EXE Python Decoder

A command-line tool that extracts, decompiles, and analyzes Python executables built with PyInstaller, cx_Freeze, or py2exe.

╔════════════════════════════════════════════════════╗
║          EXE -> Python Decoder  v1.0               ║
║   Extract  •  Decompile  •  Analyze  •  Report    ║
╚════════════════════════════════════════════════════╝

Features

• Packer detection — automatically identifies PyInstaller, cx_Freeze, py2exe, Nuitka, or ZIP-embedded executables
• Full extraction — unpacks CArchive and PYZ archives from PyInstaller bundles; handles embedded ZIPs for cx_Freeze/py2exe
• Multi-backend decompilation — tries uncompyle6 -> decompyle3 -> pycdc -> dis (bytecode fallback)
• Versioned interpreter support — auto-detects and uses the matching Python version (e.g. py -3.8) for cross-version decompilation
• AST analysis — extracts imports, classes, functions, frameworks, global variables, and interesting strings
• Text report — saves a _REPORT.txt summary in the output directory

Supported Packers

Packer	Support
PyInstaller v2–v6	Full (CArchive + PYZ)
cx_Freeze	ZIP extraction
py2exe	ZIP extraction
Generic ZIP-embedded	ZIP extraction
Nuitka	Detected, not recoverable (compiles to C)

Requirements

• Python 3.8+
• No mandatory dependencies — all standard library

Optional decompilers (install at least one for best results):

pip install uncompyle6    # best for Python 2.7 – 3.8
pip install decompyle3    # best for Python 3.7 – 3.11

Or download pycdc for cross-version bytecode decompilation without needing to match the Python version.

Installation

git clone https://github.com/shootcannon/EXEtoPy
cd ExetoPy

No extra install step needed — just run with Python.

Usage

python main.py <path/to/app.exe>

Options

positional arguments:
  exe                   Path to the .exe file

optional arguments:
  -o, --output DIR      Output directory (default: <name>_decoded/)
  -v, --verbose         Show full tracebacks on errors

Examples

# Basic usage
python main.py app.exe

# Specify output folder
python main.py app.exe -o ./output

# Verbose mode (shows full tracebacks)
python main.py app.exe -v

Output Structure

app_decoded/
├── extracted/          # Raw files extracted from the archive
│   ├── app.pyc
│   ├── app.pyz
│   └── app_pyz/        # Modules extracted from the PYZ archive
│       └── ...
├── source/             # Decompiled .py source files
│   ├── app.py
│   └── ...
└── _REPORT.txt         # Analysis summary (imports, classes, functions, strings)

Pipeline Steps

STEP 1 — Packer detection
STEP 2 — File extraction (CArchive / PYZ / ZIP)
STEP 3 — Decompiler check (auto-install if missing)
STEP 4 — PYC -> Python decompilation
STEP 5 — AST source code analysis
STEP 6 — Summary & report

Project Structure

decryptor/
├── main.py         # Entry point: pipeline + CLI
├── colors.py       # ANSI colors, banner, log helpers
├── detector.py     # Packer detection logic
├── extractor.py    # PyInstaller & ZIP extractors
├── decompiler.py   # PYC decompilation backends
└── analyzer.py     # AST analysis, display, report

Disclaimer

This tool is intended for legitimate use only, such as:

• Recovering your own lost source code
• Security research and malware analysis
• CTF challenges and educational purposes

Do not use this tool to decompile software you do not own or have permission to analyze.

License

MIT