Analysis updated 2026-05-18
Extract your own WeChat account's local database encryption key on Linux.
Read and inspect your own WeChat chat history outside the app.
Study how ELF static analysis can locate a function without manual reverse engineering.
| tangandxue/wcdb-key-tool | 0c33/agentic-ai | adennng/stock_strategy_lab | |
|---|---|---|---|
| Stars | 14 | 14 | 14 |
| Language | Python | Python | Python |
| Setup difficulty | — | hard | hard |
| Complexity | 4/5 | 4/5 | 4/5 |
| Audience | developer | developer | researcher |
Figures from each repo's GitHub metadata at analysis time.
wcdb-key-tool is a Python utility that extracts the encryption keys from WeChat's local message databases on Linux, allowing you to open and read those databases yourself. WeChat stores its chat history in encrypted database files using a format called WCDB (a database library built on SQLCipher). Without the correct key, you cannot open or inspect the database file, even though it is stored on your own computer. The tool was created to address a change introduced in WeChat 4.1+. Earlier versions stored the raw encryption key directly in process memory in a predictable pattern, so existing open-source tools could find it by scanning memory. The newer version switched to storing a passphrase instead, which must be transformed through a key-stretching algorithm called PBKDF2-SHA512 (run 256,000 times) to produce the actual encryption key. This broke every previous tool. The solution uses three steps. First, ELF static analysis: the tool inspects the WeChat binary file itself to automatically locate the address of the function that handles key writing, so it does not need manual reverse engineering each time WeChat updates. Second, GDB (a debugger) attaches briefly during WeChat login, intercepts that function, and reads the 32-byte passphrase directly from a CPU register. This takes less than two seconds and then detaches. Third, the tool applies PBKDF2-SHA512 to derive the per-database encryption key and verifies it before saving. The tool is a single Python file with one dependency (gdb). It works on Linux x86_64 and covers WeChat versions 4.0.x through 4.1.x. It is intended for users extracting keys from their own WeChat account on their own device.
A Python and GDB based tool that extracts WeChat's local database encryption key on Linux so you can read your own chat history yourself.
Mainly Python. The stack also includes Python, GDB.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.