biemster / findmy Goto Github PK

Google just activated their own Find My network on Android this weekend. Details are still scarce, so let's collect all technical info needed to send the BLE advertisement and subsequently query this network here.
The BLE part can then be implemented here: https://github.com/biemster/st17h66_RF (and I will also finally put the Apple FindMy advertisement there then as well, so the chip can do both)

This is just a question: what's the key to be deployed, the advertisement key or the hashed one?

When running request_reports.sh the first time, it returns an authorization error. Subsequent requests run fine (so the workaround is to just run it again).

Hi!

I'd like to make some contributions in order to make it easier to adopt the features of this tool into other projects. Before doing that though, could you specify a license for this project? That way, people are aware of the conditions under which your project can be used.

I am very happy with the ST17H66 ... except that the thing requires a (relatively) large 3 volt battery.
In order to be able to track small objects (pen) or maybe even implanted, I need another BLE SOC.
The IN100 from Inplay could be the appropriate solution at a good price of under a dollar.

A CR2032 (20x3.2mm) has approximately a capacity of 200mAh.
A ZA13 (7.8x5.3mm) has approximately a capacity of 300mAh.

https://inplay-tech.com/in100

For easier portability between operating systems, here is a script to convert a generated report (request_reports.py) to *.kml format.
Just run a 'request_reports.py > input.txt' and after the following script. It will generate a .kml file for each provided keyset.

make_kml.txt

I m using big Sur 11.0.1 in VMware, iCloud services are working.

In the 1st case i used my iCloud password and got " invalid padding byte" in return and in 2 nd case i used my macbook login password and got "object of type non type has no Len()".
Any idea?

Hey there,

First of all, thanks for all the hard work you've been putting on this, much appreciated.

I was wondering if there is a readily available webserver which we could run on a docker container or something on a Linux server which could serve the reports from a REST API or similar?

Thanks

I am using monterey and python3 version. Can generate keys, looks good.
Whenever I run request_reports.py it asks me for keychain password, I use my Apple-id password (when I try to use my macbook password, it breaks with 400 Bad Request). I am also logged in via Chrome at Apple's iCloud website.
The script breaks with the above message.
Any idea?
Note: the generated key is not yet flashed to any device.
But I assume there should be some other message than just crashing?!
Any help is appreciated.

Im using the FindMy_proxy and client on a established and working OHS Setup. Tags are coming in as expected. When I use the FindMy_client.py script it connects to the proxy fine, but returns 0 reports received, found: [], missing [].

Any idea where to start?

Hello, thank you for your work.

I made a fork of your repo here: https://github.com/ngxson/FindMy_Docker

On the main branch, I added docker-compose and Dockerfile so that the project can be run quickly.

On the server branch, I added:

• flask API server and some endpoints
• a simple web UI

I have no idea if I should do a pull request or not, because it's a big breaking change.

Feel free to discuss in the issue, ideally I want to merge all of my code to your repo.

What need to be decided:

• Should we keep the current sqlite3 database? My idea is that we delegate the storage to a 3rd party system, for example home assistant or traccar. This way, this repo is more like a "gateway" to retrieve data from icloud server.
• My code have a setup.py file used solely for generating auth.json, maybe we can find a way to improve this.
• Maybe we can install pyprovision in the docker build stage, so that we no longer need anisette server.

Again, thanks for your work!

I'm trying to use provision and I think I have setup it correctly (if I get the anisette data from the container and keep the already obtained auth.json I can obtain the reports), but if I start with a clean slate (only the .so files in the anisette directory and no auth.json), I cannot get the 2FA with --trusteddevice

