[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-6696":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":36,"readmeContent":37,"aiSummary":38,"trendingCount":16,"starSnapshotCount":16,"syncStatus":39,"lastSyncTime":40,"discoverSource":41},6696,"openhaystack","seemoo-lab\u002Fopenhaystack","seemoo-lab","Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.","https:\u002F\u002Fowlink.org",null,"Swift",13039,652,137,130,0,4,17,106,16,43.44,"GNU Affero General Public License v3.0",false,"main",true,[27,28,29,30,31,32,33,34,35],"airtag","apple","bluetooth","find-my","location-tracker","macos","microbit","offline-finding","reverse-engineering","2026-06-12 02:01:28","# \u003Cimg src=\"Resources\u002FIcon\u002FOpenHaystackIcon.png\" alt=\"OpenHaystack application icon\" height=42 width=42 valign=bottom \u002F> OpenHaystack\n\nOpenHaystack is a framework for tracking personal Bluetooth devices via Apple's massive Find My network. Use it to create your own tracking _tags_ that you can append to physical objects (keyrings, backpacks, ...) or integrate it into other Bluetooth-capable devices such as notebooks.\n\n\u003Cimg src=\"Resources\u002FOpenHaystack-Screenshot.png\" alt=\"Screenshot of the app\" width=\"701\" \u002F>\n\n## Table of contents\n\n- [What is _OpenHaystack_?](#what-is-openhaystack)\n  - [History](#history)\n  - [Disclaimer](#disclaimer)\n- [How to use _OpenHaystack_?](#how-to-use-openhaystack)\n  - [System requirements](#system-requirements)\n  - [Installation](#installation)\n  - [Usage](#usage)\n- [How does Apple's Find My network work?](#how-does-apples-find-my-network-work)\n  - [Pairing](#pairing-1)\n  - [Losing](#losing-2)\n  - [Finding](#finding-3)\n  - [Searching](#searching-4)\n- [How to track other Bluetooth devices?](#how-to-track-other-bluetooth-devices)\n- [OpenHaystack Mobile](#openhaystack-mobile)\n- [Authors](#authors)\n- [References](#references)\n- [License](#license)\n\n## What is _OpenHaystack_?\n\nOpenHaystack is an application that allows you to create your own accessories that are tracked by Apple's [Find My network](#how-does-apples-find-my-network-work). All you need is a Mac and a [BBC micro:bit](https:\u002F\u002Fmicrobit.org\u002F) or any [other Bluetooth-capable device](#how-to-track-other-bluetooth-devices).\nBy using the app, you can track your accessories anywhere on earth without cellular coverage. Nearby iPhones will discover your accessories and upload their location to Apple's servers when they have a network connection.\n\n### History\n\nOpenHaystack is the result of reverse-engineering and security analysis work of Apple's _Find My network_ (or _offline finding_). We at the [Secure Mobile Networking Lab](https:\u002F\u002Fseemoo.de) of TU Darmstadt started analyzing offline finding after its initial announcement in June 2019. We identified how Apple devices can be found by iPhones devices, even when they are offline through this work. The whole system is a clever combination of Bluetooth advertisements, public-key cryptography, and a central database of encrypted location reports. We disclosed a specification of the closed parts of offline finding and conducted a comprehensive security and privacy analysis.\nWe found two distinct vulnerabilities. The most severe one, which allowed a malicious application to access location data, has meanwhile been fixed by Apple ([CVE-2020-9986](https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT211849)).\nFor more information about the security analysis, please read [our paper](#references).\nSince its release, we received quite a bit of [press and media coverage](https:\u002F\u002Fowlink.org\u002Fpress\u002F).\n\n### Disclaimer\n\nOpenHaystack is experimental software. The code is untested and incomplete. For example, OpenHaystack accessories using our [firmware](Firmware) broadcast a fixed public key and, therefore, are trackable by other devices in proximity (this might change in a future release). OpenHaystack is not affiliated with or endorsed by Apple Inc.\n\n## How to use _OpenHaystack_?\n\nOpenHaystack consists of two components. First, we provide a [macOS application](OpenHaystack) that can display the last reported location of your personal Bluetooth devices. Second, the [firmware image](Firmware) enables Bluetooth devices to broadcast beacons that make them discoverable by iPhones.\n\n### System requirements\n\nOpenHaystack requires macOS 11 (Big Sur).