Forem: Just Maniak

why i chose to build nyami instead of just using pyarmor

Just Maniak — Mon, 13 Apr 2026 21:04:06 +0000

before i built nyami i used pyarmor. a lot of people do.

and honestly? for what it was designed to do, it's fine.

but "fine" isn't the same as "works against someone who actually knows what they're doing."

here's why i moved on from pyarmor and why i built something different.

how pyarmor actually works:

pyarmor encrypts your bytecode and wraps it in a bootstrap loader.
at runtime, the loader decrypts the bytecode and hands it to the python interpreter.

the idea is: encrypted bytecode = unreadable bytecode.

and against someone with zero RE knowledge, that's true.

the problem:

the decryption has to happen somewhere.
the key has to exist somewhere.
the decrypted bytecode has to exist in memory at some point.

and that's the attack surface.

tools like frida can hook the python interpreter at the moment decryption happens and read your bytecode clean out of memory.

pyarmor's protection is a locked box where the key is taped to the outside.
if you know where to look, the lock doesn't matter.

i know this because i broke pyarmor-protected scripts regularly during my year of python RE.
it wasn't even the hard ones. it was just part of the normal process.

what pyarmor doesn't do:

it doesn't break decompilers. pylingual still runs fine on pyarmor output in many configurations.
it doesn't use polymorphism. the same obfuscation pattern means once you figure out the approach, every pyarmor-protected script is vulnerable the same way.
it doesn't detect dynamic analysis. frida hooks work. patched interpreters work. the runtime protection isn't there.

pyarmor's approach is: hide the code.
the problem is that hidden code has to be unhidden to run.

what i built differently with nyami:

pytoc - python to C compilation
this doesn't encrypt your bytecode. it eliminates it.
your python gets converted to C and compiled to machine code.
there's no python bytecode to decrypt because there's no python bytecode at all.
a decompiler has nothing to work with. there's no key to find because there's nothing to decrypt.
this is a fundamentally different approach, not a better version of the same thing.

polymorphic everything
every nyami build is unique.
different obfuscation patterns, different keys, different structures.
this matters because pyarmor's static approach means breaking one copy scales to every copy.
with nyami, breaking one build tells you nothing about the next version.
signature-based attacks don't work when there are no signatures.

decompiler-breaking
i spent a year understanding how pylingual, pycdc, and uncompyle6 work internally.
then i built output that specifically breaks their analysis pipelines.
not output that confuses them. output that crashes them.
when the tool fails entirely, the attacker has to switch approaches entirely.
this is different every build so it can't be fingerprinted.

anti-tamper that actually watches runtime
frida detection. hook detection. integrity checks.
not just a startup check you can patch out.
if someone tries to patch your running process, nyami crashes it.

the honest comparison:

pyarmor is good at stopping the most casual attackers.
if someone has never done python RE before, pyarmor will slow them down.

nyami is built by someone who was on the attacking side.
i know the attacks because i used them.
i know where pyarmor fails because i made it fail.

the goal isn't protection that looks strong.
it's protection that holds up against someone who actually tries.

if you want to see the difference yourself:
we post protected test files on discord after every update.
try whatever tools you want.

nyami.cc | discord.nyami.cc | documentation.nyami.cc

got any questions? dm me on discord @justmaniak

obfuscate python before selling: what you actually need to do

Just Maniak — Mon, 13 Apr 2026 20:48:50 +0000

so you built something in python and you want to sell it.

maybe a discord bot. maybe an automation tool. maybe a SaaS script. maybe something niche that people in a specific community will pay for.

before you ship it to your first customer, read this.

because the thing most developers do before selling, "obfuscate it with X tool", probably isn't protecting anything.

what most people do:

they run their script through a basic obfuscator. the output looks scary. nested lambdas, encoded strings, everything renamed to _0x3f7a style names. looks protected.

then they sell it.

what actually happens:

someone buys it, opens pylingual, uploads in the bytecode(.pyc).

reads the logic in five minutes.

i know because i did this for a year as a hobby. my friend kept buying paid scripts. i kept cracking them. price didn't matter. obfuscator used didn't matter. if it had python bytecode, i could read it.

