Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid using Mail.app plugin for accessing required APIs #240

Open
ololobus opened this issue Apr 5, 2024 · 3 comments
Open

Avoid using Mail.app plugin for accessing required APIs #240

ololobus opened this issue Apr 5, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@ololobus
Copy link

ololobus commented Apr 5, 2024
edited

Disclaimer: I didn't know about openhaystack project and came here with a strange trajectory, so sorry for my ignorance if I'm talking nonsense. Yet, the problem is the same -- use Apple item locations network to track non-Apple certified devices, so here is the idea.

In the README you say

The OpenHaystack application requires a custom plugin for Apple Mail. It is used to download location reports from Apple's servers via a private API (technical explanation: the plugin inherits Apple Mail's entitlements required to use this API). Therefore, the installation procedure is slightly different and requires you to temporarily disable Gatekeeper.

However, as I mentioned I came here from this repository: https://github.com/MatthewKuKanich/FindMyFlipper/tree/main/AirTagGeneration

It does pretty much the same as your project, it's just not that polished. So what I did:

  1. Generate a key pair
  2. Used app on my Flipper Zero to broadcast BLE beacons using this key, when I went for a walk
  3. Registered a blank Apple ID (N.B. this wasn't an account used on any of my Apply devices at this moment, so I guess you just need any account)
  4. Used scripts in the aforementioned repo to get locations history for the past few hours and it worked flawlessly

I've spent a couple of hours reading the code, and from what I've got, in 4. it does the following:

  1. Uses this project https://github.com/Dadoum/anisette-v3-server to generate some random, but specific device IDs
  2. Uses Apple ID credentials to auth in icloud
  3. Then uses https://gateway.icloud.com/acsnservice/fetch with auth info to finally get coordinates

I hope I didn't miss something, while reading the sources and didn't leak any sensitive info, when I was experimenting with it :) But it looks like it just works and doesn't require any complicated Mail.app patching.

What do you think about adopting the same approach openhaystack? It'd simplify installation and potentially allow it's usage on non-macOS devices (not sure).
@ololobus ololobus added the enhancement New feature or request label Apr 5, 2024
@ololobus ololobus mentioned this issue Apr 5, 2024
Open
@darthnithin
Copy link

I think https://github.com/dchristl/macless-haystack uses this method. That's why its not reliant on Mac hardware or a Mail plugin

@darthnithin
Copy link

So does https://github.com/biemster/FindMy

@ololobus
Copy link
Author

Thanks for the links!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ololobus @darthnithin