0d5ac82349
chore: 删除旧项目文件(MCP、Web UI、monitor 等)
2026-04-16 14:05:23 +08:00
0d0ae22a98
docs: 恢复 ad-hoc 签名为必要前置步骤
2026-04-16 10:11:17 +08:00
7610a54073
docs: ad-hoc 签名改为按需可选
2026-04-16 09:30:26 +08:00
181472a4ff
docs: 重写 README,对齐 daemon + CLI 架构
2026-04-16 09:13:31 +08:00
152921acb2
feat: wx init/export,修复全局搜索聊天名称
...
- wx init: 自动检测微信数据目录,编译并运行密钥扫描器,更新 config.json
- wx export: 导出聊天记录为 markdown/txt/json,支持 --since/--until/--limit/-o
- 修复全局搜索(wx search)显示"未知"的问题:
构建 md5(username)→username 反向索引,从表名 Msg_<md5> 还原联系人
- _refresh_names() 同步清除 _md5_to_uname 缓存
- 新增 15 个单元测试覆盖上述功能及 watch 协议
2026-04-16 01:38:40 +08:00
01486c66d4
chore: 移除 requirements.txt,统一用 uv + pyproject.toml 管理依赖
2026-04-16 01:28:37 +08:00
c907cf53fe
feat: daemon + CLI 架构 (wx_daemon.py + wx.py)
...
- wx_daemon.py: Unix socket server,mtime 感知 DB 缓存,WAL 监听,实时推送
- wx.py: Click CLI,自动拉起 daemon,sessions/history/search/contacts/watch
- pyproject.toml + uv.lock: uv 依赖管理
2026-04-16 01:28:22 +08:00
69a2f44240
feat: /api/history 支持按群过滤和增量拉取,更新 README API 文档
...
- /api/history 新增 chat、since、limit 参数
- README 新增 HTTP API 端点说明和联系人标签工具文档
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 11:43:41 +08:00
7eb29b03e8
feat: 新增联系人标签查询功能
...
解析 contact.db 的 contact_label 表和 extra_buffer protobuf Field #30,
支持查询标签列表及指定标签下的成员。
- mcp_server.py: 新增 get_contact_tags / get_tag_members MCP 工具
- monitor_web.py: 新增 /api/tags JSON 端点,支持 ?name= 过滤
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 09:54:21 +08:00
b80e7d1c14
fix: 新群/新联系人自动刷新联系人缓存
...
检测到消息的用户名不在联系人缓存中时,自动重新加载
contact.db,解决新建群聊一直显示 chatroom ID 的问题。
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 18:43:34 +08:00
396d4b24e2
fix: CLI 入口支持 V2(AES) 格式图片解密
...
decode_image.py 的 CLI 入口之前只走 XOR 解密路径,
V2 格式图片会直接报错退出。改为使用 decrypt_dat_file
智能入口,自动判断 V1/V2/XOR 格式。
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 16:40:16 +08:00
0821dc0e4e
Update README.md
...
加了一个tg群,防失联
2026-03-23 17:25:19 +08:00
944546beb1
fix: 统一所有 JSON 文件读写为 UTF-8 编码
...
Windows 中文环境默认编码为 GBK,未指定 encoding 会导致
config.json/all_keys.json 解析失败。修复 9 个文件共 17 处。
Closes #32
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 14:32:37 +08:00
67244597f2
Merge pull request #28 from dsjzazs/feat/auto-install-deps
...
fix: 改为通过 requirements 安装依赖
2026-03-14 22:22:54 +08:00
3e79c8e093
Merge pull request #30 from dsjzazs/main
...
MCP增强消息查询,支持时间范围和分页
2026-03-14 17:38:37 +08:00
7c42ff5d38
Investigate get_chat_history limit
2026-03-14 16:59:17 +08:00
2cd180c63a
Merge pull request #2 from dsjzazs/codex/searchmessages
...
Add unit tests for MCP search and fix pagination
2026-03-14 16:39:12 +08:00
9ae558a31e
Fix global search pagination
2026-03-14 16:36:55 +08:00
2e03247fb9
Add MCP dependency and pin versions ( #1 )
2026-03-14 15:13:28 +08:00
b623711410
Add MCP search unit tests
2026-03-14 14:07:51 +08:00
4bda20f7aa
feat: 更新 README
2026-03-14 10:24:23 +08:00
7e7f7a2516
feat: 增强消息查询功能,支持时间范围和分页
2026-03-14 10:21:21 +08:00
8e8edc649c
fix: 改为通过 requirements 安装依赖
...
README 改为统一使用 requirements.txt 安装依赖,并补充 zstandard 依赖,避免手动漏装。
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-13 16:27:09 +08:00
7020409543
fix: full_decrypt 写入前自动创建输出目录
...
full_decrypt 打开 out_path 写入时未创建父目录,
首次运行 monitor_web 且 decrypted/ 不存在时会报
FileNotFoundError。
Fixes #22
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 17:21:11 +08:00
030680eb85
fix: 修复短时间大量消息丢失问题
...
旧逻辑用 `if ts == prev_ts: continue` 粗暴跳过上轮时间戳的所有消息,
但同一秒内可能有多条不同消息(如连续转发公众号文章),导致只显示
最后一条,其余丢失。
改为用 (username, timestamp, msg_type) 精确去重:
- 主消息和 hidden 消息显示后都记录到 _shown_keys
- 过滤时精确匹配已显示的消息,不再按时间戳整体跳过
- _shown_keys 每轮清理过期条目(保留 5 分钟),防止内存泄漏
Fixes #20
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 19:52:46 +08:00
64b2c9fdef
Merge pull request #19 from BiboyQG/feat/chat-history-formatting
...
功能改进实用,问题不阻塞合并。
2026-03-09 19:48:06 +08:00
fd67536ef7
Refine chat history message parsing
2026-03-08 20:52:33 -05:00
fa273b810d
Improve chat history formatting
2026-03-08 15:30:10 -05:00
a5a347f69e
Merge PR #18 : feat: Linux 数据库解密支持
...
- 新增 find_all_keys_linux.py (通过 /proc/pid/mem 扫描密钥)
- 新增 key_utils.py (跨平台路径兼容)
- 新增 key_scan_common.py (公共扫描逻辑)
- 拆分 find_all_keys.py 为平台分发入口
- 所有下游模块统一使用 get_key_info() 查找密钥
Fixes #12 (部分: Linux 支持)
Co-authored-by: PeanutSplash <b1300658700@outlook.com>
2026-03-07 21:35:37 +08:00
30112b9a10
fix(linux): address code review feedback
...
- SUDO_USER: skip fallback entirely when user is invalid (KeyError)
- load_config: move default merge after db_dir check to avoid dead code
- _is_wechat_process: prefer exact comm match, use exe substring as fallback
2026-03-07 21:35:24 +08:00
3d58b6508c
fix(linux): validate SUDO_USER and use prefix matching for interpreters
...
- Validate SUDO_USER via pwd.getpwnam() to prevent path injection
- Use prefix matching for interpreter detection to cover python3.10+ etc.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 21:35:24 +08:00
bf77cc97d8
refactor(linux): improve wechat detection and sudo db path fallback
2026-03-07 21:35:24 +08:00
bc80a1578d
refactor(find_all_keys_windows): drop unused constants imports
2026-03-07 21:35:24 +08:00
6d9b2c0fe4
refactor(find_all_keys): extract shared key scan logic
2026-03-07 21:35:24 +08:00
872e3f58dc
fix: handle exited PIDs and narrow message DB keys
2026-03-07 21:35:24 +08:00
f9c338b48d
feat: add Linux support with cross-platform memory scanning
...
- Add Linux memory scanner (`find_all_keys_linux.py`) using `/proc/<pid>/mem`,
same approach as Windows/macOS — no GDB, no function offsets, no restart needed
- Extract Windows-specific code to `find_all_keys_windows.py`
- Make `find_all_keys.py` a platform dispatcher (Windows / Linux)
- Add `key_utils.py` for cross-platform path matching (`/` vs `\` in all_keys.json)
- Update `config.py` with Linux auto-detection of db_storage paths
- Update all consumers (decrypt_db, monitor, monitor_web, mcp_server) to use
`get_key_info()` for platform-agnostic key lookup
Tested on remote Linux container: 15/15 DBs scanned, decrypted, and verified.
2026-03-07 21:35:24 +08:00
5879b58239
Merge PR #15 : feat: macOS 图片密钥扫描器 + 批量解密器 (C)
...
新增 find_image_key.c 和 decrypt_images.c,
通过 Mach VM API + CommonCrypto 实现 macOS 图片解密。
Co-authored-by: bbingz
2026-03-07 21:35:08 +08:00
e84f1d5130
fix: fallback key in multi-key mode + bound printf context
...
