This project is meant as a simpler alternative to Macless-Haystack, by focusing on its main competency: getting position reports from Apple's FindMy Network.
It doesn't include its own frontend, but is meant to be used in conjunction with an MQTT broker and OwnTracks. All this project does is collecting position reports, decrypting them and publishing them to an MQTT broker in a standardized format.
This is meant as a fully featured and easy jumping off point, by also including the setup for an MQTT broker, as well as the OwnTracks Recorder as a frontend.
- Make sure Docker and Docker Compose (>=2.23.1) are installed on your system
- Download the
compose.yamlfile - Replace
${APPLE_USERNAME}and${APPLE_PASSWORD}with your login data - Setup the tags with their keys
- Depending on your hardware follow the instructions for ESP32, nrf5x, Bluefruit devices or Flipper Zero
- For every tag create a
.priv_keysfile in the./data/keysfolder containing one base64 enecoded private key per line. (Multiple lines are only needed if you are using rotating keys on the device.) - The filename of the file will be used as the mqtt topic and name of the tag. E.g.,
flipper.priv_keyswill result in its position reports to be posted toowntracks/haystack/flipper
- Start the container in interactive mode with
docker compose run --rm haystack - Enter your 2FA code when you are asked for it
- Once you have sucessfully authenticated the 2FA, a
auth.jsonfile is created and you should be able to start the container normally - Goto
http://localhost:8083/to see the OwnTracks frontend with the captured location reports
All of this projects features are configured through environment variables:
| Variable | Default | Description |
|---|---|---|
| APPLE_USERNAME | required | The email of your Apple ID |
| APPLE_PASSWORD | required | The password of your Apple ID |
| TRUSTED_DEVICE | False |
Set to TRUE if a Trusted Device should be used for 2FA instad of SMS |
| ANISETTE_URL | dynamic public server | URL to an anisette server (including http/https) |
| MQTT_TOPIC_PREFIX | owntracks/haystack/ |
Where to post the location records |
| MQTT_SERVER | required | Hostname or IP of MQTT broker |
| MQTT_PORT | 1883 |
MQTT port number |
| MQTT_USERNAME | no auth | MQTT username |
| MQTT_PASSWORD | no auth | MQTT password |
| MQTT_TLS | FALSE |
Set to True if MQTT over TLS should be used |
| REFRESH_INTERVAL | 5 |
Time in minutes between updating the locations from the FindMy network |
| AUTH_FILE | \data\auth.json in docker.\data\auth.json otherwise |
Location of the auth file |
| KEY_FOLDER | \data\keys in docker.\data\keys otherwise |
Location of the private key files |
This project is based on: (Credits go to them for the hard work)
- FindMyFlipper
- For most of the code connecting to Apple's servers and decrypting the reports
- Macless-Haystack
- For the Firmewares and Key Generation
- which in turn is also based on: