Content
# chatlog_alpha
This is a fork of the original [chatlog](https://github.com/sjzar/chatlog) project, imported from [xiaofeng2042's branch](https://github.com/xiaofeng2042/chatlog) to prevent the branch from being automatically deleted if the upstream repository is removed.
The unmodified source code can be found in the [main branch](https://github.com/CJYKK/chatlog_backup/tree/main), and I take no responsibility for any content within the code.
Currently tested successful WeChat version: 4.1.5.30
## Project Overview
This is a WeChat chat log decryption tool that supports Windows and macOS platforms. The tool obtains the WeChat database key through DLL injection or memory scanning, and then decrypts the WeChat chat database files.
## Main Features
- **Key Acquisition**: Supports both DLL injection and memory scanning methods to obtain the WeChat database key.
- **Database Decryption**: Decrypts the encrypted SQLite database files of WeChat.
- **Image Decryption**: Decrypts the encrypted image files of WeChat (requires image key).
- **Automatic Monitoring**: Monitors the WeChat data directory and automatically decrypts newly added data.
- **HTTP Service**: Provides a local HTTP service that supports the MCP protocol.
- **Multi-Platform Support**: Supports Windows and macOS.
- **Multi-Version Support**: Supports WeChat versions 3.x and 4.x.
## Quick Start
### 1. Obtain the Key DLL
To obtain the key, please visit https://github.com/ycccccccy/wx_key.
Place the `wx_key.dll` file in the `lib/windows_x64/` directory.
### 2. Compile the Project
```bash
go build -o chatlog_alpha.exe main.go
```
### 3. Run the Program
```bash
./chatlog_alpha.exe
```
### 4. Complete Usage Logic
#### 1. Start chatlog
#### 2. Start WeChat (do not click login)
#### 3. Wait for chatlog to obtain the PID information, then click login
#### 4. After 30 seconds, return the key; note that obtaining the image key is not yet adapted, contributions are welcome.
## Usage Instructions
### Interface Operations
After the program starts, a TUI interface will appear, with main functions including:
1. **Get Key**: Obtain the database key and image key from the WeChat process.
2. **Decrypt Data**: Decrypt WeChat data files.
3. **Start HTTP Service**: Start the local HTTP & MCP server.
4. **Enable Automatic Decryption**: Monitor the data directory and automatically decrypt newly added data.
5. **Settings**: Configure application options.
6. **Switch Account**: Switch the currently operated account.
7. **Exit**: Exit the program.
### Key Acquisition Process
1. **DLL Method (Recommended)**:
- The program will attempt to load `wx_key.dll`.
- Initialize DLL Hook to the WeChat process.
- Poll to obtain the key (requires the user to log in to WeChat and view chat history to trigger database reading).
- Automatically clean up the Hook after successful acquisition.
2. **Native Method (Backup)**:
- If the DLL is unavailable, use memory scanning.
- Search for key patterns in the WeChat process memory.
- Requires WeChat to be in a logged-in state.
### Temporary Account Management
The program supports temporary account management. When WeChat is not logged in or restarted:
- **Temporary Account Name**: Format is `Not Logged In WeChat_PID`, which will automatically update with PID changes.
- **Status Monitoring**: Real-time monitoring of WeChat process status changes.
- **Automatic Switching**: Automatically switch to the real account name after WeChat logs in.
- **Data Cleanup**: Automatically clean up related data after WeChat exits.
## Configuration Instructions
### Important Configuration Items
1. **HTTP Service Address**: Default is `127.0.0.1:5030`.
2. **Working Directory**: Directory for storing decrypted files.
3. **Data Directory**: Directory where WeChat data files are located.
4. **Data Key**: WeChat database decryption key.
5. **Image Key**: WeChat image decryption key.
### Configuration File
The configuration file is located at `.chatlog/config.json` in the user directory and includes:
- Historical account information.
- The last used account.
- HTTP service configuration.
- Working directory settings.
## Important Notes
### 1. ffmpeg Dependency
To convert dat files, ffmpeg must be installed, and the bin directory must be set in the system variables; otherwise, an explicit error will occur.
### 2. Image Key Format
The image decryption AES key should be converted to hex, e.g., 16-byte AES key → `34000000386000006538323730000000`.
### 3. Usage Precautions
- There may be a brief lag in WeChat when obtaining the key; this is normal.
- Please ensure WeChat is logged in and a chat window is open to view historical messages.
- For WeChat V4, the image key may not be necessary.
- The program requires administrator/root permissions to access process memory.
## Changelog
### December 14, 2025
- Optimized temporary account name management, automatically updating with PID changes.
- Improved WeChat process status monitoring logic.
- Fixed the issue of PID not updating after WeChat restarts.
- Enhanced error handling and user prompts.
### December 13, 2025
- Synchronized the image decryption processing logic related to the wx_key project.
- Added a clear image cache feature to the default page at http://127.0.0.1:5030/ for easier testing.
- Displayed prompts for dat conversion failures due to ffmpeg not being installed.
### Early Versions
- Implemented DLL key acquisition method.
- Added DLL logging functionality.
- Supported obtaining PID when WeChat is not logged in.
- Implemented automatic monitoring and decryption features.
- Added HTTP service support.
## File Structure
```
chatlog_alpha/
├── main.go # Program entry point
├── internal/
│ ├── chatlog/ # Core chat log processing
│ │ ├── app.go # TUI application
│ │ ├── ctx/ # Context management
│ │ └── manager.go # Manager
│ ├── wechat/ # WeChat related functions
│ │ ├── wechat.go # WeChat account management
│ │ ├── key/ # Key extractor
│ │ ├── decrypt/ # Decryptor
│ │ └── process/ # Process detection
│ └── ui/ # User interface components
├── pkg/
│ ├── util/ # Utility functions
│ └── config/ # Configuration management
├── lib/
│ └── windows_x64/ # Windows DLL files
└── dll_usage_guide.md # DLL usage guide
```
## Technical Implementation
### Key Acquisition Mechanism
1. **DLL Injection Method**:
- Use `wx_key.dll` to inject Shellcode into the WeChat process.
- Pass key data through shared memory.
- Supports WeChat version 4.x.
2. **Memory Scanning Method**:
- Read the memory of the WeChat process.
- Search for specific key patterns.
- Supports WeChat versions 3.x and 4.x.
### Process Monitoring
- Real-time detection of WeChat process status.
- Supports multiple instances of WeChat.
- Automatically handles process restarts.
- Updates UI on status changes.
### Logging System
- DLL operation logs are saved to the program's running directory.
- Detailed error and debugging information.
- Supports log level control.
## Frequently Asked Questions
### Q: What should I do if key acquisition times out?
A: Please ensure:
1. WeChat is logged in (cannot be on the login screen).
2. Any chat window is open.
3. Scroll up to view historical messages (triggers database reading).
4. Or send/receive a new message.
### Q: What should I do if DLL loading fails?
A: Please check:
1. If the `wx_key.dll` file is in the `lib/windows_x64/` directory.
2. If the system architecture matches (requires a 64-bit system).
3. If antivirus software is blocking the DLL loading.
### Q: What should I do if image decryption fails?
A: Please check:
1. If the image key is correct (requires a 16-byte HEX string).
2. If the WeChat version supports image decryption.
3. If the image file is complete.
### Q: What should I do if the program cannot detect the WeChat process?
A: Please check:
1. If WeChat is running.
2. If the program has sufficient permissions.
3. If antivirus software is blocking process access.
## License
This project is based on the original chatlog project; please refer to the original project for specific license information.
## Disclaimer
This project is for educational and research purposes only; please do not use it for illegal purposes. Any consequences arising from the use of this tool are the sole responsibility of the user.
**Important**: Please comply with local laws and regulations, respect others' privacy, and use this tool legally.
