Python deobfuscation that keeps your code off the cloud
de4py gives malware analysts a desktop GUI and local LLM engine for stripping obfuscation from Python binaries.

What it does
de4py is a Python deobfuscator and reverse-engineering workbench built around a PySide6 GUI. It targets common Python packers and obfuscators like PyInstaller, Jawbreaker, Hyperion, and BlankOBF, offering both automated stripping and manual analysis tools. The toolkit also doubles as a programmable library and exposes a plugin API for custom analyzers.
The interesting bit
The standout feature is the Onyx Engine, which pairs local LLMs through Ollama with traditional AST cleaning and control-flow flattening recovery. That means heavily obfuscated code can be handled entirely on-machine without external API calls. It also ships with a Pyshell for injecting and executing Python code inside external processes, a blunt but effective way to bypass licensing checks or perform dynamic analysis.
Key highlights
- Local LLM integration via Ollama for AI-assisted deobfuscation (
qwen2.5-coder:1.5bby default). - Direct support for specific obfuscators: Jawbreaker, BlankOBF, PlusOBF, Wodx, Hyperion, and pyobfuscate.
- File analyzer detects PyInstaller and unpy2exe packers, calculates hashes, and extracts metadata.
- Includes a behavior monitor for inspecting process handles, memory, and sockets in real time.
- Usable as a library or extended via a plugin architecture; supports 18+ languages in the UI.
Caveats
- Windows is recommended for full feature support, so expect friction on Linux or macOS.
- The CC BY-NC 4.0 license explicitly forbids commercial use without explicit permission from the author.
- AI deobfuscation depends on a separate Ollama installation and a local model pull; it is not turnkey.
Verdict
Malware analysts and reverse engineers who want an offline, desktop-first toolkit should look here; anyone needing a commercial-grade or fully cross-platform solution should look elsewhere.
Frequently asked
- What is Fadi002/de4py?
- de4py gives malware analysts a desktop GUI and local LLM engine for stripping obfuscation from Python binaries.
- Is de4py open source?
- Yes — Fadi002/de4py is an open-source project tracked on heatdrop.
- What language is de4py written in?
- Fadi002/de4py is primarily written in Python.
- How popular is de4py?
- Fadi002/de4py has 989 stars on GitHub.
- Where can I find de4py?
- Fadi002/de4py is on GitHub at https://github.com/Fadi002/de4py.