XPI
application/octet-stream
Magic Bytes
Offset: 0
50 4B 03 04 50 4B 05 06 50 4B 07 08
Cross-Platform Installer (XPI) is a ZIP-based installation archive format created and maintained by the Mozilla Foundation. It is primarily used to distribute extensions, themes, and plugins for Mozilla software, including the Firefox web browser and Thunderbird email client. While modern implementations utilize the WebExtensions API for improved security, legacy XPI files frequently contained privileged XPCOM components that required mandatory digital signatures to verify authenticity and prevent unauthorized system-level modifications.
Validation Code
How to validate .xpi files in Python
Python
def is_xpi(file_path: str) -> bool:
"""Check if file is a valid XPI by magic bytes."""
signature = bytes([0x50, 0x4B, 0x03, 0x04, 0x50, 0x4B, 0x05, 0x06, 0x50, 0x4B, 0x07, 0x08])
with open(file_path, "rb") as f:
return f.read(12) == signatureHow to validate .xpi files in Node.js
Node.js
function isXPI(buffer: Buffer): boolean {
const signature = Buffer.from([0x50, 0x4B, 0x03, 0x04, 0x50, 0x4B, 0x05, 0x06, 0x50, 0x4B, 0x07, 0x08]);
return buffer.subarray(0, 12).equals(signature);
}
Go
func IsXPI(data []byte) bool {
signature := []byte{0x50, 0x4B, 0x03, 0x04, 0x50, 0x4B, 0x05, 0x06, 0x50, 0x4B, 0x07, 0x08}
if len(data) < 12 {
return false
}
return bytes.Equal(data[:12], signature)
}API Endpoint
GET
/api/v1/xpi
curl https://filesignature.org/api/v1/xpi