Multi arch/os/target

It’s built on top of PyQt5 and can be started with ease on any OS. Uses frida in the backend which support almost any arch.

Dynamic analysis

Allows to perform dynamic instrumentation with a kickass UI. Our frida agent is loaded into the target which allows to set breakpoints (on the JVM as well for Android target) and watchpoints. It allows to break at module constructors to instrument initialization functions. Tracers, registers with telescope and various panels are available to reduce the pain of debugging.

Static analysis

The disassembly and the memory views among with modules, ranges, loaded java classes and methods. We built a couple of plugins which extend Dwarf with radare2 and unicorn emulator. Those gave us a quick way to backend module analysis (backended by r2) and emulation (backended by unicorn). There are also a set of tools available and 2 console with REPL accepting javascript (Frida and Dwarf api, the javascript REPL is always in the target context) and python in the backend. With the radare2 plugin, you’ll also have a new panel with a REPL on the r2 instance and javascript api to interact with the r2 instance from the target context.


The problem in debugging and analysis is always figuring out a way to make the things faster. Dwarf provide some ways to accelerate the process.

  • Can be started with a mix of command line arguments to spawn and inject our agent in the target:
    python3 dwarf.py -t android -sp -p com.android.target -s myagent.js
  • Have javascript api to add hooks and prevent breakpoints or eventually, break at certain conditions
  • There are api which allows to control the target from the ui and the ui from the target


The plugin system built inside Dwarf allows you to hook and inject your PyQt widgets and to speak with the target device through the various Dwarf code python api. Plugins can also inject custom frida agent to extend or create new javascript api.