whatisgithub

What is wcdb-key-tool?

tangandxue/wcdb-key-tool — explained in plain English

Analysis updated 2026-05-18

14PythonAudience · developerComplexity · 4/5

In one sentence

A Python and GDB based tool that extracts WeChat's local database encryption key on Linux so you can read your own chat history yourself.

Mindmap

mindmap
  root((repo))
    What it does
      Extracts WeChat DB key
      Reads encrypted chat history
      Works on Linux only
    Tech stack
      Python
      GDB debugger
      PBKDF2-SHA512
    Use cases
      Access own chat backups
      Study binary key extraction
    Audience
      Developers
      Security researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Extract your own WeChat account's local database encryption key on Linux.

USE CASE 2

Read and inspect your own WeChat chat history outside the app.

USE CASE 3

Study how ELF static analysis can locate a function without manual reverse engineering.

What is it built with?

PythonGDB

How does it compare?

tangandxue/wcdb-key-tool0c33/agentic-aiadennng/stock_strategy_lab
Stars141414
LanguagePythonPythonPython
Setup difficultyhardhard
Complexity4/54/54/5
Audiencedeveloperdeveloperresearcher

Figures from each repo's GitHub metadata at analysis time.

So what is it?

wcdb-key-tool is a Python utility that extracts the encryption keys from WeChat's local message databases on Linux, allowing you to open and read those databases yourself. WeChat stores its chat history in encrypted database files using a format called WCDB (a database library built on SQLCipher). Without the correct key, you cannot open or inspect the database file, even though it is stored on your own computer. The tool was created to address a change introduced in WeChat 4.1+. Earlier versions stored the raw encryption key directly in process memory in a predictable pattern, so existing open-source tools could find it by scanning memory. The newer version switched to storing a passphrase instead, which must be transformed through a key-stretching algorithm called PBKDF2-SHA512 (run 256,000 times) to produce the actual encryption key. This broke every previous tool. The solution uses three steps. First, ELF static analysis: the tool inspects the WeChat binary file itself to automatically locate the address of the function that handles key writing, so it does not need manual reverse engineering each time WeChat updates. Second, GDB (a debugger) attaches briefly during WeChat login, intercepts that function, and reads the 32-byte passphrase directly from a CPU register. This takes less than two seconds and then detaches. Third, the tool applies PBKDF2-SHA512 to derive the per-database encryption key and verifies it before saving. The tool is a single Python file with one dependency (gdb). It works on Linux x86_64 and covers WeChat versions 4.0.x through 4.1.x. It is intended for users extracting keys from their own WeChat account on their own device.

Copy-paste prompts

Prompt 1
Explain how this tool locates the WeChat key-writing function via ELF static analysis.
Prompt 2
Walk me through running this tool safely on my own WeChat account.
Prompt 3
What is PBKDF2-SHA512 key stretching and why does WeChat use it here?
Prompt 4
How does attaching GDB during login let this tool read the passphrase from a register?

Frequently asked questions

What is wcdb-key-tool?

A Python and GDB based tool that extracts WeChat's local database encryption key on Linux so you can read your own chat history yourself.

What language is wcdb-key-tool written in?

Mainly Python. The stack also includes Python, GDB.

Who is wcdb-key-tool for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.