ODA Tutorial

Welcome!

Welcome to ODA!  ODA stands for Online DisAssembler.  ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions.  ODA is meant to be a lightweight, online service for when you don’t have the time, resources, or requirements to use a heavier-weight alternative.

You can use ODA for a variety of purposes such as:

  • Visualizing the control flow of a group of instructions
  • Disassembling a few bytes of an exception handler that is going off into the weeds
  • Reversing the first few bytes of a Master Boot Record (MBR) that may be corrupt
  • Debugging an embedded systems device driver
  • Malware analysis
  • Vulnerability research
  • Developing a jailbreak for the latest iPhone
  • Satisying your own intellectual curiosity (Does there exist some sequence of bytes that disassembles to the same logical operation for two separate platforms?)

ODA is a BETA release that is limited by the resource constraints of the server on which it is hosted and the spare time of its creators. If you find ODA useful, have a feature request, or want to comment in any way, please drop us a line!

Getting Started

The first step is to upload some data.  This can be done through a file upload or by copying and pasting ASCII hex bytes into Live View.

Method 1: File Upload

ODA recognizes several object file formats, including ELF (Linux), Mach-O (Apple products), and PE (Windows executables).  ODA can also disassemble a raw binary image.  After uploading data, you must select your platform options.  If ODA recognizes the object file format, it will select the machine architecture for you and allow you to select the other platform options.  If ODA does not recognize the object file format, it will allow you to continue disassembling the file as a raw binary image.  In this case, you must tell ODA which machine architecture to use.

platform_options

Method 2: Live View

Live View is a convenient alternative to file upload when you only have a few byte to disassemble.  In Live View, you type or copy/paste ASCII hex bytes into the Live View text area, and ODA dynamically disassembles those bytes using the platform selected.

live_view_platform_settings_cropped

Navigation

Scrolling

The Disassembly View and Hex View both support infinite scrolling.  This means that new data will be uploaded dynamically to the page as you scroll.  This prevents having to load the entire disassembly or hex data for you executable into your browser all at the same time.

Address Bar

The address bar lets you easily navigate the address space of large executables.  The line separators in the bar represent distinct code sections.  You can either click on the bar at your desired location or drag the arrow indicator to to your desired location.

address_bar

Address Shortcut

You can also use the ‘g’ shortcut to bring up the “Go to address…” dialog.

goto

Views

Disassembly View

The Disassembly View is the main window showing the disassembled code.

disassembly_view

Hex View

The Hex View provides a byte-level view of your data.  As you hover over bytes in Hex View, the status bar at the bottom of the screen updates to show you the byte address, hex value, and ASCII representation of the byte highlighted.

hex_view

Sections

The Sections View shows a list of the sections in the executable along with the corresponding section properties.

sections

File Info

The File Info View provides some basic information about the uploaded file.

fileinfo_view

Symbols

The symbols are listed in the sidebar on the left.  If the symbols are defined in the executable (as opposed to imported symbols that are defined in external libraries), then the symbol appears as a clickable link.

symbols

Strings

A list of all strings found in the data is also displayed in the sidebar on the left.  The offset corresponding to the strings listed is a file offset, not an address in the executable’s address space.

strings

Analysis

ODA provides several features to aid in code analysis.

Control Flow

Branch and jump target addresses are clickable links that take you to the target location.  You can use your browser’s “Back” and “Forward” buttons to navigate through your analysis history.

ODA draws branch target lines to the left of the addressess.  These lines form a connection between the instruction that is branching/jumping and the target location.

control_flow_cropped

Comments

You can add comments to the right of the disassembly by clicking in the general area or by pressing the semi-colon key (‘;’) while the line is highlighted.

comments

Cross References

At the head of each function is a list of cross reference links.  These links take you to the addresses of instructions that call this function.

xref

Posted in ODA Updates, Uncategorized
12 comments on “ODA Tutorial
  1. Pedro J. Casanova says:

    Hi:
    I think this is a very interesting project.
    A thing that i am looking for is how to know the address of the strings in the code.
    If you update this proyect, it would be an interesting option.

    Thanks.

  2. ktwain says:

    one note, I was trying to upload a 2mb binary and it would’t work, without giving any error message or closing the upload “window”.

    the webserver returns http error 413, “Request entity too large”.

    today 2mb in size seems pretty normal, so it would be useful, I think, to make the limit (whatever it is) more explicit, and/or give some feedback to the user as to why the upload button ins’t working :)

  3. admin says:

    Yes, the size of the uploads are currently capped at about 2MB. Within the next few months, we will be releasing a newer version and transitioning to a server that can handle a greater load. Stay tuned.

  4. FDB_hiroshima says:

    Your disassembler work well, but I think you could add a way to work offline, by storing already disassembled file in browser’s local storage or DB. It could also reduce server load because users will only request assembly once, and won’t request the same part of assembly a lot of time just because they are scrolling.

  5. RaRa says:

    Hi boys,
    yes, very interesting project – it seems like IDA, but online :-)
    Unfortunately, it looks like there is no development done in the past. I have tried to disassembly powerpc binary without success.
    Anyway, nice Idea! I wish you all the best for the future! Thanks.

  6. firmeware says:

    I would like try with a SH4 file of a STB setop.
    The file size is 751Ko (= 751KB) and i get always this message “Invalid File “MyFileName”, maximum size is 256 kb ”
    751KB < 2MB isn't it ?

  7. Olof says:

    This look’s very useful. I’m still in my first year of E.E. but I am definitely bookmarking this site.

  8. admin says:

    The upload size is currently limited to 256KB to conserve server resources. We hope to offer a premium account in the future, which would allow unlimited upload sizes. If you send me the file, I might be able to help you (for example, by uploading the file for you). You can contact me at admin@onlinedisassembler.com.

    Best,

    Anthony

  9. admin says:

    Hi RaRA,

    Thanks for the feedback. If you send me the powerpc binary I can take a look (admin@onlinedisassembler.com). We are still (slowly) developing the site.

    Best,

    Anthony

  10. Thank you for providing this wonderful online
    service. I am a new student with a fascination
    for ASM and really appreciate all your efforts
    to make this online disassembler.
    Best Wishes on your site. Thanks for enhancing
    my education.

  11. Miguel Fides says:

    This project is amazing. I would be using it already if it could work with modern ARMs architectures such as arm v7-m.

  12. Anon says:

    Thanks for providing such a fantastic application online

Leave a Reply

Your email address will not be published. Required fields are marked *

*


6 + four =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>