Warning
This project works with Python 3.8 - see here how to setup 3.8 environment
Python 3.9+ are not supported due to decompilation tool compatibility limitations.
Educational demonstration proving that Python bytecode (.pyc files) compilation does NOT provide real security for source code protection.
Image above: The Tkinter GUI after decompiling the example bytecode included with this repository
# Install Python 3.8 if not already available
# Then create a virtual environment:
py -3.8 -m venv venv
# Activate the virtual environment:
# Windows:
venv\Scripts\activate
# Linux/Mac:
source venv/bin/activate
# Install dependencies
pip install -r requirements.txtMany developers believe that compiling Python to .pyc files protects their source code. The common advice "Just compile to bytecode to hide your code" creates a false sense of security that can put intellectual property at risk.
This demonstration shows why bytecode doesn't work for protection. With one simple command or a few clicks in our GUI, anyone can recover your original source code from .pyc files. The process takes seconds and requires no special skills.
No hacking skills needed. No vulnerabilities exploited. This uses standard Python tools and represents expected behavior - not a security flaw. Bytecode was never designed to provide protection. If you can compile it, anyone can decompile it.
# With one command, recover original source code:
pip install uncompyle6
uncompyle6 your_script.pycResult: Exact original source code recovered in under 30 seconds!
Important
Security through obscurity is NOT security!
Stop trusting bytecode with your code security. The protection is an illusion, and your intellectual property deserves better.
| Myth | Reality |
|---|---|
| ".pyc files hide my code" | ❌ Source code easily recovered |
| "Bytecode is encrypted" | ❌ No encryption used |
| "Provides real security" | ❌ Only basic obfuscation |
| "Hard to reverse engineer" | ❌ Trivial to decompile |
git clone https://github.com/ThiagoMaria-SecurityIT/python-bytecode-security-demo
cd python-bytecode-security-demo
# Create Python 3.8 virtual environment (see compatibility note above)
# Then install dependencies
pip install -r requirements.txt# Run the application directly from the src folder
python src/bytecode_tool.py- Compile: Use the GUI to compile
examples/sample_script.pyto.pyc - Decompile: Take the generated
.pycfile and decompile it back to source - Compare: See how the decompiled code matches the original exactly!
python-bytecode-security-demo/
├── src/ # Source code
│ ├── bytecode_tool.py # Main GUI application
│ ├── compiler.py # .py → .pyc compilation
│ └── decompiler.py # .pyc → .py decompilation
├── examples/ # Sample scripts to test
├── requirements.txt
└── README.md
If you actually need to protect Python code, consider:
| Solution | Protection Level | Dynamic Features |
|---|---|---|
| Cython | High | Limited - most dynamic features do not work |
| Nuitka | High | Some dynamic features will work |
| Server-side | Maximum | All |
- Understand why bytecode doesn't provide security
- See decompilation in action with our visual demo
- Learn real code protection alternatives
- Avoid common security pitfalls in Python
When bytecode IS appropriate:
- Slightly faster startup times
- Hiding code from completely non-technical users
- When real security doesn't matter
When to NEVER use bytecode for "protection":
- Protecting intellectual property
- Security-sensitive algorithms
- License keys or DRM systems
- Any code with actual business value
Contributions welcome! Feel free to:
- Add more examples and demo scripts
- Improve the GUI interface
- Add additional decompilation methods
- Create educational content and documentation
This project was developed with assistance from DeepSeek AI. The AI helped with:
- Code structure and organization
- GUI implementation using Tkinter
- Documentation and educational content
- Debugging and troubleshooting
The core security concepts and educational value represent original work.
MIT License - feel free to use this for education and security testing.
Thiago Maria - From Brazil to the World 🌎
Senior Information Security Professional | Security Risk & Compliance Specialist | AI Security Researcher | Software Developer | Post-Quantum Cryptography Enthusiast
My passion for programming and my professional background in security analysis led me to create this GitHub account to share my knowledge of security information, cybersecurity, Python, and AI development practices. My work primarily focuses on prioritizing security in organizations while ensuring usability and productivity.
Let's Connect:
👇🏽 Click on the badges below:
Want to see more upgrades? Help me keep it updated!
👇🏽 Click on the badge below: