Locating Items.Data

Up until Sonoma 14.3 you could just change the settings for full disk access like so to see the file in Terminal, this was a normal thing we did:

To grant full disk access to the Terminal program on a Mac, you can follow these steps:

Open "System Preferences" and click on "Security & Privacy"

Select the "Privacy" tab, then choose "Full Disk Access" from the left-hand menu

Click the lock icon at the bottom left to make changes, then enter your system administrator password

Click the "+" button, then navigate to and select the Terminal program

Once the Terminal program is added, it will have full disk access.

Following these steps will grant the Terminal program full disk access on your Mac.

But I noticed today with Sonoma 14.4 Apple has now encrypted the /Library/Caches/com.apple.findmy.fmipcore/Items.data file:

This is top part of the file which sits on the disk as a binary file and you can see below by running command: plutil -convert xml1 Items.data

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>encryptedData</key> <data> kFZv8TThNHlX/BRTODmYYm+PMOlMUISTiImesRkDiaHHnaOFwPCRTmrIFSHKq3d1scgo UObkoq0Gc5QpWmAAOWEzLjgbQUHwOCvife8PSToj54AyDBTuc0peHdio6n5LC5Vy3FfU dd5VS5NLBs83PXK88bk3OJ1ul9KvI0hOm0hWulR4VhkiR9fyfSXN1Tn3OMw1A1KW0WO+ <snipped due to length>

Now here we stand, how do we decrypt this file. It is considered an encrypted plist file. Now I know why apple did this, obviously to stop us from pulling airtag data to use in our own apps,

I know is iOS you can use some type of function to decrypt iOS plists but under macos I never had to worry about that before.

If anyone has any suggestions I am all ears !!!!

Rob