⚠️ de4py is FREE & OPEN SOURCE (CC BY-NC 4.0).
Any paid versions sold elsewhere or commercial use are NOT permitted. If you paid for de4py, you were misled.
De4py is an advanced Python deobfuscator with a beautiful UI (PySide6) and a robust set of features for malware analysts and reverse engineers. It supports both automatic deobfuscation of common packers and manual analysis tools.
Maintained by Fadi002 and AdvDebug.
| Feature | Function |
|---|---|
| Onyx Engine (AI) | Advanced deobfuscation utilizing local LLMs (Ollama) combined with AST cleaning, control-flow flattening recovery, and pattern matching. |
| Legacy Deobfuscation | Direct support for popular obfuscators: Jawbreaker, BlankOBF, PlusOBF, Wodx, Hyperion, pyobfuscate. |
| File Analyzer | Detection of packers (PyInstaller, unpy2exe), dynamic hash calculation, suspicious string lookup, and metadata extraction. |
| Pyshell GUI & Code Execution | Custom GUI to execute Python code inside external target processes (useful for dynamic analysis and licensing bypasses). |
| Modern UI | Built with PySide6 and a custom dark theme for a premium look and feel. CLI mode also supported. |
| Global Localization | Support for over 18+ languages out of the box, powered by a community-driven localization engine. |
| Plugin Architecture & API | Extensible plugin system to create custom analyzers. You can also use de4py directly as a programmable library in your own tools. |
| Behavior Monitor & DevTools | Monitor process handles, memory access, and sockets. Built-in developer tools for real-time inspection, UI debugging, and API testing. |
- Python 3.8+
- Windows (recommended for full feature support)
You can install de4py as a package:
git clone https://github.com/Fadi002/de4py.git
cd de4py
pip install .GUI Mode:
python -m de4py
# OR
python main.pyCLI Mode:
python -m de4py --cliTo use the advanced Onyx-Alpha Deobfuscator (which utilizes local LLMs for heavily obfuscated code), you need to set up Ollama:
- Download and install Ollama.
- Open your terminal and pull the required model (default is
qwen2.5-coder:1.5b):ollama run qwen2.5-coder:1.5b
- Once the model is downloaded and running, the Onyx engine in de4py will automatically connect to it for AI-assisted deobfuscation. You can change the model and thresholds in the UI settings.
The project has been refactored for clarity:
de4py/
├── de4py/ # Main Package
│ ├── core/ # Core logic (EngineManager, Interfaces)
│ ├── engines/ # Deobfuscators and Analyzers
│ ├── ui/ # PySide6 User Interface
│ ├── config/ # Configuration management
│ └── utils/ # Utilities (RPC, TUI, etc.)
├── plugins/ # External Plugins folder (Root)
├── main.py # Entry point
└── pyproject.toml # Project configuration
All contributions are welcome!
- Matrix: Join our Matrix room 🔒 (recommended)
- Signal: Join our Signal room
- Discord: Join here 💬
We use Crowdin for translations.
- Select a language you want to translate.
- Use the Crowdin web editor.
- Submit translations for review.
This tool is for educational purposes only. Never deobfuscate software without permission. The developers are not responsible for misuse.
Licensed under Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0).
This project was created by Fadi002.
If you fork or redistribute this project, you must retain the original copyright notices and provide appropriate attribution according to the CC BY-NC 4.0 license. Commercial use is not permitted without explicit permission from the author.