Skip to content

SO magic bytes (.so)

.so file signature: 7F 45 4C 46 | application/x-sharedlib

Category: Executables

The Shared Object (SO) format is a dynamically linked library format based on the Executable and Linkable Format (ELF), originally developed for Unix systems and maintained through platform toolchains and operating system conventions. It is used by Linux and other Unix-like systems to store reusable code for applications, device drivers, and system components loaded at runtime. Because shared objects execute as native code, they should be obtained from trusted sources; in modern systems, the format remains widely used rather than obsolete.

Safe

Magic Bytes

Offset 0
7F 45 4C 46

Sources: Wikipedia

Extension

.so

MIME Type

application/x-sharedlib

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .so files in Python

Python 
def is_so(file_path: str) -> bool:
    """Check if file is a valid SO by magic bytes."""
    signature = bytes([0x7F, 0x45, 0x4C, 0x46])
    with open(file_path, "rb") as f:
        return f.read(4) == signature

How to validate .so files in Node.js

Node.js 
function isSO(buffer: Buffer): boolean {
  const signature = Buffer.from([0x7F, 0x45, 0x4C, 0x46]);
  return buffer.subarray(0, 4).equals(signature);
}

How to validate .so files in Go

Go 
func IsSO(data []byte) bool {
    signature := []byte{0x7F, 0x45, 0x4C, 0x46}
    if len(data) < 4 {
        return false
    }
    return bytes.Equal(data[:4], signature)
}

API Endpoint

GET /api/v1/so
curl https://filesignature.org/api/v1/so

See the full API documentation for all endpoints and parameters.

Related Formats

.elf .axf .ko .o .out .prx

Frequently Asked Questions

What is a .so file?

A .so file is identified by the magic bytes 7F 45 4C 46 at byte offset 0. The Shared Object (SO) format is a dynamically linked library format based on the Executable and Linkable Format (ELF), originally developed for Unix systems and maintained through platform toolchains and operating system conventions. It is used by Linux and other Unix-like systems to store reusable code for applications, device drivers, and system components loaded at runtime. Because shared objects execute as native code, they should be obtained from trusted sources; in modern systems, the format remains widely used rather than obsolete.

What are the magic bytes for .so files?

The magic bytes for SO (.so) files are 7F 45 4C 46 at byte offset 0. These bytes identify the file format more reliably than the extension alone.

How do I validate a .so file?

To validate a .so file, read the first bytes of the file and compare them against the known magic bytes (7F 45 4C 46) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .so files?

The primary MIME type for .so files is application/x-sharedlib.

Is it safe to open .so files?

SO (.so) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.