FindMy

v0.10.1 suspicious
6.0
Medium Risk

Query the location of your FindMy devices with Python!

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple red flags such as shell execution commands, potential obfuscation, and incomplete metadata. These factors combined suggest a need for caution and further scrutiny.

  • Shell execution commands detected
  • Incomplete metadata
  • Potential obfuscation
Per-check LLM notes
  • Network: No network calls detected, which is normal and expected unless the package requires internet access.
  • Shell: Shell execution commands detected may be for version control and credential management, but further investigation is needed to ensure there's no unauthorized access or data exfiltration.
  • Obfuscation: The use of base64 decoding suggests potential obfuscation, but it could also be legitimate for handling encoded data in a crypto context.
  • Credentials: No clear patterns indicating credential harvesting were found.
  • Metadata: The package shows several red flags including missing author information, lack of classifiers, and non-secure links which suggest low effort or potential malicious intent.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • """ return cls(base64.b64decode(key_b64)) @property def private_key_bytes(self) ->
  • ( private_key=base64.b64decode(val["private_key"]), key_type=KeyPairType(va
  • hashed_adv_key_bytes = base64.b64decode(key_reports["id"]) for report in key_reports.ge
  • ]): payload = base64.b64decode(report) loc_report = LocationReport(payload,
  • rov_data is None else BytesIO(base64.b64decode(prov_data)) return cls(state_blob=state_blob, libs_
  • cls( payload=base64.b64decode(val["payload"]), hashed_adv_key=base64.b64de
Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • o" version = re.sub("^v", "", os.popen("git describe --tags").read().strip()) # noqa: S605, S607 r
  • ndows... key_in_hex = subprocess.getoutput( # noqa: S605 "/usr/bin/security find-generic-p
  • ocessError): output = subprocess.getoutput("/usr/bin/security find-generic-password -l 'BeaconStore'")
  • 1 remote_url = ( subprocess.run( ["/usr/bin/env", "git", "remote", "get-url", "o
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: mikealmel.ooo>

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://docs.mikealmel.ooo/FindMy.py/
  • Non-HTTPS external link: http://docs.mikealmel.ooo/FindMy.py/related/index.html
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with FindMy 
Your task is to create a user-friendly command-line utility using Python that leverages the 'FindMy' package to query and display the current location of Apple devices registered under the Find My network. This utility should allow users to easily track their devices, such as iPhones, iPads, Macs, etc., from their computer. Here are the steps and features you should include:

1. **Setup**: Ensure the user has installed the 'FindMy' package and any necessary dependencies. Provide clear installation instructions within the utility.
2. **Authentication**: Implement a secure way for the user to authenticate with their Apple ID credentials. Ensure that these credentials are handled securely and not stored locally.
3. **Device Listing**: Once authenticated, the utility should fetch and display a list of all devices associated with the user's Apple ID. Each device should be listed with its name and type.
4. **Location Tracking**: Allow the user to select a specific device from the list and request its current location. The utility should then display the latitude and longitude coordinates, along with an option to open the location in a web browser.
5. **Status Updates**: Include functionality to check if the selected device is currently powered on, offline, or in low power mode.
6. **Interactive Menu**: Design an interactive menu system that allows the user to navigate through the different functionalities easily.
7. **Logging**: Implement logging to keep track of user interactions and any errors encountered during the process.
8. **Help Documentation**: Provide comprehensive help documentation within the utility, explaining each feature and common issues.

Throughout the development, make sure to utilize the 'FindMy' package effectively to handle all API communications with the Find My network. Your goal is to create a robust, user-friendly tool that simplifies the process of tracking Apple devices.