Loading Pickle Disassembler...
Disassemble a Python pickle into its opcode stream (like pickletools.dis) and flag opcodes that can execute code. Read-only - nothing is ever unpickled. Paste hex or base64.
Unpickling runs code via opcodes like GLOBAL and REDUCE, which is exactly how malicious pickles achieve execution. This tool only reads the opcodes, so you can inspect a suspicious model or cache file safely. It complements the Pickle / ML Model Scanner.
Disassemble a Python pickle into its opcode stream and flag opcodes that can execute code. Read-only - nothing is unpickled. Runs entirely in your browser.
Python's pickle format is a stack-based bytecode for serializing objects. Because unpickling executes those opcodes, loading an untrusted pickle can run arbitrary code, which makes pickles in ML model files, caches and job queues a real risk. This tool disassembles a pickle into a readable list of opcodes and arguments, like Python's pickletools.dis, without ever unpickling it.
Input:
80049512... (hex) or gASV... (base64)
Output:
PROTO 2, EMPTY_LIST, MARK, BININT1 1, ... STOP
Why disassemble instead of unpickle?
Unpickling runs code via opcodes like REDUCE and GLOBAL, which is exactly how malicious pickles execute. Disassembly reads the opcodes only, so a suspicious file can be inspected without risk.
What do the flagged opcodes mean?
GLOBAL / STACK_GLOBAL import a callable, REDUCE calls it, and BUILD / INST / OBJ construct objects. Their presence in untrusted data is a strong red flag for code execution.
How does this differ from the Pickle / ML Model Scanner?
The scanner gives a verdict on a model file; this tool shows the full opcode listing so you can analyse exactly what a pickle does.
Is anything uploaded?
No. Disassembly runs entirely in your browser and nothing is executed.