-
-
Save will3942/8113903 to your computer and use it in GitHub Desktop.
require 'openssl' | |
require 'base64' | |
require 'json' | |
require 'httpclient' | |
http = HTTPClient.new(:agent_name => useragent) | |
key = "" #The Private key | |
login_info = {:guid => "00000000-0000-0000-0000-000000000000", | |
:password => "PASSWORD", | |
:username => "USERNAME", | |
:device_id => "android-0000000000000000", | |
:_csrftoken => "missing" | |
}.to_json | |
signed_body = "#{Digest::HMAC.hexdigest(login_info, key, Digest::SHA256)}.#{login_info}" | |
post_data = {:signed_body => signed_body, :ig_sig_key_version => 4} | |
result = http.post("https://instagram.com/api/v1/accounts/login/", post_data, "Content-Type" => "application/json") | |
p result.body |
const-string v5, "LOGGING" | |
invoke-static {v5, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I |
Can this be used to upload photos?
Anyone figured this out on a more recent version? The above code returns "invalid domain". The instructions in the above article seem legit, but the APK has changed and I'm not sure where the relevant code is now. Also the ig_sig_key_version
sent in requests now is 5, not 4.
This is for instagram 9.2.0:
012a54f51c49aa8c5c322416ab1410909add32c966bbaa0fe3dc58ac43fd7ede
@KiralyCarft I followed the article by @mokhdzanifaeq and I found this api key. After that, I intercepted the request body to https://i.instagram.com/api/v1/accounts/login/ . Basically, the request body is the following string URL encoded:
signed_body=6f0f090924943e8a25175dcf115d7ee7564a39510ac58e5569d8523c49ceeb22.{"phone_id":"5b5fe5f2-c491-435f-8a7c-a091edaa4a29","username":"lsimaocosta","guid":"6c55c4ed-2663-406e-bc5c-480dc0001507","device_id":"android-9e111627d07b847e","password":"<<mypassword>>","login_attempt_count":"0"}&ig_sig_key_version=4
After that, using the JSON content in the above string (starting with {"phone_id" ... and ending at "login_attempt_count":"0"} I tried to recover the hash using the following ruby code:
require 'openssl'
require 'base64'
require 'json'
key = "012a54f51c49aa8c5c322416ab1410909add32c966bbaa0fe3dc58ac43fd7ede" #The Private key
digest = OpenSSL::Digest::SHA256.new
puts OpenSSL::HMAC.hexdigest( digest, key, << JSON_CONTENT>>)
but the hexdigest is not equal to the value of the hash sent in the request ... any thoughts ??
Key for Instagram 9.6.0:
19054fe6bacb4e68bb243d12a6879941be86aeb672b0a7f79f1db8573957035d
and this worked for me to get the correct hash for following users, in bash:
JSON={"_csrftoken":"xxx","user_id":"xxx","_uid":"xxx","_uuid":"xxx"}
Put in whatever values are yours, from sniffing the API
alias urlencode='python -c "import sys, urllib as ul; \
print ul.quote_plus(sys.argv[1])"'
SIGNED_BODY=$(echo -n $JSON | openssl dgst -sha256 -hmac $KEY).$(urlencode $JSON)"&ig_sig_key_version=4"
Was anyone able to extract key from 10.0.1 ?
Never mind just did it my self
@glazkoman can you post it? Also, do you have a working example to post images?
@Maarius Did you get it?
Anyone got the key for instagram 10.x ? Thanks in advance
Anyone have the key?
Anyone found key for 10.9 or later? If anyone has, Please give me i need it.
This is what Instagram-API by mgp25 used (it works):
0443b39a54b05f064a4917a3d1da4d6524a3fb0878eacabf1424515051674daa
not working anymore , does anyone still working with him this method ?
KEY: 6d51fe001d37fae892bfd51b334cf2deaa66dc8822ff37e8d0f45e8883d56061
not sure the key is the same for everybody though. you can check it yourself : http://mokhdzanifaeq.github.io/extracting-instagram-signature-key/