the obfuscation everyone uses doesn't work because it doesn't address how decompilers actually work.

decompilers don't care about variable names. they don't care about string encoding. they reconstruct logic from bytecode patterns. and as long as your bytecode is there and readable, the obfuscation on top is irrelevant.

what you actually need before selling:

minimum viable protection:
bytecode encryption with polymorphic keys. this makes the decompiler fail — not produce messy output, actually fail to read the file. and because the keys are different every build, once someone breaks one copy they have to start over with the next version.

recommended protection:
python to C compilation. this eliminates the bytecode entirely. your source is compiled to machine code. reversing it requires disassembly, not a python decompiler. this is a completely different threat model that makes casual attackers give up immediately.

full protection:
combine the above with a decompiler-breaker (output specifically designed to crash pylingual and pycdc internally) and anti-tamper (detects hooking and frida at runtime). this covers every practical attack vector.

the honest version:

if you sell something valuable enough, someone will eventually try to crack it. that's just reality.

but there's a massive difference between "anyone with pylingual and 5 minutes can read your code" and "cracking this requires weeks of serious RE work."

most people trying to steal a $20/month script don't have weeks of serious RE work in them. make the economics not work and they move on.

one thing to do before you launch:

test your own protection. download pylingual(or use the web version). run it against your protected output. if you can read your logic, so can your customers.

if pylingual crashes or produces garbage, you're in a much better position.

we post openly available protected test files on discord after every nyami update. you can test our output yourself with whatever tools you want. no trust required.

nyami.cc | discord.nyami.cc | documentation.nyami.cc

got any questions? dm me on discord @justmaniak

python intellectual property protection: a practical guide for developers selling code

Just Maniak — Mon, 13 Apr 2026 20:44:09 +0000

if you sell python software, your source code is your product.

and right now, there's a good chance it's readable by anyone who downloads it.

i'm not being dramatic. i spent a year reversing paid python scripts as a hobby. scripts people were paying $5-50/month for. scripts with real commercial value. i could read most of them in minutes with free tools.

that's an IP protection problem.

why python is uniquely vulnerable:

most compiled languages compile to machine code. reverse engineering machine code is hard, it requires disassemblers, significant time, and serious skill.

python compiles to bytecode. bytecode is high-level. it preserves your logic, your structure, even reconstructable approximations of your original source. tools like pylingual were specifically built to take bytecode and give you back something close to the original python.

this means if you ship a .py file or a pyinstaller executable without proper protection, your source is readable by anyone with a free tool and 5 minutes.

the real-world impact:

your competitor downloads your tool, reads your source, and ships a clone
someone buys your script once and sells cracked copies for less
someone removes your license check and distributes it free
someone reads your API integration logic and replicates your service

these aren't theoretical. they happen. and they happen specifically because python's default protection is essentially nothing.

what real IP protection looks like:

native compilation
the strongest protection is eliminating python bytecode entirely. converting python to C and compiling to machine code means there's no bytecode to decompile. your logic exists as native machine code. reversing it requires disassembly skills, not a python decompiler. this is a completely different threat model.

polymorphic protection
static obfuscation breaks once. once someone figures out how to reverse one copy of your script, every copy is broken. polymorphic protection means every build is different, different obfuscation patterns, different keys, different structures. breaking one copy tells you nothing about the next version.

decompiler resistance
targeted techniques that make the specific tools attackers use (pylingual, pycdc, uncompyle6) fail on your output. when the decompiler crashes or produces garbage, the casual attacker stops. this is different from obfuscating the output, it means breaking the tool's analysis pipeline entirely.

runtime integrity
protection that continues working after deployment. detecting when someone is trying to hook or instrument your running process, and failing loudly when tampered with. this stops the "run it and intercept" approach that bypasses static protection.

what to do today:

assume your current protection is inadequate unless you've tested it specifically against modern decompilers
test it yourself, download pylingual and run it(or use the web version) against your protected output. if you can read the logic, so can anyone else
move to protection that actually works in your case

i built nyami specifically because i spent a year on the attacking side and could see exactly how every existing obfuscator failed. the protection covers every layer: native compilation, polymorphic bytecode encryption, decompiler-breaking, anti-tamper and many more not mentioned.

