MartinPham
Broken in Sequoia
I know this states support up to Sonoma, but it looks like Apple have moved the required data files again under Sequoia. Running /usr/bin/security find-generic-password -l BeaconStore -g returns security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
The cache location remains: ~/Library/Caches/com.apple.findmy.fmipcore But doesn't look to have updated in the last 12 days.
In my case the cache seems to be updated
corti@mini ~> ls -~/Library/Caches/com.apple.findmy.fmipcorere
total 176
-rw-r--r--@ 1 corti staff 26711 Sep 18 21:24 Devices.data
-rw-r--r--@ 1 corti staff 530 Sep 18 21:24 FamilyMembers.data
-rw-r--r--@ 1 corti staff 7566 Sep 18 21:24 ItemGroups.data
-rw-r--r--@ 1 corti staff 29101 Sep 18 21:24 Items.data
-rw-r--r--@ 1 corti staff 430 Mar 7 2024 Owner.data
-rw-r--r--@ 1 corti staff 11142 Sep 18 21:24 SafeLocations.data
corti@mini ~> date
Wed Sep 18 21:26:00 CEST 2024
The entry in the keychain is still there and was modified two days ago:
Same issue. Can't seem to get the password from the Keychain directly either.
This is probably related to this comment. https://github.com/MartinPham/FindMySync/issues/25#issuecomment-2266719318
As far as I can see, those password now managed by the com.apple.icloud.searchpartyuseragent group which I can't see in groups list. And I can't access those password with my admin account. I also tried the command that you suggest to run in app. It can't find any BeaconStorage in password list because of this change I assume.
I have some knowledge in Linux systems but Macos is complete a foreign language to me so forgive me if I point a wrong direction. So @MartinPham sorry to ping you but if you are still interested this project I can help if you need any help.
Thanks a lot for your effort & time
Any idea how to solve this? If not, It might be better to use macOS Sonoma 14.x until this issue is solved.
Hi @FrankGiesecke I try to dig this problem a little bit and check other similar projects for any possible solution. I still can't find a way add the regular admin account to process user group to access user password. So if you really dependent to this app please stick to sonoma instead of sequoia.
I have some one who has more experience than mine will look and solve the issue.
ps. there is another issue for airy10's solution which you can track as a cross reference. https://github.com/airy10/FindMyDevices/issues/1
With MacOS 15 (Sequoia), Apple moved the BeaconStore key from living on the locally accessible login keychain (based on files) to the iOS-style "iCloud"/"Local Items" keychain. Based on this thread on an Apple forum from 2021 - https://forums.developer.apple.com/forums/thread/676891 - this keychain uses permissions based on entitlements:
Your access to these groups is determined by your entitlements; see Set Your App’s Access Groups in Sharing Access to Keychain Items Among a Collection of Apps for the details (1). These entitlements must be allowlisted by your provisioning profile, and Apple won’t issue you a provisioning profile that allows you access to the com.apple.ssh.passphrases keychain access group.
Keychain Access tool can still seemingly access these passwords and show them, but it seems that Keychain Access won't show passwords that are bytes rather than a string, since it has never shown the BeaconStore password for me.
Since provisioning profiles are controlled entirely by Apple, and Keychain Access can't be used to access the password, I doubt there is a way to work around this using any of the tools folks have been using.
In Sonoma, access control is controllable by the user:
In Sequoia, access control is no longer controllable:
By disabling keychain icloud sync, the key ends up in Local items:
So a workaround may be to look into the database file ./Library/Keychains/<UUID>/keychain-2.db
% sqlite3 ./Library/Keychains/*/keychain-2.db .dump|grep -i searchparty |grep keys
INSERT INTO keys VALUES(...
...
','com.apple.icloud.searchpartyuseragent',
...
Either extracting the key from the database, or by adjusting the agrp in the keychain permissions such that the terminal may access the key. Or add a new key from the terminal, and update the key data with the beaconstore information.
sqlite3 ./Library/Keychains/*/keychain-2.db 'select agrp from keys'
...
com.apple.Spotlight.Metadata
com.apple.iCloudNotificationAgent
com.apple.icloud.searchpartyuseragent
com.apple.identityservicesd
...
