What is a magic number?

A magic number is a short, fixed byte sequence at the start of a file that identifies its format, such as 89 50 4E 47 for PNG or 25 50 44 46 (%PDF) for PDF. It is far more reliable than the filename extension.

Why does it sometimes show several matches?

Some signatures are shared. A ZIP magic number, for example, also begins DOCX, XLSX, JAR, APK and EPUB files because those are ZIP containers. The tool lists every format that shares the matched bytes.

What does the extension-mismatch warning mean?

If a file named photo.png actually starts with PDF bytes, the content does not match the extension. That can indicate a renamed file, a download error, or a deliberately disguised file, so the tool warns you.

Does it read my whole file?

No. Only the first 512 bytes are read, which is enough for every signature, and that happens in your browser via FileReader. Your file's contents never leave your device.

Why did my file not match anything?

Plain text, CSV, HTML and many source files have no fixed magic number, so they will not match. Uncommon or proprietary formats may also be missing from the signature library.

Magic Number / File Type Detector

The filename extension is only a hint — anyone can rename invoice.pdf to invoice.jpg. The real identity of a file lives in its first few bytes, the magic number that nearly every binary format stamps at the start. This tool reads those bytes in your browser and tells you what a file truly is, then warns you if its extension is lying.

How it works

Most file formats begin with a fixed byte signature at a known offset. The detector reads the first 512 bytes of your file and compares them against a library of signatures, each defined as a hex pattern plus the offset where it must appear:

89 50 4E 47 0D 0A 1A 0A at offset 0 is a PNG image.
FF D8 FF is a JPEG, 25 50 44 46 2D (%PDF-) is a PDF, and 50 4B 03 04 (PK..) is a ZIP container.
7F 45 4C 46 is an ELF executable, 4D 5A (MZ) is a Windows PE, and 66 74 79 70 at offset 4 marks the MP4/ISO-BMFF family.

A signature can include wildcard bytes and can sit at a non-zero offset — TAR’s ustar marker, for instance, lives at offset 257. When the leading bytes match, the format, its MIME type and its typical extensions are reported.

Why extension checks matter

Because some signatures are shared — a DOCX is really a ZIP, an APK is really a ZIP — a single magic number can map to several formats, and the tool lists them all. More importantly, it compares the detected type against the file’s actual extension. If you upload report.png and the bytes say it is a PDF, you get an explicit mismatch warning. That is useful for spotting renamed downloads, broken uploads, content-type spoofing in security work, and forensic triage. Only the first 512 bytes are read, entirely in your browser, so nothing is uploaded.