[HN Gopher] FindMy Flipper - AirTag and SmartTag Emulator
___________________________________________________________________
FindMy Flipper - AirTag and SmartTag Emulator
Author : jstrieb
Score : 243 points
Date : 2024-08-19 01:31 UTC (21 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| xnzakg wrote:
| Sadly this requires a "donor" tag to impersonate (which then
| can't be used for as long as you want this to work), or using
| OpenHaystack which requires using a Mac in order to get the data.
| stavros wrote:
| It doesn't, I use it without an AirTag on my Linux machine. It
| works fine.
| Nereuxofficial wrote:
| How do i use it without an Airtag? At the step number 9 the
| setup asks me to enter an Apple ID, which i do not have. Is
| there a way to track it on Android or Linux without an Apple
| ID?
| stavros wrote:
| You don't need a Mac to create an Apple ID, no? You just
| create one on the site. To be fair, I created mine years
| ago.
| fossiliferous wrote:
| I've tried to create an Apple ID recently on a non-Apple
| platform and it was a huge PITA. Tried using different
| browsers on Windows and Linux, tried Apple Music on
| Android , tried iCloud on Windows - nothing.
|
| Basically I was able to pass email and phone number
| verification, but then "Continue" button on the "Apple ID
| & Privacy " page doesn't work and you can't get around
| it. No error or description whatsoever, just internal
| server error in the browser's console.
|
| Turns out it's a known problem and the same button works
| perfectly fine when pressing it on an Apple device. I
| haven't tried it in a macOS VM though, but presumably
| Apple flags such accounts anyway.
|
| Related thread: https://www.reddit.com/r/applehelp/commen
| ts/17zawel/continue...
| stavros wrote:
| Yeah, Apple is crap that way. Whenever I log in from my
| Linux desktop, they "lock" my account and I have to go
| through a long process where I verify my email, phone,
| password, and they send me an SMS code.
|
| If you want, I can create an account for you on my Mac,
| email me (email in profile).
| mintplant wrote:
| How? The README [0] states that a Mac is required. Do you
| mean that you use the Find My network to keep track of your
| Linux machine's location (as described in [1]), but not to
| locate devices (which requires either macOS or a proxy server
| running on macOS)?
|
| [0] https://github.com/seemoo-lab/openhaystack?tab=readme-ov-
| fil...
|
| [1] https://github.com/seemoo-
| lab/openhaystack/tree/main/Firmwar...
| stavros wrote:
| I use this and it's great. Consumes basically no power, too. I'd
| like it if it could talk to Google's "Find device" network, but
| it's already working really well with Apple's network.
| panki27 wrote:
| What Android app do I need to use this? Preferably one that does
| not require Google Services?
| dncornholio wrote:
| None. All you need is a computer with Python, git and Docker
| Etheryte wrote:
| This project is for Flipper Zero, not a phone.
| panki27 wrote:
| I understand that I need a Flipper, and I have one.
|
| But what Android app can actually "find" it? I don't have an
| iPhone or Samsung device.
| compsciphd wrote:
| This concept would possible be used to get around the stalking
| features that Apple et al has implemented.
|
| Ex: Get N donor tags. Have it cycle through the N tags every 24/N
| hours. Therefore, to apple (/ device tracking), the "stalkee" is
| never being followed by a single tag for an extended period of
| time.
| diggan wrote:
| > Ex: Get N donor tags. Have it cycle through the N tags every
| 24/N hours. Therefore, to apple (/ device tracking), the
| "stalkee" is never being followed by a single tag for an
| extended period of time.
|
| If you have to cycle the tags constantly, couldn't you just
| physically follow the person and spend less effort/money at
| that point? Or get a GPS tag that doesn't use the AirTag
| "network" at all, no cycling needed.
| winkelmann wrote:
| You wouldn't actually physically cycle/replace the tag. As
| you can see in the README, you can clone real tags, which
| could be advertised by the device in intervals.
| compsciphd wrote:
| right, I'm actually wondering if one could build an esp32
| device that did this itself (i.e. without the need of a
| flipper zero). Basically something in a similar form factor
| of an actual air tag.
|
| the anti-stalking features make airtags less useful for
| anti-theft (or theft discovery), as any aware thief can
| just disable the tag due to the anti-stalking feature
| (apple does note that its not designed for anti-theft
| purposes). But if one can defeat the anti-stalking feature,
| it makes it much more practical for this.
|
| Personally, I wish Apple allowed one to permanently put
| their air-tag into law enforcement mode, which would
| prevent you personally from tracking it (and remove it from
| stalking alerts), but would provide legally recognized law
| enforcement the ability to request the tracking record
| (i.e. same process that they might use for requesting cell
| phone location data).
| copperx wrote:
| What is purpose of the law enforcement feature? Would it
| be like donating an AirTag to police?
| circustaco wrote:
| In the case that one is using an airtag for ant-theft
| purposes and they do not want to alert the thief of the
| existence of the airtag while maintaining the intention
| of the alerts (anti-stalking).
