Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

real_airtag: read identifier and model from plist for later resolving #77

Merged
merged 4 commits into from
Sep 18, 2024

Conversation

Mimoja
Copy link
Contributor

@Mimoja Mimoja commented Sep 17, 2024

In combination with BeaconNamingRecord this allows for resolving the name and emoji

Signed-off-by: Mimoja [email protected]

@malmeloo
Copy link
Owner

Thanks! I see some slight issues with your code, but I will fix them for you.

Could you elaborate on what you mean with the BeaconNamingRecord and name/emoji?

@Mimoja
Copy link
Contributor Author

Mimoja commented Sep 18, 2024

When decrypting the whole com.apple.icloud.searchpartyd folder you end up with the OwnedBeacons folder, but also a com.apple.icloud.searchpartyd/BeaconNamingRecord folder. This folder resolves tag identifier to names and emojis:
The format of the decrypted record / plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>associatedBeacon</key>
	<string>[UUID_AS_FOUND_IN_OWNED_BEACONS]</string>
	<key>cloudKitMetadata</key>
	<data>
		[LOTS_OF_DATA]
	</data>
	<key>emoji</key>
	<string>🤖</string>
	<key>identifier</key>
	<string>[THIS_IS_A_UUID]</string>
	<key>name</key>
	<string>Hello from the naming side</string>
	<key>roleId</key>
	<integer>999</integer>
</dict>
</plist>

Reading that folder then makes it possible to lookup the names for the tags ( a slight bit overly verbose for documentation purposes):

nameing_records_folder = Path(plist_path).joinpath("BeaconNamingRecord")
        if nameing_records_folder.exists() and nameing_records_folder.is_dir():
            for folder in Path(plist_path).rglob("*"):
                if folder.is_dir():
                    for file in folder.iterdir():
                        if file.is_file() and file.suffix == ".plist":
                            with file.open("rb") as f:
                                naming_record = plistlib.load(f)
                                associated_beacon = naming_record.get(
                                    "associatedBeacon"
                                )
                                emoji = naming_record.get("emoji")
                                identifier = naming_record.get("identifier")
                                name = naming_record.get("name")
                                if not associated_beacon:
                                    continue
                                ident = {
                                    "emoji": emoji,
                                    "name": name,
                                    "identifier": identifier,
                                }
                                ident_lookup[associated_beacon] = ident
for airtag in airtags:
        ident = ident_lookup.get(airtag._identifier)

I would absolutely prefer to query the proper endpoint to get the item names (given that tags can be renamed and the renaming syncs) I would hope this info to be some kind of lookup table.
But i have no idea on how to debug / sniff the traffic :/
So: having findMy do it instead

@malmeloo
Copy link
Owner

Ahh I see, thanks for clarifying. I would assume that the item names are also synced through the iCloud keychain, just like the actual accessory keys. In that case your current method is probably the way to go, as I don't think anyone has reverse engineered the keychain syncing yet (but please do prove me wrong!).

I will merge this and push a new release in a bit.

@malmeloo malmeloo merged commit 4e75e73 into malmeloo:main Sep 18, 2024
7 checks passed
@Mimoja
Copy link
Contributor Author

Mimoja commented Sep 20, 2024

If you have any idea on how to have a good sniff on the communication there I will happily take that pointer :D

@malmeloo
Copy link
Owner

I wish I did, but I have no hands-on experience RE'ing that stuff whatsoever... 😅
The requests that this library makes were already figured out by other people before I even started working on it. I've asked around about keychain stuff a while ago but couldn't find anyone who has looked into it before.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants