Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FindMy Flipper Battery Status Refactor, Unify State Sync #100

Merged
merged 7 commits into from
Apr 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
139 changes: 112 additions & 27 deletions applications/system/findmy/README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# FindMy Flipper - FindMy SmartTag Emulator
# FindMy Flipper - AirTag and SmartTag Emulator

This app extends the functionality of the FlipperZero's bluetooth capabilities, enabling it to act as an Apple AirTag or Samsung SmartTag, or even both simultaneously. It utilizes the FlipperZero's BLE beacon to broadcast a SmartTag signal to be picked up by the FindMy Network. I made this to serve as a versatile tool for tracking purposes, offering the ability to clone existing tags, generate OpenHaystack key pairs for integration with Apple's FindMy network, and tune the device's beacon broadcast settings.
This app extends the functionality of the FlipperZero's bluetooth capabilities, enabling it to act as an Apple AirTag, Samsung SmartTag, or a Tile Tracker. It utilizes the FlipperZero's BLE beacon to broadcast a SmartTag signal to be picked up by the FindMy Network. I made this to serve as a versatile tool for tracking purposes, offering the ability to clone existing tags, generate OpenHaystack key pairs for integration with Apple's FindMy network, and always know where your FlipperZero is.

## Features

1. Tag Emulation: Clone your existing Apple AirTag or Samsung SmartTag to the FlipperZero, or generate a key pair for use with the FindMy network without owning an actual AirTag.
1. Tag Emulation: Clone your existing Apple AirTag, Samsung SmartTag, or Tile Tracker to the FlipperZero, or generate a key pair for use with the FindMy network without owning an actual AirTag.
2. Customization: Users can adjust the interval between beacon broadcasts and modify the transmit power to suit their needs, optimizing for both visibility and battery life.
3. Efficient Background Operation: The app is optimized to run in the background, ensuring that your FlipperZero can still be tracked with minimal battery usage and without stopping normal use.

Expand All @@ -14,38 +14,122 @@ This app extends the functionality of the FlipperZero's bluetooth capabilities,
- **Option A:** Use the released/precompiled firmware appropriate (FAP) for your device.
- **Option B:** Build the firmware yourself using `fbt/ufbt`.
- Both Installation options require you to be running a dev build of firmware. When release gets access to the extra BLE beacon this will change, thank you!
- All firmware should now work with main branch, including icons

### Step 2: Obtaining SmartTag Data
###### There are 2 methods to get SmartTag data depending on the type of tag you wish to emulate. Option A allows you to use Apple, Samsung, and Tile tags through the use of cloning the MAC Address and Payload of an actual tag. This also allows you to use the native app for tracking (Apple FindMy, Samsung SmartThing, Tile App). Option B allows you to emulate an Apple AirTag without needing to own an Apple device or airtag. This is done through key generation and requires a computer to download the location data.

#### Option A: Open Haystack Method
1. **Generate a Tag:** Download the `generate_keys.py` file and execute it in your terminal. (You will need cryptography ```python3 -m pip install cryptography```)
2. **Follow Prompts:** During execution, you'll be prompted for inputs. By the end, you'll obtain a **Private Key**, **Public Key**, **Payload**, and **MAC Address**.
- **Private Key** is necessary to receive location reports from Apple.
- **MAC Address** should be registered in the FlipperZero app:
1. Open the app and navigate to the config menu.
2. Choose "register tag" and enter the MAC Address when prompted.
3. A payload dialog will appear next. Enter your **Payload** here.
4. Click save.
3. **Configuration Completion:** With this setup, your device is ready for Open Haystack. Proceed with the specific steps for Open Haystack or MaclessHaystack based on your setup.
- Don't Own a Mac: https://github.com/dchristl/macless-haystack
- Own a Mac: https://github.com/seemoo-lab/openhaystack

#### Option B: Cloning Existing Tag
1. **Pair a Tag:** First, pair an AirTag or Samsung SmartTag with your device.
<details>
<summary><b>Option A: Cloning Existing Tag (Preferred and allows you to track without additional setup)</b></summary>

