@chainlesschain/personal-data-hub 0.2.1 → 0.2.2

package/lib/adapters/wechat/content-parser.js

@@ -54,6 +54,10 @@ const APPMSG_SUBTYPES = {
   33: "miniprogram",
   36: "miniprogram",
   51: "channel-video",
+  // sjqz docs reference these higher subtype codes on newer WeChat builds —
+  // accept both for forward compatibility (post-Phase 12.6 audit).
+  2000: "transfer",
+  2001: "redpacket",
 };
 
 /**
@@ -225,10 +229,15 @@ function parseAppMsg(body) {
     url: url || null,
   };
 
-  // Redpacket-specific
-  if (appType === 21) {
+  // Redpacket-specific (accept both 21 and 2001 — see APPMSG_SUBTYPES)
+  if (appType === 21 || appType === 2001) {
     structured.redPacketTitle = title;
   }
+  // Transfer-specific
+  if (appType === 2000) {
+    structured.transferAmount =
+      extractTag(body, "feedesc") || extractTag(body, "pay_memo");
+  }
   // File-specific
   if (appType === 6) {
     structured.fileName = title;

package/lib/adapters/wechat/db-reader.js

@@ -129,27 +129,88 @@ class WeChatDBReader {
       .map((r) => r.name);
   }
 
+  /**
+   * Discover actual column names via `PRAGMA table_info(<table>)` so
+   * uppercase/lowercase divergence across WeChat builds doesn't blow up
+   * the SELECT. Returns a Map<lowercased_name, actual_name>.
+   *
+   * Post-sjqz audit defence — sjqz schema docs show some column-case
+   * variation across versions; failing late at SELECT yields a confusing
+   * "no such column" error rather than a clean fallback path.
+   */
+  _columnMap(table) {
+    if (!this._db) return new Map();
+    try {
+      const rows = this._db.prepare(`PRAGMA table_info(${table})`).all();
+      return new Map(rows.map((r) => [String(r.name).toLowerCase(), r.name]));
+    } catch (_e) {
+      return new Map();
+    }
+  }
+
+  /**
+   * Resolve a list of desired column names against the actual table
+   * schema. Returns the actual column names quoted for SQL use; throws
+   * if any required column is missing (caller catches and surfaces a
+   * "schema-mismatch" error to the host).
+   */
+  _resolveColumns(table, desiredNames, { required = true } = {}) {
+    const map = this._columnMap(table);
+    const resolved = [];
+    const missing = [];
+    for (const name of desiredNames) {
+      const actual = map.get(name.toLowerCase());
+      if (actual) resolved.push(actual);
+      else if (required) missing.push(name);
+    }
+    if (missing.length > 0 && required) {
+      const err = new Error(
+        `WeChatDBReader: table '${table}' missing required columns: ${missing.join(", ")} ` +
+          `(available: ${Array.from(map.values()).join(", ")})`,
+      );
+      err.code = "WECHAT_SCHEMA_MISMATCH";
+      throw err;
+    }
+    return resolved;
+  }
+
   /**
    * Fetch up to `limit` messages since `sinceMsgSvrId` (per design doc
    * §6 OQ-6 watermark = per-talker last msgSvrId). For initial v0 we
    * accept a global watermark and let the adapter post-filter per
    * talker.
+   *
+   * Column names resolved via PRAGMA table_info to survive case-drift
+   * across WeChat versions (sjqz audit defence).
    */
   fetchMessages({ sinceMsgSvrId = 0, limit = 1000, talker = null } = {}) {
     if (!this._db) throw new Error("WeChatDBReader: call open() first");
-    let sql = "SELECT msgId, msgSvrId, talker, content, type, createTime, isSend, status FROM message";
+    const cols = this._resolveColumns("message", [
+      "msgId",
+      "msgSvrId",
+      "talker",
+      "content",
+      "type",
+      "createTime",
+      "isSend",
+      "status",
+    ]);
+    let sql = `SELECT ${cols.join(", ")} FROM message`;
     const params = [];
     const where = [];
     if (sinceMsgSvrId) {
-      where.push("msgSvrId > ?");
+      // Use the resolved column name in WHERE / ORDER BY to match case.
+      const msgSvrIdCol = cols[1];
+      where.push(`${msgSvrIdCol} > ?`);
       params.push(sinceMsgSvrId);
     }
     if (talker) {
-      where.push("talker = ?");
+      const talkerCol = cols[2];
+      where.push(`${talkerCol} = ?`);
       params.push(talker);
     }
     if (where.length > 0) sql += " WHERE " + where.join(" AND ");
-    sql += " ORDER BY msgSvrId ASC LIMIT ?";
+    sql += ` ORDER BY ${cols[1]} ASC LIMIT ?`;
     params.push(limit);
     return this._db.prepare(sql).all(...params);
   }
@@ -157,14 +218,31 @@ class WeChatDBReader {
   /**
    * Fetch contacts. WeChat rcontact has many columns; we pull the ones
    * relevant for normalization.
+   *
+   * sjqz parity (wechat.py:262-263): excludes `@stranger` (unconfirmed
+   * friend requests) and `fake_*` (WeChat internal placeholder accounts).
+   * Without this filter the vault gets polluted with junk Person entities
+   * that never represent real contacts.
+   *
+   * @param {object} [opts]
+   * @param {number} [opts.limit=5000]
+   * @param {boolean} [opts.includeJunk=false]  true to skip the
+   *   stranger/fake filter (debug / forensic use only)
    */
-  fetchContacts({ limit = 5000 } = {}) {
+  fetchContacts({ limit = 5000, includeJunk = false } = {}) {
     if (!this._db) throw new Error("WeChatDBReader: call open() first");
-    return this._db
-      .prepare(
-        "SELECT username, alias, nickname, conRemark, type FROM rcontact LIMIT ?",
-      )
-      .all(limit);
+    const cols = this._resolveColumns("rcontact", [
+      "username",
+      "alias",
+      "nickname",
+      "conRemark",
+      "type",
+    ]);
+    const usernameCol = cols[0];
+    const sql = includeJunk
+      ? `SELECT ${cols.join(", ")} FROM rcontact LIMIT ?`
+      : `SELECT ${cols.join(", ")} FROM rcontact WHERE ${usernameCol} NOT LIKE '%@stranger' AND ${usernameCol} NOT LIKE 'fake_%' LIMIT ?`;
+    return this._db.prepare(sql).all(limit);
   }
 