$ /home/luca/macintosh/venv/bin/python request_reports.py  --trusteddevice
Apple ID: [email protected]
Password: 
2FA required, requesting code
Traceback (most recent call last):
  File "/home/luca/macintosh/FindMy/request_reports.py", line 72, in <module>
    auth=getAuth(regenerate=args.regen, second_factor='trusted_device' if args.trusteddevice else 'sms'),
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/luca/macintosh/FindMy/request_reports.py", line 33, in getAuth
    mobileme = icloud_login_mobileme(second_factor=second_factor)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/luca/macintosh/FindMy/pypush_gsa_icloud.py", line 40, in icloud_login_mobileme
    g = gsa_authenticate(username, password, second_factor)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/luca/macintosh/FindMy/pypush_gsa_icloud.py", line 115, in gsa_authenticate
    trusted_second_factor(spd["adsid"], spd["GsIdmsToken"])
  File "/home/luca/macintosh/FindMy/pypush_gsa_icloud.py", line 253, in trusted_second_factor
    code = getpass.getpass("Enter 2FA code: ")
           ^^^^^^^^^^^^^^^
AttributeError: 'function' object has no attribute 'getpass'

If I omit the --trusteddevice I get a request for the 2FA but I cannot verify it works since I cannot receive the sms 😉

$ /home/luca/macintosh/venv/bin/python request_reports.py 
Apple ID: [email protected]
Password: 
provisioning...
provisioning...
2FA required, requesting code
Enter 2FA code: 

I'm not really into python cryptography, but wanting to try the latest few commits, I saw an error importing SHA256. I couldn't find a debian package providing it, but I found python3-pycryptodome, so I made this change

diff --git a/pypush_gsa_icloud.py b/pypush_gsa_icloud.py
index d6d84e4..528b010 100644
--- a/pypush_gsa_icloud.py
+++ b/pypush_gsa_icloud.py
@@ -12,7 +12,7 @@ from datetime import datetime
 import srp._pysrp as srp
 from cryptography.hazmat.primitives import padding
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
-from Crypto.Hash import SHA256
+from Cryptodome.Hash import SHA256
 
 # Created here so that it is consistent
 USER_ID = uuid.uuid4()

Searching cryptodome I found this bug so maybe it's a good idea to import from Cryptodome instead of from Crypto.

Hello and thank you for this great project. I had a request, if possible, please post a more complete tutorial with all the steps and screenshots. I worked for several days on the correct implementation of this project, but I encounter many errors in different parts.

You wrote 'The source for FindMy.hex is here:'
But nothing there ???

Please provide your FindMy source.
I compiled the version vadimkozhin/st17h66-OHS-tag, but size is different.

just it

It would be good if this allowed to use another serial port.

It's currently hardcoded here:

https://github.com/biemster/FindMy/blob/e0d61617d3ff70bcdfdbcf90fb502d3b7764334b/Lenze_ST17H66/flash_st17h66.py#L74C23-L74C35

I've just received 3 tags.

Store: https://de.aliexpress.com/item/1005002599386785.html (Bought on 2. Nov 2023)
Seller: FuXin Trading Co., Ltd.
Product (US name): "Anti-Lost Mini GPS Tracker Locator Finder For Kid Key Pet Dog Cat Bicycle Car Low-Power And Environment-Friendly Practical" ("White" and "Black")

I had hoped these to be Lenze ST17H66.
However, unfortunately, they are more similar to #13.

I speculate these are WS8000, judging by the board label (which happened to be WS8030 in the other one).
In fact, the WS8030 is also available in SOP8.
The pinout roughly seems to match, but I didn't probe it yet.

Factsheet: https://www.taoic.com/company/7287/WS8000==45b88e7c-2bd3-11ec-9475-00163e1552d4-28_detail.html
This also lists JLINK TMS / TCK, so it might not be JTAG, but some specific variant of JTAG (that I'm not familiar with).
The datasheet also mentions Keil and JLINK in particular.

Testpoints:

• TCK
• VDD
• VDD
• LED
• TMS
• GND
• (One unmarked test-point)
• Some unpopulated capacitors

Unfortunately there's no TXD / RXD, so I'm not sure if I'll just throw these away.

Appears to be a 16.000 MHz Clock and some SOP8 controller (as mentioned above, likely WS8000).

The included booklet tells you to use the "Kindelf" app: https://play.google.com/store/apps/details?id=com.lenzetech.kindelf
Note how this is in fact by Lenze.

