seemoo-lab / openhaystack

Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.
https://owlink.org
GNU Affero General Public License v3.0
8.62k stars 464 forks source link

Support for Android / Google's Find my Device? #245

Open JsBergbau opened 5 months ago

JsBergbau commented 5 months ago

Google recently launched its find my device network. https://blog.google/products/android/android-find-my-device/

Contrary to Apple, the specification is publicly available https://developers.google.com/nearby/fast-pair/specifications/extensions/fmdn

Is there planned to support Googles Network as well?

denysvitali commented 5 months ago

The new API seems to be called "spot":

izm.h("canary-spot-pa.sandbox.googleapis.com");
izm.h("dev-spot-pa.sandbox.googleapis.com");
izm.h("spot-pa.googleapis.com");
izm.h("spot-pa.googleapis.com");

This (protobuf?) API requires the following scopes:

https://www.googleapis.com/auth/spot
https://www.googleapis.com/auth/android_device_manager

It looks like it contains the following RPC services:

    izt.d("CreateUser", kcl17);
    izt.d("GetUser", kcl12);
    izt.d("UpdateUser", kcl10);
    izt.d("DeleteUser", kcl6);
    izt.d("CreateBleDevice", kcl5);
    izt.d("UpdateBleDevice", kcl2);
    izt.d("UpdateBleDeviceSharingSettings", kcl4);
    izt.d("ListBleDevices", kcl7);
    izt.d("ListEidsForBleDevices", kcl14);
    izt.d("GetEidInfoForE2eeDevices", kcl3);
    izt.d("UploadPrecomputedPublicKeyIds", kcl8);
    izt.d("RotateBleDeviceKeys", kcl13);
    izt.d("GetBleDevice", kcl9);
    izt.d("GetScannedDeviceInfo", kcl16);
    izt.d("DeleteBleDevice", kcl15);
    izt.d("GetServicePublicKey", kcl11);
    izt.d("UploadClientActionResult", kcl1);
adriancampos commented 5 months ago

The FMD app also makes some POST requests to

https://android.googleapis.com/nova/nbe_execute_action

and

https://android.googleapis.com/nova/nbe_list_devices

With the proper Authorization Bearer token, I get a list of my device names and images (including "spot" devices) along with a bunch of other binary data in the application/octet-stream response.

Cassander313 commented 5 months ago

Might be worth looking into this discussion as well to see if that helps: https://github.com/biemster/FindMy/issues/51

leonboe1 commented 3 months ago

The FMD app also makes some POST requests to

https://android.googleapis.com/nova/nbe_execute_action

and

https://android.googleapis.com/nova/nbe_list_devices

With the proper Authorization Bearer token, I get a list of my device names and images (including "spot" devices) along with a bunch of other binary data in the application/octet-stream response.

Did you figure out if acquiring the Bearer token could be automated?

biemster commented 2 months ago

@denysvitali or @adriancampos did you find out more on the API side? I implemented the FMD advertisement, where the Eid (ephemeral id) seems the key to all this. Next step would be to retrieve reports with an Eid, which might require registering it first on your google account.

dylanmazurek commented 3 weeks ago

I started building out an sdk for the findmy api.

https://github.com/dylanmazurek/google-findmy