   /**

package/lib/adapters/wechat/frida-agent/loader.js

@@ -53,6 +53,13 @@ function runAgentUnderMock(mocks = {}) {
     Interceptor: mocks.Interceptor,
     send: mocks.send,
     setTimeout: mocks.setTimeout || setTimeout,
+    // Frida injects Memory at runtime; tests that exercise the ascii-hex
+    // key-read path inject a mock with readCString(ptr, maxLen). Tests
+    // that don't touch it get a no-op stub so the agent module loads
+    // cleanly even when the hook itself never calls readCString.
+    Memory: mocks.Memory || {
+      readCString: () => null,
+    },
   };
   const ctx = vm.createContext(sandbox);
   const src = loadAgentScript();

package/lib/adapters/wechat/frida-agent/wechat-key-hook.js

@@ -32,7 +32,10 @@
 "use strict";
 
 (function () {
-  var TARGET_MODULE = "libwcdb.so";
+  // sjqz-verified module name is `libWCDB.so` (uppercase); some WeChat
+  // builds ship lowercase. Try both — first match wins, no extra cost
+  // because Process.findModuleByName is a cheap lookup.
+  var TARGET_MODULES = ["libWCDB.so", "libwcdb.so"];
   // Primary symbol per §18.3. Add fallbacks below — version drift will
   // shift the export name; host treats first hit as authoritative.
   var SYMBOLS = [
@@ -60,63 +63,182 @@
   // the host detaches quickly (anti-detection §18.6 #4).
   var fired = false;
 
+  // Sig-aware arg index map. The host treats the first 'key' event as
+  // authoritative, so picking the wrong index for v2 = host gets the
+  // database NAME pointer (e.g. "main") and DB opens fail silently.
+  //   sqlite3_key(sqlite3 *db, const void *pKey, int nKey)
+  //     args[0]=db,            args[1]=key, args[2]=len
+  //   sqlite3_key_v2(sqlite3 *db, const char *zDbName, const void *pKey, int nKey)
+  //     args[0]=db, args[1]=name, args[2]=key, args[3]=len
+  //   wcdb_setkey / WCDBKeyDerive: unknown sig — assume sqlite3_key shape
+  //   Mangled C++: WCDB::Database::setCipherKey(*this, const std::string&)
+  //     args[0]=this, args[1]=&string (length needs .size()) — not handled
+  //     here; emit error so the host falls back to MD5 path.
+  function argIndicesFor(symbolName) {
+    if (symbolName === "sqlite3_key_v2") {
+      return { key: 2, len: 3, sig: "v2" };
+    }
+    if (symbolName.indexOf("_ZN4WCDB") === 0) {
+      return { key: -1, len: -1, sig: "mangled-cpp" };
+    }
+    return { key: 1, len: 2, sig: "v1" };
+  }
+
+  // sjqz extract_wechat_key.py uses Memory.readCString(args[1]) for the
+  // key — meaning some WeChat builds pass the key as a NUL-terminated
+  // 64-char ASCII hex string. Other builds (and the original SQLCipher
+  // contract) pass 32 raw bytes. We can disambiguate by `len`:
+  //   - len === 32 → raw 32-byte key → readByteArray + bytesToHex
+  //   - len === 64 → ASCII hex string → readCString
+  //   - anything else → emit error, host falls back to MD5 path
   function makeHook(symbolName) {
+    var idx = argIndicesFor(symbolName);
     return {
       onEnter: function (args) {
         if (fired) return;
+        if (idx.key < 0) {
+          send({
+            kind: "error",
+            message:
+              "unsupported symbol signature: " +
+              symbolName +
+              " — host should fall back to MD5(IMEI+UIN) key path",
+          });
+          return;
+        }
         try {
-          // sqlite3_key signature: int sqlite3_key(sqlite3 *db, const void *pKey, int nKey)
-          // args[1] = key bytes, args[2] = key length
-          var len = args[2].toInt32();
+          var len = args[idx.len].toInt32();
           if (len <= 0 || len > 256) {
-            send({ kind: "error", message: "implausible key length " + len + " at " + symbolName });
+            send({
+              kind: "error",
+              message:
+                "implausible key length " + len + " at " + symbolName,
+            });
+            return;
+          }
+          var hex;
+          var format;
+          if (len === 64) {
+            // ASCII hex string (sjqz-verified path on WeChat 7.x/8.0 libWCDB)
+            var s = Memory.readCString(args[idx.key], len);
+            if (!s || s.length === 0) {
+              send({
+                kind: "error",
+                message: "readCString returned empty at " + symbolName,
+              });
+              return;
+            }
+            hex = s.toLowerCase();
+            format = "ascii-hex";
+          } else if (len === 32) {
+            // Raw 32-byte key — convert to 64-char hex
+            var buf = args[idx.key].readByteArray(len);
+            hex = bytesToHex(buf);
+            format = "raw-bytes";
+          } else {
+            // Ambiguous length — could be either. Emit both interpretations
+            // and let the host try each against the DB until one succeeds.
+            var bufAmb = args[idx.key].readByteArray(len);
+            var hexFromBytes = bytesToHex(bufAmb);
+            var hexFromString = null;
+            try {
+              var sAmb = Memory.readCString(args[idx.key], len);
+              if (sAmb) hexFromString = sAmb.toLowerCase();
+            } catch (_e) {
+              // readCString may fault on non-NUL-terminated bytes; ignore.
+            }
+            fired = true;
+            send({
+              kind: "key",
+              hex: hexFromBytes,
+              alt: hexFromString,
+              source: symbolName,
+              sig: idx.sig,
+              format: "ambiguous",
+              length: len,
+            });
             return;
           }
-          var buf = args[1].readByteArray(len);
-          var hex = bytesToHex(buf);
           if (!hex) {
-            send({ kind: "error", message: "empty key buffer at " + symbolName });
+            send({
+              kind: "error",
+              message: "empty key buffer at " + symbolName,
+            });
             return;
           }
           fired = true;
-          send({ kind: "key", hex: hex, source: symbolName });
+          send({
+            kind: "key",
+            hex: hex,
+            source: symbolName,
+            sig: idx.sig,
+            format: format,
+            length: len,
+          });
         } catch (e) {
-          send({ kind: "error", message: "hook exception at " + symbolName + ": " + (e && e.message ? e.message : String(e)) });
+          send({
+            kind: "error",
+            message:
+              "hook exception at " +
+              symbolName +
+              ": " +
+              (e && e.message ? e.message : String(e)),
+          });
         }
       },
     };
   }
 
-  function tryAttach() {
-    var mod = Process.findModuleByName(TARGET_MODULE);
+  function tryAttachOnModule(moduleName) {
+    var mod = Process.findModuleByName(moduleName);
     if (!mod) return false;
     var attached = 0;
     for (var i = 0; i < SYMBOLS.length; i++) {
-      var addr = Module.findExportByName(TARGET_MODULE, SYMBOLS[i]);
+      var addr = Module.findExportByName(moduleName, SYMBOLS[i]);
       if (!addr) continue;
       try {
         Interceptor.attach(addr, makeHook(SYMBOLS[i]));
-        send({ kind: "hooked", symbol: SYMBOLS[i], module: TARGET_MODULE });
+        send({ kind: "hooked", symbol: SYMBOLS[i], module: moduleName });
         attached++;
       } catch (e) {
-        send({ kind: "error", message: "Interceptor.attach failed for " + SYMBOLS[i] + ": " + (e && e.message ? e.message : String(e)) });
+        send({
+          kind: "error",
+          message:
+            "Interceptor.attach failed for " +
+            SYMBOLS[i] +
+            ": " +
+            (e && e.message ? e.message : String(e)),
+        });
       }
     }
     return attached > 0;
   }
 
+  function tryAttach() {
+    for (var i = 0; i < TARGET_MODULES.length; i++) {
+      if (tryAttachOnModule(TARGET_MODULES[i])) {
+        return true;
+      }
+    }
+    return false;
+  }
+
   // Module-load polling — §18.6 #1 "hook at module-load time before
-  // anti-detection thread runs". WeChat lazy-loads libwcdb when the
+  // anti-detection thread runs". WeChat lazy-loads libWCDB when the
   // first DB opens, so we can't always find it at script start.
   if (!tryAttach()) {
-    send({ kind: "module-waiting", module: TARGET_MODULE });
+    send({ kind: "module-waiting", module: TARGET_MODULES.join("|") });
     var attempts = 0;
     var poll = function () {
       attempts++;
       if (tryAttach()) return;
       if (attempts >= 60) {
         // 60 attempts × 500ms = 30s ceiling, matches host timeoutMs
-        send({ kind: "error", message: TARGET_MODULE + " did not load within 30s" });
+        send({
+          kind: "error",
+          message:
+            TARGET_MODULES.join("|") + " did not load within 30s",
+        });
         return;
       }
       setTimeout(poll, 500);

package/lib/adapters/wechat/key-providers/frida-key-provider.js

@@ -191,6 +191,14 @@ class FridaKeyProvider extends KeyProvider {
         if (evt.kind === "key") {
           settled = true;
           telemetry.keySource = evt.source;
+          // Phase 12.6 (post-sjqz audit) — capture sig/format/length so a
+          // failed DB open can be diagnosed: ascii-hex vs raw-bytes
+          // determines whether sqlite3_key got the expected key bytes,
+          // and sig=v1/v2 confirms args index resolution.
+          telemetry.keyFormat = evt.format || null;
+          telemetry.keySig = evt.sig || null;
+          telemetry.keyLength = evt.length || null;
+          telemetry.keyAlt = evt.alt || null;
           telemetry.durationMs = Date.now() - telemetry.startedAt;
           cleanup().then(() => resolve(String(evt.hex || "").toLowerCase()));
           return;

package/lib/adapters/wechat/normalize.js

@@ -203,11 +203,20 @@ function contactDisplayName(byUsername, wxid) {
 function guessContactSubtype(row) {
   // rcontact.type bits: official accounts / group / regular contact /
   // black list. Detailed mapping in WeChat reverse-eng community —
-  // for v0.5 we keep it simple: anything that's not the user's self is
-  // "contact". Phase 12.6 will refine with full bit mapping.
-  if (typeof row.username === "string" && row.username.endsWith("@chatroom")) {
+  // for v0.5 we keep it simple: chatroom → unknown (not a Person),
+  // `gh_*` username → merchant (公众号 / Official Account — brand /
+  // business pushing content; closest enum match), rest → contact.
+  // Phase 12.6 will refine with full bit mapping + rcontact.type bits.
+  // (sjqz parity wechat.py:282 — get_friends() excludes gh_* from
+  // friends view but keeps them in contacts; we keep as Person with
+  // distinct subtype so Ask flow / EntityResolver can filter cleanly.)
+  if (typeof row.username !== "string") return "contact";
+  if (row.username.endsWith("@chatroom")) {
     return "unknown"; // chat group, not a Person
   }
+  if (row.username.startsWith("gh_")) {
+    return "merchant"; // 公众号 / Official Account
+  }
   return "contact";
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chainlesschain/personal-data-hub",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "Personal Data Hub — UnifiedSchema + validators + KG ingest helpers for the data-back-to-the-individual middleware",
   "type": "commonjs",
   "main": "lib/index.js",