Advanced Python Deobfuscator & Reverse Engineering Toolkit
De4py is an advanced Python deobfuscator with a beautiful UI (PySide6) and a robust set of features for malware analysts and reverse engineers. It supports both automatic deobfuscation of common packers and manual analysis tools.
Maintained by Fadi002 and AdvDebug.
| Feature | Function |
|---|---|
| Deobfuscation | Support for popular obfuscators: Jawbreaker, BlankOBF, PlusOBF, Wodx, Hyperion, pyobfuscate. |
| File Analyzer | Detection of packers (PyInstaller), hash calculation, suspicious string lookup, and metadata extraction. |
| PyCode Execution | Execute Python code inside the target process (useful for bypassing licensing checks). |
| Pyshell GUI | Custom GUI to easily inject and execute Python code in valid processes. |
| Behavior Monitor | Monitor process handles, memory access, sockets, and dumped content (including decrypted OpenSSL traffic). |
| Modern UI | Built with PySide6 and a custom dark theme for a premium look and feel. CLI mode also supported. |
| API System | Use de4py as a library in your own tools. |
- Python 3.8+
- Windows (recommended for full feature support)
You can install de4py as a package:
git clone https://github.com/Fadi002/de4py.git
cd de4py
pip install .GUI Mode:
python -m de4py
# OR
python main.pyCLI Mode:
python -m de4py --cliThe project has been refactored for clarity:
de4py/
├── de4py/ # Main Package
│ ├── core/ # Core logic (EngineManager, Interfaces)
│ ├── engines/ # Deobfuscators and Analyzers
│ ├── ui/ # PySide6 User Interface
│ ├── config/ # Configuration management
│ └── utils/ # Utilities (RPC, TUI, etc.)
├── plugins/ # External Plugins folder (Root)
├── main.py # Entry point
└── pyproject.toml # Project configuration
All contributions are welcome!
- Matrix: Join our Matrix room 🔒 (recommended)
- Signal: Join our Signal room
- Discord: Join here 💬
We use Crowdin for translations.
- Select a language you want to translate.
- Use the Crowdin web editor.
- Submit translations for review.
This tool is for educational purposes only. Never deobfuscate software without permission. The developers are not responsible for misuse.
Licensed under GNU General Public License v3.0.