-
Notifications
You must be signed in to change notification settings - Fork 222
wallofairtag
A way to know if you are pisted by a Airtag/FindMy/Openhaystack devices!
A real‑time Apple FindMy / AirTag scanner and visualizer for Cardputer/M5Stack.
Displays discovered trackers, RSSI, trend, distance estimation, payloads, UUIDs,
and GAP names when available. Includes scrollable UI, spam frame viewer,
SD logging, and BLE event queue isolation for stability.
- Scans BLE traffic and identifies Apple FindMy‑type frames via Manufacturer Data.
- Maintains a table of up to 24 simultaneous AirTags / FindMy beacons.
- Per‑device tracking:
- MAC address
- RSSI (dBm)
- Distance estimation
- Trend (Stable / Closer / Farther)
- Payload (hex) & UUID fallback
- Name (if GAP name present)
- Last‑seen timestamp
- Displays:
- Scrollable device list
- Header with total devices
- Spam box showing last raw BLE frame
- Persists unique MACs to
/evil/airtags.txton the SD card. - Uses a FreeRTOS queue to safely process BLE events outside the BLE task.
-
Startup
- Initializes BLE scan & event queue
- Loads previous SD logs if present
- Draws header, list area, and spam box
-
Main Screen shows:
- MAC / Name
- RSSI
- Trend
- Distance
- Raw frame (bottom spam box)
-
Key Bindings
Key Action ;Scroll up .Scroll down iShow details of selected AirTag Backspace Exit Enter Exit
Detection is performed by parsing BLE Manufacturer Data:
Vendor ID: 0x4C 0x00 (Apple)
FindMy Frame: 0x12 0x19
Payload must not be blank
If matched, the device is considered part of the FindMy ecosystem (AirTag, AirPods, accessories, etc.).
/evil/airtags.txt
- Each unique MAC is appended once.
- Format:
MAC - RSSI: - Name: - UUID:(when available) - Useful for tracking audits or forensic work.
- Shows up to AT_VISIBLE entries at once
- Auto‑purges items unseen for >7.5 seconds
- Colors reflect trend:
- Closer
- Stable
- Farther
Displays the most recent BLE Manufacturer Data frame in HEX.
Shows total devices and static title “Wall of AirTags”.
This tool does not bypass Apple security, does not decode encrypted FindMy payloads,
and does not identify owners. It only reveals broadcast metadata already public in BLE advertisements.
Use responsibly, legally, and ethically.
- Installation
- Slave
- ESP32 RIG Tutorial
- Scan WiFi
- Select WiFi
- Clone & Details
- Captive Portal Management
- Admin WebUI
- Check Credential
- Probes Attack
- Sniffing Probes
- Karma Attack
- Automated Karma Attack
- Karma Spear
- Bluetooth Serial Control
- Wardriving
- Wardriving Master
- Beacon Spam
- Deauther
- Auto Deauther
- Evil Twin
- Handshake Master
- WiFi Raw Sniffing
- Sniff Raw Client
- WiFi Channel Visualizer
- Client Sniff And Deauth
- Handshakes/Deauth sniffing
- Wall Of Flipper
- Send Tesla Code with RFunit
- SSH Shell
- Scan Network and Port
- Full Network Scan
- Web Crawler
- PwnGridSpam
- Skimmer Detector
- Mouse Jiggler
- BadUSB
- Bluetooth Keyboard
- Reverse TCP Tunnel
- DHCP Starvation Attack
- Rogue DHCP Server
- Switch DNS
- Network Hijacking
- Printer Attack
- Web Siphoning Cookie
- Honeypot
- LLM Chat Stream
- EvilChatMesh
- Responder
- WPAD Abuse
- Crack NTLMv2
- FileManager
- UART Shell
- SIP toolkit
- CCTV toolkit
- SSDP poisoning
- SkyJack
- Wifi Dead Drop
- BLENameFlood
- Wall Of Airtag
- FindMyEvil
- UPnP Mapping
- UPnP NAT
- LDAPDump
- IMSI Catcher
- Open Wifi Checker
- CIW ZeroClick
- Settings
- Installation
- Slave
- ESP32 RIG Tutorial
- Scan WiFi
- Select WiFi
- Clone & Details
- Captive Portal Management
- Admin WebUI
- Check Credential
- Probes Attack
- Sniffing Probes
- Karma Attack
- Automated Karma Attack
- Karma Spear
- Bluetooth Serial Control
- Wardriving
- Wardriving Master
- Beacon Spam
- Deauther
- Auto Deauther
- Evil Twin
- Handshake Master
- WiFi Raw Sniffing
- Sniff Raw Client
- WiFi Channel Visualizer
- Client Sniff And Deauth
- Handshakes/Deauth sniffing
- Wall Of Flipper
- Send Tesla Code with RFunit
- SSH Shell
- Scan Network and Port
- Full Network Scan
- Web Crawler
- PwnGridSpam
- Skimmer Detector
- Mouse Jiggler
- BadUSB
- Bluetooth Keyboard
- Reverse TCP Tunnel
- DHCP Starvation Attack
- Rogue DHCP Server
- Switch DNS
- Network Hijacking
- Printer Attack
- Web Siphoning Cookie
- Honeypot
- LLM Chat Stream
- EvilChatMesh
- Responder
- WPAD Abuse
- Crack NTLMv2
- FileManager
- UART Shell
- SIP toolkit
- CCTV toolkit
- SSDP poisoning
- SkyJack
- Wifi Dead Drop
- BLENameFlood
- Wall Of Airtag
- FindMyEvil
- UPnP Mapping
- UPnP NAT
- LDAPDump
- IMSI Catcher
- Open Wifi Checker
- CIW ZeroClick
- TagTinker ESL
- Settings