b64tool is a multi-format encoding/decoding CLI that handles Base64, Base64URL, Base32, hex, and URL encoding. The standout feature is recursive layer peeling, which automatically detects and decodes multiple stacked encoding layers, the same technique attackers use to obfuscate malware payloads and bypass web application firewalls.
You give it an encoded blob. It figures out what format it is, decodes it, checks if the result is itself encoded, and keeps going until it reaches the original data. Think of it like an onion. Each layer is a different encoding, and the tool peels them one at a time.
In real security work, you constantly encounter encoded data. JWT tokens are base64. Certificates are base64. Hex dumps show up in packet captures and malware analysis. URL encoding appears in every web request. And when attackers want to hide payloads, they don't just encode once. They stack encodings: base64 the payload, hex encode that, then URL encode the hex. This tool handles all of that.
- How Base64, Base32, hex, and URL encoding actually work at the byte level
- Why encoding is not encryption (and why confusing them causes real vulnerabilities)
- Pattern recognition for identifying encoding formats
- How attackers layer encodings for obfuscation (with real examples from DARKGATE malware)
- Building a clean, typed Python CLI with typer and rich
- Confidence-based detection algorithms
- Python 3.14+
uvpackage manager- Basic command line comfort
- Understanding of bytes vs strings (helpful, not required)
cd PROJECTS/beginner/base64-tool
uv sync
uv run b64tool --helpuv run b64tool encode "Hello World"
# Output: SGVsbG8gV29ybGQ=
uv run b64tool decode "SGVsbG8gV29ybGQ="
# Output: Hello World
uv run b64tool detect "SGVsbG8gV29ybGQ="
# Shows: base64, 95% confidenceuv run b64tool chain "alert('xss')" --steps base64,hex
# Produces a hex-encoded base64 string
uv run b64tool peel "5957786c636e516f4a33687a63796370"
# Peels: hex β base64 β alert('xss')echo "SGVsbG8=" | uv run b64tool decode
cat encoded_payload.txt | uv run b64tool peelbase64-tool/
βββ src/base64_tool/
β βββ cli.py # Typer commands (encode, decode, detect, peel, chain)
β βββ constants.py # Enums, thresholds, character sets
β βββ encoders.py # Pure encode/decode functions + registry
β βββ detector.py # Format detection with confidence scoring
β βββ peeler.py # Recursive multi-layer decoding
β βββ formatter.py # Rich terminal output
β βββ utils.py # Input resolution, text helpers
βββ tests/ # 78 tests across all modules
βββ pyproject.toml # Python 3.14, typer, rich
βββ Justfile # Task runner shortcuts
- 01-CONCEPTS.md - How encoding works, real CVEs, encoding vs encryption
- 02-ARCHITECTURE.md - System design, module relationships, data flow
- 03-IMPLEMENTATION.md - Code walkthrough with file references
- 04-CHALLENGES.md - Extension ideas from easy to expert