Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

no results after quick google search

A

aue123

macrumors 6502
Original poster
Jan 24, 2019
439
517
Mid west USA
so from what i understand, the Apple Airtag works by being pinged by other apple products that use “find my” then magic happens and i guess it triangulates GPS coordinates.

so the nerd in me came up with an idea, is possible or has it already been done to reverse engineer the Airtag so it’ll map out all the apple products that ping it?

i had this weird idea how cool would it be to walk down the block and have it map out all the devices that ping it. pull up a street view and it’s just scattered with a bunch of dots.

idk i thought it sounded interesting. i’d love to hear anyone’s thoughts about it.
 
A

aue123

macrumors 6502
Original poster
Jan 24, 2019
439
517
Mid west USA
GabooN said:
It might look cool but the whole point is that the devices are anonymously assisting in locating the tag, is it not?
Click to expand...
uh.. idk about anonymously.. that’s why i was curious about reverse engineering and if it would be possible. i think the question might be out of your scope and it would be suited for someone else. thanks for your input though. enjoy the rest of your day.
 
E

erihp

macrumors 6502
Apr 21, 2020
254
215
go for it, most of the hard work is already done for you.

i dont think this would would work out of the box as you describe because the airtag doesnt know anything about the clients, it just sends out a BT beacon that phones pick out of the air. but you could probably build a device that had another BT radio that scans for the client devices grabbing the beacon.

github.com

GitHub - seemoo-lab/openhaystack: Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.

Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network. - seemoo-lab/openhaystack
github.com github.com
 
Last edited:
  • Like
Reactions: aue123
xraydoc

xraydoc

Contributor
Oct 9, 2005
10,799
5,264
192.168.1.1
aue123 said:
so from what i understand, the Apple Airtag works by being pinged by other apple products that use “find my” then magic happens and i guess it triangulates GPS coordinates.

so the nerd in me came up with an idea, is possible or has it already been done to reverse engineer the Airtag so it’ll map out all the apple products that ping it?

i had this weird idea how cool would it be to walk down the block and have it map out all the devices that ping it. pull up a street view and it’s just scattered with a bunch of dots.

idk i thought it sounded interesting. i’d love to hear anyone’s thoughts about it.
Click to expand...
Fairly certain this cannot be done.

According to Apple and everything else I've read, the AirTag system works something like this:

  • AirTag periodically broadcasts out its serial number (or some other unique identifier).
  • The AirTag's ID is picked up by any random nearby iPhones.
  • These random iPhones anonymously send back a "AirTag ID #xxxxx is located at these coordinates..." signal to Apple's servers.
  • The AirTag's location information is then updated on Apple's servers.
    • If Apple's servers see that the AirTag is not at the same location as its owner's iPhone, and it remains in bluetooth in proximity to someone else's moving iPhone, Apple's servers push out a "make an audible beep" command though the contributing iPhone to transmit via Bluetooth to the AirTag (the anti-stalking warning).
  • AirTag owner can log in and see what's the last reported location of the AirTag.
  • No information on contributing iPhones is sent or stored (like who's phone sent location information), so the system can't be used to reverse-look up the location of an arbitrary iPhone; even if Apple stored such information, you'd have to get inside Apple's servers to make use of it, something not available on customer-facing APIs.
Thought the course of a day, your iPhone may have passed by several AirTags and sent along GPS coordinates of that AirTag's location, but Apple isn't also storing that location with your identifying information attached to it (so they say). And even if they did, there's no way for you to access any of it.

So it's possible that Apple could do something like you ask, BUT, if the AirTag weren't moving, all you'd have is a bunch of dots in a small radius around the AirTag and that's it. Since Apple claims they're not keeping info on the phones that communicate with the AirTag, they would have no way of knowing where all those phones have since moved to since last in bluetooth range of said AirTag nor who those phones belonged to.

The AirTag itself has almost no other smarts to it. It sends out its identifier and that's about it. I believe it has a small accelerometer so it knows if it's been moved since the last time another iPhone "touched" it. If so, and the owner's iPhone isn't also within bluetooth range, it'll start beeping (anti-stalking). But otherwise the AirTag itself has no idea of where it is. That information is stored on Apple's servers.

Edit: for completeness, when you're in BT range of your own AirTag, you can make use of the ultrawideband chip inside it to get directional & distance information on where the AirTag is (like under the sofa cushion or something).
 
  • Like
Reactions: aue123
A

aue123

macrumors 6502
Original poster
Jan 24, 2019
439
517
Mid west USA
xraydoc said:
Fairly certain this cannot be done.

According to Apple and everything else I've read, the AirTag system works something like this:

  • AirTag periodically broadcasts out its serial number (or some other unique identifier).
  • The AirTag's ID is picked up by any random nearby iPhones.
  • These random iPhones anonymously send back a "AirTag ID #xxxxx is located at these coordinates..." signal to Apple's servers.
  • The AirTag's location information is then updated on Apple's servers.
    • If Apple's servers see that the AirTag is not at the same location as its owner's iPhone, and it remains in bluetooth in proximity to someone else's moving iPhone, Apple's servers push out a "make an audible beep" command though the contributing iPhone to transmit via Bluetooth to the AirTag (the anti-stalking warning).
  • AirTag owner can log in and see what's the last reported location of the AirTag.
  • No information on contributing iPhones is sent or stored (like who's phone sent location information), so the system can't be used to reverse-look up the location of an arbitrary iPhone; even if Apple stored such information, you'd have to get inside Apple's servers to make use of it, something not available on customer-facing APIs.
Thought the course of a day, your iPhone may have passed by several AirTags and sent along GPS coordinates of that AirTag's location, but Apple isn't also storing that location with your identifying information attached to it (so they say). And even if they did, there's no way for you to access any of it.

So it's possible that Apple could do something like you ask, BUT, if the AirTag weren't moving, all you'd have is a bunch of dots in a small radius around the AirTag and that's it. Since Apple claims they're not keeping info on the phones that communicate with the AirTag, they would have no way of knowing where all those phones have since moved to since last in bluetooth range of said AirTag nor who those phones belonged to.

The AirTag itself has almost no other smarts to it. It sends out its identifier and that's about it. I believe it has a small accelerometer so it knows if it's been moved since the last time another iPhone "touched" it. If so, and the owner's iPhone isn't also within bluetooth range, it'll start beeping (anti-stalking). But otherwise the AirTag itself has no idea of where it is. That information is stored on Apple's servers.

Edit: for completeness, when you're in BT range of your own AirTag, you can make use of the ultrawideband chip inside it to get directional & distance information on where the AirTag is (like under the sofa cushion or something).
Click to expand...
beautiful response, thank you
 
E

erihp

macrumors 6502
Apr 21, 2020
254
215
xraydoc said:
Fairly certain this cannot be done.

According to Apple and everything else I've read, the AirTag system works something like this:

  • AirTag periodically broadcasts out its serial number (or some other unique identifier).
  • The AirTag's ID is picked up by any random nearby iPhones.
  • These random iPhones anonymously send back a "AirTag ID #xxxxx is located at these coordinates..." signal to Apple's servers.
  • The AirTag's location information is then updated on Apple's servers.
    • If Apple's servers see that the AirTag is not at the same location as its owner's iPhone, and it remains in bluetooth in proximity to someone else's moving iPhone, Apple's servers push out a "make an audible beep" command though the contributing iPhone to transmit via Bluetooth to the AirTag (the anti-stalking warning).
  • AirTag owner can log in and see what's the last reported location of the AirTag.
  • No information on contributing iPhones is sent or stored (like who's phone sent location information), so the system can't be used to reverse-look up the location of an arbitrary iPhone; even if Apple stored such information, you'd have to get inside Apple's servers to make use of it, something not available on customer-facing APIs.
Thought the course of a day, your iPhone may have passed by several AirTags and sent along GPS coordinates of that AirTag's location, but Apple isn't also storing that location with your identifying information attached to it (so they say). And even if they did, there's no way for you to access any of it.

So it's possible that Apple could do something like you ask, BUT, if the AirTag weren't moving, all you'd have is a bunch of dots in a small radius around the AirTag and that's it. Since Apple claims they're not keeping info on the phones that communicate with the AirTag, they would have no way of knowing where all those phones have since moved to since last in bluetooth range of said AirTag nor who those phones belonged to.

The AirTag itself has almost no other smarts to it. It sends out its identifier and that's about it. I believe it has a small accelerometer so it knows if it's been moved since the last time another iPhone "touched" it. If so, and the owner's iPhone isn't also within bluetooth range, it'll start beeping (anti-stalking). But otherwise the AirTag itself has no idea of where it is. That information is stored on Apple's servers.

Edit: for completeness, when you're in BT range of your own AirTag, you can make use of the ultrawideband chip inside it to get directional & distance information on where the AirTag is (like under the sofa cushion or something).
Click to expand...
while everything you stated about how it works is factual, you could build a device with two bluetooth radios, one that is acting as an airtag (to send its location and other small payloads of embedded data!) as the other acting as a BT sniffer logging the bluetooth macs of nearby devices talking to the airtag. with a seperate wifi or cellular radio you could easily monitor and map devices near the airtag.

and based on this project repo, i believe that even without a WAN connection you could even send this information over the findmy network and apple would send it back with the location payload.

github.com

GitHub - positive-security/send-my: Upload arbitrary data via Apple's Find My network.

Upload arbitrary data via Apple's Find My network. - positive-security/send-my
github.com github.com
 
W

waw74

macrumors 601
May 27, 2008
4,689
957
xraydoc said:
AirTag periodically broadcasts out its serial number (or some other unique identifier).
  • The AirTag's ID is picked up by any random nearby iPhones.
  • These random iPhones anonymously send back a "AirTag ID #xxxxx is located at these coordinates..." signal to Apple's servers.
Click to expand...

it uses a rotating random ID code, so that people can't be tracked by someone putting out a sniffer and watching for certain serial numbers to come through.
 
E

erihp

macrumors 6502
Apr 21, 2020
254
215
waw74 said:
it uses a rotating random ID code, so that people can't be tracked by someone putting out a sniffer and watching for certain serial numbers to come through.
Click to expand...
A legit airtag itself does this, but the OP asked if it would be possible to create an airtag-like device capable of pretending to be an airtag and recording what phones listened for it. Not to identify legit airtags
 
  • Like
Reactions: aue123
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom