Machine Code to Assembly Disassembler

Online Disassembler: Convert Hex Machine Code to Assembly

This free online disassembler turns raw machine-code bytes into human-readable assembly, right in your browser. Paste hexadecimal bytes (or Base64), pick the target CPU architecture and mode, and the tool decodes each instruction into its mnemonic, operands, and byte breakdown. The decoding engine is Capstone compiled to WebAssembly, so the same disassembler library used by professional reverse-engineering tooling runs 100% client-side — your bytes are never uploaded to a server.

Supported Architectures

Select the architecture and mode that match the code you are decoding. "Hex to assembly" only produces correct output when the architecture and bit-width are right — the same bytes disassemble to completely different instructions on x86 versus ARM.

For x86 you can also switch between Intel syntax (mov rax, rdi) and AT&T syntax (movq %rdi, %rax) to match the toolchain you are used to.

How to Convert Hex to Assembly

1. Choose your input format: paste hex bytes (any of 48 89 e5, 0x48, 0x89, 0xe5, 4889e5, or \x48\x89\xe5) or switch the toggle to Base64 and paste a Base64-encoded byte string.
2. Pick the Architecture and Mode (and, for x86, the Syntax).
3. (Optional) Set a Base Address in hex so jump and call targets are shown at the real load address instead of starting at 0.
4. Click Disassemble. Each instruction shows its address, raw bytes, mnemonic, and operands.

You can also upload a binary file (.bin, .exe, .elf, .o, .dll, .so, .dylib); the tool reads it locally, detects common executable headers, and disassembles the code section.

Base Address and Offsets

By default the first byte is shown at address 0. Set a base address (in hex) to match where the code is actually loaded in memory — this makes relative branch and call targets resolve to meaningful addresses, which is essential when you are cross-referencing a disassembly against a debugger or a memory dump.

Exporting Your Results

• Copy the disassembly to your clipboard with one click.
• Download as TXT for a formatted, address-aligned listing.
• Download as JSON for a structured representation (address, bytes, mnemonic, operands) you can feed into other tools or scripts.
• Share a permalink — the hex bytes and the selected architecture/mode are encoded in the URL, so the link reproduces the exact same disassembly when opened.

Beyond Basic Disassembly

The tool also offers an instruction-encoding breakdown (prefixes, opcode, ModR/M, SIB, displacement) for learning how x86 instructions are built, string extraction, shellcode and packer detection, and a call-graph view for understanding control flow in larger buffers.

Privacy

Every step — hex parsing, Base64 decoding, file reading, and disassembly via the Capstone WebAssembly module — runs entirely in your browser. Nothing you paste or upload is transmitted to a server, which makes this safe for analyzing untrusted or sensitive binaries.

Machine code disassembly is the process of converting binary machine code (hexadecimal bytes) back into human-readable assembly language instructions. When software is compiled, high-level source code (like C, C++, or Rust) is transformed into machine code—the raw binary instructions that processors execute directly. Disassembly reverses this process, allowing security researchers, reverse engineers, and developers to analyze compiled binaries without access to the original source code.

The disassembly process involves:

• Instruction Decoding: Interpreting byte sequences as processor instructions based on the target architecture (x86-64, ARM, RISC-V, etc.)
• Operand Analysis: Identifying registers, memory addresses, and immediate values used by each instruction
• Syntax Translation: Converting the decoded instruction into assembly syntax (Intel, AT&T, or architecture-specific format)

This tool uses the Capstone disassembly framework, a lightweight and powerful engine that supports multiple architectures and is widely used in professional security tools like IDA Pro, Ghidra, and radare2.

Disassemblers are essential tools across multiple domains:

Malware Analysis & Cybersecurity

Security researchers use disassemblers to analyze malicious software, understand attack techniques, and develop detection signatures. By examining the assembly code, analysts can identify shellcode, detect obfuscation techniques, and reverse-engineer malware behavior without executing it.

Reverse Engineering & Software Analysis

When source code is unavailable, disassembly allows developers to understand how proprietary software works, identify security vulnerabilities, or ensure compatibility. This is critical for legacy system maintenance, interoperability research, and vulnerability disclosure.

CTF Challenges & Security Training

Capture The Flag (CTF) competitions frequently include reverse engineering challenges where participants must disassemble binaries to find hidden flags, bypass protection mechanisms, or understand exploitation techniques. Disassembly skills are fundamental for binary exploitation and pwn challenges.

Firmware & Embedded Systems

Firmware reverse engineering requires disassembling compiled code from IoT devices, routers, and embedded systems. This helps identify security flaws in devices that may lack proper security updates or contain hardcoded credentials.

Learning Computer Architecture

Students and developers learning assembly language can use disassemblers to see how compilers translate high-level code into machine instructions, understand optimization techniques, and learn how different CPU architectures handle the same operations.

Different processor architectures use distinct instruction sets, each with unique characteristics:

x86-64 (AMD64/Intel 64)

The most common architecture for desktop and server systems. x86-64 uses variable-length instructions (1-15 bytes), complex instruction set computing (CISC), and supports both Intel and AT&T assembly syntax. It's widely used in Windows, Linux, and macOS systems.

