// the find
MatthewKuKanich/FindMyFlipper
The FindMy Flipper app turns your FlipperZero into an AirTag or other tracking device, compatible with Apple AirTags and Samsung SmartTag and Tile Trackers. It uses the BLE beacon to broadcast, allowing users to clone existing tags, generate OpenHaystack key pairs for Apple's FindMy network, and customize beacon intervals and transmit power.
A FlipperZero app that emulates Apple AirTags, Samsung SmartTags, and Tile Trackers by broadcasting BLE beacons. Includes Python tooling for generating OpenHaystack key pairs and fetching/mapping location reports from Apple's FindMy network. Aimed at FlipperZero owners who want to use their device as a tracking tag without buying dedicated hardware.
- The key generation and location report pipeline is genuinely complete - generate keys, authenticate with Apple, decrypt reports, and render an interactive HTML map. That's a full end-to-end workflow, not just a proof of concept.
- Supports three tracker ecosystems (Apple FindMy, Samsung SmartThings, Tile) from a single app, with separate code paths for each BLE advertisement format.
- Pre-compiled FAP releases for OFW, Unleashed, Momentum, and Xtreme firmware variants means most FlipperZero users can install without touching a build toolchain.
- The C firmware side follows Flipper's scene/view architecture properly and runs in the background with minimal battery impact, which is the right approach for a BLE beacon app.
- The cloning approach is fundamentally fragile: AirTags rotate their public key and MAC periodically, so any cloned tag eventually stops working and requires repeating the entire capture process. This is a design constraint of the FindMy protocol, but the README undersells how often this will bite people.
- The Apple authentication in request_reports.py depends on a third-party anisette server (dadoum/anisette-v3-server) and undocumented iCloud APIs - this pipeline has historically broken with Apple server-side changes and there's no fallback or clear error handling when it does.
- No tests anywhere in the repo, and the Python scripts have minimal error handling. If your .keys file is malformed or the Docker server is unreachable, you get cryptic exceptions rather than useful messages.
- Storing Apple ID credentials in a local auth file (as described in step 9) is a security concern that gets a one-liner mention. There's no documentation on what's stored, where, or how to revoke it.