← 返回 Skills 市场
54
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wechat-db-decrypt
功能描述
Decrypt and extract messages from WeChat PC 3.x/4.x databases after obtaining decrypted SQLite files from xwechat_files directory.
使用说明 (SKILL.md)
wechat-db-decrypt - 微信数据库解密与消息提取
适用版本:微信 PC 3.x / 4.x 新架构(WeChatAppEx.exe),xwechat_files 格式 前提:微信已正常登录,数据库已通过 WeChatMsg.exe 或类似工具解密到
db_storage_decrypted
快速开始
已解密数据库路径
C:\Users\\x3C用户名>\Documents\xwechat_files\\x3Cwxid>\db_storage_decrypted\
读取消息示例(Python)
import sqlite3, os, datetime
decrypted_dir = r"C:\Users\\x3C用户名>\Documents\xwechat_files\\x3Cwxid>\db_storage_decrypted"
# 连接消息数据库
msg_db = os.path.join(decrypted_dir, "message", "message_0.db")
conn = sqlite3.connect(msg_db)
cursor = conn.cursor()
# 获取所有消息表
cursor.execute("SELECT name FROM sqlite_master WHERE type='table'")
tables = [r[0] for r in cursor.fetchall()]
msg_tables = [t for t in tables if t.startswith('Msg_')]
# 搜索关键词消息
for tbl in msg_tables:
try:
cursor.execute(f"SELECT message_content, create_time FROM {tbl} WHERE message_content LIKE ? LIMIT 10", ('%程序员%',))
rows = cursor.fetchall()
for content, ctime in rows:
dt = datetime.datetime.fromtimestamp(ctime)
print(f"[{dt}] {content[:100]}")
except:
pass
conn.close()
数据库结构解析
目录结构
\x3Cwxid>\
├── db_storage\ # 加密数据库(需密钥)
├── db_storage_decrypted\# 解密后的数据库 ← 主要操作这个
│ ├── contact\ # 联系人表
│ │ └── contact.db # 包含 contact, chatroom_member 等表
│ ├── message\ # 消息表(按时间段分库)
│ │ ├── message_0.db # 消息库1(~8MB)
│ │ ├── message_1.db # 消息库2(~52MB)
│ │ └── message_2.db # 消息库3(~43MB)
│ └── session\ # 会话列表
│ └── session.db # SessionTable 等
└── config\ # 账号配置
contact.db 表结构
contact: username, nick_name, remark, type 等
chat_room: 群聊基础信息
chatroom_member: 群成员列表 (member_id, member_nick, chatroom_id)
message_N.db 表结构
Msg_\x3Chash>: 消息表(每个表对应一个聊天对象/群)
- local_id: 本地消息ID
- server_id: 服务器消息ID
- create_time: 时间戳(秒)
- real_sender_id: 发送者
- message_content: 消息内容(二进制/文本)
- source: 消息来源
TimeStamp: 时间戳表
Name2Id: ID映射表(wxid \x3C-> 数据库表名)
表名规律
- 消息表名是加密的 hash:
Msg_\x3C32位hex> - 群ID格式:
\x3C数字>@chatroom - 单人会话:
wxid_\x3C随机字符串>
关键操作步骤
Step 1: 找到群的 chatroom_id
# 在 contact.db 的 contact 表中搜索群名
conn = sqlite3.connect(os.path.join(decrypted_dir, "contact", "contact.db"))
cursor = conn.cursor()
cursor.execute("SELECT username, nick_name FROM contact WHERE nick_name LIKE '%程序员客栈%'")
rows = cursor.fetchall()
# 得到: ('34907532207@chatroom', '程序员客栈91群')
conn.close()
Step 2: 搜索群消息
# WCDB 加密表名中没有明显的群标识,需要在所有 Msg 表中搜索内容
keywords = ['开题', '报告', '开发', '报价', '项目', '需求', '接单']
for tbl in msg_tables:
for kw in keywords:
cursor.execute(f"SELECT message_content, create_time FROM {tbl} WHERE message_content LIKE ?", (f'%{kw}%',))
rows = cursor.fetchall()
# 处理结果...
Step 3: 解析 message_content 二进制
# message_content 是 protobuf 或二进制编码,需要解码
content_bytes = row[0]
if content_bytes:
text = content_bytes.decode('utf-8', errors='replace')
