igio90 / dwarf Goto Github PK

Full featured multi arch/os debugger built on top of PyQt5 and frida

License: GNU General Public License v3.0

JavaScript 5.88% Python 94.12%

frida pyqt5 reverse-engineering cracking unicorn-emulator capstone-engine keystone-engine android ios windows

dwarf's Introduction

Dwarf

A debugger for reverse engineers, crackers and security analyst. Or you can call it damn, why are raspberries so fluffy or yet, duck warriors are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code.

Known Issues

JavaTraceView is distorted
JavaTraceView shows weakref/handle instead of value

We are working on Dwarf 2.0 release

Installation

pip3 install dwarf-debugger

Development

pip3 install https://github.com/iGio90/Dwarf/archive/master.zip

Usage

Debugging UI (attach wizard)

dwarf

Debugging UI (straightforward)

dwarf -t android com.facebook.katana
dwarf -t android 2145
dwarf -t ios 2145
dwarf -t local /usr/bin/cat /etc/shadow

Debugging UI (own agent)

dwarf -t android -s /path/to/agent.js com.facebook.katana
dwarf -t local -s /path/to/agent.js /usr/bin/cat /etc/shadow

Dwarf typings + injector

$ dwarf-creator
project path (/home/igio90/test):
> 
project name (test):
> 
Session type (local)
[*] L (local)
[*] A (android)
[*] I (iOS)
[*] R (remote)

append i to use dwarf-injector (ai | android inject)
> ai
target package (com.whatsapp)
> com.whatsapp

$ (./intelliJ || ./vsCode).open(/home/igio90/test)
    .echo('enjoy scripting with frida and dwarf api autocompletition and in-line doc')

$ ./dwarf if myOs == 'unix' else 'dwarf.bat'

Dwarf trace

dwarf-trace -t android --java java.io.File.$init com.facebook.katana

* Trying to spawn com.facebook.katana
* Dwarf attached to 19337
java.io.File $init
    /data  - java.io.File
    misc

java.io.File $init
    /data/misc  - java.io.File
    user

...

dwarf-trace -t android --native --native-registers x0,x1,sp open+0x32
dwarf-trace -t android --native --native-registers x0,x1,sp targetModule@0x1234
dwarf-trace -t android --native --native-registers x0,x1,sp 0xdc00d0d0
dwarf-trace -t android --native --native-registers x0,x1,sp popen

DwarfCore (source of core.js)

Core for the Python version of dwarf https://github.com/iGio90/DwarfCore/tree/core1

Javascript | License | Become a patron | Slack

dwarf's People

Contributors

Stargazers

Watchers

Forkers

adolfoeliazat crackercat deelmind shuxin yangboyd sweartogod mewbak sts0mrg0 acrypthash androidetsi heruix hexploitable exiahan teicu whathhh-d leon2035 qiqi1 lnaphade angrykobe raystyle widy28 ghostrong1983 adrivillab vineshchauhan24 shuixi2013 obaby wdnmd-rushb zbx91 azstoys keyman9848 ashr yb1994917 riusksk owen800q breathleas laomin88 qsdj freemanzyq renbingfei knobse lex0tanil whois-bogeyman modulexcite haidragon pilfer kernweak affix 38438-38438-org marciopocebon rajivraj jack51706 magician1 makulu1987 suriya73 ghxst tasdawg liuxing9848 makaisghr xuacker delovt arryboom 0xsunsama seabreg zbx911 snyiu100 gitqqqhs kingking888 hanbinglengyue hhhhhroot fathui goodday123 k3v1n1990s q251995379 c002 goofwear miy1z1ki xinzeyang reversetools asuralove litttley xiaobfly dest-3 guapier 5l1v3r1 c0d1007 marsmanchina 4val0v thibaudmouton nevinhappy sn0opy jacobi2017 noob-z hhhhhosx kumhy antichown ghostybyte swordsheath chago unusable ttotal

dwarf's Issues

one or more Python modules that are not byte-compiled

Hi, I'm installing the tool using the source and the usual command:
python setup.py install on Gentoo Linux. The call is actually wrapped in python classes.
At the end, I'm facing the following warning:

