Encode and decode Base64, URL, HTML entities, JWT, hex, binary, ROT13, and more — fast, lossless, and browser-only.
Convert byte arrays to strings online. Decode space- or comma-separated bytes (decimal, hex, or binary) to UTF-8 text. Free browser-based byte-to-string converter.
Encode text or files to Base64 and decode Base64 strings back to text. Free, instant, browser-only — no upload, no logging.
Percent-encode strings for safe URL inclusion or decode percent-encoded URLs back to readable text — free and UTF-8 safe.
Convert any image (PNG, JPG, GIF, SVG, WebP) to a Base64 data URI for embedding in HTML, CSS, or JSON.
Decode Base64-encoded image strings back to viewable PNG / JPG / GIF / WebP images — free and instant.
Decode any JWT to view header, payload, and signature. Free online JWT decoder — browser-based, with expiry and standard-claim inspection. No signature verification.
Generate SHA-256 cryptographic hashes from any text instantly. Free online SHA-256 hash generator using the Web Crypto API — secure, browser-based, no upload.
Generate SHA-512 cryptographic hashes from any text instantly. Free online SHA-512 hash generator using the Web Crypto API — 128-character hex output, no upload.
The encoder-decoder category at Tooloogle is a developer's swiss-army knife for transforming text and data between formats. Need to inspect a Base64-encoded image embedded in a stylesheet, debug a URL with percent-encoded query parameters, peek inside a JWT to verify a claim, or convert a hex string to readable ASCII? These tools handle every common (and several uncommon) encoding and decoding workflows.
Encode and decode standard Base64 and URL-safe Base64. Convert binary file uploads (images, PDFs) to Base64 strings for embedding in JSON payloads, data URIs, or email attachments. Decode Base64 back to original bytes, with previewing for common file types.
Percent-encode strings for safe inclusion in URLs (query parameters, path segments). Decode percent-encoded URLs back to readable form. Handles UTF-8 multibyte characters correctly so non-Latin scripts (Hindi, Arabic, Chinese, emoji) round-trip without corruption.
Encode special characters (<, >, &, ", ') as named or numeric HTML entities to prevent XSS in user-generated content. Decode HTML entities to plain text for analysis or migration.
Paste a JWT and instantly see the decoded header, payload, and signature. Validates expiry, issuer, audience, and other standard claims. Critical for debugging OAuth flows, API authentication, and session-token issues. All decoding happens locally — your tokens never touch our servers.
Convert text to hex bytes and back, with options for ASCII or UTF-8 interpretation, byte separators (none, space, comma), and case (upper/lower). Convert binary strings to text and vice versa for low-level debugging, embedded systems work, and CTF challenges.
Generate MD5, SHA-1, SHA-256, SHA-512, and other cryptographic digests for files and strings. Compute HMAC signatures with custom keys for API authentication. Note: hashes are one-way — these tools don't "decode" hashes back to original input.
Encode and decode classic substitution ciphers — useful for puzzles, simple obfuscation, hiding spoilers in chat, and learning the basics of cryptography.
Translate text to Morse code (with audio playback) and back. Convert text into ASCII art banners using various font styles for terminal output, README headers, and retro aesthetics.
Convert internationalised domain names (IDN) between Unicode and Punycode. Essential for anyone working with non-Latin domain names or auditing potential homograph phishing attacks.
Backend developers debugging API payloads. Frontend developers troubleshooting URL routing and Base64 image embeds. Security researchers analysing encoded malware payloads in sandbox environments. CTF participants cracking puzzles. DevOps engineers inspecting JWTs from misbehaving auth providers. Technical writers preparing example payloads for documentation. Students learning the basics of how computers represent text and data.
Most encoding work involves sensitive data — auth tokens, internal API responses, customer data fragments. Pasting that into a random web tool is a real security risk. Tooloogle's encoders run entirely in JavaScript inside your browser. Inputs and outputs never leave your machine. Verify by opening DevTools and checking the Network tab — there are no requests when you encode or decode.
Each tool is optimised for the specific format. UTF-8 edge cases (BOM, surrogate pairs, combining characters) are handled correctly. Long inputs (megabytes of Base64) process without freezing the page. Outputs are formatted for easy reading and one-click copying.
Most tools offer encode and decode in the same view, with a swap button to flip direction. Paste any input, and we'll detect the format if possible and suggest the right operation.
Embedding small images directly in HTML emails (Base64 data URIs). Building "mailto:" links with pre-filled subject lines containing special characters (URL encoding). Verifying that a JWT from your auth provider contains the expected user ID and isn't expired. Sanitising user comments before display (HTML entity encoding). Converting binary firmware blobs for analysis (hex). Creating shareable encoded links for puzzle hunts and games (Caesar/ROT13).
Never use these tools for credentials you intend to keep secret if you're on a shared computer — clear inputs after decoding. Verify a JWT's signature with the proper key in your application; the decoder shows the payload but cannot validate signature trust without the key. For URL encoding, always encode each query-parameter value separately, not the whole URL. Use HMAC, not raw MD5/SHA, for any authentication signature.