{"id":20666172,"url":"https://github.com/hazcod/totalrecall","last_synced_at":"2025-04-19T16:41:46.671Z","repository":{"id":242889776,"uuid":"810858102","full_name":"hazcod/totalrecall","owner":"hazcod","description":"A Go SDK and commandline utility to abuse the latest Windows Copilot+ Recall feature.","archived":false,"fork":false,"pushed_at":"2025-03-31T04:48:57.000Z","size":60,"stargazers_count":4,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-15T14:19:20.161Z","etag":null,"topics":["copilot","dfir","go","recall"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hazcod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-05T13:35:17.000Z","updated_at":"2025-02-16T15:28:17.000Z","dependencies_parsed_at":"2024-06-05T15:27:34.842Z","dependency_job_id":"072b916f-e450-4041-bbc7-e79b490e70b7","html_url":"https://github.com/hazcod/totalrecall","commit_stats":null,"previous_names":["hazcod/totalrecall-go"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hazcod%2Ftotalrecall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hazcod%2Ftotalrecall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hazcod%2Ftotalrecall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hazcod%2Ftotalrecall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hazcod","download_url":"https://codeload.github.com/hazcod/totalrecall/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249740286,"owners_count":21318685,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["copilot","dfir","go","recall"],"created_at":"2024-11-16T19:35:42.770Z","updated_at":"2025-04-19T16:41:46.635Z","avatar_url":"https://github.com/hazcod.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# totalrecall-go\n\nA Go SDK and commandline utility to abuse the latest Windows Copilot+ Recall feature.\u003cbr/\u003e\nThis was inspired by [Kevin Beaumonts excellent blog article](https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e).\n\nThis will extract any Recall extracts which contains the following information:\n- Timestamp of the extract\n- Window title\n- Window token\n- Screenshot contents\n- Web traffic information (domain, URL)\n\nThis does not need SYSTEM privileges on Windows, as it's just reading data in %APPDATA%.\nCurrent user privileges are sufficient, however the SDK supports other user accounts if you are indeed SYSTEM.\n\n## Usage\n\nEither use the CLI utility:\n\n```shell\n./totalrecall -log=info\n```\n\nOr use the SDK:\n```go\npackage main\n\nimport (\n\t\"log\"\n\t\"os\"\n\trecallPkg \"github.com/hazcod/totalrecall/pkg/recall\"\n)\n\nfunc main() {\n\trecall, err := recallPkg.New(nil) // or set a Logrus.Logger\n\tif err != nil { log.Fatal(err) }\n\n\t// find any OCRd images\n\textracts, err := recallPkg.ExtractImagesForCurrentUser()\n\tif err != nil {\n\t\tlog.Printf(\"could not extract Recall Images: %w\", err)\n\t\tos.Exit(1)\n\t}\n\n\tfor i, extract := range extracts {\n\t\tlog.Printf(\"%d - %s - %s - %s\", i+1, extract.Timestamp, extract.WindowTitle, extract.WindowToken)\n\t}\n}\n```\n\n## Documentation\n\nSee the autogenerated SDK documentation in [docs.md](./docs.md).\n\n## Device setup\n\nFirst make sure you have a Windows 11 CoPilot+ device on ARM64 or enable it using [Amperage](https://github.com/thebookisclosed/AmperageKit).\u003cbr/\u003e\nEnsure your Windows build is at least 2600+. (e.g. Insider Build) so it has Recall.\nFor example, I had to switch to the Insiders Dev Channel to make it work on my Windows 11 VM on macOS (Apple Silicon).\u003cbr/\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhazcod%2Ftotalrecall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhazcod%2Ftotalrecall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhazcod%2Ftotalrecall/lists"}