running install_egg_info
Copying dwarf_debugger.egg-info to /var/tmp/portage/dev-util/dwarf-debugger-1.0.0/image/_python3.6/usr/lib64/python3.6/site-packages/dwarf_debugger-1.0.0-py3.6.egg-info
running install_scripts
Installing dwarf script to /var/tmp/portage/dev-util/dwarf-debugger-1.0.0/image/_python3.6/usr/lib/python-exec/python3.6
Installing dwarf-creator script to /var/tmp/portage/dev-util/dwarf-debugger-1.0.0/image/_python3.6/usr/lib/python-exec/python3.6
Installing dwarf-injector script to /var/tmp/portage/dev-util/dwarf-debugger-1.0.0/image/_python3.6/usr/lib/python-exec/python3.6
 * python3_6: running distutils-r1_run_phase distutils-r1_python_install_all
>>> Completed installing dev-util/dwarf-debugger-1.0.0 into /var/tmp/portage/dev-util/dwarf-debugger-1.0.0/image

 * Final size of build directory: 10796 KiB (10.5 MiB)
 * Final size of installed tree:  13908 KiB (13.5 MiB)

 * Verifying compiled files in /usr/lib64/python2.7/site-packages
 * Verifying compiled files in /usr/lib64/python3.6/site-packages
 * 
 * This package installs one or more Python modules that are not byte-compiled.
 * The following files are missing:
 * 
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/app.pyc
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/app.pyo
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/widgets/hex_edit.pyc
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/widgets/hex_edit.pyo
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/session_widgets/console.pyc
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/session_widgets/console.pyo
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/session_widgets/breakpoints.pyc
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/session_widgets/breakpoints.pyo
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/session_widgets/bookmarks.pyc
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/session_widgets/bookmarks.pyo
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/panels/panel_data.pyc
 *   /usr/lib64/python2.7/site-packages/dwarf_debugger/ui/panels/panel_data.pyo
 * 
 * Please either fix the upstream build system to byte-compile Python modules
 * correctly, or call python_optimize after installing them.  For more
 * information, see:
 * https://wiki.gentoo.org/wiki/Project:Python/Byte_compiling

NameError: name 'KS_ARCH_ARM' is not defined

ubuntu 16.04
python 3.5
pipenv

1.git clone dwarf
2.pipenv install -r requirements.txt
3.pipenv shell
$ python dwarf.py

Android Debug Bridge version 1.0.32

 -a                            - directs adb to listen on all interfaces for a connection
 -d                            - directs command to the only connected USB device
                                 returns an error if more than one USB device is present.
 -e                            - directs command to the only running emulator.
                                 returns an error if more than one emulator is running.
 -s <specific device>          - directs command to the device or emulator with the given
                                 serial number or qualifier. Overrides ANDROID_SERIAL
                                 environment variable.
 -p <product name or path>     - simple product name like 'sooner', or
                                 a relative/absolute path to a product
                                 out directory like 'out/target/product/sooner'.
                                 If -p is not specified, the ANDROID_PRODUCT_OUT
                                 environment variable is used, which must
                                 be an absolute path.
 -H                            - Name of adb server host (default: localhost)
 -P                            - Port of adb server (default: 5037)
 devices [-l]                  - list all connected devices
                                 ('-l' will also list device qualifiers)
 connect <host>[:<port>]       - connect to a device via TCP/IP
                                 Port 5555 is used by default if no port number is specified.
 disconnect [<host>[:<port>]]  - disconnect from a TCP/IP device.
                                 Port 5555 is used by default if no port number is specified.
                                 Using this command with no additional arguments
                                 will disconnect from all connected TCP/IP devices.

