File signatures are useful to identify a file type. This approach had been there for a quite long time. For example when a JVM has to load a java class file the first thing it would check is if it is a Java class file. In order to do that there is a magic code that identifies if the file is really a Java class file. What is this magic code and how do we see it? Keep reading.

In order to check the signature of the java class file we need to have a tool that can help us view its initial bytes in the form of hexadecimal codes. Interestingly if you are using a Windows system there is an easy way without the need to go for a tool. DOS had a tool called debug which allowed developers to look at assembly code of an executable. This tool loads an executable COM file (like command.com) and users can view every byte of the file in binary and hex. Debug is still packaged with Windows and we can use it to look at the class file in binary and hex.

But there are two constraints to use debug. The debug command still thinks that it is running under DOS and will load only a COM executable. Next thing is the DOS 8.3 file naming limitation; if you have a file that has the prefix more than 8 characters and suffix more than 3 characters, debug will not understand it. So here is how we are going to cheat debug thinking that it is loading a COM executable by simply renaming the class file extension to a com extension and also confirming to a DOS 8.3 file naming convention.

I created a screen cast that will show you how to view the signature of the java class file using debug tool.

Why CAFE BABE? Maybe James Gosling and the team thought it sounded sexy and also Cafe went good with Java. But up till now to my knowledge the real reason behind this magic code is not known.

With the above technique you can try out the magic codes for other file types.