seemoo-lab/openhaystack

★ 12,939SwiftAudience · researcherComplexity · 4/5Setup · hard

Mindmap

mindmap
  root((OpenHaystack))
    What it does
      DIY tracking tags
      Apple Find My
      Location reports
    How it works
      Bluetooth broadcast
      iPhone relay
      Encrypted upload
    Setup
      Mac app
      Mail plugin
      Bluetooth device
    Audience
      Security researchers
      Hardware tinkerers

mindmap root((OpenHaystack)) What it does DIY tracking tags Apple Find My Location reports How it works Bluetooth broadcast iPhone relay Encrypted upload Setup Mac app Mail plugin Bluetooth device Audience Security researchers Hardware tinkerers

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Flash a BBC micro:bit to act as a Bluetooth tracker and locate it anywhere iPhones are present, with no cellular connection in the tag.

USE CASE 2

Research how Apple's Find My offline finding network works by experimenting with a working open-source reverse-engineered implementation.

USE CASE 3

Build a low-cost DIY item tracker for keys or luggage using cheap Bluetooth hardware and a Mac app.

Tech stack

SwiftmacOS

Getting it running

Difficulty · hard Time to first run · 1h+

Requires temporarily disabling macOS Gatekeeper, installing a Mail app plugin, and flashing firmware onto a Bluetooth device.

In plain English

OpenHaystack is a research project from TU Darmstadt's Secure Mobile Networking Lab that lets you build your own Bluetooth tracking tags and locate them through Apple's Find My network, the same infrastructure that powers Apple AirTags. All you need is a Mac and a small Bluetooth-capable device such as a BBC micro:bit. The way it works: you flash the provided firmware onto your Bluetooth device, which causes it to broadcast a signal in the background. Any nearby iPhone running iOS 13 or later will automatically pick up that signal, grab its own GPS location, encrypt it, and upload it to Apple's servers. You never see that step happening. Then, from the OpenHaystack app on your Mac, you download the encrypted location reports and decrypt them using a private key stored in your Mac's keychain. The result is a map showing where your tagged item was last seen, without needing any cellular connection in the tagged device itself. The project was born out of security research. The team reverse-engineered how Apple's offline finding system works, published a paper on it, and found two vulnerabilities in the process (one of which Apple subsequently patched). OpenHaystack is the public release of that research, packaged as a usable application. Installation involves a few steps that are more involved than a typical Mac app. The app requires a plugin for Apple Mail, which is how it authenticates with Apple's servers to retrieve location reports. Setup requires temporarily disabling macOS Gatekeeper to allow the Mail plugin to load. The project is experimental, incomplete, and explicitly not affiliated with or endorsed by Apple. The current firmware broadcasts a fixed public key, which means other nearby devices could in principle detect your tag. The README notes this may change in a future release. macOS 11 (Big Sur) or later is required.

Copy-paste prompts

Prompt 1

I want to build a DIY AirTag using OpenHaystack and a BBC micro:bit. Walk me through flashing the firmware and setting up the Mac app to see the tag's location.

Prompt 2

Using OpenHaystack, explain how the encryption works when a nearby iPhone picks up my Bluetooth tag's signal and uploads the location report to Apple's servers.

Prompt 3

I've set up OpenHaystack and want to track multiple items. How do I register multiple Bluetooth accessories and view all their locations on the map?

Prompt 4

I'm writing a security research paper on Apple's Find My network. What vulnerabilities did the OpenHaystack team discover and what did Apple patch?

Open on GitHub → Explain another repo

← seemoo-lab on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.