Clarify that the 500-message behavior is only a default limit, not a hard cap.
Document `-n/--limit` examples for history, search, and export in both README and SKILL.
- Add Linux memory scanner (`find_all_keys_linux.py`) using `/proc/<pid>/mem`,
same approach as Windows/macOS — no GDB, no function offsets, no restart needed
- Extract Windows-specific code to `find_all_keys_windows.py`
- Make `find_all_keys.py` a platform dispatcher (Windows / Linux)
- Add `key_utils.py` for cross-platform path matching (`/` vs `\` in all_keys.json)
- Update `config.py` with Linux auto-detection of db_storage paths
- Update all consumers (decrypt_db, monitor, monitor_web, mcp_server) to use
`get_key_info()` for platform-agnostic key lookup
Tested on remote Linux container: 15/15 DBs scanned, decrypted, and verified.
Previous range [a-z0-9] was too broad, matching non-hex characters
g-z which wastes CPU on false candidates. WeChat image keys are
lowercase hex strings.
- glob() does not support ** recursive matching on macOS (POSIX).
Replace with nftw() + opendir to recursively walk db_storage/.
- Add overlap between memory chunks to catch x'...' patterns
spanning chunk boundaries.
Scans WeChat process memory for SQLCipher encryption keys using
Mach VM API. Outputs all_keys.json compatible with decrypt_db.py.
Build: cc -O2 -o find_all_keys_macos find_all_keys_macos.c -framework Foundation
Usage: sudo ./find_all_keys_macos [pid]
Add main.py as single entry point that auto-detects config, extracts keys, and launches Web UI or decrypts databases in one command.
Refactor find_all_keys to scan all Weixin.exe processes instead of only the largest one, enabling multi=account support.
Add usage instructions for image key extraction, file descriptions
for new modules, and technical details of the three .dat encryption
formats (old XOR, V1, V2).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New mcp_server.py provides 5 tools (get_recent_sessions, get_chat_history,
search_messages, get_contacts, get_new_messages) via FastMCP stdio transport.
Features on-demand decryption with mtime-based caching and WAL support.
郭立lee
JL
jackwener
ylytdeng
joshua-deng
dsjzazs
PeanutSplash
bbingz
joshua-deng