PKG (.pkg)

.pkg file signature | application/octet-stream

High

High Risk Format

This file type can contain executable code. Always validate the source and scan with antivirus before opening.

Magic Bytes

Offset 10


              23 20 54 68 69 73 20 69 73 20 61 20 73 68 65 6C 6C 20 61 72 63 68 69 76 65

Sources: Apache Tika

All Known Signatures

6 signature variants are documented for .pkg files across multiple sources.

Hex Signature	Offset	Sources
23 20 54 68 69 73 20 69 73 20 61 20 73 68 65 6C 6C 20 61 72 63 68 69 76 65	10	Apache Tika
1F 1E	0	Apache Tika
30 31 37 34 33 37	0	Apache Tika
1F FF	0	Apache Tika
FF 1F	0	Apache Tika
30 31 34 35 34 30 35	0	Apache Tika

Extension

.pkg

MIME Type

application/octet-stream

Byte Offset

Risk Level

High

Validation Code

How to validate .pkg files in Python

Python

def is_pkg(file_path: str) -> bool:
    """Check if file is a valid PKG by magic bytes."""
    signature = bytes([0x23, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x73, 0x68, 0x65, 0x6C, 0x6C, 0x20, 0x61, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65])
    with open(file_path, "rb") as f:
        return f.read(25) == signature

How to validate .pkg files in Node.js

Node.js

function isPKG(buffer: Buffer): boolean {
  const signature = Buffer.from([0x23, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x73, 0x68, 0x65, 0x6C, 0x6C, 0x20, 0x61, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65]);
  return buffer.subarray(0, 25).equals(signature);
}

How to validate .pkg files in Go

func IsPKG(data []byte) bool {
    signature := []byte{0x23, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x73, 0x68, 0x65, 0x6C, 0x6C, 0x20, 0x61, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65}
    if len(data) < 25 {
        return false
    }
    return bytes.Equal(data[:25], signature)
}

API Endpoint

GET /api/v1/pkg


              curl https://filesignature.org/api/v1/pkg

See the full API documentation for all endpoints and parameters.

Frequently Asked Questions

What is a .pkg file?

A .pkg file is a PKG file.

What are the magic bytes for .pkg files?

The magic bytes for PKG files are 23 20 54 68 69 73 20 69 73 20 61 20 73 68 65 6C 6C 20 61 72 63 68 69 76 65 at byte offset 10. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .pkg file?

To validate a .pkg file, read the first bytes of the file and compare them against the known magic bytes (23 20 54 68 69 73 20 69 73 20 61 20 73 68 65 6C 6C 20 61 72 63 68 69 76 65) at offset 10. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .pkg files?

The primary MIME type for .pkg files is application/octet-stream.

Is it safe to open .pkg files?

PKG (.pkg) files are high risk because they can contain executable code. Never open .pkg files from untrusted sources. Always scan with antivirus software, verify the source, and consider running in a sandboxed environment.