|
| ex. You notice your bike is stolen. immediately turn on
| law enforcement mode. The anti-stalking notifications are
| disabled but the owner can no longer track the airtag.
| However, after alerting the police, they could access the
| location of the device and investigate or recover the
| bike.
| ensignavenger wrote:
| "they could access the location of the device and
| investigate or recover the bike."
|
| Umm, where do you live that the police give a hoot about
| a stolen bike? Maybe Japan?
| withinboredom wrote:
| If a bunch of bikes keep ending up in the same place,
| they can likely sting some organized crime. That actually
| happens here in the Netherlands.
| rekoil wrote:
| You can, there's been ESP32 firmware out for years that
| does this: https://github.com/seemoo-
| lab/openhaystack/tree/main/Firmwar...
| compsciphd wrote:
| ah, would be easy to extend it to do what I said, just
| need to store multiple keys and rotate through them on
| some schedule.
| dmitrygr wrote:
| > law enforcement mode
|
| > provide legally recognized law enforcement the ability
| to request the tracking record
|
| Where do you live where law enforcement cares about
| stolen property? 1985 America?
| wafflemaker wrote:
| No need to be snarky. There are many places where police
| does its job.
|
| And in other places you can probably bribe them to do it.
| nativeit wrote:
| In my experience, their efforts are directly correlated
| with the tools and information at their disposal. Report
| stolen property? They'll take a report. Report the
| location of stolen property? Much more likely to
| investigate. It shouldn't surprise anyone that they are
| loath to expend a limited amount of resources on anything
| other than triaged harm reduction. If they can recover
| stolen property while securing a successful prosecution
| of the thieves, without exerting a ton of time and
| effort, they probably will. That said, I have experienced
| needlessly unhelpful police encounters, so YMMV with
| pragmatism.
| withinboredom wrote:
| For anything that may be insured, they likely just want
| to get you your paperwork, so you can file a claim. Why
| bother getting something you can replace? For other
| things, they may care if there is an evidence trail to
| follow.
| numpad0 wrote:
| (in case elaboration is useful: AirTag relies on GPS location
| reports from user unaware iOS phones. This enables a stalker
| to throw a tag into your backpack and follow you. iOS
| notifies this happening to the user based on tag ID, and
| presumably GP meant that cycling through fake IDs could
| bypass triggering that.)
| nom wrote:
| If it's not patched yet: I heard you can just power cycle a tag
| on a timer to evade detection. Add a large battery with a
| simple timer circuit, remove the beeper and you got yourself an
| amazing tracking device.
|
| IIRC this came up in the context of tracking shipments with
| expensive equipment, where it can be in transit for many
| months. The tags are so power efficient that they work for ages
| on a large battery, existing GPS solutions just didn't cut it.
| CPLX wrote:
| I use them out of the box to track expensive equipment in
| cases and the batteries are good for 6-12 months or so,
| sometimes longer.
| gruez wrote:
| >If it's not patched yet: I heard you can just power cycle a
| tag on a timer to evade detection
|
| I'm not sure how apple could ever patch it. If you were
| willing to add a power-cycling microcontroller to your
| airtag, it wouldn't be that much effort to also add a bank of
| airtags to cycle through, which would make the apparatus
| totally indistinguishable from a group of airtags coming in
| and out of range constantly.
| teaearlgraycold wrote:
| Well, not totally indistinguishable. But hard to write hard
| coded rules for.
| gruez wrote:
| Why do you need donor tags? The README for the project has
| instructions for generating tags.
| nunobrito wrote:
| Still using flipper a few times per week. Looking forward to the
| next edition with Wi-Fi and other frequencies.
| phasE89 wrote:
| What do you use it for?
| nunobrito wrote:
| The IR blaster is the most common usage. After that, some
| games are good. Pass hours playing scorched earth while
| travelling.
|
| Also give it for my kids to play instead of letting use the
| phone and browse random stuff on youtube.
| copperx wrote:
| I'm glad you've found an use for it. Its most common use is
| a paperweight at home.
| theshrike79 wrote:
| Dunno about the current prices, but it was a REALLY
| expensive paperweight for a long time. People paid
| hundreds of dollars for one.
| sulandor wrote:
| nah - a "good" paperweight can easily rival the cost of a
| car
| reaperducer wrote:
| I see you've been shopping with my wife.
| dogecoinbase wrote:
| I simply park my car on top of papers that I want to keep
| in place -- one less paperweight to buy.
| acheong08 wrote:
| Not OP but I still use mine quite frequently.
|
| - My family's old subhz car keys are dying so I cloned it &
| use the flipper when the real one doesn't work. It's a car
| from before the 2000s so no security whatsoever.
|
| - Apartment, lift, gym rfid. Don't need to bring multiple
| sets of cards
|
| - IR is also helpful as a backup while I procrastinate going
| out and buying batteries for some remotes.
| theturtletalks wrote:
| I thought many gym and apartment key fobs can't be
| replicated due to rolling keys. Has this been addressed or
| flipper works on older fobs?
| panki27 wrote:
| Rolling keys is more of an RF thing, fobs are NFC or RFID
| (rolling key is still vulnerable to a simple replay
| attack).
|
| For NFC/RFID it depends entirely on the card. You can
| easily clone Mifare Classic, but on newer ones there's no
| way I know of, and the software does not (yet) have
| support for Legic (which has been broken for over a
| decade).
| renewiltord wrote:
| Friends and I make keyfobs to our apartment buildings. The
| HOA fee is $100. But the fob is a few cents.
| dpifke wrote:
| My dogs' microchips have a body temperature sensor. When one
| of them is acting like they might be sick, I can take their
| temperature with via my Flipper's RFID reader.
| kstrauser wrote:
| Not OP, but I've used it to clone (my own!) hotel key cards.
| I've accidentally left my key in the room when I unlocked the
| door, then absentmindedly tossed the card onto the dresser
| instead of putting it right back into my wallet. It's nice to
| have a backup in my bag.
|
| Other hotels have an iPhone app you can use to unlock your
| door. That's _another_ nice backup, but I 've found I can
| have my Flipper out and the room door open faster than I can
| open my phone, find the app, launch it, inevitably have to
| log back in because it's been more than 30 seconds since I
| last opened it, etc.
| piyuv wrote:
| WiFi dev board does not cut it?
| ks2048 wrote:
| The README.md could use a link to know what this is talking
| about: https://flipperzero.one/
| xyst wrote:
| very interesting project, but one of the downstream dependencies
| used here is insecure by default:
|
| https://github.com/biemster/FindMy/blob/113ebf4017729b92a381...
|
| Seems to be auth lib for iCloud.
|
| Also seems to hard code a MacBook device agent in order to
| associate the generated keys with a device.
|
| As with anything in the centralized world, I wouldn't use this on
| an account with a high number of services/digital assets tied to
| it. I wouldn't be surprised if Apple bans accounts that use this.
|
| Wouldn't be difficult to find out either given the unique "adsid"
| code that is required to login.
| ForOldHack wrote:
| The auth lib for iCloud is inherently insecure, for you, and
| obviously not for Apple, Inc. I would fork this project into
| two separate products, which is abhorrent to do, but it must be
| done.
|
| I would never consciously integrate a library from a third
| party. I am in the middle of scanning every single release of
| 'VenToy' into virus scanners, awaiting for the moment when an
| NZ-type vulnerability proves true.
|
| Its not that Apples payment stream depends on this, its their
| subscription model.
|
| Beware of offering a feature free that Apple thinks is
| interesting, they will lock you out, and start charging people
| for it.
|
| Doubly beware of p*ssing off geeks, the will go to bed on
| Friday, in an angry state, and fervently work all weekend both
| to black box your product, but to trivialize the implementation
| of it. Now those are the really scary people.
| mschuster91 wrote:
| > Also seems to hard code a MacBook device agent in order to
| associate the generated keys with a device.
|
| Hold short, so you _don 't_ need an iOS device technically to
| onboard AirTags, any Apple device is sufficient? Why in the
| name of everything that is holy does Apple not support this
| officially, just to push sales for iOS devices or what?
|
| (Angry rant of someone who bought an extra used iPhone despite
| owning like 5k in Apple desktop/mobile gear, just to be able to
| onboard some AirTags)
| xyst wrote:
| > why in the name of everything that is holy does Apple not
| support this officially, just to push sales for iOS devices
| or what?
|
| You answered your own question ;).
|
| My best guess (assuming it wasn't malice/greed): not many
| people have access to an NFC/RFID reader and it's Apple. So
| it has to be soft locked somehow behind the Apple Wall. So,
| in order to provide that "just works" experience. It's better
| to advertise iPhone method as a way to get the tags
| registered.
|
| Other methods exist, but your mileage varies. Also, Apple may
| change the APIs at any time and break that process. Thus, no
| support provided.
| some_random wrote:
| I think Apple just doesn't think about use cases outside
| their ecosystem as a general rule, in the same way that SF
| engineers don't think about uses outside the Bay. It's not
| malicious when things stop breaking because they lose mobile
| connectivity, or when your rideshare app demands you wait
| outside in the middle of winter in Minnesota, these issues
| just aren't thought of as an organization.
| anonymousiam wrote:
| Has anybody tried this to see how the "Find My" app reacts to
| seeing the "same" tag in more than one location?
| denysvitali wrote:
| Apple servers don't know anything about the location, so it's
| up to the implementation (in this case, the FindMy app) to
| average the location
| KTibow wrote:
| Am I missing something or would it just use the most recent
| one?
| theginger wrote:
| Yeah but what happened when one is many miles away and both
| are checking in, so most recent location is flip flopping.
| jamesy0ung wrote:
| It would be nice if this can be ported to a low cost BLE device
| such as the ESP32-C3. Using a flipper as an airtag is a bit
| expensive.
___________________________________________________________________
(page generated 2024-08-19 23:00 UTC)