-
Notifications
You must be signed in to change notification settings - Fork 477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compatibility with Apple's Find My app. #39
Comments
+1 |
TL;DR: In principle, this could work. In practice, it won't. There are essentially two ways that we could implement this. Both options would require us to access the secured storage (e.g., keychain) of the Find My processes. To do this on macOS, you need to disable system integrity protection (SIP), which would leave your system vulnerable to all sorts of attacks. This is nothing that you should do on a production machine. And this is why we won't go down that road. Also, we would need to conduct more manual reverse-engineering to figure out where to inject/from where to extract the keys. For completeness sake: Certified third-party Find My devices use a proprietary pairing process involving Apple-issued certificates to appear in Apple's Find My app. |
Thanks for the detailed response. |
I'll leave this open so others can easily find it |
Interesting, the site below says:
https://news.ycombinator.com/item?id=20129942 So chances are it assigns public keys in plain text. (no point encrypting) Would be interesting to record the BLE traffic for assigning an original airtag and see the broadcast at the end. Does anyone have one? If Apple took the shortest path everywhere then we can easily mass produce airtags. |
Also it would be easy to trigger a sound from any nearby tags since a 3rd party user can also do this (stalking mode). It would be easy to destroy the whole apple airtag brand 🗡️ |
To me the text hacker news post basically looks like the person paraphrased our paper about the Find My network. The main difference for OpenHaystack for now is that our firmware and apps do not change the advertised public keys and it seems like AirTags send a slightly different BLE advertisement. The rest is almost identical and that's why OpenHaystack actually worked before AirTags have been released. I plan on buying some AirTags so analyze their Bluetooth packets. |
If you have some wireless accessory (like earpods) you can already use the finding feature for those. |
Someone dumped the airtag's firmware: |
How possible is it to do this on a jailbroken iOS device? Or, on a version of macOS running in a VM? |
@throwaways this would work in principle as I mentioned. But quoting myself:
|
I have SIP enabled. When I run, for example, Is there really no way to extract it from the keychain without disabling SIP? Even if so, as long as this key does not change it should only be necessary to obtain once, then SIP could be reenabled. Thanks for your awesome work! |
Awesome project!
I was just wondering, now that Apple has released the 'Items' tab in the Find My app, does this project work with it or could it be made compatible?
The text was updated successfully, but these errors were encountered: