Broken in Sequoia

[nukolator]

I know this states support up to Sonoma, but it looks like Apple have moved the required data files again under Sequoia.
Running /usr/bin/security find-generic-password -l BeaconStore -g
returns
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

The cache location remains:
~/Library/Caches/com.apple.findmy.fmipcore
But doesn't look to have updated in the last 12 days.

[matteocorti]

In my case the cache seems to be updated

corti@mini ~> ls -~/Library/Caches/com.apple.findmy.fmipcorere
total 176
-rw-r--r--@ 1 corti  staff  26711 Sep 18 21:24 Devices.data
-rw-r--r--@ 1 corti  staff    530 Sep 18 21:24 FamilyMembers.data
-rw-r--r--@ 1 corti  staff   7566 Sep 18 21:24 ItemGroups.data
-rw-r--r--@ 1 corti  staff  29101 Sep 18 21:24 Items.data
-rw-r--r--@ 1 corti  staff    430 Mar  7  2024 Owner.data
-rw-r--r--@ 1 corti  staff  11142 Sep 18 21:24 SafeLocations.data
corti@mini ~> date
Wed Sep 18 21:26:00 CEST 2024

The entry in the keychain is still there and was modified two days ago:

[FrankGiesecke]

Same issue here. Are there any solutions?

[kamushadenes]

Same issue. Can't seem to get the password from the Keychain directly either.

[akinomeroglu]

This is probably related to this comment. #25 (comment)

As far as I can see, those password now managed by the com.apple.icloud.searchpartyuseragent group which I can't see in groups list. And I can't access those password with my admin account. I also tried the command that you suggest to run in app. It can't find any BeaconStorage in password list because of this change I assume.

I have some knowledge in Linux systems but Macos is complete a foreign language to me so forgive me if I point a wrong direction. So @MartinPham sorry to ping you but if you are still interested this project I can help if you need any help.

Thanks a lot for your effort & time

[FrankGiesecke]

Any idea how to solve this?
If not, It might be better to use macOS Sonoma 14.x until this issue is solved.

[akinomeroglu]

Hi @FrankGiesecke I try to dig this problem a little bit and check other similar projects for any possible solution. I still can't find a way add the regular admin account to process user group to access user password. So if you really dependent to this app please stick to sonoma instead of sequoia.

I have some one who has more experience than mine will look and solve the issue.

ps. there is another issue for airy10's solution which you can track as a cross reference. airy10/FindMyDevices#1

[balajeek]

Does it have a fix yet?

[crschmidt]

With MacOS 15 (Sequoia), Apple moved the BeaconStore key from living on the locally accessible login keychain (based on files) to the iOS-style "iCloud"/"Local Items" keychain. Based on this thread on an Apple forum from 2021 - https://forums.developer.apple.com/forums/thread/676891 - this keychain uses permissions based on entitlements:

Your access to these groups is determined by your entitlements; see Set Your App’s Access Groups in Sharing Access to Keychain Items Among a Collection of Apps for the details (1). These entitlements must be allowlisted by your provisioning profile, and Apple won’t issue you a provisioning profile that allows you access to the com.apple.ssh.passphrases keychain access group.

Keychain Access tool can still seemingly access these passwords and show them, but it seems that Keychain Access won't show passwords that are bytes rather than a string, since it has never shown the BeaconStore password for me.

Since provisioning profiles are controlled entirely by Apple, and Keychain Access can't be used to access the password, I doubt there is a way to work around this using any of the tools folks have been using.

[alfs]

In Sonoma, access control is controllable by the user:

In Sequoia, access control is no longer controllable:

By disabling keychain icloud sync, the key ends up in Local items:

So a workaround may be to look into the database file ./Library/Keychains//keychain-2.db

% sqlite3 ./Library/Keychains/*/keychain-2.db .dump|grep -i searchparty |grep keys
INSERT INTO keys VALUES(...
...
','com.apple.icloud.searchpartyuseragent',
...

Either extracting the key from the database, or by adjusting the agrp in the keychain permissions such that the terminal may access the key. Or add a new key from the terminal, and update the key data with the beaconstore information.

sqlite3 ./Library/Keychains/*/keychain-2.db 'select agrp from keys' 
...
com.apple.Spotlight.Metadata
com.apple.iCloudNotificationAgent
com.apple.icloud.searchpartyuseragent
com.apple.identityservicesd
...

The keys table has the following information:

CREATE TABLE keys(rowid INTEGER PRIMARY KEY AUTOINCREMENT,cdat REAL,mdat REAL,kcls INTEGER NOT NULL DEFAULT 0,labl BLOB,alis BLOB,perm INTEGER,priv INTEGER,modi INTEGER,klbl BLOB NOT NULL DEFAULT '',atag BLOB NOT NULL DEFAULT '',crtr INTEGER NOT NULL DEFAULT 0,type INTEGER NOT NULL DEFAULT 0,bsiz INTEGER NOT NULL DEFAULT 0,esiz INTEGER NOT NULL DEFAULT 0,sdat REAL NOT NULL DEFAULT 0,edat REAL NOT NULL DEFAULT 0,sens INTEGER,asen INTEGER,extr INTEGER,next INTEGER,encr INTEGER,decr INTEGER,drve INTEGER,sign INTEGER,vrfy INTEGER,snrc INTEGER,vyrc INTEGER,wrap INTEGER,unwp INTEGER,data BLOB,agrp TEXT NOT NULL,pdmn TEXT,sync INTEGER NOT NULL DEFAULT 0,tomb INTEGER NOT NULL DEFAULT 0,sha1 BLOB,vwht TEXT,tkid TEXT,musr BLOB NOT NULL,UUID TEXT,sysb INTEGER DEFAULT 0,pcss INTEGER,pcsk BLOB,pcsi BLOB,persistref BLOB NOT NULL,clip INTEGER NOT NULL DEFAULT 0,ggrp TEXT,UNIQUE(kcls,klbl,atag,crtr,type,bsiz,esiz,sdat,edat,agrp,sync,vwht,tkid,musr,ggrp));

I haven't tried myself though - I "solved" the problem by using Sonoma for the time being.

[thisiscam]

@alfs Thanks for sharing! I am suspecting that the Sonoma workaround might not be entirely working (or might not work soon). The decoded plist does not seem to contain master keys that match with what my airtag is broadcasting. I am looking into if I can get this keychain-2.db idea to work. Any idea on which one is the BeaconStore? I also tried various ways to get around the searchparty agrp but don't seem to work.