device commands:
  adb push [-p] <local> <remote>
                               - copy file/dir to device
                                 ('-p' to display the transfer progress)
  adb pull [-p] [-a] <remote> [<local>]
                               - copy file/dir from device
                                 ('-p' to display the transfer progress)
                                 ('-a' means copy timestamp and mode)
  adb sync [ <directory> ]     - copy host->device only if changed
                                 (-l means list but don't copy)
                                 (see 'adb help all')
  adb shell                    - run remote shell interactively
  adb shell <command>          - run remote shell command
  adb emu <command>            - run emulator console command
  adb logcat [ <filter-spec> ] - View device log
  adb forward --list           - list all forward socket connections.
                                 the format is a list of lines with the following format:
                                    <serial> " " <local> " " <remote> "\n"
  adb forward <local> <remote> - forward socket connections
                                 forward specs are one of: 
                                   tcp:<port>
                                   localabstract:<unix domain socket name>
                                   localreserved:<unix domain socket name>
                                   localfilesystem:<unix domain socket name>
                                   dev:<character device name>
                                   jdwp:<process pid> (remote only)
  adb forward --no-rebind <local> <remote>
                               - same as 'adb forward <local> <remote>' but fails
                                 if <local> is already forwarded
  adb forward --remove <local> - remove a specific forward socket connection
  adb forward --remove-all     - remove all forward socket connections
  adb reverse --list           - list all reverse socket connections from device
  adb reverse <remote> <local> - reverse socket connections
                                 reverse specs are one of:
                                   tcp:<port>
                                   localabstract:<unix domain socket name>
                                   localreserved:<unix domain socket name>
                                   localfilesystem:<unix domain socket name>
  adb reverse --norebind <remote> <local>
                               - same as 'adb reverse <remote> <local>' but fails
                                 if <remote> is already reversed.
  adb reverse --remove <remote>
                               - remove a specific reversed socket connection
  adb reverse --remove-all     - remove all reversed socket connections from device
  adb jdwp                     - list PIDs of processes hosting a JDWP transport
  adb install [-lrtsd] <file>
  adb install-multiple [-lrtsdp] <file...>
                               - push this package file to the device and install it
                                 (-l: forward lock application)
                                 (-r: replace existing application)
                                 (-t: allow test packages)
                                 (-s: install application on sdcard)
                                 (-d: allow version code downgrade)
                                 (-p: partial application install)
  adb uninstall [-k] <package> - remove this app package from the device
                                 ('-k' means keep the data and cache directories)
  adb bugreport                - return all information from the device
                                 that should be included in a bug report.

  adb backup [-f <file>] [-apk|-noapk] [-obb|-noobb] [-shared|-noshared] [-all] [-system|-nosystem] [<packages...>]
                               - write an archive of the device's data to <file>.
                                 If no -f option is supplied then the data is written
                                 to "backup.ab" in the current directory.
                                 (-apk|-noapk enable/disable backup of the .apks themselves
                                    in the archive; the default is noapk.)
                                 (-obb|-noobb enable/disable backup of any installed apk expansion
                                    (aka .obb) files associated with each application; the default
                                    is noobb.)
                                 (-shared|-noshared enable/disable backup of the device's
                                    shared storage / SD card contents; the default is noshared.)
                                 (-all means to back up all installed applications)
                                 (-system|-nosystem toggles whether -all automatically includes
                                    system applications; the default is to include system apps)
                                 (<packages...> is the list of applications to be backed up.  If
                                    the -all or -shared flags are passed, then the package
                                    list is optional.  Applications explicitly given on the
                                    command line will be included even if -nosystem would
                                    ordinarily cause them to be omitted.)

  adb restore <file>           - restore device contents from the <file> backup archive

  adb disable-verity           - disable dm-verity checking on USERDEBUG builds
  adb keygen <file>            - generate adb public/private key. The private key is stored in <file>,
                                 and the public key is stored in <file>.pub. Any existing files
                                 are overwritten.
  adb help                     - show this help message
  adb version                  - show version num

scripting:
  adb wait-for-device          - block until device is online
  adb start-server             - ensure that there is a server running
  adb kill-server              - kill the server if it is running
  adb get-state                - prints: offline | bootloader | device
  adb get-serialno             - prints: <serial-number>
  adb get-devpath              - prints: <device-path>
  adb status-window            - continuously print device status for a specified device
  adb remount                  - remounts the /system and /vendor (if present) partitions on the device read-write
  adb reboot [bootloader|recovery] - reboots the device, optionally into the bootloader or recovery program
  adb reboot-bootloader        - reboots the device into the bootloader
  adb root                     - restarts the adbd daemon with root permissions
  adb usb                      - restarts the adbd daemon listening on USB
  adb tcpip <port>             - restarts the adbd daemon listening on TCP on the specified port
networking:
  adb ppp <tty> [parameters]   - Run PPP over USB.
 Note: you should not automatically start a PPP connection.
 <tty> refers to the tty for PPP stream. Eg. dev:/dev/omap_csmi_tty1
 [parameters] - Eg. defaultroute debug dump local notty usepeerdns

adb sync notes: adb sync [ <directory> ]
  <localdir> can be interpreted in several ways:

  - If <directory> is not specified, /system, /vendor (if present), and /data partitions will be updated.

  - If it is "system", "vendor" or "data", only the corresponding partition
    is updated.

environmental variables:
  ADB_TRACE                    - Print debug information. A comma separated list of the following values
                                 1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
  ANDROID_SERIAL               - The serial number to connect to. -s takes priority over this if given.
  ANDROID_LOG_TAGS             - When used with the logcat option, only these debug tags are printed.
Traceback (most recent call last):
  File "dwarf.py", line 40, in <module>
    app_window = AppWindow(args)
  File "/home/weizi/Dwarf/ui/app.py", line 41, in __init__
    self.app.setup_ui()
  File "/home/weizi/Dwarf/ui/app.py", line 90, in setup_ui
    self.session_ui = SessionUi(self)
  File "/home/weizi/Dwarf/ui/ui_session.py", line 88, in __init__
    self.asm_panel = AsmPanel(self.app)
  File "/home/weizi/Dwarf/ui/panel_asm.py", line 45, in __init__
    self.on_arch_changed()
  File "/home/weizi/Dwarf/ui/panel_asm.py", line 238, in on_arch_changed
    self.ks_arch = KS_ARCH_ARM
NameError: name 'KS_ARCH_ARM' is not defined

Reboot loop on device identification

Hey, i am trying to run dwarf on a samsung galaxy s7 (G930FD, a.ver 8.0) but each time the debugger identifies the device the phone reboots (that is, i open a new session and as soon as my phone is detected and added to the device list, it restarts my phone), i used dwarf with the same phone some months ago and was working fine, all the checks are passed (root/adb/device/etc). Tried on two different computers and the result was the same.

Not Able to launch

PS D:\Tools for Testing\Dwarf\Dwarf> python .\dwarf.py
adb: True
dev/emu: True
su: True
root: False

at least 3x True required
Traceback (most recent call last):
File ".\dwarf.py", line 41, in
app_window = AppWindow(args)
File "D:\Tools for Testing\Dwarf\Dwarf\ui\app.py", line 36, in init
self.dwarf = Dwarf(self)
File "D:\Tools for Testing\Dwarf\Dwarf\lib\core.py", line 80, in init
self.script_manager = ScriptsManager(self)
File "D:\Tools for Testing\Dwarf\Dwarf\lib\scripts_manager.py", line 24, in init
self.update_scripts()
File "D:\Tools for Testing\Dwarf\Dwarf\lib\scripts_manager.py", line 27, in update_scripts
scripts = self.dwarf.get_git().get_dwarf_scripts()
AttributeError: 'NoneType' object has no attribute 'replace'

Wrong value register added reported to backend

I did a quick debug but I have no time to fix it as i'm about to travel

doing this in console:
this.context.x1 = 100

will result in x1 to be set to 100, but on the context panel it print 0x100 (256 decimal)
issue is here:

value_x = str_fmt.format(int(reg_val, 16))

Not able to run Dwarf

Hello,

I just find out about your tool, it looks amazing for reverser. Unfortunately I'm not able to start it.

I get the error :
Traceback (most recent call last):
File "dwarf.py", line 26, in
from ui.app import AppWindow
File "/Users/esoussi/work/util/Dwarf/ui/app.py", line 23, in
from lib.core import Dwarf
File "/Users/esoussi/work/util/Dwarf/lib/core.py", line 28, in
from lib.emulator import Emulator
File "/Users/esoussi/work/util/Dwarf/lib/emulator.py", line 24, in
from capstone import *
File "/usr/local/lib/python3.7/site-packages/capstone/init.py", line 406, in
_setup_prototype(_cs, "cs_regs_access", ctypes.c_int, ctypes.c_size_t, ctypes.POINTER(_cs_insn), ctypes.POINTER(ctypes.c_uint1664), ctypes.POINTER(ctypes.c_uint8), ctypes.POINTER(ctypes.c_uint1664), ctypes.POINTER(ctypes.c_uint8))
File "/usr/local/lib/python3.7/site-packages/capstone/init.py", line 388, in _setup_prototype
getattr(lib, fname).restype = restype
File "/usr/local/Cellar/python/3.7.3/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ctypes/init.py", line 369, in getattr
func = self.getitem(name)
File "/usr/local/Cellar/python/3.7.3/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ctypes/init.py", line 374, in getitem
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: dlsym(0x7fe3462e5a60, cs_regs_access): symbol not found

For information, I'm using MacOs.

Thanks for the support.

connect to frida-server over TCP/IP

in my rooted android phone frida server running with frida-server -l 192.168.1.3 and i can connect to the phone with frida-ps -H 192.168.1.3 now how to connect to the frida-server from the dwarf GUI

Dwarf crash when click Java classes

Dwarf/ui/panel_java_methods.py

Line 19 in 4e5154f

from lib.core import bus

Got some javascript errors

When choosing to start app will the terminal give this message:
unable to find method 'api'

And in the terminal is this message:
payload: {'type': 'error', 'description': 'ReferenceError: _log is not defined', 'stack': 'ReferenceError: _log is not defined\n at /script1.js:38:6', 'fileName': '/script1.js', 'lineNumber': 38, 'columnNumber': 6}

Frida version 12.5.0

Rooted phone with magisk 19.1

Failed to spawn or attach to processes

Hi, after this #22 I tried to spawn an application i get a pop up error with Failed spawning "com.package", in the details dwarf says 'runtime' is an invalid keyword argument for this function

I checked where the error could come from and it could be inside load_script() in lib/core.py
I get the same error if I try to attach to a process es Failed attaching to [10653, 'com.whatsapp']

fail to delete hook

i want to delete the last hook. but it failed

DISASSEMBLY > Switch to THUMB Mode Error

when click Switch to THUMB Mode dwarf crashed !

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/dwarf_debugger/ui/widgets/disasm_view.py", line 737, in _on_switch_mode
    if self.capstone_mode == CS_MODE_ARM:
AttributeError: 'DisassemblyView' object has no attribute 'capstone_mode'

Error installing frida on Android

Hi, I tried to automatically install frida on the device but it seems not working
I've tried on a Nexus 5 with 5.1 and on a Pixel XL with android 8 rooted with Magisk from Ubuntu
my steps are:
I start Dwarf
select Android
A dwarf USB session window opens with a red bar saying waiting for device and a button install frida
I click on install frida, a series of messages appear
once done on the red bar appears a dropdown menu with 2 entries of Pixel XL
If I try again Install frida more pixel xl entries appear in the dropdown menu
I checked on the device and frida is not running nor installed

empty debug window

i put a breakpoint on class constructor, breakpoint gets hit but everything is blank!!


