MacOS 10.15 ?

[ErfanDL]

Hi guys. I want to install this project on VMware MacOS 10.15. is it possible or not ?
thanks.

[ProgrammerAzir]

I installed this project with VMware, but even different versions (11.1, 12.6, 13.6) of macOS have encountered email crashes. Now I suspect that the virtual machine cannot use this project properly.

[elzii]

The Items.data, Devices.data etc in ~/Library/Caches/com.apple.findmy.fmipcore are encrypted in macOS 15. You can use:

Plist Util for Readability

sudo plutil -convert xml1 -o ~/Downloads/Items.xml ~/Library/Caches/com.apple.findmy.fmipcore

But can still see it is encrypted datal.

Binwalking FindMy.app and fmfd I have extracted out the certificates, but I need time (and more experience) with decompiling in Ghidra to see how to use these certs to decrypted {Items,Devices,FamilyMembers}.data etc.

❯ file /System/Applications/FindMy.app/Contents/MacOS/FindMy

Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64e]
[...]/FindMy (for architecture x86_64):	Mach-O 64-bit executable x86_64
[...]/FindMy (for architecture arm64e):	Mach-O 64-bit executable arm64e


Both are Univeral apps so you will have dupes for x86 and arm64

❯ binwalk /System/Applications/FindMy.app/Contents/MacOS/FindMy

```sh
DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Mach-O universal binary with 2 architectures

X86 - FindMy

20444         0x4FDC          Unix path: /usr/lib/dyld
27192         0x6A38          Unix path: /usr/lib/swift/libswiftFileProvider.dylib
27520         0x6B80          Unix path: /usr/lib/swift/libswiftObjectiveC.dylib
4700372       0x47B8D4        rzip compressed data - version 65.78 (0 bytes)
4700422       0x47B906        rzip compressed data - version 65.78 (0 bytes)
4721716       0x480C34        rzip compressed data - version 65.78 (0 bytes)
4721766       0x480C66        rzip compressed data - version 65.78 (0 bytes)
4721801       0x480C89        rzip compressed data - version 65.78 (4607308 bytes)
4721851       0x480CBB        rzip compressed data - version 65.78 (0 bytes)
4725499       0x481AFB        rzip compressed data - version 65.78 (0 bytes)
4725565       0x481B3D        rzip compressed data - version 65.78 (0 bytes)
4725613       0x481B6D        rzip compressed data - version 65.78 (0 bytes)
4725679       0x481BAF        rzip compressed data - version 65.78 (0 bytes)
4767410       0x48BEB2        Ubiquiti firmware header, third party, ~CRC32: 0x0, version: "_IN_MAPS"
4768581       0x48C345        rzip compressed data - version 65.78 (0 bytes)
4768612       0x48C364        rzip compressed data - version 65.78 (0 bytes)
4768662       0x48C396        rzip compressed data - version 65.78 (0 bytes)
4768853       0x48C455        rzip compressed data - version 65.78 (0 bytes)
4768903       0x48C487        rzip compressed data - version 65.78 (78 bytes)
4769013       0x48C4F5        rzip compressed data - version 65.78 (0 bytes)
4769063       0x48C527        rzip compressed data - version 65.78 (120 bytes)
4794228       0x492774        rzip compressed data - version 65.78 (0 bytes)
4794278       0x4927A6        rzip compressed data - version 65.78 (0 bytes)
6124709       0x5D74A5        VxWorks symbol table, big endian, first entry: [type: function, code address: 0x1, symbol address: 0x18]
6421557       0x61FC35        XML document, version: "1.0"
6436587       0x6236EB        Certificate in DER format (x509 v3), header length: 4, sequence length: 1038
6437629       0x623AFD        Certificate in DER format (x509 v3), header length: 4, sequence length: 1204
6438837       0x623FB5        Certificate in DER format (x509 v3), header length: 4, sequence length: 1211
6439512       0x624258        Certificate in DER format (x509 v3), header length: 4, sequence length: 260
6440414       0x6245DE        XML document, version: "1.0"

ARM64 - FindMy

6459676       0x62911C        Unix path: /usr/lib/dyld
6466424       0x62AB78        Unix path: /usr/lib/swift/libswiftFileProvider.dylib
6466752       0x62ACC0        Unix path: /usr/lib/swift/libswiftObjectiveC.dylib
11712020      0xB2B614        rzip compressed data - version 65.78 (0 bytes)
11712070      0xB2B646        rzip compressed data - version 65.78 (0 bytes)
11733364      0xB30974        rzip compressed data - version 65.78 (0 bytes)
11733414      0xB309A6        rzip compressed data - version 65.78 (0 bytes)
11733449      0xB309C9        rzip compressed data - version 65.78 (4607308 bytes)
11733499      0xB309FB        rzip compressed data - version 65.78 (0 bytes)
11737147      0xB3183B        rzip compressed data - version 65.78 (0 bytes)
11737213      0xB3187D        rzip compressed data - version 65.78 (0 bytes)
11737261      0xB318AD        rzip compressed data - version 65.78 (0 bytes)
11737327      0xB318EF        rzip compressed data - version 65.78 (0 bytes)
11779058      0xB3BBF2        Ubiquiti firmware header, third party, ~CRC32: 0x0, version: "_IN_MAPS"
11780229      0xB3C085        rzip compressed data - version 65.78 (0 bytes)
11780260      0xB3C0A4        rzip compressed data - version 65.78 (0 bytes)
11780310      0xB3C0D6        rzip compressed data - version 65.78 (0 bytes)
11780501      0xB3C195        rzip compressed data - version 65.78 (0 bytes)
11780551      0xB3C1C7        rzip compressed data - version 65.78 (78 bytes)
11780661      0xB3C235        rzip compressed data - version 65.78 (0 bytes)
11780711      0xB3C267        rzip compressed data - version 65.78 (120 bytes)
11805876      0xB424B4        rzip compressed data - version 65.78 (0 bytes)
11805926      0xB424E6        rzip compressed data - version 65.78 (0 bytes)
13433717      0xCCFB75        XML document, version: "1.0"
13448747      0xCD362B        Certificate in DER format (x509 v3), header length: 4, sequence length: 1038
13449789      0xCD3A3D        Certificate in DER format (x509 v3), header length: 4, sequence length: 1204
13450997      0xCD3EF5        Certificate in DER format (x509 v3), header length: 4, sequence length: 1211
13451672      0xCD4198        Certificate in DER format (x509 v3), header length: 4, sequence length: 260
13452574      0xCD451E        XML document, version: "1.0"

Use binwalk --dd='.*' <BINARY> to extract it.

So now I have the CD362B, CD3A3D, CD3EF5, and 0xCD4198 certs. Notice how they match the find my daemon fmfid certs below in they sequence length. And byte offset. Example:

13451672 - 13450997 = 675

❯ binwalk binwalking/fmfd

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Mach-O universal binary with 2 architectures

X86 - fmfd

20364         0x4F8C          Unix path: /usr/lib/dyld
24456         0x5F88          Unix path: /usr/lib/swift/libswiftObjectiveC.dylib
647500        0x9E14C         XML document, version: "1.0"
778255        0xBE00F         mcrypt 2.2 encrypted data, algorithm: blowfish-448, mode: CBC, keymode: 8bit
857010        0xD13B2         XML document, version: "1.0"
863590        0xD2D66         Certificate in DER format (x509 v3), header length: 4, sequence length: 1038
864632        0xD3178         Certificate in DER format (x509 v3), header length: 4, sequence length: 1204
865840        0xD3630         Certificate in DER format (x509 v3), header length: 4, sequence length: 1211
866515        0xD38D3         Certificate in DER format (x509 v3), header length: 4, sequence length: 260
867417        0xD3C59         XML document, version: "1.0"

ARM64 - fmfd

889036        0xD90CC         Unix path: /usr/lib/dyld
893128        0xDA0C8         Unix path: /usr/lib/swift/libswiftObjectiveC.dylib
1563692       0x17DC2C        XML document, version: "1.0"
