A curated list of awesome Python reversing libraries, tools and resources.
- Disassemblers
- Decompilers
- Debuggers
- Bytecode
- Python internals
- Packers
- Extractors
- Obfuscators
- Deobfuscators
- Resources
Python bytecode disassemblers.
- dis - The built-in Python disassembler.
- xdis - A Python cross-version bytecode library and disassembler.
- pycdas - A disassembler and decompiler written in C++ aiming to support all Python versions.
Python bytecode decompilers.
- decompile3 - A Python decompiler aiming to support versions 3.7 - 3.8.
- uncompyle6 - A Python decompiler aiming to support versions 1.0 - 3.8 (including Dropbox's Python 2.5 bytecode and some PyPy bytecodes).
- pycdc - A disassembler and decompiler written in C++ aiming to support all Python versions. This decompiler is known to be unstable.
- pycdc (snippet decompiler) - This tool decompiles individual snippets of Python bytecode as opposed to entire binary files, aiming to help manual decompilation of binaries that are unsupported by state-of-the-art Python decompilers.
- unpyc3.7-3.10 - A fork of a decompiler which aims to support versions 3.7 - 3.10.
Python source code/bytecode debuggers.
- pdb - The built-in Python interactive source debugger.
- python3-trepan - A gdb-like debugger which supports both source code and bytecode debugging.
- PyCharm's debugger - PyCharm has its own debugger which is considered to be one of the best.
Bytecode editors.
- pySpy - This tool aims to make viewing and editing bytecode easier. Only works properly for version 3.9.
- xdis - A Python cross-version bytecode library and disassembler. This library allows you to modify bytecode programmatically.
Tools to assist with manual analysis of Python bytecode.
- PyInjector - An injector for Windows that allows you to inject Python code into any Python process. It can be useful to expose variables, functions, grab code objects and many other things.
- PythonForWindows - This library allows you to interact with windows but also lets you inject Python code into another Python process without needing to inject a dll yourself.
- x-python - A Python implementation of the C interpreter. It can be useful to run bytecode instruction by instruction.
Tools to inspect or modify Python internals.
- inspect - A built-in library to inspect live objects. It gives information about objects like modules, classes, methods, functions, tracebacks, frame objects, and code objects. (Can be used along with Python injectors)
- CPython - The CPython source code itself can often times be very useful to modify or trace.
Python packers that will package your Python project into an executable. This includes Python "compilers".
- PyInstaller - PyInstaller is the most popular Python packager, supporting the platforms Windows, Linux and MacOS X.
- py2exe - py2exe can package Python projects to an executable for Windows.
- Cython - Cython is a superset of the Python language but can nonetheless compile Python code to a native program. It compiles the Python code to C code so any platform that has a C compiler should work.
- Nuitka - This is also a compiler for Python that can generate executables. It officially supports Linux, FreeBSD, NetBSD, MacOS X, and Windows (32bits/64 bits/ARM).
Tools that can extract packed Python executables.
- pyinstxtractor - pyinstxtractor is the most popular extractor for PyInstaller. It supports almost all versions of PyInstaller. (pyinstxtractor-ng and pyinstxtractor-go might be worth checking out aswell.)
- unpy2exe - unpy2exe is an extractor for py2exe but is not maintained anymore and likely will fail on newer versions of py2exe.
- nuitka-extractor - An extractor for nuitka. This basically does the same thing as looking in the
temp
folder, but without actually running the executable.
Python obfuscators.
- Pyarmor - This is by far the most popular Python obfuscator. It supports Python 2 and 3 on Windows, Linux and MacOS X.
- Nuitka - Nuitka isn't officially seen as an obfuscator but because it compiles Python code to C code it definitely helps with making the code harder to understand. The commercial version does have some extra protection features.
- Cython - Cython isn't officially seen as an obfuscator but because it compiles Python code to C code it definitely helps with making the code harder to understand.
- Hyperion - This obfuscator is unique since it's one of the only ones that actually transforms your Python code. Since it returns plain Python source code it can be used on any platform that has Python available.
The following obfuscators all work in similar ways: marshalling the original Python code and hiding it behind multiple layers of exec
statements with potentionally some encryption/decryption.
Deobfuscators for Python obfuscators.
- PyArmor-Unpacker - The most popular deobfuscator for the obfuscator Pyarmor. It only supports the free version of Pyarmor.
- bonedensity - A deobfuscator for the obfuscator PyArmor. Supports both the free and the paid Super mode.
- Hyperion-deobfuscator - A deobfuscator for the obfuscator Hyperion.
- nuitka-helper - Not a deobfuscator but a tool that does symbol recovery for Nuitka samples. Read the blog post linked in the README.
Educational resources for Python reverse engineering.