02:35:04 [ERROR-LogicJava.hook] Error: java.lang.ClassNotFoundException: Didn't find class "com.whatsapp.jobqueue.job" on path: DexPathList[[zip file "/system/framework/org.apache.http.legacy.boot.jar", zip file "/data/app/com.whatsapp-LqLY5Xrpfu9W8PvMcn2vHg==/base.apk"],nativeLibraryDirectories=[/data/app/com.whatsapp-LqLY5Xrpfu9W8PvMcn2vHg==/lib/arm64, /data/app/com.whatsapp-LqLY5Xrpfu9W8PvMcn2vHg==/base.apk!/lib/arm64-v8a, /system/lib64]]
02:35:12 [ERROR-jvmExplorer-2] TypeError: Cannot read property '$className' of undefined
02:35:12 [ERROR-jvmExplorer-2] TypeError: Cannot read property '$className' of undefined
02:35:12 [ERROR-jvmExplorer-2] TypeError: Cannot read property '$className' of undefined
02:35:12 [ERROR-jvmExplorer-2] TypeError: Cannot read property '$className' of undefined
02:35:12 [ERROR-jvmExplorer-2] TypeError: Cannot read property '$className' of undefined
02:35:12 [ERROR-jvmExplorer-2] TypeError: Cannot read property '$className' of undefined

UI resets after process restart

I want to install hooks and catch them after restarting the process. I set them in 'breakpoint' area, then I restart the process (Process - Restart), it looks like the interface is being recreated and I lose all my hooks. Is it ok?

su: invalid uid/gid

when I use Dwarf on version 12.6.1, I find an error on mount_system():su: invalid uid/gid fix it by use:do_adb_command('shell su 0 mount -o rw,remount /'). shell su -c not work well. it happens also on the funcion:check_requirements

Frida binary cli option suggestion

Hi, thanks for the cool software. It will be nice to add some cli option to specify frida server binary name. I'm using MagiskFrida add-on, it installs frida binary as frida-server to /system/xbin. It's not to hard to modify Dwarf sources or MagiskFrida package but anyway such option will be useful. Or just create const in one file that will be used everywhere.

No module

% python3 dwarf.py
Traceback (most recent call last):
  File "dwarf.py", line 26, in <module>
    from ui.app import AppWindow
  File "/Users/whoami/Program/Dwarf/ui/app.py", line 32, in <module>
    from ui.hex_edit import HighLight, HighlightExistsError
  File "/Users/whoami/Program/Dwarf/ui/hex_edit.py", line 29, in <module>
    from lib.elf import ELF
ModuleNotFoundError: No module named 'lib.elf'

Watchpoints

I'm having trouble setting watchpoints for a specific address (regardless if it's r/w/e), i'm trying to set them as 0xAddress (i.e 0x9EB27370) but it's throwing the following error:

Error on any js api command execution

After every command in javascript console, I see an error on the right text area:

21:22:59.800784 TypeError: Cannot read property 'apply' of undefined at Object.api (src/index.ts:81:33) at handleRpcMessage (frida/runtime/message-dispatcher.js:49:1) at handleMessage (frida/runtime/message-dispatcher.js:29:1)

21:33:39.321790 TypeError: Cannot read property 'then' of null at handleRpcMessage (frida/runtime/message-dispatcher.js:50:1) at handleMessage (frida/runtime/message-dispatcher.js:29:1)

App always freezing When i modify function arguments

IOS emulator

Hi,
I want to use Dwarf on an xcode phone emulate how should I do that because when I click on ios Icon Dwarf just quit whit a message that saying waiting fore device to be connected.

Thanks for your answer

Not working on iOS 12.2 nor 11.2.5 ?

Hey guys,

First, thank you for this amazing tool it looks very very promising with a very clean interface!

I'm able to spawn/attach a process running on my iPhone, however, I can not see anything related to the memory nor setting breakpoint nor playing around with classes/methods.

I've tried with :

iPhone 6 running on iOS 11.2.5
iPhone 6 plus running on iOS 12.2
Tried with different apps such as Snapchat, Phone, ... same result

Here's my screen, you can also see that an error message appears in the console when I try to set a breakpoint to a method.

pidof parsing problem

On my android 6.0 device pidof returns all processes ids and always "Start frida" button appears

shell@my70ds:/ # pidof frida
1 2 3 5 6 7 8 9 10 11 12 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 41 ...
76 277 278 279 282 283 286 289 290 291 293 294 295 296 297 299 302 305 306 309 312 313 398 408 40

Maybe not return here but try other options
https://github.com/iGio90/Dwarf/blob/master/lib/adb.py#L322

Remounting /system fails because it's missing in /proc/mounts

I am running OxygenOS 10.5.4 (OnePlus stock OS) with a Magisk patched bootloader. Dwarf provides a way to automatically install frida into /system. One of the steps is remounting /system to make it writeable which fails on my device.

