Need help with Wallbreaker?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

hluwa
381 Stars 77 Forks 69 Commits 4 Opened issues

Description

🔨 Break Java Reverse Engineering form Memory World!

Services available

!
?

Need anything else?

Contributors list

# 22,061
Python
frida
HTML
Windows
49 commits
# 126,278
filedow...
Kotlin
Shell
throttl...
1 commit

Wallbreaker

🔨 Break Java Reverse Engineering form Memory World!

WTF?

Wallbreaker is a useful tool to live analyzing Java heap, powered by frida. Provide some commands to search object or class from the memory, and beautifully visualize the real structure of the target.

Want to know real data content? list item? map entries? Want to know about implementation of the interface? Try it! What you see is what you get!

How to start?

1. Install objection

pip3 install objection

2. Download wallbreaker

mkdir -p ~/.objection/plugins/ \ git clone https://github.com/hluwa/Wallbreaker ~/.objection/plugins/Wallbreaker

3. Loading as objection plugin

objection -g com.app.name explore -P ~/.objection/plugins

or

objection -g com.app.name explore \ plugin load ~/.objection/plugins/Wallbreaker

4. Use wallbreaker command

plugin wallbreaker objectsearch java.util.HashMap \ plugin wallbreaker objectdump <object-handle>

Commands

Search

wallbreaker classsearch <type-pattern>
[return all matched class]
wallbreaker objectsearch <instance-class-name>
[return all matched object-handle and toString]

Dump

wallbreaker classdump <class-name> [--fullname]
[
   pretty print class structure: fields declare, static field value, methods declare.
      set --fullname to display package name of type name.
]
wallbreaker objectdump <object-handle> [--fullname] [--as-class class-name]
[
   pretty print object structure: fields declare and value, methods declare.
      set --fullname to display package name of type name;
      set --as-class to cast instance type(super class, not interface).
   if instance is a collection or map, dump all entries.
]

Demo

asciicast

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.