# 通常是 XML 格式: \x3Cmsg>\x3Cappmsg>...
# 或直接是文本
Step 4: 导出需求数据
# 按时间段统计需求类型
results = []
for tbl in msg_tables:
cursor.execute(f"SELECT message_content, create_time FROM {tbl} WHERE message_content LIKE '%报价%' OR message_content LIKE '%需求%'")
for content, ctime in cursor.fetchall():
if content:
dt = datetime.datetime.fromtimestamp(ctime)
results.append({'time': dt, 'content': str(content)[:200]})
解密状态判断
已解密
db_storage_decrypted目录存在且包含.db文件- sqlite3 可直接打开,Tables 有
Msg_前缀 - HMAC 验证:数据库文件头不是
SQLite format 3(加密头)
未解密
db_storage中.db文件 sqlite3 打开报错:file is not a database.material文件存在(加密分片)
解决方案(未解密时)
方案A:下载 WeChatMsg.exe
- https://memotrace.lc044.love/ 或夸克网盘
- 下载编译好的 exe,直接运行
- 它会自动找到微信进程、提取密钥、解密数据库
方案B:修复 pywxdump
# 如果是 WeChatAppEx.exe 进程名问题,修改 pywxdump 源码
site_pkg = r"C:\Users\\x3C用户名>\AppData\Local\Programs\Python\Python312\Lib\site-packages\pywxdump"
# 修改 PROCESS_NAMES
with open(f"{site_pkg}\\wx_core\\wx_info.py", 'r') as f:
content = f.read()
content = content.replace(
'if name == "WeChat.exe"',
'if name in ["WeChatAppEx.exe", "WeChat.exe"]'
)
with open(f"{site_pkg}\\wx_core\\wx_info.py", 'w') as f:
f.write(content)
方案C:手动内存扫描(进阶)
- 附加 pymem 到 WeChatAppEx.exe
- 搜索 android/iphone string 附近的高熵数据
- 用 HMAC 验证候选密钥
- 参考
simple_key_scan.py/pymem_key_scan.py脚本
已知问题
微信版本太新(2.4.1.19433)
pywxdump和WeChatMsg源码不支持- 解决:用编译好的 exe(已更新版本)
android string 在 flue.dll 而非 xweb_elf.dll
- 密钥不在 xweb_elf.dll 中
flue.dll(209MB)里的 android string 是音频引擎的协议数据,不是密钥附近
pymem pattern_scan_module 在大模块上失败
- 某些模块内存不可读,跳过即可
- 用
read_bytes分段读取更稳定
相关文件
| 文件 | 说明 |
|---|---|
read_decrypted_db.py |
读取已解密数据库示例 |
search_group_messages.py |
搜索群消息示例 |
full_msg_search.py |
全库关键词搜索 |
sqlite_mem_scan.py |
内存中搜索 SQLite 明文 |
pymem_key_scan.py |
pymem 内存扫描找密钥 |
使用场景
- 微信群需求分析(程序员客栈91群等)
- 聊天记录导出备份
- 对手情报收集(竞品动态)
- 客户需求挖掘(AI接单方向选择)
安全提醒:仅用于个人数据备份和本人合法用途,禁止非法采集他人信息。
安全使用建议
Only install this if you intentionally want to analyze your own WeChat database and understand the privacy/legal implications. Do not run the suggested external executable unless you can verify its source and integrity. Keep the agent from autonomously extracting keys or monitoring chats, remove the bundled chat-derived knowledge if not needed, and store any exported message data locally, securely, and only with appropriate consent.
功能分析
Type: OpenClaw Skill
Name: wechat-db-decrypt
Version: 1.0.0
This skill bundle provides tools and instructions for decrypting and extracting private WeChat message databases. Key indicators of risk include instructions in SKILL.md to modify the source code of local Python libraries (pywxdump) and perform memory scanning using pymem to extract encryption keys. While the provided script search_messages.py performs local keyword searches without evidence of exfiltration, the documentation encourages invasive data mining for 'competitor intelligence' and 'customer demand,' utilizing techniques often associated with surveillance or gray-hat tools.
能力评估
Purpose & Capability
The core purpose is coherent with the name, but it involves highly sensitive WeChat message/contact databases and the included materials show use for group demand analysis, competitor intelligence, and customer lead mining rather than only personal backup.
Instruction Scope
The instructions go beyond reading already-decrypted SQLite files: they describe running a third-party tool that extracts WeChat keys from a live process, patching pywxdump, and manually scanning process memory.
Install Mechanism
There is no install spec and the registry source/homepage are unknown, yet the SKILL.md tells users to download and directly run a compiled WeChatMsg.exe from external locations without pinned version, checksum, or provenance.
Credentials
The skill expects access to local WeChat xwechat_files, decrypted message/contact databases, and potentially WeChat process memory; the included script searches all message databases and writes plaintext result files.
Persistence & Privilege
The script writes message search logs/results locally, and the knowledge file suggests importing chat-derived analysis into persistent memory and building a real-time monitor, without retention, consent, or stop controls.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wechat-db-decrypt - 安装完成后,直接呼叫该 Skill 的名称或使用
/wechat-db-decrypt触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
wechat-db-decrypt 1.0.0 – Initial Release
- 支持微信 PC 3.x / 4.x 新架构(WeChatAppEx.exe)数据库解密与消息提取
- 提供已解密数据库的快速读取与关键词查询 Python 示例
- 详细解析数据库目录、表结构及消息表命名规则
- 给出解密状态判断方法及多种数据库解密方案(含 WeChatMsg.exe、pywxdump 修复方法)
- 列出常见问题及排查建议
- 提供典型使用场景说明与安全提醒
元数据
常见问题
Wechat Db Decrypt 是什么?
Decrypt and extract messages from WeChat PC 3.x/4.x databases after obtaining decrypted SQLite files from xwechat_files directory. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 54 次。
如何安装 Wechat Db Decrypt?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-db-decrypt」即可一键安装,无需额外配置。
Wechat Db Decrypt 是免费的吗?
是的,Wechat Db Decrypt 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Wechat Db Decrypt 支持哪些平台?
Wechat Db Decrypt 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Wechat Db Decrypt?
由 as1113435(@as1113435)开发并维护,当前版本 v1.0.0。
推荐 Skills