A Go SDK and commandline utility to abuse the latest Windows Copilot+ Recall feature.
This was inspired by Kevin Beaumonts excellent blog article.
This will extract any Recall extracts which contains the following information:
- Timestamp of the extract
- Window title
- Window token
- Screenshot contents
- Web traffic information (domain, URL)
This does not need SYSTEM privileges on Windows, as it's just reading data in %APPDATA%. Current user privileges are sufficient, however the SDK supports other user accounts if you are indeed SYSTEM.
Either use the CLI utility:
./totalrecall -log=infoOr use the SDK:
package main
import (
"log"
"os"
recallPkg "github.com/hazcod/totalrecall/pkg/recall"
)
func main() {
recall, err := recallPkg.New(nil) // or set a Logrus.Logger
if err != nil { log.Fatal(err) }
// find any OCRd images
extracts, err := recallPkg.ExtractImagesForCurrentUser()
if err != nil {
log.Printf("could not extract Recall Images: %w", err)
os.Exit(1)
}
for i, extract := range extracts {
log.Printf("%d - %s - %s - %s", i+1, extract.Timestamp, extract.WindowTitle, extract.WindowToken)
}
}See the autogenerated SDK documentation in docs.md.
First make sure you have a Windows 11 CoPilot+ device on ARM64 or enable it using Amperage.
Ensure your Windows build is at least 2600+. (e.g. Insider Build) so it has Recall.
For example, I had to switch to the Insiders Dev Channel to make it work on my Windows 11 VM on macOS (Apple Silicon).