FindMy icon indicating copy to clipboard operation
FindMy copied to clipboard

Published 20 hours ago verified publisher icon biemster

Implement Google Find My

Open biemster opened this issue 10 months ago • 9 comments

Google just activated their own Find My network on Android this weekend. Details are still scarce, so let's collect all technical info needed to send the BLE advertisement and subsequently query this network here. The BLE part can then be implemented here: https://github.com/biemster/st17h66_RF (and I will also finally put the Apple FindMy advertisement there then as well, so the chip can do both)

biemster avatar Apr 10 '24 07:04 biemster

For anybody working on this the specification seems to be here (https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn)

darthnithin avatar Apr 10 '24 18:04 darthnithin

This is very interesting.

  1. Are there any indications that Google will release an API or documentation for this, or will a similar investigation like Haystack be needed?
  2. Is there documentation on how the hardware is supposed to function and can it in that case be usefull for us?

Note: Some interesting blogpost: https://security.googleblog.com/2024/04/find-my-device-network-security-privacy-protections.html

trep-kalkyl avatar Apr 11 '24 07:04 trep-kalkyl

not sure yet. From that page, device manufacturers at least have to do a google NDA to ship a find my device compatible device, but that's pretty normal right?

darthnithin avatar Apr 12 '24 21:04 darthnithin

My question is if Google / Android phones are now reporting Apple's FindMy devices to their (or even Apple's) server as well. If Google isn't releasing info on how to request the data from their server, it probably needs to be hacked like it was done with Apple before. If Android now sends location reports to Apple's server it would enlarge the FindMy network instantly without the need to make any changes for Apple and us.

humpataa avatar Apr 14 '24 13:04 humpataa

Yea I'm fairly certain that's not happening. The google Find my Device network is separate. There are some architectural changes too. I think the only crossover between the networks is individual devices detecting unwanted trackers. image

darthnithin avatar Apr 20 '24 23:04 darthnithin

This new standard has some details on the protocol https://datatracker.ietf.org/doc/draft-detecting-unwanted-location-trackers/01/

also there is a spec https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn there are a lot more GATT services/characteristics required like Get_Accessory_Category_Response

flipper guys also planning it https://github.com/MatthewKuKanich/FindMyFlipper/issues/43

not sure if fast pair is relevant .. _Fast Pair: https://developers.google.com/nearby/fast-pair/specifications/introduction .. _Fast Pair roles: https://developers.google.com/nearby/fast-pair/specifications/configuration#roles .. _Fast Pair Model Registration: https://developers.google.com/nearby/fast-pair/specifications/service/modelregistration .. _Fast Pair TX power: https://developers.google.com/nearby/fast-pair/specifications/configuration#transmit_power .. _Fast Pair Advertising: https://developers.google.com/nearby/fast-pair/specifications/service/provider .. _Fast Pair GATT Characteristics: https://developers.google.com/nearby/fast-pair/specifications/characteristics .. _Fast Pair Procedure: https://developers.google.com/nearby/fast-pair/specifications/service/gatt .. _Verifying Fast Pair: https://developers.google.com/nearby/fast-pair/help#verifying_fast_pair .. _Fast Pair Personalized Name extension: https://developers.google.com/nearby/fast-pair/specifications/extensions/personalizedname .. _Fast Pair Certification Guidelines for Personalized Name: https://developers.google.com/nearby/fast-pair/certification-guideline#2_personalized_name .. _Fast Pair Battery Notification extension: https://developers.google.com/nearby/fast-pair/specifications/extensions/batterynotification .. _Fast Pair Find My Device Network extension: https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn .. _Fast Pair FMDN advertising: https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn#advertised-frames .. _Fast Pair Locator Tag Specific Guidelines: https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn#locator-tag .. _Fast Pair Unwanted Tracking Prevention Guidelines: https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn#unwanted-tracking-prevention

mrx23dot avatar May 28 '24 15:05 mrx23dot

More info that people have started collecting here: https://github.com/seemoo-lab/openhaystack/discussions/210

Cassander313 avatar Jun 19 '24 19:06 Cassander313

Maybe helpful: from Nordic Semiconductor (manufacturer of nRF52840 - Multiprotocol Bluetooth 5.4 SoC supporting Bluetooth Low Energy, Bluetooth mesh, NFC, Thread and Zigbee) Bluetooth Fast Pair: Locator tag (doc) https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/bluetooth/fast_pair/locator_tag/README.html Bluetooth: Fast Pair locator tag (zephyr source code) https://github.com/NordicBuilder/sdk-nrf/tree/0e99b70bcb259379b2faa87f9e2abcaf5de1e7a0/samples/bluetooth/fast_pair/locator_tag Fast Pair Validator (exclusively for manufacturers of bluetooth devices) https://play.google.com/store/apps/details?id=com.google.location.nearby.apps.fastpair.validator

rena2019 avatar Jun 21 '24 10:06 rena2019

I added an esp32 micropython script that sends the FMDN advertisement as detailed in https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn#advertised-frames table 8. I have no clue yet how to compute the ephemeral id or how to retrieve the reports through the google api's yet, but it's a start!

nRF Connect reports this as an Eddystone, with the ephemeral id as the data field.

biemster avatar Sep 24 '24 16:09 biemster

I added an esp32 micropython script that sends the FMDN advertisement as detailed in https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn#advertised-frames table 8. I have no clue yet how to compute the ephemeral id or how to retrieve the reports through the google api's yet, but it's a start!

nRF Connect reports this as an Eddystone, with the ephemeral id as the data field.

I just got some Chipolo tags, if you need me to scrape some data that might help, happy to do so.

dylanmazurek avatar Oct 14 '24 02:10 dylanmazurek

I just got some Chipolo tags, if you need me to scrape some data that might help, happy to do so.

That would be great! Are you able to mitm proxy an android with the account your chipolos are registered on? (and confirming they advertise as an eddystone with a 20 byte data field would already be of huge help)

biemster avatar Oct 14 '24 05:10 biemster

chipolo review, https://youtu.be/3EAu08m5Lbc?feature=shared&t=285 currently worse than Samsung's, which is closer to Apple's, but hopefully will change with time.

mrx23dot avatar Oct 14 '24 08:10 mrx23dot