\n\n### Installation\n\nThe OpenHaystack application requires a custom plugin for Apple Mail. It is used to download location reports from Apple's servers via a private API (technical explanation: the plugin inherits Apple Mail's entitlements required to use this API).\nTherefore, the installation procedure is slightly different and requires you to temporarily disable [Gatekeeper](https:\u002F\u002Fsupport.apple.com\u002Fguide\u002Fsecurity\u002Fgatekeeper-and-runtime-protection-sec5599b66df\u002F1\u002Fweb\u002F1).\nOur plugin does not access any other private data such as emails (see [source code](OpenHaystack\u002FOpenHaystackMail)).\n\n1. Download a precompiled binary release from our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fseemoo-lab\u002Fopenhaystack\u002Freleases\">GitHub page\u003C\u002Fa>.  \n   _Alternative:_ build the application from source via Xcode.\n2. Open OpenHaystack. This will ask you to install the Mail plugin in `~\u002FLibrary\u002FMail\u002FBundle`.\n3. Open a terminal and run `sudo spctl --master-disable`, which will disable Gatekeeper and allow our Apple Mail plugin to run.\n4. Open Apple Mail. Go to _Preferences_ → _General_ → _Manage Plug-Ins..._ and activate the checkbox next to _OpenHaystackMail.mailbundle_.\n   * If the _Manage Plug-Ins..._ button does not appear. Run this command in terminal `sudo defaults write \"\u002FLibrary\u002FPreferences\u002Fcom.apple.mail\" EnableBundles 1`\n5. Allow access and restart Mail.\n6. Open a terminal and enter `sudo spctl --master-enable`, which will enable Gatekeeper again.\n\n### Usage\n\n**Adding a new accessory.**\nTo create a new accessory, you just need to enter a name for it and optionally select a suitable icon and a color. The app then generates a new key pair that is used to encrypt and decrypt the location reports. The private key is stored in your Mac's keychain.\n\n**Deploy to device.**\nConnect a [supported device](#how-to-track-other-bluetooth-devices) via USB to your Mac and hit the _Deploy_ button next to the accessory's name and choose the corresponding.\nInstead of using OpenHaystack's integrated deployment, you may also copy the public key used for advertising (right click on accessory) and deploy it manually.\n\n**Display devices' locations.**\nIt can take up to 30 minutes until you will see the first location report on the map on the right side. The map will always show all your items' most recent locations. You can click on every item to check when the last update was received.\nBy clicking the reload button, you can update the location reports.\n\n## How does Apple's Find My network work?\n\nWe briefly explain Apple's offline finding system (aka [_Find My network_](https:\u002F\u002Fdeveloper.apple.com\u002Ffind-my\u002F)). Please refer to our [PETS paper and Apple's accessory specification](#references) for more details. We provide a schematic overview (from our paper) and explain how we integrate the different steps in OpenHaystack below.\n\n![Find My Overview](Resources\u002FFindMyOverview.png)\n\n### Pairing (1)\n\nTo use Apple's Find My network, we generate a public-private key pair on an elliptic curve (P-224). The private key remains on the Mac securely stored in the keychain, and the public key is deployed on the accessory, e.g., an attached micro:bit.\n\n### Losing (2)\n\nIn short, the accessories broadcast the public key as Bluetooth Low Energy (BLE) advertisements (see [firmware](Firmware)).\nNearby iPhones will not be able to distinguish our accessories from a genuine Apple device or certified accessory.\n\n### Finding (3)\n\nWhen a nearby iPhone receives a BLE advertisement, the iPhone fetches its current location via GPS, encrypts it using public key from the advertisement, and uploads the encrypted report to Apple's server.\nAll iPhones on iOS 13 or newer do this by default. OpenHaystack is not involved in this step.\n\n### Searching (4)\n\nApple does not know which encrypted locations belong to which Apple account or device. Therefore, every Apple user can download any location report as long as they know the corresponding public key. This is not a security issue: all reports are end-to-end encrypted and cannot be decrypted unless one knows the corresponding private key (stored in the keychain). We leverage this feature to download the reports from Apple that have been created for our OpenHaystack accessories. We use our private keys to decrypt the location reports and show the most recent one on the map.