Skip to content

Instantly share code, notes, and snippets.

Last active Sep 15, 2021
What would you like to do?
Reverse-Engineering Instagram
require 'openssl'
require 'base64'
require 'json'
require 'httpclient'
http = => useragent)
key = "" #The Private key
login_info = {:guid => "00000000-0000-0000-0000-000000000000",
:password => "PASSWORD",
:username => "USERNAME",
:device_id => "android-0000000000000000",
:_csrftoken => "missing"
signed_body = "#{Digest::HMAC.hexdigest(login_info, key, Digest::SHA256)}.#{login_info}"
post_data = {:signed_body => signed_body, :ig_sig_key_version => 4}
result ="", post_data, "Content-Type" => "application/json")
p result.body
const-string v5, "LOGGING"
invoke-static {v5, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
Copy link

edmund5 commented Feb 8, 2014

got an error: undefined variable or method "useragent"

Copy link

netics commented Feb 18, 2014

Unfortunately the Instagram app is closing after I hit the login button. No logs with "LOGGING" are sent.

Also, I didn't find the .line 70 in 5.0.6

Copy link

milesoberstadt commented Mar 8, 2014

Forgive my ignorance, but is there any chance you can post the private key? I can't seem to get the apk to recompile after making these changes...

Copy link

Lotogram commented Sep 19, 2014

Please post the private key, thanks.

Copy link

ydaniels commented Oct 5, 2014

yea please anyone with the private key that can help

Copy link

nemoryoliver commented Jan 4, 2015

This is the PRIVATE KEY b4a23f5e39b5929e0666ac5de94c89d1618a2916

but I am not sure if it's the same key for Instagram 6+

Copy link

ydaniels commented Jan 11, 2015

no they have changed it . the old one ain't working anymore

Copy link

mokhdzanifaeq commented Feb 28, 2015

KEY: 6d51fe001d37fae892bfd51b334cf2deaa66dc8822ff37e8d0f45e8883d56061
not sure the key is the same for everybody though. you can check it yourself :

Copy link

timigod commented Jan 24, 2016

Can this be used to upload photos?

Copy link

endquote commented Jun 12, 2016

Anyone figured this out on a more recent version? The above code returns "invalid domain". The instructions in the above article seem legit, but the APK has changed and I'm not sure where the relevant code is now. Also the ig_sig_key_version sent in requests now is 5, not 4.

Copy link

KiralyCraft commented Aug 28, 2016

This is for instagram 9.2.0:


Copy link

lucassimao commented Aug 29, 2016

@KiralyCarft I followed the article by @mokhdzanifaeq and I found this api key. After that, I intercepted the request body to . Basically, the request body is the following string URL encoded:


After that, using the JSON content in the above string (starting with {"phone_id" ... and ending at "login_attempt_count":"0"} I tried to recover the hash using the following ruby code:

require 'openssl'
require 'base64'
require 'json'

key = "012a54f51c49aa8c5c322416ab1410909add32c966bbaa0fe3dc58ac43fd7ede" #The Private key
digest =
puts OpenSSL::HMAC.hexdigest( digest, key, << JSON_CONTENT>>)

but the hexdigest is not equal to the value of the hash sent in the request ... any thoughts ??

Copy link

eliasbagley commented Dec 2, 2016

Key for Instagram 9.6.0:

and this worked for me to get the correct hash for following users, in bash:
Put in whatever values are yours, from sniffing the API

alias urlencode='python -c "import sys, urllib as ul; \
    print ul.quote_plus(sys.argv[1])"'

SIGNED_BODY=$(echo -n $JSON | openssl dgst -sha256 -hmac $KEY).$(urlencode $JSON)"&ig_sig_key_version=4"

Copy link

drawrowfly commented Dec 3, 2016

Was anyone able to extract key from 10.0.1 ?

Copy link

drawrowfly commented Dec 3, 2016

Never mind just did it my self

Copy link

Maarius commented Dec 9, 2016

@glazkoman can you post it? Also, do you have a working example to post images?

Copy link

Trewqa commented Dec 25, 2016

@Maarius Did you get it?

Copy link

Coldz0 commented Feb 9, 2017

Anyone got the key for instagram 10.x ? Thanks in advance

Copy link

TonyDaniels commented Mar 22, 2017

Anyone have the key?

Copy link

wondersoftwares671 commented Jun 6, 2017

Anyone found key for 10.9 or later? If anyone has, Please give me i need it.

Copy link

alitoufighi commented Sep 17, 2017

This is what Instagram-API by mgp25 used (it works):

Copy link

remon commented Nov 29, 2017

not working anymore , does anyone still working with him this method ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment