openhaystack icon indicating copy to clipboard operation
openhaystack copied to clipboard

Published 20 hours ago verified publisher icon seemoo-lab

Can Openhaystack be used to track locations of „my“ AirTags (the original ones from Apple)?

Open ctschach opened this issue 3 years ago • 12 comments

Can Openhaystack be used to continually track the location of my AirTags? No, not for stalking. I would just love to record my AirTags positions over time and add them to a database…

ctschach avatar Feb 13 '22 08:02 ctschach

Everything is possible with enough effort but I am inclined to say not really in this case without some problematic hurdles to overcome.

Itheras avatar Feb 17 '22 01:02 Itheras

I agree with @Itheras. The problem is that the AirTags keys are hidden inside your macOS / iOS keychain. We know how to access them, but it is not possibel without modifying your macOS system.

Sn0wfreezeDev avatar Feb 21 '22 08:02 Sn0wfreezeDev

What if you don't care about pairing with Apple stuff, and only want to use openhaystack?

luke-jr avatar May 12 '22 20:05 luke-jr

This is a great question for folks that don't have an iOS device but would still like to use AirTags. (Because the hardware is pretty good!)

swansonba avatar May 19 '22 14:05 swansonba

Simple answer no. But again anything can be done with enough effort but in the current state no.

Itheras avatar May 19 '22 15:05 Itheras

The airtag keys are periodically written into a plan local file by the Mac OS findmy app - since running the proxy already requires a Mac, it shouldn't be too high of a hurdle. See section 10 in Heinrich, Alexander, Stute, Milan, Kornhuber, Tim and Hollick, Matthias. "Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System" Proceedings on Privacy Enhancing Technologies, vol.2021, no.3, 2021, pp.227-245. https://arxiv.org/pdf/2103.02282.pdf

brianr2600 avatar Jun 20 '22 10:06 brianr2600

@brianr2600 The mentioned "Keys" subdirectory doesn't appear to exist in Big Sur at least.

luke-jr avatar Jun 20 '22 22:06 luke-jr

#37 mentions a "MasterBeacons" directory, which does exist with files for each airtag, but I don't really have time to investigate if there's a way to use those.

luke-jr avatar Jun 20 '22 22:06 luke-jr

The method of @brianr2600 would work the best. It requires you to disable some security and sandboxing features, but these files exist (as mentioned in our paper). But the issue is that Apple changes its format regularly. So at the moment, we don't have a working parser. The last parser that we created was working for macOS 10.15.4

Sn0wfreezeDev avatar Jun 21 '22 07:06 Sn0wfreezeDev

After apple having updated their "anti-stalking" policy this becomes very interesting again. I was only using my airtags to follow my car and my bike but this seems almost completely ruined with the new firmware. A solution with custom firmware with something like https://positive.security/blog/find-you to swap public keys often seems like my only hope :D

kblnig avatar Mar 14 '23 14:03 kblnig

Any updates if it's possible to track genuine AirTags with OH? Its use case has been questioned in similar posts and to be quite frank, not everyone is skilled enough to build their own. AirTag's are ready-made trackers, but not everyone has access to an iOS or Mac device.

advename avatar Jul 11 '23 16:07 advename

Hi @advename , Tracking AirTags with your OpenHaystack needs way more skills than building your own trackers. That's very complicated to achieve.

Sn0wfreezeDev avatar Jul 19 '23 09:07 Sn0wfreezeDev