The keys table has the following information:
CREATE TABLE keys(rowid INTEGER PRIMARY KEY AUTOINCREMENT,cdat REAL,mdat REAL,kcls INTEGER NOT NULL DEFAULT 0,labl BLOB,alis BLOB,perm INTEGER,priv INTEGER,modi INTEGER,klbl BLOB NOT NULL DEFAULT '',atag BLOB NOT NULL DEFAULT '',crtr INTEGER NOT NULL DEFAULT 0,type INTEGER NOT NULL DEFAULT 0,bsiz INTEGER NOT NULL DEFAULT 0,esiz INTEGER NOT NULL DEFAULT 0,sdat REAL NOT NULL DEFAULT 0,edat REAL NOT NULL DEFAULT 0,sens INTEGER,asen INTEGER,extr INTEGER,next INTEGER,encr INTEGER,decr INTEGER,drve INTEGER,sign INTEGER,vrfy INTEGER,snrc INTEGER,vyrc INTEGER,wrap INTEGER,unwp INTEGER,data BLOB,agrp TEXT NOT NULL,pdmn TEXT,sync INTEGER NOT NULL DEFAULT 0,tomb INTEGER NOT NULL DEFAULT 0,sha1 BLOB,vwht TEXT,tkid TEXT,musr BLOB NOT NULL,UUID TEXT,sysb INTEGER DEFAULT 0,pcss INTEGER,pcsk BLOB,pcsi BLOB,persistref BLOB NOT NULL,clip INTEGER NOT NULL DEFAULT 0,ggrp TEXT,UNIQUE(kcls,klbl,atag,crtr,type,bsiz,esiz,sdat,edat,agrp,sync,vwht,tkid,musr,ggrp));
I haven't tried myself though - I "solved" the problem by using Sonoma for the time being.
@alfs Thanks for sharing! I am suspecting that the Sonoma workaround might not be entirely working (or might not work soon). The decoded plist does not seem to contain master keys that match with what my airtag is broadcasting. I am looking into if I can get this keychain-2.db idea to work. Any idea on which one is the BeaconStore? I also tried various ways to get around the searchparty agrp but don't seem to work.
By disabling keychain icloud sync, the key ends up in Local items:
If the key is moved to the Local items does the password then become accessible or what would be the purpose of moving from icloud to Local? thanks
I have created a new project called FindMySyncPlus. It based on the concepts of this project, and also leverages @Pnut-GGG's FMIPDataManager-extractor and findmy-cache-decryptor. It requires Sequoia or Tahoe to run.
I have created a new project called FindMySyncPlus. It based on the concepts of this project, and also leverages @Pnut-GGG's FMIPDataManager-extractor and findmy-cache-decryptor. It requires Sequoia or Tahoe to run.
Sounds good, few questions, 1) Does it decrypt the Items.data file in to text json? 2) How to run it ? thanks!
I have created a new project called FindMySyncPlus. It based on the concepts of this project, and also leverages @Pnut-GGG's FMIPDataManager-extractor and findmy-cache-decryptor. It requires Sequoia or Tahoe to run.
Sounds good, few questions, 1) Does it decrypt the Items.data file in to text json? 2) How to run it ? thanks!
High level: 1) Yes it works on Items.data. But no it does not write an intermediate output file. It decrypts the plist items, and parses the decrypted array in memory before posting to your HA endpoint. 2) Either compile the swift program in Xcode, or download the pre-compiled Release. Please note, I did not pay for an apple developer certificate, so running it will get blocked by GateKeeper unless you explicitly allow it.
Probably best to move all future questions to the FindMySync+ repo.
I have created a new project called FindMySyncPlus. It based on the concepts of this project, and also leverages @Pnut-GGG's FMIPDataManager-extractor and findmy-cache-decryptor. It requires Sequoia or Tahoe to run.
Sounds good, few questions, 1) Does it decrypt the Items.data file in to text json? 2) How to run it ? thanks!
High level: 1) Yes it works on Items.data. But no it does not write an intermediate output file. It decrypts the plist items, and parses the decrypted array in memory before posting to your HA endpoint. 2) Either compile the swift program in Xcode, or download the pre-compiled Release. Please note, I did not pay for an apple developer certificate, so running it will get blocked by GateKeeper unless you explicitly allow it.
Probably best to move all future questions to the FindMySync+ repo.
Ok thanks, I added a repo issue, seems only supports silcon based macs (GPU issue), I am running on a Macbook Pro 2012 (Intel) via OLCP..
Ok thanks, I added a repo issue, seems only supports silcon based macs (GPU issue), I am running on a Macbook Pro 2012 (Intel) via OLCP..
Confirmed working on Intel. See issue details in the other repo.