← all repositories
Fadi002/de4py

Python deobfuscation that keeps your code off the cloud

de4py gives malware analysts a desktop GUI and local LLM engine for stripping obfuscation from Python binaries.

989 stars Python Other AI
de4py
Collecting fresh signals — velocity needs a few days of history.
collecting data…
star history

What it does

de4py is a Python deobfuscator and reverse-engineering workbench built around a PySide6 GUI. It targets common Python packers and obfuscators like PyInstaller, Jawbreaker, Hyperion, and BlankOBF, offering both automated stripping and manual analysis tools. The toolkit also doubles as a programmable library and exposes a plugin API for custom analyzers.

The interesting bit

The standout feature is the Onyx Engine, which pairs local LLMs through Ollama with traditional AST cleaning and control-flow flattening recovery. That means heavily obfuscated code can be handled entirely on-machine without external API calls. It also ships with a Pyshell for injecting and executing Python code inside external processes, a blunt but effective way to bypass licensing checks or perform dynamic analysis.

Key highlights

  • Local LLM integration via Ollama for AI-assisted deobfuscation (qwen2.5-coder:1.5b by default).
  • Direct support for specific obfuscators: Jawbreaker, BlankOBF, PlusOBF, Wodx, Hyperion, and pyobfuscate.
  • File analyzer detects PyInstaller and unpy2exe packers, calculates hashes, and extracts metadata.
  • Includes a behavior monitor for inspecting process handles, memory, and sockets in real time.
  • Usable as a library or extended via a plugin architecture; supports 18+ languages in the UI.

Caveats

  • Windows is recommended for full feature support, so expect friction on Linux or macOS.
  • The CC BY-NC 4.0 license explicitly forbids commercial use without explicit permission from the author.
  • AI deobfuscation depends on a separate Ollama installation and a local model pull; it is not turnkey.

Verdict

Malware analysts and reverse engineers who want an offline, desktop-first toolkit should look here; anyone needing a commercial-grade or fully cross-platform solution should look elsewhere.

Frequently asked

What is Fadi002/de4py?
de4py gives malware analysts a desktop GUI and local LLM engine for stripping obfuscation from Python binaries.
Is de4py open source?
Yes — Fadi002/de4py is an open-source project tracked on heatdrop.
What language is de4py written in?
Fadi002/de4py is primarily written in Python.
How popular is de4py?
Fadi002/de4py has 989 stars on GitHub.
Where can I find de4py?
Fadi002/de4py is on GitHub at https://github.com/Fadi002/de4py.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.