Photos:

Any ideas for custom firmwares or flashing / flash readback?

What kind of CPU is this?
Note that I found an unrelated wisesun datasheet which mentions some common CPU archs:

• https://datasheet.lcsc.com/lcsc/2304101800_wisesun-WS51F0030Q20T_C5118070.pdf
  Page 6 mentions a bit about their naming scheme (although might not be applicable).
  It lists 8051 (not 32-bit), PIC16 (not 32-bit, but PIC32 exists), ARM Cortex-M and even RISC-V, so these are strong contenders?

• https://datasheet.lcsc.com/lcsc/2305111419_wisesun-WS51F7030S08U_C5118066.pdf
  Page 6 again.
  It lists "RISC" (not any more specific) and 8051

• There's also a datasheet downloadable as PDF for the WS8300 https://datasheet.lcsc.com/lcsc/2206281830_wisesun-WS8300F5ES16_C2980817.pdf which mentions many of the same details as the WS8000 factsheet images above (despite being a different package etc).

Also ping-ing @drott

I'm seeing a large accumulation of 'Reports Received' after deploying some Tags with a faster report rate.

Anyway to reduce the amount of 'Reports Received'? I've tried tweaking the end and start date but it appears that is not directly related to the response. I'm returns with 'datePublished' fields that aren't within the requested range.

I dont know enough about the headers to make a start at that.

Thanks :)

just wondering ... have you ever noticed a limit how many keys one post can include?

The README is lacking information on how to wire up the board / chip before running the flasher.

Currently, there's a bunch of useful information that I had to search for myself:

• https://github.com/vadimkozhin/st17h66-OHS-tag/tree/main/flash_tool
• #5
• seemoo-lab/openhaystack#105 (comment)

My tags are still on their way from China (fingers crossed they are actually st17h66), so I can't try it yet.
However, skimming over those long issues makes it somewhat hard to get the most up-to-date flashing method.

I'm still not sure how to wire up my UART (or which UART adapter is even powerful enough to do it, as an ESP32 was mentioned as a UART bridge).
Also, is battery power (CR2032, for example) enough while flashing?

Hi guys,
As requested by Biemster, I made my own thread on this.

I'm trying to flash a ST17H66(in windows), looks to be the same from the first post. When I run the flash program, wait a few seconds and apply 3v3 to the board, I get this error in python:

Traceback (most recent call last):
File "C:\dit\FindMy-monterey\Lenze_ST17H66\flash_st17h66.py", line 80, in
res = uart.read(10)
File "C:\dit\venv\lib\site-packages\serial\serialwin32.py", line 295, in read
raise SerialException("GetOverlappedResult failed ({!r})".format(ctypes.WinError()))
serial.serialutil.SerialException: GetOverlappedResult failed (PermissionError(13, 'Access is denied.', None, 5))

Not sure why I get this error - I'm logged in as thee administrator, ran pycharm(or cmd) as admin, but no dice. Even moved the default COM port on the usb flasher, still no luck.

Modified the COM line in the .py:
#uart = serial.Serial('/dev/ttyUSB0', 9600, timeout=0.01, inter_byte_timeout=0.01)
uart = serial.Serial('COM6', 9600, timeout=0.01, inter_byte_timeout=0.01)

BTW, I'm using the Monterey branch and newer 3.9/3.10.3.11 versions of python.

Any ideas?

I am again getting the message "Invalid padding bytes" although I have solved it in the past.
Unfortunately, I don't have a clue now – the key is correct, password is the one of my Macbook ... the "mmeTokenFile" looks good, the "decryption_key" looks valid ... so what else could it be?