\n\nApple protects their database against arbitrary access by requiring an authenticated Apple user to download location reports.\nWe use our Apple Mail plugin, which runs with elevated privileges, to access the required authentication information. The OpenHaystack app communicates with the plugin while downloading reports. This is why you need to keep Mail open while using OpenHaystack.\n\n## How to track other Bluetooth devices?\n\nIn principle, any Bluetooth device can be turned into an OpenHaystack accessory that is trackable via Apple's Find My network.\nCurrently, we provide a convenient deployment method of our OpenHaystack firmwares for a small number of embedded devices (see table below). We also support Linux devices via our generic HCI script.\nFeel free to port OpenHaystack to other devices that support Bluetooth Low Energy based on the [source code of our firmware](Firmware) and the specification in [our paper](#references). Please share your results with us!\n\n| Platform | Tested on | Deploy via app | Comment |\n|----------|-----------|:--------------:|---------|\n| [Nordic nRF51](Firmware\u002FMicrobit_v1) | BBC micro:bit v1 | ✓ | Only supports nRF51822 at this time (see issue #6). |\n| [Espressif ESP32](Firmware\u002FESP32) | SP32-WROOM, ESP32-WROVER | ✓ | Deployment can take up to 3 minutes. Requires Python 3. Thanks **@fhessel**. |\n| [Linux HCI](Firmware\u002FLinux_HCI) | Raspberry Pi 4 w\u002F Raspbian | | Should support any Linux machine. |\n\n![Setup](Resources\u002FSetup.jpg)\n\n## OpenHaystack Mobile\nOpenHaystack Mobile is a complete reimplementation of the OpenHaystack macOS application for smartphones. The app provides the same functionality to create and track accessories and aims to increase the usability, especially for new users. In contrast to the macOS application, the location reports cannot be fetched directly on the smartphone, so the app requires a proxy server hosted on Mac hardware to access the Find My network. The proxy server can be accessed over a network by multiple users simultaneously.\n\nTo connect to your proxy server set the correct URL in: openhaystack-mobile\u002Flib\u002FfindMy\u002Freports_fetcher.dart\n\n\u003Cimg width=\"300\" src=\".\u002FResources\u002Fmobile-map-view.png\"> \u003Cimg width=\"300\" src=\".\u002FResources\u002Fmobile-accessory-history.png\">\n\nOpenHaystack Mobile is built with the cross-platform [Flutter framework](https:\u002F\u002Fflutter.dev\u002F) and currently runs on Android and iOS. More information about the app and usage instructions can be found in the [openhaystack-mobile](openhaystack-mobile) folder of this repository.\n\n## Authors\n\n- **Alexander Heinrich** ([@Sn0wfreezeDev](https:\u002F\u002Fgithub.com\u002FSn0wfreezeDev), [email](mailto:aheinrich@seemoo.tu-darmstadt.de))\n- **Milan Stute** ([@schmittner](https:\u002F\u002Fgithub.com\u002Fschmittner), [email](mailto:mstute@seemoo.tu-darmstadt.de), [web](https:\u002F\u002Fseemoo.de\u002Fmstute))\n\n## References\n\n- Alexander Heinrich, Milan Stute, Tim Kornhuber, Matthias Hollick. **Who Can _Find My_ Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System.** _Proceedings on Privacy Enhancing Technologies (PoPETs)_, 2021. [doi:10.2478\u002Fpopets-2021-0045](https:\u002F\u002Fdoi.org\u002F10.2478\u002Fpopets-2021-0045) [📄 Paper](https:\u002F\u002Fwww.petsymposium.org\u002F2021\u002Ffiles\u002Fpapers\u002Fissue3\u002Fpopets-2021-0045.pdf) [📄 Preprint](https:\u002F\u002Farxiv.org\u002Fabs\u002F2103.02282).\n- Alexander Heinrich, Milan Stute, and Matthias Hollick. **DEMO: OpenHaystack: A Framework for Tracking Personal Bluetooth Devices via Apple’s Massive Find My Network.** _14th ACM Conference on Security and Privacy in Wireless and Mobile (WiSec ’21)_, 2021.\n- Tim Kornhuber. **Analysis of Apple's Crowd-Sourced Location Tracking System.** _Technical University of Darmstadt_, Master's thesis, 2020.\n- Apple Inc. **Find My Network Accessory Specification – Developer Preview – Release R3.** 2020. [📄 Download](https:\u002F\u002Fdeveloper.apple.com\u002Ffind-my\u002F).\n\n## License\n\nOpenHaystack is licensed under the [**GNU Affero General Public License v3.0**](LICENSE).\n","OpenHaystack 是一个利用苹果庞大的 Find My 网络来追踪个人蓝牙设备的框架。其核心功能包括创建可附着在物理物品（如钥匙圈、背包等）上的追踪标签，或将其集成到其他支持蓝牙的设备中，例如笔记本电脑。通过该应用，用户可以在没有蜂窝网络覆盖的情况下，借助附近的iPhone发现并上传位置信息至苹果服务器，从而实现全球范围内的定位追踪。适用于需要对重要物品进行远程监控和找回的应用场景，如防止丢失或被盗。项目基于Swift语言开发，并采用GNU Affero General Public License v3.0许可证发布。",2,"2026-06-11 03:08:22","top_language"]