Verifying checksums

A checksum is a fingerprint of a file. Publishers list the expected checksum next to their downloads; if your copy produces the same value, it downloaded correctly and hasn’t been tampered with. If it doesn’t match, don’t trust the file.

Verify a file (Tools)

Open Tools → Verify a file (also reachable as the Verify ISO screen):

1. Tap Select a file and pick any file on your device.
2. Choose the checksum type — SHA-256 (most common), SHA-1, or MD5.
3. (Optional) paste the expected checksum the publisher published.
4. Tap Verify checksum.

BootForge reads the file and computes its checksum, showing progress as it goes. It only reads the file — it never modifies it.

Reading the result

• Checksum matches the expected value — the file is genuine and intact.
• Checksum does NOT match — do not trust this file; download it again from the official source.
• No expected checksum entered — BootForge shows the computed value; compare it yourself with the one the publisher lists.

In the Library

Images in your library show their SHA-256 under More details, with a Copy button and a Checksum verified badge where applicable. You can also Calculate checksum there on demand.

Downloads verify automatically (Pro)

In-app downloads are checksum-verified for you against the official artifact’s expected hash — a mismatch means the file is discarded and not saved, so a bad or tampered download never lands on your phone or drive. Those images then show a Verified · (publisher) badge in the library.