🔒 100% on-device · no cloud · no API key

Any blob.
Clearly explained.

Any token, API error, JWT, certificate, log line, or webhook payload — Blobwise identifies it, decodes every layer, and explains what it means and what to do next.

No cloud. No API key. Nothing ever leaves your Mac.

Download for macOS

macOS 26 (Tahoe) · native (~1 MB) · 7-day trial, no card · on-device AI, local-first by design

paste  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIi…
jwtjson
JWT (HS256)EXPIRED (3062 days ago)
alg: HS256   exp: 2018-01-18T02:30:22Z   sub: 1234567890
🛡 Insight 🔒 on-device
This is an expired HS256 JWT.
Signed with a shared secret, so it must stay server-side — anyone holding it can forge tokens. It expired long ago and is no longer valid.
Reject this token — it has expired Issue a fresh token if the session is still valid Rotate the shared secret if it may have leaked

Identify → decode → explain

Most tools make you guess what the thing is and pick the right converter. Blobwise recognizes it automatically, peels every layer into a visible decode chain, and — because the deterministic core nails the facts first — adds a short, on-device AI explanation on top.

🔎

Auto-detect

19 detectors compete by confidence — base64, JWT, gzip, PEM/X.509, plist, hashes, YAML/XML and more. No menus, no guessing.

⛓️

Decode chain

Double-URL-encoded JSON? gzip-in-base64? Blobwise recursively unwraps it and shows the full path: url → url → json.

Explain + next step

What it means and what to check next — alg:none auth-bypass, expired certs, weak password hashes — facts from the core, prose from on-device AI.

Built for the stuff that wastes your afternoon

The more code AI writes, the more opaque fragments you have to make sense of.

JWT & OAuth

Decode header/payload, humanize exp, flag expired tokens and unsigned alg:none.

Multi-layer payloads

URL-encoded → base64 → JSON, unwrapped automatically with the chain shown.

API / OAuth errors

invalid_grant & friends — meaning, common causes, and a debug checklist.

PEM / certificates

Subject, issuer, validity, SAN, expiry — from a hand-written ASN.1 parser, no Keychain.

Password hashes

bcrypt / argon2 / sha-crypt with work factor, plus bare-digest cracking warnings.

Messy logs & agent dumps

Scan a blob and Blobwise extracts every embedded artifact, decoding each on its own.

Privacy is the whole point

The things you paste — tokens, secrets, production logs — are exactly what cloud tools can't be trusted with. Blobwise is structurally incapable of leaking them.

🔒

Nothing leaves your Mac

Decoding is local. The AI explanation runs on Apple Foundation Models, on-device — no network call, ever.

🧱

Facts never depend on AI

A deterministic core owns correctness; the model only writes the summary. If it declines, you still get the verified answer.

🙈

No account, no tracking

No account required for inspection. No inspected content is logged, tracked, or sent anywhere. License verification sends only your key — never the content you inspect.

Buy once. Yours for good.

No subscription. No cloud cost. Runs locally on your Mac.

Blobwise · one-time purchase
$30$20
early-bird price for the first users
  • Unlimited artifact inspection
  • JWT, OAuth errors, certificates, hashes, logs & payloads
  • Recursive decode chain
  • On-device AI explanations
  • Scan messy logs / agent dumps
  • Batch & file parsing
  • Deep history, save & export
  • Global shortcut: copy → decode anywhere
  • No cloud. No API key. Nothing leaves your Mac.
Buy Blobwise — $20

or download & try it free for 7 days — no card →

Didn't fit? Email hello@blobwise.com within 14 days for a full refund — no questions asked.

All 1.x updates included · future major versions sold separately · license verification sends only your key — never your data.