Binary Explorer

IDA-style reverse engineering in the browser: x86/x64 + ARM64 disassembly, PE/ELF/Mach-O parsing, function & xref discovery, linked hex view, strings, imports/exports. 100% client-side.

Tool Media & Files Updated May 22, 2026
X Facebook LinkedIn Reddit Email
How to Use
  1. Drop an executable (.exe, .dll, .so, .dylib, ELF, Mach-O) or any .bin/.raw file.
  2. The Disassembly tab opens at the entry point. Click any call/jmp target to follow it.
  3. Use the Functions, Imports, Strings, and Xrefs panes to navigate.
  4. Goto box accepts hex VAs (0x401000), offsets (@0x200), or function names.
Binary
Drop executable or .bin file
PE / ELF / Mach-O auto-detected. Raw binaries treated as flat. Nothing leaves your browser.
File
Format
Arch
Bits
Entry
Image base
Size
Load a binary to begin.

Inspector

cursor

Selection

Load a binary to begin.
No functions discovered yet.
No strings extracted yet.
No imports table parsed.
No exports table parsed.
No sections parsed yet.
Click an address in the disassembly to see xrefs.
Load a binary to see headers.
Press B on any disasm row to add a bookmark.
Place the cursor inside a function and switch to this tab to render its control-flow graph.
Pseudocode view — place the cursor inside a function and switch to this tab.
Stack-machine decompiler — best results on JVM, CIL (.NET), Python bytecode, and WASM. Place the cursor inside a function and switch to this tab.
Settings (API key, model)
Key stays in your browser's localStorage. Requests go straight to api.anthropic.com from your browser — no server in between.
Triage panel: PE imphash, Rich header, suspicious APIs. Load a PE file.
Computing file hashes…

Sliding-window entropy

High plateau (~8.0) = compressed / encrypted / packed. Mid (~4-6) = code. Low (<3) = data/text/zeros.

Byte histogram

Counts of each byte value 0x00–0xFF across the whole file.
Right-click any disasm row to rename or add a comment. All annotations are saved per-file in your browser.
Heavy on huge binaries — limited to top 200 most-referenced functions.
Click "Render call graph" above.
Drop a second binary to diff
Matches functions by byte hash and name. Side-by-side comparison.
No second binary loaded.

File layout

Proportional view of the file's sections / segments. Click any band to jump to its disassembly.

Function name signatures

Built-in FLIRT-lite library plus user-loadable IDA-format .pat files. Patterns matching at a discovered function head rename the function.

No custom signatures loaded. Built-in patterns still apply.

What it analyses

Containers
PE (EXE/DLL/SYS), ELF, Mach-O — header, sections, segments, entry point, image base
Disassembly
x86, x86-64, ARM64 (AArch64) — operand-formatted with linked jump/call targets
Symbols
PE imports/exports, ELF dynamic symbols + dynstr, Mach-O exported symbols
Functions
Entry-point seeded, exported-symbol seeded, plus prologue-pattern scanning
Xrefs
Call/jmp/branch targets collected during disasm; click any address to see who points to it
Strings
ASCII + UTF-16LE extraction with virtual addresses + xrefs back into code
Navigation
Goto by VA / @offset / name, back/forward history, bookmarks, follow-jump
Hex view
Linked to current VA, cursor shows int8/16/32/64 LE+BE, float, double

Reverse-engineering primer

Every executable starts with a container header (PE on Windows, ELF on Linux, Mach-O on macOS) that points at sections of code (.text), read-only data (.rodata), and writable data (.data/.bss). The entry point is the first instruction the OS runs after the loader maps the file into memory at the image base. The disassembler walks that code byte-by-byte, decoding each instruction into a mnemonic plus operands, while collecting cross-references wherever it sees a call or branch. Together those let you trace control flow from any starting point — entry, exported function, or a string you found suspicious.

Frequently Asked Questions

Does it upload my binary?

No. Everything runs in your browser — no server analysis, no telemetry.

How complete is the x86/x64 decoder?

It covers integer ops, common SSE moves, control flow, and most prologue/epilogue patterns. Exotic AVX-512 and uncommon escapes show as "db" placeholders rather than misleading mnemonics.

Can it disassemble stripped binaries?

Yes. Function detection runs a prologue scan in addition to using exported symbols and the declared entry point.

Architectures supported?

x86, x86-64, and ARM64 (AArch64). 32-bit ARM is on the roadmap.

Max file size?

Container parsing is instant up to a few hundred MB; disassembly is lazy per-function so huge binaries stay responsive.

Common Use Cases

Malware triage

Spot suspicious imports, packer signatures, and entry-point shellcode in seconds.

CTF reversing

Browser-based RE without installing IDA, Ghidra, or radare2.

Firmware peek

Disassemble ARM64 firmware blobs and locate strings + function boundaries.

Library archaeology

Inspect .dll/.so exports, look at the actual instructions behind a function name.

Last updated: