Martyn's random musings

So, When I first read this article about using Apple's Airtag network to notify that post had been delivered, I was super intrigued, but as I investigated, it required a mac to run the server side and I got disheartened and didn't look at it again until recently.

Somewhere the macless-haystack project got linked to me and I found out they had found a way to not need a mac and I was super happy. In between times, I got really into homeassistant and have so many devices, I just assumed it would have support for it. Not so, but it is possible to add now. So how do we get to hass having a cheap tracker in it? Let's dive in.

The pieces

• A supported cheap tracker or make your own
• A working apple id with SMS 2factor auth – this can be tricky, there's a section below on this
• A linux machine, VM or place you can run docker containers
• The software :
  • Homeassistant
  • anisette – think of this as a proxy to the mac servers
  • (Optional but recommended)macless-haystack – web/mobile client to ensure everything is working before moving on.
  • hass-FindMy integration

The process

I'm going to assume you already have homeassistant installed and not go over that, but the rest is worth talking about.

Supported tracker

Okay, so it's time to play the aliexpress roulette game here. 99% of the trackers you can get on AliExpress will be one of the supported trackers :

• ST17H66
• TLSR825X
• CH592

Especially if you get an item that lists the chip in the title, you're probably good, but you probably want to buy one and open it up before proceeding because you won't be 100% certain until then.

biemster from the FindMy project is also looking at making a custom tracker.

No guarantees that the next batch from this supplier will be the same but I bought this one and got ST17H66-based trackers.

Opening and flashing

On a machine with python, clone the findmy repo and run the generate_keys.py script. You can generate a number of keys with -n if you want, -y to output in yaml all that fun stuff.

Put the keys somewhere safe, like in a password manager

Remove the battery, take a spudger and get that case open. It is possible that the case is heat-sealed, in which case, you might want to have a 3d printer handy. I thought mine was, took side cutters to it and it popped open even though I had tried to spudge it open. Oh well.

Depending on your fob type, you might have to do a bit of soldering. I found using magnet wire worked well to solder to the fob's test points. The documentation is a bit distributed, but this issue got me there on my ST17H66. Effectively, you connect your UART adapter's RX to P9, TX to P10, GND to GND and a 3.3v (not 5v) power supply to P15. Then you run the flash tool (which you have to edit to point at the right port), with your private key as a parameter whilst wiggling the 3.3v line until it goes into upload mode.

Once it's flashed, any passing iPhone user will report the tag's location (encrypted – here's how that works) to apple's servers. All good, but you might want to actually retrieve that data, so let's continue.

Anisette

Anisette is a reimplementation of omnisette, which is a http wrapper around a set of rust libraries that talk to apple's APIs. That's not that important, but it does a simple job, it talks to apples apis and exposes an api to get findmy devices by private key.

macless-haystack (somewhat optional)

By running macless-haystack you get two things – one is that you are able to validate that you can log in with your apple id, and the other is you can have a nice interface to where your tracker has been since you flashed it with the firmware.

Running it in docker (or in my case in k8s) in interactive mode starts up the login process, which is super important. If you can't get macless-haystack running because of a message like Account limit reached, then you're gonna need a “real” apple device to knock your apple account into a working state.

If you see serving at port 6176 over HTTP, you're golden and can skip the next section.

fixing your apple id

Your Apple ID needs to have :

• a working phone number for 2 factor auth via SMS
• an official device having logged into it like an iPhone, iPod or macbook
• probably a valid payment method

You can try some of these options :

• Borrow a friends' ipad, macbook or phone, login to your apple id, then remove yourself from it. (easiest but may expire at some point, maybe?)
• Register a new apple id via apple music, add a payment method, sign up for the free trial, add 2factor auth and maybe it will work. I couldn't get to set up 2fa so never got this working
• Run a macOS VM and login with your apple ID and shut it down without removing it. This is the one that worked for me.

I used https://github.com/sickcodes/Docker-OSX/ in the end, but on wsl2 getting the interface to appear is really hard, so I ended up with this command and accessing the VM with tightvncviewer localhost::1

docker run -it \
    --device /dev/kvm \
    -p 50922:10022 \
    -v /mnt/wslg/.X11-unix:/tmp/.X11-unix -v /run/desktop/mnt/host/wslg:/mnt/wslg \
    -e "DISPLAY=${DISPLAY:-:0}" \
    -e GENERATE_UNIQUE=true \
    -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist' \
    -e SHORTNAME=monterey -e EXTRA='-vnc :1' -p5901:5901 \
    sickcodes/docker-osx:latest

There's also https://github.com/kholia/OSX-KVM if you're on a real linux machine and a couple of very outdated blogs showing how to do it on VMWare/VirtualBox etc. but I've never got any of the blog posts to actually work.

homeassistant integration

The integration is seamless but has not yet been published to the HACS store yet, so open HACS, click the three dot menu, and go to “Custom repositories”. There you can add the github url – https://github.com/malmeloo/hass-FindMy and a name for the repo, it's of type Integration if you're asked. Once that's done you can install the integration and restart, before adding the integration in settings.

If you're running a containerised version of homeassistant, you'll probably need to add pip install FindMy==0.7.3 into the startup scripts because it often doesn't add dependencies from HACS which is quite annoying.

When you add the integration, it asks you to add a device, select Apple Account and give it your apple id details. Then add another device which is the tracker you want to monitor – for this you need the private key, which you stored somewhere safe when I suggested it above, right?!

If it can't login to your apple account, go back and check macless-haystack, and see if the message is account locked or account limit reached, if so, see the previous section.