.File $init
/data/misc - java.io.File
user...
``````
dwarf-trace -t android --native --native-registers x0,x1,sp open+0x32
dwarf-trace -t android --native --native-registers x0,x1,sp targetModule@0x1234
dwarf-trace -t android --native --native-registers x0,x1,sp 0xdc00d0d0
dwarf-trace -t android --native --native-registers x0,x1,sp popen
```## DwarfCore (source of core.js)
Core for the Python version of dwarf
https://github.com/iGio90/DwarfCore/tree/core1