You are reading a single comment by @Gordon and its replies.
Click here to read the full conversation.
Espruino is a JavaScript interpreter for low-power Microcontrollers. This site is both a support community for Espruino and a place to share what you are working on.
@Gordon
Thanks! That's really interesting!
The whole anti tamper key is a bit annoying - I bet most of these trackers have something like nRF52832 in which doesn't have any kind of private key storage.
So you're saying that potentially it may be possible to skip the whole pairing process and just broadcast using a random EIK, and then you can query based on that? Or I guess Google will only handle EIKs that have been registered with it?
... the mention of a 'message' that can be decrypted sounds super exciting - but I don't see any message of it in the advertising frame format? So maybe that's just something to do with the 'message stream' bit?
You mean if someone were to make a device that changed it's address more often, it'd totally sidestep it?
I guess the same is probably true for airtags? If you used OpenHaystack (or just cloned airtags) and had say 4 tags, and just cycled to the next every hour, it would probably think you weren't being tracked?