♻️ Hex / Base64 / Text Converter

Last updated: June 20, 2026

♻️ Hex / Base64 / Text Converter

Convert between raw text, hexadecimal bytes, and Base64 encoding — in any direction. Fully offline.

0 bytes 0 UTF-8 chars hex chars Base64 chars Fill any field and press a conversion button.

100% client-side — your data never leaves your browser.

Why Every Developer Should Understand Hex, Base64, and Text Encoding

Every time your browser loads a page, sends a form, or fetches an API response, it is quietly translating data between three fundamental formats: raw text, hexadecimal bytes, and Base64 strings. Most developers use these formats for years without fully understanding how they connect — or why getting the conversion wrong causes bugs that are genuinely maddening to debug. This guide breaks down the three encodings, explains exactly what each one is built for, and shows you when to reach for which format.

1. Plain Text Is More Complicated Than It Looks

When most people say "text," they picture letters on a screen. But computers store text as bytes, and the mapping between characters and bytes depends entirely on the encoding. The de facto standard today is UTF-8, which encodes ASCII characters (A–Z, 0–9, punctuation) as a single byte each, and encodes everything else — accented letters, CJK characters, emoji — as two to four bytes. This matters enormously when you convert text to hex or Base64, because the byte sequence is what actually gets encoded, not the abstract characters.

The classic trap: a developer assumes every character is one byte, converts Hindi text to hex, and gets a string twice as long as expected. The reason is that each Devanagari character is three UTF-8 bytes. A proper converter always uses TextEncoder (or its server-side equivalent) to get the true UTF-8 byte array before doing any further encoding.

2. Hexadecimal — The Human-Readable Byte Notation

Hex is simply a way to write binary data in base-16 notation. Each byte (0–255) becomes a two-character string from "00" to "ff". That is the whole trick. A space between pairs is optional but conventional — it makes long byte strings much easier to scan. The string "48 65 6c 6c 6f" is the UTF-8 encoding of "Hello", and you can read it byte by byte in your head once you learn the ASCII table.

Hex is the format of choice in five common situations:

  • Debugging binary protocols — network packet dumps, serial port logs, and file format inspectors all use hex because each byte is individually visible and countable.
  • Cryptographic outputs — SHA-256, MD5, and HMAC digests are almost always displayed as 64- or 32-character hex strings. Comparing two hashes character by character is easy in hex.
  • Color codes in CSS — #ff6347 is three hex bytes: red=0xff, green=0x63, blue=0x47.
  • Memory addresses — debuggers and disassemblers display addresses in hex by convention.
  • File magic numbers — the first bytes of a PNG are always "89 50 4e 47", and identifying file types from raw bytes requires hex literacy.

3. Base64 — Encoding Binary Data for Text-Safe Transport

Base64 solves a specific problem: many channels that were designed for ASCII text (email bodies, HTML attributes, JSON strings, URLs) cannot safely carry arbitrary bytes. A raw binary file contains bytes like 0x00 (null), 0x0a (newline), or 0x1b (escape) that would be misinterpreted or stripped by middleware.

Base64 sidesteps this by mapping every group of three bytes to four printable ASCII characters, using only the characters A–Z, a–z, 0–9, +, and /. The result is about 33% larger than the original, but it is completely safe to embed in any text context. The trailing = or == padding characters ensure the output length is always a multiple of four.

Where you will encounter Base64 in the real world:

  • Data URIsdata:image/png;base64,iVBORw... embeds images directly into HTML or CSS.
  • JWT tokens — the three segments of a JSON Web Token are Base64url-encoded (a variant that replaces + with - and / with _ to be URL-safe).
  • HTTP Basic Auth — the Authorization header carries username:password encoded in Base64.
  • Email attachments — MIME encodes every attachment as Base64 so binary files survive SMTP transport.
  • Fonts and small assets — build tools inline small fonts or SVGs as Base64 to save an HTTP round trip.

4. The Conversion Matrix — Six Possible Directions

Because there are three formats, there are exactly six one-way conversions. It helps to think of bytes as the universal intermediate: every format is just a different view of the same underlying byte array.

Text → Hex: Encode the string as UTF-8 bytes, then format each byte as a two-digit hex pair. Used when you want to inspect the exact byte sequence of a string.

Hex → Text: Parse each hex pair back to a byte value, then decode the byte array as UTF-8. This fails gracefully if the bytes are not valid UTF-8 — which is the correct behavior, since hex can represent arbitrary binary data.

Text → Base64: Encode as UTF-8 bytes, then apply Base64 encoding. This is exactly what browsers do when you call btoa(unescape(encodeURIComponent(text))) — the dance with unescape and encodeURIComponent exists because btoa only accepts Latin-1 byte values.

Base64 → Text: Decode Base64 to raw bytes, then interpret as UTF-8. The reverse of the above.

Hex → Base64: Parse hex to bytes, then Base64-encode the bytes. Common when you have a hex hash or fingerprint and need to embed it in a JSON field or URL parameter.

Base64 → Hex: Decode Base64 to bytes, then format as hex. Useful when auditing JWT payloads or inspecting Base64-encoded certificate data at the byte level.

5. Common Mistakes That Break Conversions

Odd-length hex strings: Every hex byte is exactly two characters. "4" is not a valid byte — it should be "04". A robust converter handles this by left-padding with a zero before parsing.

Base64 with missing padding: The = characters at the end of a Base64 string are technically required but are often stripped by systems that transport tokens. atob() in browsers is lenient, but many server-side libraries throw an error. Always verify padding before decoding.

Assuming ASCII: If your text contains anything outside the 7-bit ASCII range — accented letters, Chinese characters, currency symbols, emoji — each character may expand to multiple bytes. Always measure byte length, not character length, when computing the expected hex or Base64 output size.

Conflating Base64 and Base64url: JWTs use Base64url, which substitutes - for + and _ for / and omits padding. Running a JWT segment through a standard Base64 decoder without correcting these characters will produce garbage or throw an error.

6. Practical Use Cases Where This Converter Saves Time

Security professionals use hex-to-text conversion to decode shellcode strings found in malware analysis. Frontend developers use text-to-Base64 to quickly generate data URIs for small icons without running a build tool. API developers use Base64-to-hex to peek inside opaque tokens and verify that the claim structure is what they expect. Database administrators use hex-to-Base64 when migrating binary columns between systems that represent the same data in different formats. Each of these tasks is a ten-second job with the right converter — and a frustrating multi-step exercise without one.

7. Security Reminder — Encoding Is Not Encryption

Base64 and hex are encoding schemes, not encryption. They are fully reversible by anyone who knows the format, which means every person on the internet knows how to reverse them. Do not use Base64 to "hide" passwords, API keys, or sensitive configuration values. A secret encoded in Base64 is just as exposed as a secret in plain text — it just looks slightly less readable at a glance. Actual security requires encryption (AES, RSA) or hashing (SHA-256 with a salt). Encoding belongs in the transport and storage layer, not the security layer.

Understanding these three formats and the relationships between them is genuinely foundational knowledge for any developer working with APIs, cryptography, file handling, or data pipelines. Once the pattern clicks — everything is bytes, and these formats are just different lenses on the same byte array — the conversions stop feeling arbitrary and start feeling obvious.

FAQ

What is the difference between Base64 and hexadecimal encoding?
Both Base64 and hex encode the same underlying bytes — they are just different notations. Hex represents each byte as two characters (00–ff), using 16 possible symbols. Base64 groups three bytes at a time and maps them to four characters, using 64 possible symbols (A–Z, a–z, 0–9, +, /). Hex is easier to read byte-by-byte; Base64 is more compact (about 33% overhead vs. 100% for hex) and is designed for embedding binary data in text protocols.
Why does Base64 output end with = or == signs?
Base64 encodes three bytes at a time. If the input byte count is not a multiple of three, the last group is padded to fill the four-character output block. One trailing = means the last group had two bytes; two trailing == means it had one byte. This padding ensures the total length is always a multiple of four characters, which simplifies decoding. Some systems strip the padding when transmitting tokens (especially JWTs), but a strict decoder requires it.
Can I convert any file (like an image or PDF) with this tool?
This tool is designed for text-based input — you type or paste a string into one of the three fields. Images and PDFs are binary files; they cannot be pasted as raw text. To convert a binary file to Base64, you would typically use a file input element in a browser (FileReader API) or a command-line tool like base64 on Linux/macOS. The hex and Base64 outputs of this tool, however, are always valid and can represent any binary data.
Does hex and Base64 encoding work correctly with emoji and non-Latin characters?
Yes, as long as the converter properly uses UTF-8 encoding for the initial text-to-bytes step. This tool uses the browser's built-in TextEncoder (UTF-8 by default) to convert text to bytes before hex or Base64 encoding, and TextDecoder to reverse the process. A single emoji like 😀 encodes to four UTF-8 bytes (f0 9f 98 80 in hex) and those bytes round-trip perfectly back to the original character.
What does 'byte-accurate' mean in the context of this converter?
Byte-accurate means the tool works at the level of individual bytes rather than making assumptions about characters. Some converters assume each character is one byte (ASCII/Latin-1), which breaks for any non-English text. This tool encodes text to UTF-8 bytes first, so multi-byte characters (Hindi, Chinese, Arabic, emoji, accented letters) convert correctly. The hex output will show the actual bytes on the wire, not an ASCII-only approximation.
Is it safe to paste passwords or API keys into this converter?
This specific tool runs 100% in your browser — no data is sent to any server. You can verify this by disconnecting from the internet and confirming it still works. However, as a general principle: Base64 and hex encoding provide zero security. They are trivially reversible. If you need to protect a secret, use proper encryption — do not rely on encoding to obscure it.