Click here to view exercise as a PDF instead.

This exercise will demonstrate use of the BASE64 "alphabet" to encode files.

This exercise will introduce the encoding and decoding of files into BASE64. This exercise will also cover the concept of file signatures as a way to positively identify file types.

  1. Learn the concepts of BASE64
  2. Learn how to encode BASE64
  3. Learn how to decode BASE64
  4. Learn the concepts of file signatures

In this exercise, you will convert some sample BASE64 files to their native format. You will do the conversion via a Web site.

This exercise uses four sample files (named b64_sample1.txt through b64_sample4.txt) which are contained on the Corpora Volume (F:) in the directory,
"F:\335 - Cybersecurity\BASE64\Samples".



Copy the Samples directory containing the files to your Personal Volume (E:).



To get a feel for the contents of the BASE64 sample files, open the files in a text editor, such as Notepad.



Convert the four BASE64 files using the converter at the Web site.

When you get to the Web site, be sure to select the "Click (or tap) here to select a file to decode"



Then select the name of the file to convert (e.g., b64_sample1.txt).

Then click on the < DECODE > button.



Finally, click on the "CLICK OR TAP HERE" to download the Base64 decoded file, noting the name) to the same directory as the sample files.

Repeat this step for all four sample files.

Fortunately, the utility used in Part 1, analyzes the Base64 files to determine the file type, and extension to be used. However, to verify the file types, you can use a Hex editor and compare the first several bytes to a list of file extensions such as those found at

In this section, you will read a TCP stream from Wireshark that represents an e-mail message with two BASE64 attachments. Your task will be to extract the attachments from the byte stream, convert the extracted BASE64 files to their native format, determine the file signature, and open the files.

This exercise uses a sample file (named POP_message_bin.txt which is contained on the Corpora Volume (F:) in the directory,
"F:\335 - Cybersecurity\BASE64\POP_message".

The Sample file contains the internal content and headers of an email.

Copy the file to the Sample folder that you created on the E: drive

Open the email file in a text editor and locate the 2 Base64 attachment sections.

Copy each of the attachment sections to two separate files.

Using the same methods in Part 1, decode the 2 attachments.

Additional resources will be added here at a later date.

Creative Commons License
CyberExplorations Exercises by Glenn S. Dardick is licensed under a Creative Commons Attribution 4.0 International License.