Reverse-Engineering Instagram

app.rb

require 'openssl'
require 'base64'
require 'json'
require 'httpclient'

http = HTTPClient.new(:agent_name => useragent)
key = "" #The Private key
login_info = {:guid => "00000000-0000-0000-0000-000000000000",
                  :password => "PASSWORD", 
                  :username => "USERNAME", 
                  :device_id => "android-0000000000000000",
                  :_csrftoken => "missing"
                  }.to_json
signed_body = "#{Digest::HMAC.hexdigest(login_info, key, Digest::SHA256)}.#{login_info}"
post_data = {:signed_body => signed_body, :ig_sig_key_version => 4}
result = http.post("https://instagram.com/api/v1/accounts/login/", post_data, "Content-Type" => "application/json")
p result.body

logging_function.smali

const-string v5, "LOGGING"
invoke-static {v5, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I

got an error: undefined variable or method "useragent"

Unfortunately the Instagram app is closing after I hit the login button. No logs with "LOGGING" are sent.

Also, I didn't find the .line 70 in 5.0.6

Forgive my ignorance, but is there any chance you can post the private key? I can't seem to get the apk to recompile after making these changes...

Please post the private key, thanks.

yea please anyone with the private key that can help

This is the PRIVATE KEY b4a23f5e39b5929e0666ac5de94c89d1618a2916

but I am not sure if it's the same key for Instagram 6+

no they have changed it . the old one ain't working anymore

KEY: 6d51fe001d37fae892bfd51b334cf2deaa66dc8822ff37e8d0f45e8883d56061
not sure the key is the same for everybody though. you can check it yourself : http://mokhdzanifaeq.github.io/extracting-instagram-signature-key/

Can this be used to upload photos?

Anyone figured this out on a more recent version? The above code returns "invalid domain". The instructions in the above article seem legit, but the APK has changed and I'm not sure where the relevant code is now. Also the ig_sig_key_version sent in requests now is 5, not 4.

This is for instagram 9.2.0:

012a54f51c49aa8c5c322416ab1410909add32c966bbaa0fe3dc58ac43fd7ede

@KiralyCarft I followed the article by @mokhdzanifaeq and I found this api key. After that, I intercepted the request body to https://i.instagram.com/api/v1/accounts/login/ . Basically, the request body is the following string URL encoded:

signed_body=6f0f090924943e8a25175dcf115d7ee7564a39510ac58e5569d8523c49ceeb22.{"phone_id":"5b5fe5f2-c491-435f-8a7c-a091edaa4a29","username":"lsimaocosta","guid":"6c55c4ed-2663-406e-bc5c-480dc0001507","device_id":"android-9e111627d07b847e","password":"<<mypassword>>","login_attempt_count":"0"}&ig_sig_key_version=4

After that, using the JSON content in the above string (starting with {"phone_id" ... and ending at "login_attempt_count":"0"} I tried to recover the hash using the following ruby code:

require 'openssl'
require 'base64'
require 'json'

key = "012a54f51c49aa8c5c322416ab1410909add32c966bbaa0fe3dc58ac43fd7ede" #The Private key
digest = OpenSSL::Digest::SHA256.new
puts OpenSSL::HMAC.hexdigest( digest, key, << JSON_CONTENT>>)

but the hexdigest is not equal to the value of the hash sent in the request ... any thoughts ??

Key for Instagram 9.6.0:
19054fe6bacb4e68bb243d12a6879941be86aeb672b0a7f79f1db8573957035d

and this worked for me to get the correct hash for following users, in bash:
JSON={"_csrftoken":"xxx","user_id":"xxx","_uid":"xxx","_uuid":"xxx"}
Put in whatever values are yours, from sniffing the API

alias urlencode='python -c "import sys, urllib as ul; \
    print ul.quote_plus(sys.argv[1])"'

SIGNED_BODY=$(echo -n $JSON | openssl dgst -sha256 -hmac $KEY).$(urlencode $JSON)"&ig_sig_key_version=4"

Was anyone able to extract key from 10.0.1 ?

Never mind just did it my self

@glazkoman can you post it? Also, do you have a working example to post images?

@Maarius Did you get it?

Anyone got the key for instagram 10.x ? Thanks in advance

Anyone have the key?

Anyone found key for 10.9 or later? If anyone has, Please give me i need it.

This is what Instagram-API by mgp25 used (it works):
0443b39a54b05f064a4917a3d1da4d6524a3fb0878eacabf1424515051674daa

not working anymore , does anyone still working with him this method ?