How to Package and Secure Python Scripts with PyInstaller (and Decompile Them)

1. Installing PyInstaller

Run pip install pyinstaller in a command line to install the tool.

2. Packaging Python Code

Create two simple modules, mylib.py and main.py, where main.py imports mylib and calls its function. Then package the script with: pyinstaller.exe -F main.py The command generates a dist folder containing the executable main.exe. The folder structure includes build and dist directories with various intermediate files.

3. Decompiling PyInstaller Executables

Use pyinstxtractor.py to unpack the generated .exe file: python pyinstxtractor.py main.exe The extractor creates a folder main.exe_extracted containing the embedded .pyc files and other resources. The original Python bytecode can be recovered by adding the missing “magic number” bytes (the first 16 bytes) to the extracted .pyc files. After fixing the header, decompile the .pyc files with an online decompiler (e.g., http://tools.bugscaner.com/decompyle/ ) to retrieve the original source code.

4. Encrypting Packages with PyInstaller

PyInstaller supports simple encryption of bundled bytecode using the --key option. Install the required pycrypto package (may need Visual Studio for compilation) and then run: pyinstaller.exe -F --key 123456 myscript.py The resulting executable encrypts the embedded bytecode, making the extraction step fail with errors such as “Failed to decompress Crypto”. However, the outer entry script remains readable, so it is advisable to place the program’s entry point in a separate module and encrypt that module as well.

5. Conclusion

To protect your Python source when distributing executables, place the main logic in a separate file and use PyInstaller’s --key option for encryption. While basic packaging is straightforward, decompilation is possible unless encryption is applied, and even then only the entry script may be exposed.