1. **Pair a Tag:** First, pair an AirTag, Samsung SmartTag or Tile Tracker with your device.
2. **Enter 'Lost' Mode:** Keep the tag away from the device it's registered to for approximately 15 minutes.
3. **Download nrfConnect:** Install nrfConnect from the Apple App Store or Google Play Store.
4. **Filter and Scan:**
3. **Download nrfConnect or use an ESP32** Install nrfConnect from the Google Play Store. (Apple version doesn't reveal the needed Raw data, looking for a workaround)
4. OR **Use an ESP32-WROOM / ESP32-S3** Don't have an android? No problem! You can get all the data you need from an ESP32: https://github.com/MatthewKuKanich/ESP32-AirTag-Scanner (Skip to step 7 if using an ESP32)
5. **Filter and Scan:**
- Open the app, click on filters, and exclude all except for the brand of your tag (Apple/Samsung).
- Adjust the RSSI to the lowest setting (-40 dBm).
- Initiate a scan. Wait for your SmartTag to appear as a "FindMy" device.
5. **Capture Data:** Click **Raw** or **View Raw** to capture your **payload** and note your tag's **MAC Address**. Immediately remove the tag's battery to prevent key/MAC rotation.
6. **Enter Data in FlipperZero App:** Input the captured **payload** and **MAC Address** into the FlipperZero app.
6. **Capture Data:** Click **Raw** or **View Raw** to capture your **payload** and note your tag's **MAC Address**. Immediately remove the tag's battery to prevent key/MAC rotation.
- The AirTag has now been cloned, if you put the battery back into the AirTag it will eventually rotate its keys with the Apple servers. This will invalidate the current keys on the Flipper. To prevent this you must keep the AirTag powered off / battery removed. You can always repeat these steps to return functionality to the Flipper. No need to get rid of the AirTag, you can always return to it if you desire, you just can't use both at the same time.
8. **Enter Data in FlipperZero App:** Input the captured **payload** and **MAC Address** into the FlipperZero app.
</details>

<details>
<summary><b>Option B: AirTag Key Generation</b></summary>
<br>

Video Tutorial: https://youtu.be/XGwHmwvQoqo?si=CAsKWEqGP5VFi9p9

### Prerequisites

Before you begin, ensure you have the following installed on your system:

- Docker Desktop
- Python
- Git

## Step-by-Step Instructions

### 1. Clone the Repository

Navigate to Matthew KuKanich's GitHub repository, copy the repository URL, and clone it to your desired location using the terminal.
```
git clone https://github.com/MatthewKuKanich/FindMyFlipper.git
```
### 2. Set Up the AirTag Generation Folder

Inside the cloned repository, locate the 'air tag generation' folder which contains all necessary files for creating AirTags.

### 3. Start Docker Desktop

Ensure Docker Desktop is running on your computer, as it is required for the server setup.

### 4. Set Up a Server Using Docker

Run the following Docker command to set up the server. This server emulates an environment that tricks Apple's authentication servers.
```
docker run -d --restart always --name anisette-v3 -p 6969:6969 dadoum/anisette-v3-server:latest
```
### 5. Create a Python Virtual Environment

Navigate to the AirTag generation directory, then create and activate a Python virtual environment. You will run all scripts in this terminal.
```
cd AirTagGeneration
```
```
python3 -m venv venv
```
(or `python -m venv venv`)

Activate the environment:
- Windows:
```
.\venv\Scripts\activate.bat
```
- Mac/Linux:
```
source venv/bin/activate
```
### 6. Install the Required Python Packages
```
pip3 install -r requirements.txt
```
### 7. Generate Keys for AirTags

Run the ```generate_keys.py``` script in the current terminal to generate the keys needed for AirTags, which will be saved in a new folder called 'keys'.


### 8. Transfer the Generated Keys to Flipper Zero

Move the '.Keys' file to your Flipper device by connecting it to your computer and using the Flipper's file management system.
- For ease of use, drag your `.keys` file onto your FlipperZero's SD card in the apps_data->findmy folder. You can import it directly from the app!
1. Open the app and navigate to the config menu.
2. Choose "register tag" and select the tag type.
3. Either click import `.keys`, `.txt`, or enter Manually.
4. If entering manually then a MAC and payload dialog will appear next. Enter your **MAC** then **Payload** here.
5. Click save.

### 9. Request Location Reports

Use the ```request_reports.py``` script to request real-time location data, requiring your Apple ID and password for authentication. This will save your Apple login information to a auth file so you won't need to re-enter your Apple credentials.

### 10. Generate an Advanced Location Map

Finally, run the ```RequestReport&Map.py``` script to generate an interactive map of all location data in the past 24 hours. This script automates the process by requesting the location report using the hashed adv key in your ```keys``` folder, then decrypting that data from your private key located in the same `.keys` file. After the data is decrypted it will be displayed in the terminal. It then launches a mapping script that maps all the coordinates, connects them to show movement, displays a plethora of location metadata, and saves to an html file named by the date of the report.

You're done!

### Step 3: Configuration
- Upon launching the app, choose whether to clone an AirTag or SmartTag, generate a new Open Haystack key pair, or adjust broadcast settings.
- If you want to use OpenHaystack or Macless instead, then you can follow the steps below. I don't recommend these methods due to reliability issues and setup complexity.
To use OpenHayStack for tracking, you must use MacOS lower than version 14 (Mail Plug-in Incompetiablity of MacOS 14+ seemoo-lab/openhaystack#224). If you do own a device, I believe a convertor script can be provided without much of effort. If you do not own a Mac device or the system has been upgraded to 14 and beyond. The alternative solutions includes,

### Step 4: Tracking
- Once the app is configured, your FlipperZero can be tracked using the relevant platform's tracking service (FindMy app for Apple devices, SmartThings for Samsung devices, and respective web browsers).
https://github.com/dchristl/macless-haystack

If using this solution, be sure to only use the `generate_keys.py` script from this repo in the AirTagGeneration folder. Not the ones included in that repo as the formatting of the key file changes. (Mine includes data that the FlipperZero needs for proper importing)
</details>

### On The Flipper: Configuration on the FlipperZero (if not completed yet)
- Upon launching the app, open the config menu and either click ```Import Tag From File``` or ```Register Tag Manually```. Put your generated .keys file onto the FlipperZero SD card inside the AppsData/FindMyFlipper folder to import from file. Or you can manually enter the tag information. When using the cloning method, you can export a .txt file from nrfConnect (click save button) amd place that in the same folder in order to import.

Customization

Expand All @@ -60,10 +144,11 @@ Compatibility

- Apple devices for AirTag tracking via the FindMy network.
- Any device that supports Samsung SmartTag tracking, including web browsers (previously FindMyMobile).
- Tile Trackers via the Tile App

Thanks

- Huge thanks to all the people that contributed to the OpenHaystack project, supporting projects, and guides on the subject. This wouldn't be a thing without any of you!
- Huge thanks to all the people that contributed to the OpenHaystack project, supporting projects, and guides on the subject. This wouldn't be a thing without any of you! Special thanks to Chapoly1305 for introducing me to the FindMy network and WillyJL for helping get the app input working and overall overhaul of the apps functions!

Legal and Privacy

Expand Down
67 changes: 36 additions & 31 deletions applications/system/findmy/findmy.c
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#include "findmy_i.h"
#include <furi_hal_power.h>

static bool findmy_custom_event_callback(void* context, uint32_t event) {
furi_assert(context);
Expand Down Expand Up @@ -102,60 +103,64 @@ void findmy_change_broadcast_interval(FindMy* app, uint8_t value) {
return;
}
app->state.broadcast_interval = value;
findmy_state_sync_config(&app->state);
findmy_state_save(&app->state);
findmy_main_update_interval(app->findmy_main, app->state.broadcast_interval);
if(furi_hal_bt_extra_beacon_is_active()) {
// Always check if beacon is active before changing config
furi_check(furi_hal_bt_extra_beacon_stop());
}
furi_check(furi_hal_bt_extra_beacon_set_config(&app->state.config));
if(app->state.beacon_active) {
furi_check(furi_hal_bt_extra_beacon_start());
}
findmy_state_save_and_apply(app, &app->state);
}