1728599       0x1A6057        mcrypt 2.2 encrypted data, algorithm: blowfish-448, mode: CBC, keymode: 8bit
1758178       0x1AD3E2        XML document, version: "1.0"
1764758       0x1AED96        Certificate in DER format (x509 v3), header length: 4, sequence length: 1038
1765800       0x1AF1A8        Certificate in DER format (x509 v3), header length: 4, sequence length: 1204
1767008       0x1AF660        Certificate in DER format (x509 v3), header length: 4, sequence length: 1211
1767683       0x1AF903        Certificate in DER format (x509 v3), header length: 4, sequence length: 260
1768585       0x1AFC89        XML document, version: "1.0"

Again we see Example: 1767683 - 1767008 = 675 byte offset. So I'm on the right track. I need to use them in some combination with

Here are the contents extracted for each.

FindMy.app.zip
fmfd.zip

These links expire as I don't have Mega pro. LMK if you need me to update them.

This thread may be helpful on tips to create dupes of files located in SIP directories that cannot be debugged with lldb and dtruss

Any help is appreciated and I hope this is of use @sebinbash

[mobilityvalley]

The Items.data, Devices.data etc in ~/Library/Caches/com.apple.findmy.fmipcore are encrypted in macOS 15. You can use:

Plist Util for Readability

sudo plutil -convert xml1 -o ~/Downloads/Items.xml ~/Library/Caches/com.apple.findmy.fmipcore
But can still see it is encrypted datal.

On my Macbook M1 with macOS Sequoia 15.2, I tried the command but I have a permission error
(Error Domain=NSCocoaErrorDomain Code=257 "The file “com.apple.findmy.fmipcore” couldn’t be opened because you don’t have permission to view it."

[elzii]

The Items.data, Devices.data etc in ~/Library/Caches/com.apple.findmy.fmipcore are encrypted in macOS 15. You can use:

Plist Util for Readability

sudo plutil -convert xml1 -o ~//Items.xml ~/Library/Caches/com.apple.findmy.fmipcore
But can still see it is encrypted datal.

On my Macbook M1 with macOS Sequoia 15.2, I tried the command but I have a permission error
(Error Domain=NSCocoaErrorDomain Code=257 "The file “com.apple.findmy.fmipcore” couldn’t be opened because you don’t have permission to view it."

@mobilityvalley

It's a folder not a file. You should have read perms as staff. Use sudo with plutil on the items inside the directory though. Write flag is off for staff group and on for admins/sudoers (0644, no SIPs).

Sorry my command was incorrect still though. Here's a better example:

Run anywhere:

sudo plutil -convert xml1 -o ~/Downloads/Items.xml ~/Library/Caches/com.apple.findmy.fmipcore/Items.data && less -R --use-color ~/Downloads/Items.xml

Then you should see the decoded (but still encrypted) chunks in XML:

[mobilityvalley]

Thankls for answers but I have the same kind of error, I use my account on my Mac with sudo:

sudo plutil -convert xml1 -o ~/Downloads/Items.xml ~/Library/Caches/com.apple.findmy.fmipcore/Items.data && less -R --use-color ~/Downloads/Items.xml  1 ✘ /Users/xxxx/Library/Caches/com.apple.findmy.fmipcore/Items.data: file does not exist or is not readable or is not a regular file (Error Domain=NSCocoaErrorDomain Code=257 "The file “Items.data” couldn’t be opened because you don’t have permission to view it."

[elzii]

Check your Gatekeeper status with this first:

sudo spctl --status

If it's enabled, follow these steps and try again:

Then if it still doesnt work, try:

sudo chflags noschg,nouchg ~/Library/Caches/com.apple.findmy.fmipcore/
sudo chflags noschg,nouchg ~/Library/Caches/com.apple.findmy.fmipcore/Items.data

Also, change root & wheel to have ALL access in your sudoers file:

sudo visudo
---------------------------------------------
# scroll to bottom of file and change to this
---------------------------------------------
root		ALL = (ALL) ALL
%admin		ALL = (ALL) ALL