DEV Community

Cover image for De4py: Advanced python reverse engineering
AdvDebug
AdvDebug

Posted on • Edited on

De4py: Advanced python reverse engineering

Image description

De4py is an advanced Python deobfuscator with a beautiful user interface and a set of powerful features. It’s designed to help malware analysts and reverse engineers tackle obfuscated Python files and more.

Here are some key features of De4py:

  • Deobfuscation: De4py supports popular obfuscators like Jawbreaker, BlankOBF, PlusOBF, Wodx, Hyperion, and pyobfuscate.com obfuscator. It helps you unravel the obfuscated code and understand its true functionality.

  • Pycode Execution: You can execute Python code directly within the process. This feature is handy when dealing with programs that have licensing checks or other conditional behavior.
    Strings Dump: Extract strings from the Python process memory, which can be useful for analyzing webhooks or other data stored in memory.

  • Removing Exit Function: De4py can remove the exit function, preventing the program from terminating prematurely (useful for debugging).

  • Getting All Functions: Retrieve a list of all functions within the Python process. Useful for modifying functions in memory.

  • Pyshell GUI: A custom GUI allows you to execute Python code within the desired process.

  • GUI and Console Support: De4py offers both console and GUI modes. The GUI provides a more user-friendly experience.

  • File Analyzer: Detects if a Python program is packed (e.g., using pyinstaller) and attempts to unpack it. It also identifies suspicious strings (IPs, websites, specific keywords) within the file.

  • Behavior Monitoring: Monitors Python processes for file handles, process interactions, memory reads/writes, and socket activity. It can even decrypt OpenSSL-encrypted content.
    Plugins System: Customize the theme or add custom deobfuscators using plugins.

  • API System: Use De4py’s features (deobfuscator engine and pyshell) in your own tools.

it's are maintained by my friend Fadi002 and me (AdvDebug), any feedback is appreciated.

Top comments (0)