your code is your livelihood. it deserves protection that actually works.

nyami.cc | documentation.nyami.cc | discord.nyami.cc

got any questions? dm me on discord @justmaniak

how to stop someone from stealing your python code

Just Maniak — Mon, 13 Apr 2026 20:38:38 +0000

let's skip the theory and get to what actually works.

if you sell python scripts, deploy python tools, or just don't want your code readable by anyone who downloads it, this is for you.

first, understand what you're actually protecting against:

most people stealing python code aren't elite hackers. they're developers who:

want to understand how your logic works so they can copy it
want to remove your license checks so they can use it without paying
want to resell a cracked version of your paid tool

these people are not running custom exploits. they're opening pylingual and uploading in your bytecode(.pyc). it takes them two minutes if you have no real protection.

that's the actual threat. not a nation-state attacker. a bored developer with a decompiler.

what doesn't work (and why):

variable obfuscation
renaming calculate_price to x7a3f doesn't matter. decompilers reconstruct the logic, not the names. your code is just as readable, just harder to skim.

string encoding
base64, xor, rot13 on your strings. trivially reversible. anyone who finds the encoding finds the decoder right next to it. two minutes to reverse.

most obfuscators on the market
i tested this. i spent a year cracking paid scripts protected with real commercial obfuscators. the output looked scary - nested lambdas, encoded strings, renamed everything. i still cracked them in minutes with pylingual. because the bytecode was still there, readable, unencrypted.

the obfuscators looked like protection. they weren't.

pyinstaller alone
a lot think packaging an exe hides the code. it doesn't. pyinstxtractor extracts the bytecodes in 30 seconds. then you decompile normally.

what actually works:

python to C compilation (the best option)
convert your python to C code and compile it to machine code. there's no python bytecode anymore. decompilers have nothing to work with. your logic exists as compiled native code that requires serious reverse engineering skill to understand, not five minutes with a python decompiler.

bytecode encryption with polymorphic keys
encrypt the actual bytecode and use a different key every build. even if someone breaks one copy, they have to start over with the next version. signatures don't work because every build is different.

decompiler-breaking
build output that specifically causes pylingual, pycdc, and similar tools to crash or fail. when the tool fails, the casual attacker moves on. this is different from just confusing the output, it means understanding how decompilers work internally and breaking their analysis pipeline.

anti-tamper that watches for hooking
the last line of defense. when someone uses frida or a patched interpreter to hook your running process, detect it and crash. make the failure loud and unhelpful. this stops the dynamic analysis approach when static decompilation fails.

the honest answer:

nothing is truly uncrackable. if someone dedicates serious time and skill they can reverse anything.

but that's not the goal. the goal is making your code not worth cracking for the 99% of people who'd consider it. if breaking your protection takes 3 weeks of serious work instead of 5 minutes, most people give up. the economics stop making sense.

that's what real protection looks like.

i built nyami after spending a year on the other side of this problem, cracking paid scripts and understanding exactly why every protection i encountered failed. it covers every layer above: pytoc, bytecode encryption with polymorphic keys, decompiler-breaking, and anti-tamper.

if you want to see what properly protected python looks like, we post test files on discord after every update. try to decompile them yourself with whatever tools you want.

nyami.cc | discord.nyami.cc

got any questions? dm on discord @justmaniak

python reverse engineering protection: what actually works in 2026

Just Maniak — Mon, 13 Apr 2026 20:33:15 +0000

i spent over a year on the attacking side of python RE before i switched to building defenses.

so when i say "this doesn't work" i mean i've personally used the attacks.

here's what the threat model actually looks like and what protection means against each layer.

