// the find
seemoo-lab/openhaystack
Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.
OpenHaystack is a reverse-engineered framework that lets you turn cheap Bluetooth hardware (ESP32, BBC micro:bit, Raspberry Pi) into Apple AirTag-style trackers using Apple's Find My network. It comes out of academic security research at TU Darmstadt and includes the macOS app, firmware, and a Flutter mobile app. Aimed at hardware tinkerers and security researchers who want to understand or experiment with Apple's offline finding system.
- The underlying research is solid — backed by a peer-reviewed PETS paper with full cryptographic explanation of the P-224 key pair system and end-to-end encryption used by Apple's Find My.
- Firmware support spans three real targets (nRF51/micro:bit, ESP32, Linux HCI) with actual deployment tooling built into the macOS app, not just theory.
- The Mail plugin approach for inheriting Apple's entitlements is a clever workaround to a real technical constraint, and the source is fully auditable — not a black box.
- Flutter mobile app adds cross-platform reach, and the proxy server architecture for fetching reports is a reasonable design given Apple's API restrictions.
- The firmware broadcasts a fixed public key, meaning anyone nearby can track your accessory — this is a known privacy flaw explicitly called out in the README and apparently still unfixed years later.
- The installation process requires temporarily disabling Gatekeeper system-wide, which is a significant security ask for end users and a red flag for anyone in a managed environment.
- Last commit was July 2024 but activity is sparse; macOS and Mail plugin compatibility tends to break with every major OS release, and there's no indication this tracks Apple's changes proactively.
- The mobile app requires you to run your own proxy server on Mac hardware to fetch reports, which kills usability for anyone who doesn't have a Mac running 24/7.