void findmy_change_transmit_power(FindMy* app, uint8_t value) {
if(value > 6) {
return;
}
app->state.transmit_power = value;
findmy_state_sync_config(&app->state);
findmy_state_save(&app->state);
if(furi_hal_bt_extra_beacon_is_active()) {
furi_check(furi_hal_bt_extra_beacon_stop());
}
furi_check(furi_hal_bt_extra_beacon_set_config(&app->state.config));
if(app->state.beacon_active) {
furi_check(furi_hal_bt_extra_beacon_start());
}
findmy_state_save_and_apply(app, &app->state);
}

void findmy_toggle_show_mac(FindMy* app, bool show_mac) {
app->state.show_mac = show_mac;
findmy_state_sync_config(&app->state);
findmy_state_save(&app->state);
findmy_main_toggle_mac(app->findmy_main, app->state.show_mac);
findmy_state_save_and_apply(app, &app->state);
}

void findmy_toggle_beacon(FindMy* app) {
app->state.beacon_active = !app->state.beacon_active;
findmy_state_save(&app->state);
if(furi_hal_bt_extra_beacon_is_active()) {
furi_check(furi_hal_bt_extra_beacon_stop());
}
if(app->state.beacon_active) {
furi_check(furi_hal_bt_extra_beacon_start());
}
findmy_state_save_and_apply(app, &app->state);
findmy_main_update_active(app->findmy_main, furi_hal_bt_extra_beacon_is_active());
}

void findmy_set_tag_type(FindMy* app, FindMyType type) {
app->state.tag_type = type;
findmy_state_sync_config(&app->state);
findmy_state_save(&app->state);
findmy_state_save_and_apply(app, &app->state);
findmy_main_update_type(app->findmy_main, type);
FURI_LOG_I("TagType2", "Tag Type: %d", type);
}

void findmy_state_save_and_apply(FindMy* app, FindMyState* state) {
uint32_t battery_capacity = furi_hal_power_get_battery_full_capacity();
uint32_t battery_remaining = furi_hal_power_get_battery_remaining_capacity();
uint16_t battery_percent = (battery_remaining * 100) / battery_capacity;
uint8_t battery_level;

if(battery_percent > 80) {
battery_level = BATTERY_FULL;
} else if(battery_percent > 50) {
battery_level = BATTERY_MEDIUM;
} else if(battery_percent > 20) {
battery_level = BATTERY_LOW;
} else {
battery_level = BATTERY_CRITICAL;
}
app->state.battery_level = battery_level;

if(furi_hal_bt_extra_beacon_is_active()) {
furi_check(furi_hal_bt_extra_beacon_stop());
}
furi_check(
furi_hal_bt_extra_beacon_set_data(state->data, findmy_state_data_size(state->tag_type)));
findmy_state_sync_config(state);
findmy_state_save(state);
furi_check(furi_hal_bt_extra_beacon_set_config(&state->config));
if(state->beacon_active) {
furi_check(furi_hal_bt_extra_beacon_start());
}
}

void furi_hal_bt_reverse_mac_addr(uint8_t mac_addr[GAP_MAC_ADDR_SIZE]) {
Expand Down
1 change: 1 addition & 0 deletions applications/system/findmy/findmy_i.h
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,4 @@ void findmy_change_transmit_power(FindMy* app, uint8_t value);
void findmy_toggle_show_mac(FindMy* app, bool show_mac);
void findmy_set_tag_type(FindMy* app, FindMyType type);
void findmy_toggle_beacon(FindMy* app);
void findmy_state_save_and_apply(FindMy* app, FindMyState* state);
36 changes: 29 additions & 7 deletions applications/system/findmy/findmy_state.c
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,12 @@ bool findmy_state_load(FindMyState* out_state) {
*data++ = 0x00; // ...
*data++ = 0x12; // Type (FindMy)
*data++ = 0x19; // Length
*data++ = 0x00; // Status
*data++ = 0x00; // Battery Status set to Full
// Placeholder Empty Public Key without the MAC address
for(size_t i = 0; i < 22; ++i) {
*data++ = 0x00;
}
*data++ = 0x00; // First 2 bits are the version, the rest is the battery level
*data++ = 0x00; // First 2 bits are the version
*data++ = 0x00; // Hint (0x00)
}