the attacks, in order of how easy they are:

layer 1 - static decompilation (easiest)

tools: pylingual, pycdc, uncompyle6, decompile3

what they do: take your .pyc bytecode and reconstruct something close to your original source

how long it takes: 30 seconds

protection that stops it: bytecode encryption, pytoc (python to C compilation), decompiler-breaking techniques that make these tools crash on your specific output

protection that doesn't stop it: variable renaming, string encoding, basic obfuscation

layer 2 - pyinstaller extraction (easy)

tools: pyinstxtractor + decompiler

what they do: unpack your exe, extract the bytecodes, then decompile from there

how long it takes: 2-5 minutes

protection that stops it: encrypting the bytecodes inside the bundle, making extraction fail or produce garbage, converting to native code with pytoc

protection that doesn't stop it: pyinstaller alone, most off-the-shelf obfuscators applied before packing

layer 3 - dynamic analysis / hooking (medium)

tools: frida, x64dbg, custom python hooks, patched interpreters

what they do: instrument the running process, intercept function calls, read decrypted code from memory at runtime

how long it takes: hours to days depending on skill

protection that stops it: anti-tamper that detects hooks, debugger detection, integrity checks that crash the process when tampering is detected, checks that fire from external files and can't be trivially patched out

protection that doesn't stop it: anything that only checks once at startup, anything that's easy to patch with a hex editor

layer 4 - full RE with serious dedication (hard)

tools: all of the above, custom tooling, time

what they do: systematic reverse engineering of the whole protection stack

how long it takes: days -> weeks

protection that stops it: honestly, nothing stops a truly dedicated attacker with unlimited time. but the goal isn't "impossible" it's "not worth it." at weeks of work for a script that costs $20/month, most people stop.

what this means practically:

if you protect with basic obfuscation you're stopping nobody. a bored teenager with pylingual cracks it in minutes.

if you protect with real bytecode encryption + anti-tamper + decompiler-breaking, you're stopping probably 99% of real-world attempts. the remaining 1% have to invest weeks of serious work, which just doesn't happen for most targets.

that's the gap that matters.

i built nyami specifically to cover layers 1-3 properly. every build is polymorphic so signature-based attacks don't scale. the decompiler-breaker is different per build. the anti-tamper watches for frida and external hooks, not just in-process ones.

protection isn't magic. but it doesn't have to be magic to be effective.

nyami.cc | discord.nyami.cc | documentation.nyami.cc

got any questions? ask me on discord @justmaniak

My python script was decompiled. here's what i learned.

Just Maniak — Mon, 13 Apr 2026 20:27:48 +0000

so this happens more than people talk about.

you sell a script, or you share a tool, or you release something you spent months building.

and then someone sends you your own source code back.

or you find it on a github repo you've never seen. or someone's selling a "cracked" version of your paid tool for free.

it's a horrible feeling. and the worst part is it's almost always preventable.

here's what actually happened and why:

the decompilation problem:

python compiles your code to bytecode (.pyc files) before running it.

bytecode is not source code. but it's close enough.

tools like pylingual, pycdc, and uncompyle6 can take that bytecode and reconstruct something very close to your original source. variable names, logic, structure. all of it.

if you shipped a .py file or a pyinstaller exe with no real protection, anyone with five minutes and a decompiler has your source code.

and i know this because i used to be the person doing it.

what doesn't help:

renaming your variables to x1, x2, a, b — decompilers don't care about names, they care about bytecode
base64 encoding your strings — easily decodable lmao
using a basic obfuscator — most of them just do the above and call it protection
pyinstaller alone — the exe is just a container, extractable in minutes with pyinstxtractor

i cracked tons of paid scripts using exactly these tools. scripts people were paying monthly for. scripts that were "supposed" to be protected.

the obfuscation was just bad.

what actually helps:

real protection means making the decompiler fail, not just making the output messy.

the approach that works:

converting python to C and compiling to machine code (no bytecode = nothing to decompile)
encrypting bytecode with polymorphic keys so every build is different
specifically targeting the internal pipelines of decompilers so they crash instead of output
anti-tamper that detects hooking and instrumentation at runtime

if your source got decompiled, it's not your fault for writing python. it's that the protection you trusted wasn't designed by someone who actually understands how the attacks work.

what to do right now:

check if your deployed files are already floating around — search github for unique strings from your codebase
rotate any hardcoded API keys or credentials immediately
rebuild your protection from scratch with something that actually understands decompilation

the damage is done for existing deployments. but the next version can be protected properly.

i built nyami after going through exactly this process — understanding every attack vector, then building defenses that actually counter them.

if you want to test what proper protection looks like, we post protected test files on our discord after every update. try to decompile them yourself.