ARM & ARM64 (AArch64)

Dominant in mobile devices, embedded systems, and increasingly in desktop computers (Apple Silicon). ARM uses fixed-length 32-bit instructions (or 16-bit in Thumb mode), reduced instruction set computing (RISC), and is known for power efficiency. ARM64 is the 64-bit evolution with enhanced capabilities.

RISC-V

An open-source instruction set architecture gaining traction in embedded systems, IoT devices, and research. RISC-V emphasizes simplicity, modularity, and extensibility, making it popular for custom processor designs and educational purposes.

MIPS

Historically used in routers, embedded systems, and game consoles (PlayStation). While declining in new designs, MIPS remains important for legacy device analysis and security research.

PowerPC (PPC)

Found in older Apple computers (pre-Intel Macs), gaming consoles (PlayStation 3, Xbox 360), and embedded systems. PowerPC uses a RISC architecture with fixed-length 32-bit instructions.

Each architecture requires different disassembly approaches, as instruction encoding, registers, and calling conventions vary significantly.

x86/x86-64 assembly can be written in two main syntaxes, which differ in instruction ordering and formatting:

Intel Syntax (Default for Windows, IDA Pro)

mov eax, 5          ; destination first, source second
add rax, rbx        ; rax = rax + rbx
mov [rax], ebx      ; store ebx into memory at address rax

Intel syntax is more intuitive for beginners: destination comes first (like x = y in programming), and memory references use brackets without size prefixes.

AT&T Syntax (Default for GCC, Unix tools)

movl $5, %eax       ; source first, destination second
addq %rbx, %rax     ; rax = rax + rbx
movl %ebx, (%rax)   ; store ebx into memory at address rax

AT&T syntax requires percent signs before registers, dollar signs before immediate values, and suffixes indicating operand size (b=byte, w=word, l=long, q=quad).

When to Use Each:

• Intel syntax: Preferred for Windows reverse engineering, malware analysis, and beginners learning assembly
• AT&T syntax: Standard for Unix/Linux development, GCC compiler output, and GDB debugger

This tool defaults to Intel syntax but allows switching for compatibility with different tools and workflows.

Professional reverse engineering tools offer different capabilities and trade-offs:

IDA Pro (Commercial, ~$1,800-$3,500)

The industry standard for professional reverse engineering. IDA Pro offers advanced features like cross-references, function recognition, automatic commenting, and the Hex-Rays decompiler (converts assembly back to C-like pseudocode). It excels at analyzing large, complex binaries and provides extensive plugin support.

Ghidra (Free, Open-Source)

Developed by the NSA and released publicly in 2019, Ghidra rivals IDA Pro in functionality while being completely free. It includes a powerful decompiler, collaborative analysis features, and strong multi-architecture support. Ghidra is ideal for large-scale analysis and team collaboration.

radare2/Cutter (Free, Open-Source)

A command-line reverse engineering framework with a GUI frontend (Cutter). Radare2 emphasizes scriptability, debugging capabilities, and supports the widest range of architectures. It's preferred for dynamic analysis, embedded systems, and users comfortable with terminal workflows.

Binary Ninja (Commercial, ~$300-$3,000)

A modern disassembler known for its clean interface, powerful API, and intermediate language (BNIL) for analysis. Binary Ninja is popular among CTF players and security researchers who value customization and scripting.

This Tool: Machine Code Disassembler

Our tool focuses on quick, online disassembly without installation requirements. It's ideal for:

• Analyzing shellcode snippets during CTF challenges
• Quick instruction lookups while reading security research
• Learning assembly language interactively
• Mobile/tablet access when desktop tools aren't available
• Privacy-conscious analysis (100% client-side, no server uploads)

While professional tools offer deeper analysis capabilities (control flow graphs, function analysis, decompilation), this online disassembler provides instant access for focused, instruction-level analysis without the complexity or cost of full reverse engineering suites.

Follow these guidelines for effective disassembly and reverse engineering:

1. Verify Architecture and Endianness

Always confirm the target architecture before disassembly. x86-64 uses little-endian byte ordering, while some ARM and MIPS systems use big-endian. Incorrect architecture selection produces nonsensical output.

2. Start with Entry Points

For executable files, begin disassembly at the program entry point (often found in PE/ELF headers). For shellcode, identify the starting instruction carefully—shellcode often includes NOP sleds or position-independent code.

3. Identify Code vs Data

Not all bytes in a binary are instructions. Compilers mix code with embedded data (strings, constants, jump tables). If disassembly produces strange instructions, you may be looking at data regions.

4. Use Context from Other Tools

Combine disassembly with other analysis techniques:

• Strings extraction to find embedded text
• Entropy analysis to detect encryption/compression
• File format analysis (PE/ELF headers) for structural information
• Dynamic analysis (debugging, tracing) to confirm static analysis findings

5. Document Your Findings

Professional reverse engineers maintain detailed notes about:

• Function purposes and naming conventions
• Register usage patterns
• Calling conventions observed
• Interesting code patterns or security vulnerabilities

6. Respect Legal and Ethical Boundaries

Only reverse engineer software where you have legal authorization:

• Software you own or have explicit permission to analyze
• CTF challenges and educational exercises
• Security research with responsible disclosure
• Malware samples in isolated research environments

Unauthorized reverse engineering may violate software licenses, anti-circumvention laws (DMCA), or computer fraud statutes.