FindMy.py: Reverse-Engineering Apple’s FindMy Network Without a Mac

Hook

Apple’s FindMy network processes location reports through a cryptographically sophisticated protocol—and now you can access it from Linux without owning a single Apple device.

Context

The FindMy ecosystem has become one of Apple’s most compelling lock-in features, but accessing it programmatically has traditionally required macOS and official APIs that don’t expose the full power of the network. Researchers and makers discovered they could build custom AirTag-compatible devices using projects like OpenHaystack, but the tooling remained fragmented—some Python scripts here, research code there, and most solutions still required a Mac for the authentication dance with Apple’s servers.

FindMy.py consolidates years of reverse-engineering work into a Python library with both synchronous and asynchronous APIs. It implements the complete FindMy protocol stack: Apple account authentication with 2FA (both SMS and trusted device support), location report fetching and decryption, and even BLE scanning for nearby devices. The library works cross-platform by leveraging breakthroughs from Pypush (which cracked Apple’s device provisioning without a Mac) and OpenHaystack (which documented the cryptographic protocol). This means you can query your AirTags from a Raspberry Pi, integrate FindMy into your home automation, or build custom tracking solutions using DIY hardware—all without touching Xcode or owning a MacBook.

Technical Insight

The architecture of FindMy.py reveals just how much complexity Apple hides behind their polished UI. At its core, the library implements three distinct layers: authentication, report fetching, and cryptographic decryption. The authentication flow alone is non-trivial—it requires generating an Anisette token (device provisioning data that convinces Apple’s servers you’re a legitimate device), handling either SMS or trusted device 2FA, and maintaining session state across requests. This is the breakthrough that Pypush enabled: generating valid Anisette tokens without actually running macOS.

Once authenticated, fetching location reports involves querying Apple’s FindMy servers with the public keys of your accessories. Here’s where it gets interesting: each AirTag or FindMy device broadcasts a rotating public key via Bluetooth. Nearby Apple devices (iPhones, MacBooks, etc.) detect these broadcasts, encrypt the location data with the public key, and upload it to Apple’s servers. Your device—the one that knows the corresponding private key—can then fetch and decrypt these reports. FindMy.py handles this entire flow with a clean API that abstracts the cryptographic complexity:

from findmy import KeyPair
from findmy.reports import RemoteAnisetteProvider, AppleAccount

# Set up authentication with Anisette provider
anisette = RemoteAnisetteProvider('http://localhost:6969')
account = AppleAccount(anisette, 'your@email.com', 'password')

# Handle 2FA (library supports both SMS and trusted device)
if account.requires_2fa:
    code = input('Enter 2FA code: ')
    account.complete_2fa(code)

# Fetch location reports for your accessory
key_pair = KeyPair.from_b64(your_private_key)
reports = account.fetch_reports([key_pair])

for report in reports:
    print(f'Location: {report.latitude}, {report.longitude}')
    print(f'Timestamp: {report.timestamp}')
    print(f'Accuracy: {report.confidence}')

The library provides both synchronous and asynchronous APIs, making it suitable for different use cases. The async version is particularly useful for building responsive applications that need to poll for updates without blocking. The implementation uses modern Python patterns—type hints throughout and clear separation between low-level protocol handling and high-level convenience methods.

One particularly clever aspect is how FindMy.py handles the BLE scanning feature. You can scan for nearby FindMy devices and decode their broadcast data without needing to authenticate with Apple at all. This is useful for detecting AirTags that might be tracking you, or for debugging your custom OpenHaystack devices. The library parses the status bytes that indicate information like public keys and device status encoded into the BLE advertisement.

The cryptographic operations use elliptic curve cryptography for the public/private key pairs. FindMy.py abstracts these operations behind intuitive methods—you can generate new key pairs for custom devices, import existing keys from OpenHaystack, or work with keys from official Apple accessories. The library handles key management automatically, which is essential since AirTags rotate their public keys periodically to prevent tracking.

Gotcha

The elephant in the room is that this entire library depends on reverse-engineered protocols that Apple never intended to be public. Apple could—and historically has—changed their authentication mechanisms specifically to break third-party tools. While FindMy.py is actively maintained and the community tends to reverse-engineer changes relatively quickly, you’re building on a foundation that Apple actively discourages. There’s no enterprise support, no guaranteed uptime, and updates to iOS could potentially break functionality until the community adapts.

The security implications also warrant serious consideration. You’re handing your Apple account credentials to a third-party library, which means you need to trust both the library authors and your own operational security. If your account has access to sensitive data beyond FindMy, you’re exposing it. The library itself is open source and auditable, but credential handling is inherently risky. Apple’s terms of service likely prohibit this kind of access, so using FindMy.py could have legal implications depending on your use case. For hobbyist projects and custom hardware experiments, that’s probably acceptable risk. For commercial applications, it’s something you need to evaluate carefully. Additionally, the reliance on external Anisette providers (servers that generate device provisioning tokens) adds another dependency and potential point of failure. You can self-host an Anisette server using projects like anisette-v3-server, but that’s extra complexity most users won’t want to manage.

Verdict

Use FindMy.py if you’re building DIY tracking devices with OpenHaystack hardware, need to integrate FindMy locations into home automation or custom dashboards, want to monitor multiple AirTags programmatically without the iOS app, or you’re developing on Linux/Windows and don’t want to buy a Mac just for FindMy access. It’s particularly valuable for makers and researchers who understand the risks and need the flexibility that Apple’s official ecosystem doesn’t provide. Skip it if you’re building commercial products where terms of service compliance matters, need guaranteed reliability where Apple could break your implementation with any update, feel uncomfortable with the security implications of third-party credential handling, or can accomplish your goals with Apple’s official FindMy app. Also skip if you’re risk-averse about reverse-engineered protocols—this is firmly in ‘enthusiast and researcher’ territory, not enterprise infrastructure.