File Type Detector
Identify any file's true type using magic byte analysis. Detects images, documents, archives, audio, video, fonts, and code files entirely in your browser.
How to Use
Identify any file's true format by analyzing its magic bytes — the fixed byte sequences at the start of every file that act as a binary fingerprint. This tool reads those bytes locally in your browser and matches them against a database of 30+ known file signatures.
How to use this tool
- Drop or select files. Drag any file into the dropzone, or click to browse. You can analyze multiple files at once — there is no limit on the number of files.
- Review the File Passport. Each file produces a card showing its detected type, MIME type, expected file extension, category, and a human-readable description of the format.
- Check the confidence level. High confidence means the file matched a known magic byte signature exactly. Medium means it was identified via heuristics (e.g., text content patterns). Low means the tool made a best guess.
- Inspect the magic bytes. The raw hex values of the first 16 bytes are displayed. You can copy them for use in hex analysis, forensic investigation, or documentation.
- Analyze more files. Drop additional files at any time. New results appear at the top of the list. Use the Clear All button to reset.
About This Tool
What Are Magic Bytes?
Magic bytes (also called file signatures or magic numbers) are fixed sequences of bytes placed at the beginning of a file to identify its format. The term originates from Unix, where the file command reads these bytes to determine what type of data a file contains. Unlike file extensions, which are just naming conventions that users can freely change, magic bytes are embedded in the actual binary data and cannot be altered without corrupting the file.
For example, every PNG image starts with the exact 8-byte sequence 89 50 4E 47 0D 0A 1A 0A. The first byte (0x89) is a non-ASCII value that causes the file to display incorrectly if opened as text — this is intentional, serving as a quick indicator that the file is binary, not text. The next three bytes (50 4E 47) spell "PNG" in ASCII, making the format readable in a hex editor.
How Detection Works
This tool uses a three-tier detection strategy. First, it reads the initial 512 bytes of the file and checks for known binary signatures — PNG, JPEG, PDF, ZIP, GZIP, MP4, WASM, ELF, font files, and more. Some formats share the same initial bytes (like RIFF-based formats: WAV, AVI, and WebP all start with 52 49 46 46), so the tool performs a secondary check at an offset to disambiguate. For ISO Base Media File formats (MP4, AVIF, HEIC, MOV), it reads the ftyp brand code to determine the exact subtype.
If no binary signature matches, the tool performs a null-byte scan on the first 1,024 bytes. Files with no null bytes are classified as text, and the content is analyzed for structural patterns: JSON data (starts with { or [), XML/HTML (starts with <), CSS (selectors and property patterns), JavaScript/TypeScript (import/export/function keywords), CSV (consistent comma-delimited rows), and Markdown (heading markers).
MIME Types and File Extensions
Every detected format maps to a MIME type (Multipurpose Internet Mail Extensions), the standard identifier used by web browsers, email clients, and HTTP servers to declare content types. For example, image/png tells a browser to render the data as an image, while application/pdf triggers PDF viewer behavior. Incorrect MIME types cause rendering failures, security warnings, and download issues — making accurate type detection essential for web development and server configuration.
Polyglot Files and Edge Cases
Some files are valid in multiple formats simultaneously. A ZIP file starting with 50 4B 03 04 could also be a DOCX, XLSX, JAR, APK, or EPUB — all of which are ZIP-based container formats. This tool reports the base container type (ZIP) and notes the ambiguity in the description. Similarly, ftyp-based files (MP4, AVIF, HEIC, MOV) share the same container structure but use different brand codes to declare their primary codec. The File Type Detector reads these brand codes to distinguish between an AVIF image and an MP4 video, even though both are ISO Base Media files.
Why Use This Tool
Security Analysis
Malicious files are often disguised with misleading extensions — a .jpg that is actually a Windows executable, or a .pdf that is really a ZIP archive containing macros. Magic byte analysis reveals the true file type regardless of its extension, helping security teams identify phishing payloads, social engineering attachments, and file-based exploits before they execute.
File Recovery
Data recovery tools often produce files with generic names like recovered_001.dat or no extension at all. The File Type Detector identifies these mystery files instantly, so you know whether that recovered blob is a JPEG photo, a PDF document, or a ZIP archive. This is especially useful after disk recovery, forensic imaging, or extracting files from corrupted storage.
Extension Mismatch Detection
Files downloaded from the internet, received via email, or transferred between operating systems frequently end up with wrong extensions. A WebP image saved as .png, a HEIC photo served as .jpg, or a GZIP archive without the .gz suffix. This tool reveals the mismatch so you can rename the file correctly and open it with the right application.
Privacy
All analysis runs entirely in your browser using the JavaScript File API. The tool reads only the first few hundred bytes of each file — just enough for signature detection. No file data is uploaded to any server, no network requests are made during analysis, and no file contents are stored. This makes it safe for analyzing confidential documents, proprietary binaries, and sensitive media files.