# mount -o rw,remount /system
mount: '/system' not in /proc/mounts

# cat /proc/mounts | grep system
/sbin/.magisk/block/system_root /sbin/.magisk/mirror/system_root ext4 ro,seclabel,relatime,discard 0 0
/sbin/.magisk/block/system_root /sbin/wlchg ext4 ro,seclabel,relatime,discard 0 0
/sbin/.magisk/block/system_root /sbin/dashd ext4 ro,seclabel,relatime,discard 0 0
/dev/block/loop2 /system/reserve ext4 ro,context=u:object_r:system_file:s0,relatime 0 0

I know that Dwarf does have a check for /system_root, but it does not seem to work in my case, since it just sets the system partition's name to /system_root which doesn't even exist.

I'm happy to share any further logs if needed.

trace problem

don’t read hook method

java decompilation

is java decompilation available?

if not are there any future plans?

The 'PyQt5==5.11.3' distribution was not found and is required by dwarf

Is it really necessary to tightly bind the version? I have PyQt5-5.13.0 but I get this error:

linxon@minako-chan /tmp/linxon-tmp-files $ dwarf 
Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 581, in _build_master
    ws.require(__requires__)
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 898, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 789, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (PyQt5 5.13.0 (/usr/lib64/python3.6/site-packages), Requirement.parse('PyQt5==5.11.3'), {'dwarf'})

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.6/dwarf", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 3126, in <module>
    @_call_aside
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 3110, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 3139, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 583, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 596, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/lib64/python3.6/site-packages/pkg_resources/__init__.py", line 784, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'PyQt5==5.11.3' distribution was not found and is required by dwarf

OSX Mojave install fails with dogpile.cache error building Keystone-engine

Used Brew to install python3 with pip3 and when running "pip3 install -r requirements.txt" it fails on building wheel for keystone-engine with other ancillary errors...

Guidance appreciated. Thanks.

Screens attached.

IOS not supported ???

Hello,

It's me, again :). I'm trying to use DWARF with my iphone, and... I cannot even click on the apple button. If I press the Android Button, I can see a green ruban saying "Iphone Connected" but the tools does not give me any options.

Thanks a lot,

Wally

trace don’t del

I want to delete some, but I can't find a way

stable release

Could you please start cutting releases at some point so that the tool can be ported to Linux distros properly?

I would like to port it on Pentoo Linux. Thank you

Minor UI issue when tracing.

When looking at the trace overview, there's not enough padding at the bottom to get everything in view (when scrolled all the way down there's still content hidden).

@PinkiePieStyle I was told to ping you for UI stuff. :p

Error on any js api command execution

There're v12.8.6 already, but it don't works correctly with Dwarf.
I got an error when I try to execute any js api command.

Check missing

Dwarf/ui/widgets/list_view.py

Line 233 in 7f59584

have_result, search_results = self.contains_text(input, stop_at_match=False)

it's not checking if the input is empty (leaving the textbox blank when searching in any list) hence crashing the app.

Error log=>

have_result, search_results = self.contains_text(input, stop_at_match=False)
TypeError: cannot unpack non-iterable NoneType object

Application crash on adding a watcher

Steps to reproduce:

injecting into application process
adding hook on android.api.Activity.onCreate
add watcher: api.findExport('open')

we get a crash:

payload: {'type': 'error', 'description': 'ReferenceError: _this is not defined', 'stack': 'ReferenceError: _this is not defined\n at new MemoryWatcher (/script1.js:1982:11)\n at Object.DwarfApi.addWatcher (/script1.js:530:46)\n at Dwarf._onHook (/script1.js:274:62)\n at klass.<anonymous> (/script1.js:1890:28)\n at f (eval at implement (frida/node_modules/frida-java/lib/class-factory.js:2105:1), <anonymous>:1:272)', 'fileName': '/script1.js', 'lineNumber': 1982, 'columnNumber': 11}

Device info
Model: GT-I9505
Arch/Rom:

jfltexx:/ # uname -a
Linux localhost 3.4.112-Lineage-gd51a0c0 #1 SMP PREEMPT Fri Jan 20 20:25:34 EET 2017 armv7l

[Feature Request] "Copy value" context menu support for sidebar pane lists

Specifically in the "Context" and "Backtrace" pane.

Allow choice of device when multiple devices are connected

I do have multiple devices connected.

Would it be possible to add a dropdown to let me choose which I want to use.
A argument on dwarf.py would be nice also.

can not be breaked when using putBreakpoint

when I start dwarf below, it can not break when the event fired. However, it can be break when I choose the same method from the toolbox Java-> classes.

dwarf -t android com.example.king.testappsflyer -s debug.js
this is my jscode below.

dwarf 1.0.4 is used

BTW, thanks for your great work, really helps a lot

Disassembler not working

Screen from x86 disasm

Debuglog

Starting new Session
called on_arch_changed
arch is
Trying to spawn exe
18:26:46 * Skipping blacklisted module: ntdll.dll
called on_arch_changed
arch is
Thank's for using Dwarf
Have a nice day...

Where can i get Dwarf version 2 ???

NetworkRequests.js told me that "//Dwarf >= 2.0.0 required!",or it will occur error

Where can i get Version 2.0

Python 3.8.x - SyntaxWarning

core.py#L732
SyntaxWarning: "is not" with a literal. Did you mean "!="?

IOS emulator

Hi,
I want to use Dwarf on an xcode phone emulate how should I do that because when I click on ios Icon Dwarf just quit whit a message that saying waiting fore device to be connected.

Thanks for your answer

Dumping from module panel

If I go into the module panel and try to dump a module (selecting any .so using right click>dump binary) dwarf crashes (tested with several apps).

Crash report:

Can't find d2j-dex2jar.bat

This tool is cool , When I'm trying to use to decompile an APK file . It shows "failed to find d2j-dex2jar.bat". And I can't find and place to configure path for this tool.
So is there a way to integrate this tool to Dwarf ?

"tabBar" ui is NoneType

I'm using Windows 10x64, and have this error

  File "xxxxx\Dwarf\ui\ui_session.py", line 101, in __init__
    self.tabBar().tabButton(0, QTabBar.LeftSide).resize(0, 0)

AttributeError: 'NoneType' object has no attribute 'resize'

It work fine if comment that line.

'DwarfListView' object has no attribute 'count'

Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/dwarf_debugger/ui/panels/panel_java_trace.py", line 368, in show_class_list_menu
self.search()
File "/usr/local/lib/python3.7/site-packages/dwarf_debugger/ui/panels/panel_java_trace.py", line 355, in search
for i in range(0, self.class_list.count()):
AttributeError: 'DwarfListView' object has no attribute 'count'

trace->class(search)-> show 'DwarfListView' object has no attribute 'count'

Dwarf on non-rooted Android device and memory search

Hello,
first of all - HUGE THANKS for your AWESOME tool on top of Frida! It helps immensely!
I have two issues/questions about it right now:

I had to change device_window.py in order to make it recognize frida-gadget for non-rooted Android device:

self.title = 'Android Session'
self.device = frida.get_usb_device()

(instead of None)
In this case the process with injected Frida is being shown and everything seems to work just fine.
2) I couldn't find the functionality for memory search, e.g. searching for certain bytes in memory. Do you intend to add this functionality as well?
Again - many thanks for your work and good luck!!!

Can this software be installed on my Windows 10?

Hi, dude.
I love this software and I installed it on my Mac. But I wonder if this can be installed on Windows 10? Sorry for my bad English. Thank you.

Quick filter feature

It will be useful to quick filter the lists (processes, classes, exports) like in IDA