Features
40+ protection modules across obfuscation, anti-tamper, encryption, and developer tooling.
Function Obfuscator
Individual functions are extracted from the AST, encrypted, and replaced with wrapped execution contexts. The original function body is only decrypted at call time, so static analysis cannot recover what any function does without executing it.
Lite Function Obfuscator
Functions are compressed and marshaled into compact byte arrays using the best-performing algorithm per function (zlib, bz2, lzma, or pyzstd). Decompiler breaker is applied before reinsertion. Smaller output, same protection depth.
Bytecode Encryption
The entire code object is encrypted with AES-256-GCM using authenticated encryption with a random key and nonce per build. The key is scrambled into the stub loader and never appears as plaintext in the output.
String Encryption
Every string literal is encrypted using XOR with random, per-session keys. Unicode-aware with configurable exclusion lists for strings that must remain readable at the bytecode level.
Import Obfuscator
Module imports are renamed, aliased, and wrapped to hide dependency structure. Attackers cannot determine what libraries your code uses by scanning import statements.
Variable Renamer
All identifiers are replaced with cryptographically random names from a seeded generator. No pattern, no prefix convention -- just meaningless tokens. Imports and builtins are automatically preserved.
MBA Obfuscator
Mixed Boolean-Arithmetic transforms simple expressions into unrecognizable but algebraically equivalent forms. For example, x + y becomes something like ((x ^ y) + 2 * (x & y)). 4 complexity levels.
Polymorphic Obfuscator
Dynamic code transformation that changes the obfuscation structure with each build. The same source file produces structurally different output on every obfuscation run, breaking signature-based detection.
Multi-Layer Encryption
Bytecode goes through multiple encryption passes: AES-256-GCM, ChaCha20, and XOR are layered with different keys per pass. Breaking one layer only reveals the next ciphertext.
Control Flow Flattening
All branching logic is collapsed into a switch-based state dispatch loop. If/else blocks, while loops, and for loops are all replaced with a flat state machine that dispatches via integer state codes.
Opaque Predicates
Always-true or always-false conditions are injected throughout the code using mathematical invariants (x*(x+1)%2==0, (x^2+x)%2). Static analysis and decompilers cannot distinguish real branches from fake ones and follow both, inflating their state space to exhaustion.
Wrap In Function
The entire script is wrapped into a single generated function. All imports are extracted and re-injected inside the wrapper body. The global scope is hidden behind the function boundary.
Bytecode Transformation
Bytecode is converted into an abstract instruction set executed by an embedded interpreter class. Instead of native Python bytecodes, the code uses integer-coded operations dispatched through a virtual machine loop.
Bytecode NOP Obfuscation
Semantically neutral NOP instructions are inserted at the bytecode level. These instructions are skipped during execution but inflate the instruction stream, disrupting signature-based detection and pattern matching.
Minifier
Whitespace, comments, docstrings, and unnecessary tokens are stripped from the source before obfuscation. Reduces file size and removes all human-readable annotations.
Junk Code Injection
Non-functional dead code and unreachable branches are inserted. Every junk block looks legitimate with real variables and real function calls, but the control flow guarantees it never executes.
Number Conversion
Numeric literals are converted to hex, octal, or binary representations. Integer constants are broken into arithmetic expressions that evaluate to the same value at runtime.
Compression (pyzstd)
The final encrypted payload is compressed using Zstandard compression before being embedded in the stub. Decompression happens inside the stub before decryption, adding another layer of analysis complexity.
Polymorphic Key Derivation
5 unique key derivation schemes are randomly selected per build: PBKDF2-HMAC-SHA256, dual-SHA-256, reversed-seed-multi-hash, XOR-rotated, and seed-split-HMAC. Two obfuscations of the same file produce structurally different outputs with different encryption parameters.
Decompiler Breaker
Bytecode EXTENDED_ARG chains are deliberately corrupted in ways that specifically crash pylingual, pycdc, and uncompyle6. Decompilers see nonsense opcodes or infinite loops and abort without producing usable source.
Encryption Methods
Supports AES-256-GCM, ChaCha20, XOR, SHA-512, and custom white-box encryption algorithms. Each encryption method can be layered or combined depending on the selected security profile.
White-Box Cryptography
An 8-round Feistel network cipher where the key is embedded in substitution-boxes (2 per round, 256 bytes each) derived via SHA-256 expansion. The key is never reconstructed at runtime -- only the lookup tables exist in the output. Standard key extraction techniques cannot recover the key.
Multi-Encoding Pipeline
The payload is run through a chained encoding pipeline: zlib compression, base64, base32, character scrambling, and string reversal. Each layer must be decoded in sequence at runtime, increasing the work required for static analysis.
PYTOC (Python To C)
Obfuscated Python is compiled to a native .pyd extension via Cython. The transformation goes Python -> .pyx -> C -> compiled machine code, eliminating Python source entirely while maintaining a single-file import interface.
Ready to secure your code?
Join lots of developers who trust Nyami for their application security.