Location of the Recall database files
This is a nice Python tool, that can extract data from the Windows Recall database in the %USERPROFILE%\AppData\Local\CoreAIPlatform.00\UKP{GUID} folder. This is the first tool to use the data stored in the SQLite database. This is a means to extract your data and see what it is storing about you.
Images are stored in the .\ImageStore\ subdirectory. The database is named ukg.db.
![An old computer running IBM DOS. Before Microsoft bought it.](https://www.securitronlinux.com/wp-content/uploads/2012/06/1334672449398.jpg)
Download this script.
(jcartwright@2403-4800-25af-b00--2) 192.168.1.5 Recall $ git clone https://github.com/xaitax/TotalRecall.git
Cloning into 'TotalRecall'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 8 (delta 0), reused 8 (delta 0), pack-reused 0
Receiving objects: 100% (8/8), 9.71 KiB | 9.71 MiB/s, done.
Then run the script by itself to find the database and open it.
(jcartwright@2403-4800-25af-b00--2) 192.168.1.5 TotalRecall $ python3 totalrecall.py ___________ __ .__ __________ .__ .__ \__ ___/____/ |______ | |\______ \ ____ ____ _____ | | | | | | / _ \ __\__ \ | | | _// __ \_/ ___\\__ \ | | | | | |( <_> ) | / __ \| |_| | \ ___/\ \___ / __ \| |_| |__ |____| \____/|__| (____ /____/____|_ /\___ >\___ >____ /____/____/ \/ \/ \/ \/ \/ v0.2 / Alexander Hagenah / @xaitax / [email protected]
I do not have access to Recall yet, thank god, but this is how you would access it. This is a very nice tool. I hope someone uploads a sample SQLite database from Recall so Linux users can try and access the data using Linux tools. How long until they try and force a tool like Recall for Linux? That would be quite a show and the Twitter threads would be gold.
You can use it to search all prior user activity the minute you get on a PC.
— Kevin Beaumont (@GossiTheDog) June 4, 2024
Example search for โpasswordโ
๐ช Captured Windows: 133
๐ธ Images Taken: 36
๐ Search results for 'password': 22
๐ Summary of the extraction is available in the file:โฆ
So, it is easy to extract the data using Python. Windows Recall does not encrypt the database and is accessible to any malware that wants the data, or anyone who can access your PC with a USB drive. They can copy the database and trawl through it later at their leisure. Microsoft is a security nightmare in the making.
Disable Windows Recall
How to disable Windows Recall on a machine using the Registry Editor as Admin.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsCopilot] "TurnOffWindowsCopilot"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsAI] "DisableAIDataAnalysis"=dword:00000001 |