Expand All @@ -98,16 +98,15 @@ bool findmy_state_load(FindMyState* out_state) {
}

void findmy_state_apply(FindMyState* state) {
// Stop any running beacon
// This function applies initial state to the beacon (loaded values)
if(furi_hal_bt_extra_beacon_is_active()) {
furi_check(furi_hal_bt_extra_beacon_stop());
}

furi_check(furi_hal_bt_extra_beacon_set_config(&state->config));
findmy_update_payload_battery(state->data, state->battery_level, state->tag_type);

furi_check(
furi_hal_bt_extra_beacon_set_data(state->data, findmy_state_data_size(state->tag_type)));

if(state->beacon_active) {
furi_check(furi_hal_bt_extra_beacon_start());
}
Expand All @@ -118,6 +117,30 @@ void findmy_state_sync_config(FindMyState* state) {
state->config.max_adv_interval_ms = (state->broadcast_interval * 1000) + 150;
state->config.adv_power_level = GapAdvPowerLevel_0dBm + state->transmit_power;
memcpy(state->config.address, state->mac, sizeof(state->config.address));
findmy_update_payload_battery(state->data, state->battery_level, state->tag_type);
}

void findmy_update_payload_battery(uint8_t* data, uint8_t battery_level, FindMyType type) {
// Update the battery level in the payload
if(type == FindMyTypeApple) {
switch(battery_level) {
case BATTERY_FULL:
data[6] = BATTERY_FULL;
break;
case BATTERY_MEDIUM:
data[6] = BATTERY_MEDIUM;
break;
case BATTERY_LOW:
data[6] = BATTERY_LOW;
break;
case BATTERY_CRITICAL:
data[6] = BATTERY_CRITICAL;
break;
default:
FURI_LOG_E("update_bat", "Invalid battery level: %d", battery_level);
return;
}
}
}

void findmy_state_save(FindMyState* state) {
Expand All @@ -144,12 +167,11 @@ void findmy_state_save(FindMyState* state) {
if(!flipper_format_write_bool(file, "show_mac", &state->show_mac, 1)) break;

if(!flipper_format_write_hex(file, "mac", state->mac, sizeof(state->mac))) break;

findmy_update_payload_battery(state->data, state->battery_level, state->tag_type);
if(!flipper_format_write_hex(
file, "data", state->data, findmy_state_data_size(state->tag_type)))
break;
} while(0);

flipper_format_free(file);
furi_record_close(RECORD_STORAGE);
}
Expand Down
9 changes: 9 additions & 0 deletions applications/system/findmy/findmy_state.h
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@
#define FINDMY_STATE_DIR EXT_PATH("apps_data/findmy")
#define FINDMY_STATE_PATH FINDMY_STATE_DIR "/findmy_state.txt"

#define BATTERY_FULL 0x00
#define BATTERY_MEDIUM 0x50
#define BATTERY_LOW 0xA0
#define BATTERY_CRITICAL 0xF0

typedef enum {
FindMyTypeApple,
FindMyTypeSamsung,
Expand All @@ -24,6 +29,8 @@ typedef struct {

// Generated from the other state values
GapExtraBeaconConfig config;

uint8_t battery_level;
} FindMyState;

bool findmy_state_load(FindMyState* out_state);
Expand All @@ -34,4 +41,6 @@ void findmy_state_sync_config(FindMyState* state);

void findmy_state_save(FindMyState* state);

void findmy_update_payload_battery(uint8_t* data, uint8_t battery_level, FindMyType type);

uint8_t findmy_state_data_size(FindMyType type);
Loading
Loading