-
-
Save henrik242/1da3a252ca66fb7d17bca5509a67937f to your computer and use it in GitHub Desktop.
#!/usr/bin/env bash | |
# | |
# Reads AirTag data from the FindMy.app cache and converts it to a daily GPX file | |
# | |
# Rsyncs the data to a web accessible folder that can be displayed with e.g. | |
# https://gist.github.com/henrik242/84ad80dd2170385fe819df1d40224cc4 | |
# | |
# This should typically be run as a cron job | |
# | |
set -o pipefail -o nounset -o errexit | |
export PATH=/usr/local/bin:$PATH | |
DATADIR=/tmp/airtag-data | |
TODAY=$(date +%d) | |
mkdir -p $DATADIR | |
DATA=$DATADIR/airtagdata-$TODAY.txt | |
GPX=$DATADIR/airtagdata-$TODAY.gpx | |
TAGNAME=Foobar | |
if [[ $(uname -s) == "Darwin" ]]; then | |
TOMORROW=$(date -v +1d +%d) | |
else | |
TOMORROW=$(date --date="tomorrow" +%d) | |
fi | |
rm -f $DATADIR/airtagdata-$TOMORROW.gpx | |
jq -r '.[] | select(.name == "'$TAGNAME'") | .location | "\(.latitude) \(.longitude) \(.altitude) \(.timeStamp/1000 | todate)"' \ | |
$HOME/Library/Caches/com.apple.findmy.fmipcore/Items.data >> $DATA | |
START='<?xml version="1.0" encoding="UTF-8"?> | |
<gpx xmlns="http://www.topografix.com/GPX/1/1" xmlns:mytracks="http://mytracks.stichling.info/myTracksGPX/1/0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" creator="myTracks" version="1.1" xsi:schemaLocation="http://www.topografix.com/GPX/1/1 http://www.topografix.com/GPX/1/1/gpx.xsd"> | |
<trk> | |
<name>'$TAGNAME'</name> | |
<extensions> | |
<mytracks:color red="0.000000" green="0.000000" blue="1.000000" alpha="1.000000" /> | |
<mytracks:area showArea="no" areaDistance="0.000000" /> | |
<mytracks:directionArrows showDirectionArrows="yes" /> | |
<mytracks:sync syncPhotosOniPhone="no" /> | |
<mytracks:timezone offset="120" /> | |
</extensions> | |
<trkseg>' | |
END=' </trkseg> | |
</trk> | |
</gpx>' | |
echo $START > $GPX | |
function elems() { | |
LAT=$1 | |
LON=$2 | |
ELE=$3 | |
TS=$4 | |
} | |
cat $DATA | while read line; do | |
elems $line | |
echo '<trkpt lat="'$LAT'" lon="'$LON'"> | |
<ele>'$ELE'</ele> | |
<time>'$TS'</time> | |
</trkpt>' >> $GPX | |
done | |
echo $END >> $GPX | |
cp $GPX $DATADIR/airtagdata.gpx | |
rsync -a --exclude='*.txt' $DATADIR example.com:public_html/airtag/ |
Just in case it is helpful, I wrote a script that logs more information (history location, battery level, etc.) and supports more devices (AirTag, iPhone, MacBook, etc.).
https://github.com/fjxmlzn/FindMyHistory
Suggestions are welcome!
@fjxmlzn Cool!
Hello @henrik242 , I was looking at your great code but I still have a question.. Could be possible to get from findmy cache not only lat, long and the actual timestamp also the timestamp of the last update of the airtag?
It could happen that I read the cache right now but the last update of the Airtag was many days ago.. Thank you very much :-)
@sarto89 Just look at your $HOME/Library/Caches/com.apple.findmy.fmipcore/Items.data
file and you might find what you're looking for.
Looks like with the MacOS Sonoma 14.4 update the $HOME/Library/Caches/com.apple.findmy.fmipcore/ files became encrypted. Any idea how to decrypt these to get the file in plain text again like it was is 14.3.1 and before? I was expecting apple to chop our legs off, it has happened.
Are you sure they are encrypted? What does the command file $HOME/Library/Caches/com.apple.findmy.fmipcore/*
say?
Bummer. I'm still on Ventura, so I'm not affected (yet).
Bummer. I'm still on Ventura, so I'm not affected (yet).
I am on Sonoma 14.3.1 but I built an airtag harvesting app that I was planning to go to production with for users to track the history on a map of their FindMy tags. Putting that on hold until I find out if I can decryot these files. This was expected as Apple frowns on tracking the history..
Maybe try putting that string in a file by itself and try to figure out what kind of encryption it is. Is it base64 encoded?
Also hitting this on 14.4.1
% plutil -p /Users/xxx/Library/Caches/com.apple.findmy.fmipcore/Items.data
{
"encryptedData" => {length = 40501, bytes = 0x82f73cb2 91a2aa9f 867bd9c0 30c79f5e ... d491f5f6 52b03543 }
"signature" => {length = 64, bytes = 0xcffcffcc d3befa46 13c3dd0b 0166762d ... eed8541f b9afbce1 }
}
yes, the encryption started in 14.4 so we would expect subsequent releases 14.4.x+ to now have it permanently. Stay with macOS 10.5 to 14.3.1 and your safe. It would be nice if we could decrypt the files but we need the key to decrypt them and I can't see any way to get that as Apple does not want you to look at your own files.
The key has to be somewhere (keychain?), it should be possible to reverse engineer and re-implement the decryption
Not very familiar with GitHub, hoping that commenting will allow me to get notified about any further comments here. I've backed up my cached FindMy files just in case the encryption is cracked in the future. If anyone needs a machine running 14.4.1 for testing, let me know!
@tmozes make sure your terminal has full disk access - This article can help