PacketLoss.tech
ES Get in touch

Base64, hex, and text converter

Try:

Text UTF-8
Base64
Hex

0 bytes

How this converter works

Three textareas, live bidirectional. Type or paste into any one and the other two update on every keystroke. The conversion is byte-accurate — there’s no lossy round-trip and no auto-correction.

  • Text → bytes: encoded as UTF-8. café ☕ becomes 8 bytes, not 6 — the accented é and the emoji are multi-byte.
  • Bytes → hex: every byte is two hex digits. Toggle uppercase or lowercase, and add spaces between bytes if you want it readable (DE AD BE EF instead of DEADBEEF).
  • Bytes → Base64: standard alphabet by default (A-Z a-z 0-9 + /). Flip the URL-safe switch to swap +- and /_ for tokens that have to survive a URL or filename. Padding = is always emitted; the decoder accepts unpadded input too.

What’s URL-safe Base64?

The standard Base64 alphabet uses + and /, both of which are reserved in URLs and filenames. RFC 4648 §5 defines a URL-safe variant: same payload, different alphabet, optional padding. Most identity providers (Microsoft Entra ID, Auth0, Google, JWT in general) emit URL-safe Base64. This tool accepts either flavor on input transparently.

Common engineering uses

  • Inspect a JWT segment — paste the middle dot-separated chunk of a JWT into Base64, see the JSON payload pop out as text.
  • Decode an openssl enc blob — pasted Base64 from openssl enc -base64 becomes hex you can hand to a forensics tool.
  • Verify a captured packet — paste hex from tcpdump -X to read the printable parts and confirm the payload.
  • Encode a binary for a config field — some appliances (FortiManager, Cisco DNAC) want Base64 in a JSON body; pick the right alphabet, copy, paste.
  • Cross-reference a hash — drop a hex digest in and see if it matches an expected Base64 value reported by another tool.

What this tool does not do

No SHA / MD5 / HMAC — those need a hash function, not a re-encoding. No PEM ↔ DER parsing — paste the inner Base64 between the BEGIN/END lines and decode that, but the ASN.1 structure isn’t interpreted. No file upload — paste the contents instead.

Privacy

Everything runs in your browser. The text you paste never leaves the page — no fetch, no analytics, no server. Helpful when the bytes you’re inspecting come from a production token or a customer’s config.