Traceback (most recent call last):
  File "/Users/humpataa/request_reports.py", line 186, in <module>
    AppleDSID,searchPartyToken = getAppleDSIDandSearchPartyToken(iCloud_decryptionkey)
  File "/Users/humpataa/request_reports.py", line 111, in getAppleDSIDandSearchPartyToken
    decryptedBinary = unpad(decrypt(open(mmeTokenFile, 'rb').read(), algorithms.AES(decryption_key), modes.CBC(b'\00' *16)), algorithms.AES.block_size)
  File "/Users/humpataa/request_reports.py", line 31, in unpad
    return unpadder.update(paddedBinary) + unpadder.finalize()
  File "/Users/humpataa/Library/Python/3.10/lib/python/site-packages/cryptography/hazmat/primitives/padding.py", line 159, in finalize
    result = _byte_unpadding_check(
  File "/Users/humpataa/Library/Python/3.10/lib/python/site-packages/cryptography/hazmat/primitives/padding.py", line 101, in _byte_unpadding_check
    raise ValueError("Invalid padding bytes.")
ValueError: Invalid padding bytes.

Any idea?

First of all thx a lot for an amazing code.
I'm not sure if this is the right place to ask:
What is the 'status': 0 field used for? Can we use it for indicating a button press on the beacon or some other sensor data like low battery level indication?

Most budget friendly iTag bluetooth trackers nowadays have the Lenze st17h66 mcu (some old stock comes with the st17h26, which is an entirely different architecture, discussed in another issue #?)
The SDK is available: ST17H66_SDK or BLE5_ST17H66 with a nice optimized example st17h66_fw_power_consumption. Also doc.lenze.club has a lot of material.

Flashing the chip proved difficult, according to the docs P09 and P10 should be the UART, but on the tags I have one of them is attached to the buzzer. Also the mcu should be reset just before the UXTDWU command is sent, but the chip does not have a reset pin. However, @vadimkozhin managed to successfully flash this chip with custom firmware as detailed here

Hi there,

I'm trying to get all location reports from a stolen iPhone which is listed in the "Find My" app.

Openhaystack doesn't work as it requires a plugin in Apple Mail - Apple Mail 16 doesn't support adding such plugins anymore...

The tool in this repository seems to generate ID's to be used for an arbitrary device. Can somebody help me with getting identifiers of my devices and change the code to use these instead of those generated by "generate_keys.py"?

The phone was stolen on 07-01-2024 (pickpocket in a train in the Netherlands) and as I understand Apple keeps reports for 7 days so the reports will already be purged.

Can I use keys I generated before for my devices in Openhaystack or the only way is to generate new ones?

Installing a full desktop OS is a bit overkill just to retrieve the reports, and prone to issues as reported in #1 #2 #7 and such.
Creating a minimal macOS can be based on the Catalina BaseSystem.dmg, and then be virtualized using https://github.com/foxlet/macOS-Simple-KVM or similar. What needs to be figured out then is how to sign in to iCloud, and run the FindMy app on this minimal image.
The extracted BaseSystem.dmg is a 1.5G, the goal is to trim this down to under 1G as much as possible.

Hi!

Thanks you so much for this project!

I've got a question:

how and where can I amend the look-back time for the report?

Based on your documentation:

POST /get_locations
This endpoint fetch the data from icloud server, decode it and return as an array.
Note:
hours is optional, default to 24 (meaning get all reports in the last 24 hours)

thanks

Some Tags are now returning data that don't fall in the EC point or are invalid .

Never seen these before.

examples below

Failed to decode elliptic curve point: Invalid EC key.
Data slice [5:62]: 0204974573496425429143fc57889425298283dc915e4fd6097dced968236b76dcf00db10aa989aac60196465b653089d4ef655a5c8a81a16d

Failed to decode elliptic curve point: Unsupported elliptic curve point type
Data slice [5:62]: 010443ed3135cec20b7505c051ddac14d49ea611da82b32cdb8f306f0c0ce54e2652e61194e9208a9df0266265732df2834d87c4e3c93cc1ae

I got this error when using python 3.9:

$ ./generate_keys.py

Traceback (most recent call last):
  File "/home/hugol/itags/FindMy/./generate_keys.py", line 28, in <module>
    priv_bytes = int.to_bytes(priv, 28)
TypeError: to_bytes() missing required argument 'byteorder' (pos 2)

A fix seems to be:
L28 priv_bytes = priv.to_bytes(28,'big')
L29 adv_bytes = adv.to_bytes(28,'big')

The documents show the first 6 bits of byte 2 of the advertising string being reserved, only the last 2 can be used "freely" (e.g. for battery state):

I've been using byte 2 of the advertisement fully for my own purpose which never happened to be a problem.
My phone has updated to 17.5.1 last night and today I see differences for faketags close to it.
Exactly since updating iOS the status byte keeps being set to zero.

Interestingly the confidence byte also has dramatically changed exactly at the time of update: it shows values 4-5 times higher than before. Without tags or phone being moved a bit. Has anyone else noticed this?

Hi, I have a 1$ aliexpress tag but don't understand how to flash openhaystack firmware.

Any help?

Hi! I was rewriting the code to use python3 but I'm getting 401 Unauthorized requests.
I wanted to ask you if there was an issue with the httplib library, with python3 I have to use http.client instead.
Or maybe you just wrote the code in python2 due to personal preference?
EDIT. It's about the headers :)

Hi,
I have successfully created the .keys file with generate_keys.py. Now I'm trying to get reports using request_reports.py.
(I am using the monterey branch and have applied the data = data.replace("'", '"') fix).

For some reason, request_reports.py ALWAYS reports 0 reports received./0 reports used.. (Even though I have 2 devices and 10 items registered).

$ python3 request_reports.py 
Keychain password:
/Users/yannik/Library/Python/3.9/lib/python/site-packages/urllib3/__init__.py:34: NotOpenSSLWarning: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'LibreSSL 2.8.3'. See: https://github.com/urllib3/urllib3/issues/3020
  warnings.warn(
200 OK
0 reports received.
0 reports used.
found:    []
missing:  ['BCBWDhj']

I'd greatly appreciate any hints how to fix this.

Edit: This is on macOS 13 / Ventura.

No matter the value I put in startDate (I first removed the *7 to get just one day, then I tried 3600000, i.e. an hour) I seem to receive always all the reports.
(I mean, I changed

data = '{"search": [{"endDate": %d, "startDate": %d, "ids": %s}]}' % (unixEpoch *1000, (unixEpoch *1000) -(86400000 *7), ids.keys())

first to

data = '{"search": [{"endDate": %d, "startDate": %d, "ids": %s}]}' % (unixEpoch *1000, (unixEpoch *1000) -(86400000), ids.keys())

then to

data = '{"search": [{"endDate": %d, "startDate": %d, "ids": %s}]}' % (unixEpoch *1000, (unixEpoch *1000) -3600000, ids.keys())
)

I don't know if it's a problem with apple servers or the parameters aren't properly formatted, I checked and apparently it's the same format used in the mobile application of openhaystack.

Is it possible to fix the int.from_bytes() calls? (4 times - see below in request_reports.py)
confidence = int.from_bytes(data[8:9], 'big')
status = int.from_bytes(data[9:10], 'big')
priv = int.from_bytes(base64.b64decode(privkeys[report['id']]), 'big')
timestamp = int.from_bytes(data[0:4], 'big') +978307200
Please also fix the getpass.getpass() call (remove the leading getpass.)

Thank you!

Running this on linux, I am not getting the 2FA prompt unless I add --trusteddevice as parameter. I read elsewhere that this is a problem on linux... so it now works fine for me...

Spun off from #12. New photo, the crystal seems to say HY 16.000D.

When powering via VDD and GND, the TXD and RXD both go high, but I don't see any signal. Connecting with 9200 and 115200 baud and sending some keystrokes does not lead to anything so far (but I might have made mistakes in the analysis.)

Apple-Airtag clone with ST17H66 on Aliexpress (https://www.aliexpress.com/item/1005004495296995.html)

Runs with Open-Haystack-App with no problems.

