Recently, Microsoft announced their new AI Recall feature that will be enabled on a new hardware generation called Copilot+ PC.
I won’t bore you with the details as the topic has been vastly covered already in YouTube videos and other major information sources.
In summary, Recall is a feature that takes “Snapshots”, which is a fancy word for “screenshot”, of your screen and monitors events like windows being opened, internet searches, dialogue boxes, and much more; all this information is stored in an unencrypted Sqlite3 database in the user’s AppData directory and it’s used by Microsoft’s Copilot to aid the user in their experience with things ranging from browsing the internet to opening files.
The way the Recall data is stored allows any user with read privileges over those files to extract the contents of the database and the snapshots taken during user activity potentially exposing sensitive information.
During my research I came across this GitHub repository by xaitax which describes in detail how Recall represents a security nightmare and demonstrates how simple the code to extract data from it would be. The project only includes a Python script so I decided to make a C++ version that can be ran on a host even when the Python interpreter is not installed and, most importantly, can be easily ran from a beacon ʕ •ᴥ•ʔ - a pretty funny consideration is that the tool probably won’t even need to be obfuscated or packed in any way since it’s not performing malicious actions, it’s just reading a single unencrypted file.
🔗 https://github.com/otterpwn/cppRecall
If you want to test this out yourself, I’ve left some useful links in the code’s comments as well as in the repo; at the time of writing, it seems like the best (and only) way to set up a test environment is to spin up an ARM64 Windows 11 VM on Azure (I registered a new account and got $200 worth of credits to spend in a month so I recommend you do that as well), update the system and install the Windows 11 AI Workloads for ARM64.
In case you’ve never done this before, the following links should be enough to get you up and running
- Post about forensics made on the MS Recall data and how to set up the environment
- Setup guide for Azure VM
- Windows 11 AI Workloads download
- Amperage Kit to install AI Workloads
For now, the code is pretty basic and doesn’t support any CLI arguments but I plan to make it more flexible by adding flags to manually specify the username and a range of timestamps to extract data from. Currently, you’ll be able to run the PoC just by calling the executable
.\cppRecall.exe
This will produce an extraction directory of the format <TIMESTAMP>_Recall_Extraction
containing a text file with all the dumped data
and an ImageStore
folder with all the “snapshots” taken by the feature
The columns extracted by the tool can easily be changed so play around with the database and see what you might be interested in!
EDIT: Right after I posted this Microsoft actually came out with another statement updating on the whole Recall situation and addressing the security issues highlighted by the community.
In this post MS states that Recall is
Secure by design and secure by default
and states that
Copilot+ PCs will launch with “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates
adding a layer of protection over the user’s data.
ʕ •ᴥ•ʔ