- decrypt_images.c: try image_keys.json lookup first, fall back to
config.json single key when CT pattern not mapped (previously returned
-5 immediately in multi-key mode)
- find_image_key.c: cap ASCII context printf to remaining buffer length,
preventing out-of-bounds read near region end
2026-03-07 21:35:00 +08:00
96c1a5ac2e
fix: add file size validation and clarify Method 2 intent
...
- decrypt_images.c: validate aes_ct_size + xor_size fits within file
before reading, preventing out-of-bounds reads on corrupt files
- decrypt_images.c: remove unused bytes2hex function
- find_image_key.c: add comment explaining Method 2 design intent —
hex ASCII bytes used directly as AES key (not hex-decoded)
2026-03-07 21:35:00 +08:00
03582dd82c
fix: narrow Method 2 scan to hex charset [0-9a-f]
...
Previous range [a-z0-9] was too broad, matching non-hex characters
g-z which wastes CPU on false candidates. WeChat image keys are
lowercase hex strings.
2026-03-07 21:35:00 +08:00
0576151b67
feat: add macOS image key scanner and batch decryptor (C)
...
- find_image_key.c: scans WeChat process memory for V2 image AES keys
using Mach VM API + CommonCrypto batch decryption
- decrypt_images.c: batch decrypts V2 .dat image files using keys
from image_keys.json, handles AES-ECB + XOR + raw_data segments
Build: cc -O3 -o find_image_key find_image_key.c -framework Security
cc -O3 -o decrypt_images decrypt_images.c -framework Security
2026-03-07 21:35:00 +08:00
2b03a81a8f
fix: 统一路径分隔符为正斜杠,修复 macOS/Linux 兼容性
...
all_keys.json 中的 key 统一使用 `/` 作为路径分隔符,
消除 Windows 反斜杠硬编码,确保跨平台兼容。
涉及文件: find_all_keys.py, decrypt_db.py, monitor.py,
monitor_web.py, mcp_server.py, decode_image.py, latency_test.py
Fixes #17
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 00:53:48 +08:00
1294953681
Merge pull request #14 from bbingz/pr/macos-c-scanner
...
核心功能已验证,新增独立文件不影响现有功能。
2026-03-06 09:29:42 +08:00
fc2ae833dc
Merge pull request #13 from bbingz/pr/macos-docs
...
文档质量高,实测数据详实。剩余小问题不阻塞合并。
2026-03-06 09:29:35 +08:00
992c3f5ee4
fix: replace nonexistent scan_keys.js with actual tools in quickstart
...
Quickstart step 4 referenced scan_keys.js which doesn't exist in the
repo. Replace with find_all_keys_macos.c (Method A) and note Frida as
Method B requiring user's own script. Also add config.json note for
step 5.
2026-03-05 23:26:55 +08:00
18ffb2e7fa
fix: use forward slashes in JSON output and add size==0 guard
...
- Remove forward-to-backslash conversion in JSON keys — forward slashes
are native macOS paths and don't need JSON escaping (backslash paths
like \b would be misinterpreted as escape sequences by JSON parsers)
- Add size==0 guard after mach_vm_region to prevent infinite loop
2026-03-05 23:19:22 +08:00
76dd2b6d95
fix: clear header reserved-space field and add per-page HMAC note
...
- Zero out SQLite header offset 20 (reserved-space) after decryption,
otherwise SQLite miscalculates usable page size
- Add comment noting production code should verify HMAC on every page,
not just page 1
2026-03-05 23:18:03 +08:00
d38d7ebf9c
fix: replace glob() with nftw() and add chunk overlap
...
- glob() does not support ** recursive matching on macOS (POSIX).
Replace with nftw() + opendir to recursively walk db_storage/.
- Add overlap between memory chunks to catch x'...' patterns
spanning chunk boundaries.
2026-03-05 22:02:49 +08:00
d4314c4857
fix: address review feedback on docs
...
- decrypt_page: zero-fill reserve for all pages (consistency)
- Move reserve into configs tuple for clarity
- Remove unused import os
- Trim duplicated permission content, reference permission guide
- Replace empty scan_keys.js shell with find_all_keys_macos reference
2026-03-05 21:55:10 +08:00
1f9ca3792a
feat: add macOS C memory key scanner
...
Scans WeChat process memory for SQLCipher encryption keys using
Mach VM API. Outputs all_keys.json compatible with decrypt_db.py.
Build: cc -O2 -o find_all_keys_macos find_all_keys_macos.c -framework Foundation
Usage: sudo ./find_all_keys_macos [pid]
2026-03-05 21:49:00 +08:00
jackwener
ylytdeng
joshua-deng
dsjzazs
Banghao Chi
PeanutSplash
bbingz