The minimal assembly of the pcb is interesting. No capacitors at the xtal and no antenna matching at all (see schematic).
I also removed all components that were not necessary for me, so only 4 components (ST17H66, xtal and 2 capacitors) remained. The resistor near the antenna (r6) is just a bridge (0 ohm).

Flashed with STC Auto-Programmer (CH340) without any problem.

1. connect P10 to TXD, P9 to RXD, GND to GND
2. start flash script
3. connect 3.3V to Battery +

All connection points are exposed on PCB.

MacOS Version: Big Sur (11.5.2)
I can access the different keychains well with the security command but the Icloud keychain.

Are you all seeing reporting issues from devices that have upgraded to IO17? I haven't seen any updates come through since my phone upgraded but when I go back to 16 it works fine.

Hi,
How technically feasible is it to modify this project to work with official AirTags or other Find My devices? Already working AirTag clones are being sold for $2-4 a piece on Aliexpress, so I don't see a point in spending a lot of time messing with flashing, firmwares and all of that stuff, when I can just buy a working "AirTag" for so cheap.
The only issue for me is that I have an Android phone (I was able to set the tags up using a friend's iPhone), so I need to get something similar to this project working.

Traceback (most recent call last):
File "F:\workspace\python\findmy\test1\request_reports.py", line 75, in
auth=getAuth(regenerate=args.regen, second_factor='trusted_device' if args.trusteddevice else 'sms'),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "F:\workspace\python\findmy\test1\request_reports.py", line 34, in getAuth
j = {'dsid': mobileme['dsid'], 'searchPartyToken': mobileme['delegates']['com.apple.mobileme']['service-data']['tokens']['searchPartyToken']}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
KeyError: 'service-data'

I noticed that all my devices that have 17.5.1 are no longer updating statuses of tags that are around them. Is anyone else see this issue and do we think its an apple bug?

400 Bad Request
Traceback (most recent call last):
  File "request_reports.py", line 189, in <module>
    res = json.loads(response.read())['results']
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/__init__.py", line 339, in loads
    return _default_decoder.decode(s)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py", line 364, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py", line 382, in raw_decode
    raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded

Have you encountered this before? I have automated the polling of this script, and had it running for a few days. It abruptly stopped and generated this error. Restarting the script made no change. If i go back to vanilla OHS and use the GUI, it updates fine.

Thanks!

Additional Info drawn from response headers.

[('content-length', '0'), ('via', 'xrail:st53p00ic-qujn14040502.me.com:8301:22R920:grp60,631194250daa17e24277dea86cf30319:0299c4cf8819616e8ba5700c89695c8d:jptyo12'), ('access-control-expose-headers', 'X-Apple-Request-UUID,Via'), ('strict-transport-security', 'max-age=31536000; includeSubDomains;'), ('x-responding-instance', 'acsnservice:2:prod-p00-acsnservice--partial-5b7df67f59-sx8n8:80:2388B9802:6a2bc5323182'), ('server', 'AppleHttpServer/3faf4ee9434b'), ('x-apple-jingle-correlation-key', '<removed>'), ('connection', 'keep-alive'), ('apple-seq', '0'), ('x-apple-user-partition', '0'), ('date', 'Thu, 30 Mar 2023 01:23:32 GMT'), ('x-apple-request-uuid', '<removed>'), ('apple-tk', 'false'), ('apple-originating-system', 'UnknownOriginatingSystem'), ('x-apple-edge-response-time', '168')]

I just got this error while running request_reports.py on Fedora 40 and Python 3.12.4 and I just can't fix it:

pyprovision is not installed, querying http://localhost:6969 for an anisette server
200: 1 reports received.
Traceback (most recent call last):
  File "/home/simon/Dokumente/Find My/FindMy/./request_reports.py", line 89, in <module>
    eph_key = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP224R1(), data[5:62])
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py", line 185, in from_encoded_point
    return backend.load_elliptic_curve_public_bytes(curve, data)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1120, in load_elliptic_curve_public_bytes
    raise ValueError("Invalid public bytes for the given curve")
ValueError: Invalid public bytes for the given curve