nyami.cc | discord.nyami.cc

happy to answer questions, if you want to contact me directly on discord @justmaniak

[Boost]

Just Maniak — Sun, 25 Jan 2026 15:04:59 +0000

I spent a year+ cracking paid Python scripts, so I built an obfuscator that actually works

Just Maniak ・ Jan 25

#programming #python #obfuscate #beginners

I spent a year+ cracking paid Python scripts, so I built an obfuscator that actually works

Just Maniak — Sun, 25 Jan 2026 15:02:44 +0000

so about a year and a half ago i got bored and started learning python RE.
like actually learning it, going through decompilers, understanding bytecode,
the whole thing.

but here's the thing that really sent me down the rabbit hole: my friend kept
sending me paid python scripts he'd bought. cheap/expensive ones. scripts people
were actually paying for.

and i just... cracked them. all of them.

like genuinely every single paid script he sent me, i could break through the
obfuscation/security it had in minutes.

and that's when i realized: the obfuscators protecting these aren't actually
protecting anything.

the reality:

i'm talking scripts that cost $5-50+ monthly. scripts with/without obfuscation built in.
scripts that were supposed to be "secure" or "uncrackable" or whatever.

none of them were.

because the obfuscation they used was just... bad. like really bad.

they were just renaming variables and encoding strings
decompilers don't care about variable names
string encoding is trivial to reverse
most of them you could just pylingual and read the logic in minutes

so i'm sitting there looking at all these paid scripts that i was able to
completely reverse engineer, and i'm thinking: "how is this even possible?"

like people are paying money monthly for these scripts and anyone can break them in
5 minutes?

that's when i asked the real questions:

if the obfuscation is this weak on paid scripts, what's the obfuscator doing?

how bad must the obfuscation market be if people are selling protected scripts
with this level of protection?

and most importantly: what would real protection actually look like?

so i spent a year researching python security and obfuscation.

because if i can break paid scripts that are supposed to be protected, then
the obfuscators everyone's using are fundamentally broken.

what i learned:

most obfuscators are made by people who understand code but don't understand
attacks.

they use static obfuscation so signature detection works. once you break one
copy, every copy is broken.

they don't use polymorphism. they don't encrypt the bytecode. they don't think
about actual defense in depth.

the market is broken.

so i built nyami:

because if i can break paid scripts protected with current obfuscators, then
developers need real protection.
full feature list @ https://nyami.cc/features

the 4 core features:

Python To C (PYTOC)
- literally converts your python to C, then compiles it to machine code
- your python source code basically doesn't exist anymore
- still deploys as one .py file like normal
- best one imo
Bytecode Encryption
- encrypts the actual compiled bytecode
- and the keys are polymorphic so every build is different
- decompilers literally cannot read encrypted bytecode
Decompiler Breaker
- i spent time understanding how pycdc, pylingual, uncompyle6 actually work
- the tools that broke every paid script i tested
- then built stuff specifically to break them
- and it's different every build so signatures don't work
Polymorphic Obfuscator
- every build is unique
- v1.0 and v1.1 look different even though they do the same thing
- this is why paid scripts fail, they use the same obfuscation pattern which if broken once, its over

real talk:

obfuscation isn't magic. if someone dedicates serious time they can probably
still reverse your code. but that's not the point.

right now if you sell a python script protected with basic obfuscation, i can
probably crack it in minutes. with nyami it would take weeks of serious work, which at that point
most give up on even trying, because lets be real most of the times is not that important.

that's the difference that matters.

pricing:

€1 per token if you want to just test it out. €20/month if you're actually
protecting production code or selling scripts.

i didn't want to gatekeep this. if i could break paid scripts, small devs
should have access to something that actually works.

link: nyami.cc
you can also find nyami on discord @ https://discord.nyami.cc
and if you want to read documentation is @ https://documentation.nyami.cc
if you want to try deobfuscating one of our files we offer test files on discord
after almost every update, we also have the same file posted open-source on there

honestly just tired of seeing people trust broken tools so i built something
better.

happy to answer questions if anyone's curious about the technical stuff or
python security in general. or if you want to tell me why i'm wrong lol