https://github.com/positive-security/send-my Skip to content Sign up * Why GitHub? Features - + Mobile - + Actions - + Codespaces - + Packages - + Security - + Code review - + Project management - + Integrations - + GitHub Sponsors - + Customer stories- * Team * Enterprise * Explore + Explore GitHub - Learn and contribute + Topics - + Collections - + Trending - + Learning Lab - + Open source guides - Connect with others + The ReadME Project - + Events - + Community forum - + GitHub Education - + GitHub Stars program - * Marketplace * Pricing Plans - + Compare plans - + Contact Sales - + Education - [ ] [search-key] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} positive-security / send-my * Notifications * Star 1.1k * Fork 32 Upload arbitrary data via Apple's Find My network. AGPL-3.0 License 1.1k stars 32 forks Star Notifications * Code * Issues 0 * Pull requests 0 * Actions * Projects 0 * Wiki * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Wiki * Security * Insights main Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags 1 branch 1 tag Code Clone HTTPS GitHub CLI [https://github.com/p] Use Git or checkout with SVN using the web URL. [gh repo clone positi] Work fast with our official CLI. Learn more. * Open with GitHub Desktop * Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio Code Your codespace will open once ready. There was a problem preparing your codespace, please try again. Latest commit @breakingsystems breakingsystems Update README.md ... 50f8840 May 12, 2021 Update README.md 50f8840 Git stats * 4 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time DataFetcher Initial commit May 12, 2021 Firmware/ESP32 Initial commit May 12, 2021 Resources Updated readme, added overview image and gifs May 12, 2021 LICENSE Added license file May 12, 2021 README.md Update README.md May 12, 2021 View code Send My How it works How to use The Modem The DataFetcher References License README.md Send My Send My allows you to to upload abritrary data from devices without an internet connection by (ab)using Apple's Find My network. The data is broadcasted via Bluetooth Low Energy and forwarded by nearby Apple devices. Send my Overview The application consists of two parts: * Firmware: An ESP32 firmware that turns the microcontroller into a serial (upload only) modem * DataFetcher: A macOS application used to retrieve, decode and display the uploaded data Both are based on OpenHaystack, an open source implementation of the Find My Offline Finding protocol. How it works Summary: When sending, the data is encoded in the public keys that are broadcasted by the microcontroller. Nearby Apple devices will pick up those broadcasts and forward the data to an Apple backend as part of their location reporting. Those reports can later be retrieved by any Mac device to decode the sent data. Check https://positive.security/blog/send-my for details. How to use The Modem 1. Change the modem_id (and if desired the data_to_send default message) 2. Check the Firmware README.md for flashing instructions 3. After boot, the ESP32 will immediately broadcast the default message in a loop until a new message is received via the serial interface. Messages can be sent to the modem e.g. using the Arduino IDE's Serial Monitor. ESP32 modem serial output The DataFetcher 1. Install OpenHaystack including the AppleMail plugin as explained in https://github.com/seemoo-lab/openhaystack#installation 2. Run OpenHaystack and ensure that the AppleMail plugin indicator is green 3. Run the DataFetcher OFFetchReport application (either the Release version or build it yourself by opening DataFetcher/ DataFetcher.xcodeproj in XCode and running the OFFetchReport target) 4. Insert the 4 byte modem_id previously set in the ESP firmware as hex digits 5. Fetch uploaded messages Data retrieval macOS app References * Blog Post: https://positive.security/blog/send-my * OpenHaystack: https://github.com/seemoo-lab/openhaystack * Alexander Heinrich, Milan Stute, Tim Kornhuber, Matthias Hollick. Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System. Proceedings on Privacy Enhancing Technologies (PoPETs), 2021. License Send My is licensed under the GNU Affero General Public License v3.0. About Upload arbitrary data via Apple's Find My network. Topics apple bluetooth data-exfiltration find-my airtag Resources Readme License AGPL-3.0 License Releases 1 Initial Release v0.1 Latest May 12, 2021 Languages * C 41.0% * C++ 23.7% * Objective-C 19.4% * Swift 14.0% * Shell 1.5% * CMake 0.2% * Makefile 0.2% * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.