-
-
Save will3942/8113903 to your computer and use it in GitHub Desktop.
require 'openssl' | |
require 'base64' | |
require 'json' | |
require 'httpclient' | |
http = HTTPClient.new(:agent_name => useragent) | |
key = "" #The Private key | |
login_info = {:guid => "00000000-0000-0000-0000-000000000000", | |
:password => "PASSWORD", | |
:username => "USERNAME", | |
:device_id => "android-0000000000000000", | |
:_csrftoken => "missing" | |
}.to_json | |
signed_body = "#{Digest::HMAC.hexdigest(login_info, key, Digest::SHA256)}.#{login_info}" | |
post_data = {:signed_body => signed_body, :ig_sig_key_version => 4} | |
result = http.post("https://instagram.com/api/v1/accounts/login/", post_data, "Content-Type" => "application/json") | |
p result.body |
const-string v5, "LOGGING" | |
invoke-static {v5, v0}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I |
@KiralyCarft I followed the article by @mokhdzanifaeq and I found this api key. After that, I intercepted the request body to https://i.instagram.com/api/v1/accounts/login/ . Basically, the request body is the following string URL encoded:
signed_body=6f0f090924943e8a25175dcf115d7ee7564a39510ac58e5569d8523c49ceeb22.{"phone_id":"5b5fe5f2-c491-435f-8a7c-a091edaa4a29","username":"lsimaocosta","guid":"6c55c4ed-2663-406e-bc5c-480dc0001507","device_id":"android-9e111627d07b847e","password":"<<mypassword>>","login_attempt_count":"0"}&ig_sig_key_version=4
After that, using the JSON content in the above string (starting with {"phone_id" ... and ending at "login_attempt_count":"0"} I tried to recover the hash using the following ruby code:
require 'openssl'
require 'base64'
require 'json'
key = "012a54f51c49aa8c5c322416ab1410909add32c966bbaa0fe3dc58ac43fd7ede" #The Private key
digest = OpenSSL::Digest::SHA256.new
puts OpenSSL::HMAC.hexdigest( digest, key, << JSON_CONTENT>>)
but the hexdigest is not equal to the value of the hash sent in the request ... any thoughts ??
Key for Instagram 9.6.0:
19054fe6bacb4e68bb243d12a6879941be86aeb672b0a7f79f1db8573957035d
and this worked for me to get the correct hash for following users, in bash:
JSON={"_csrftoken":"xxx","user_id":"xxx","_uid":"xxx","_uuid":"xxx"}
Put in whatever values are yours, from sniffing the API
alias urlencode='python -c "import sys, urllib as ul; \
print ul.quote_plus(sys.argv[1])"'
SIGNED_BODY=$(echo -n $JSON | openssl dgst -sha256 -hmac $KEY).$(urlencode $JSON)"&ig_sig_key_version=4"
Was anyone able to extract key from 10.0.1 ?
Never mind just did it my self
@glazkoman can you post it? Also, do you have a working example to post images?
@Maarius Did you get it?
Anyone got the key for instagram 10.x ? Thanks in advance
Anyone have the key?
Anyone found key for 10.9 or later? If anyone has, Please give me i need it.
This is what Instagram-API by mgp25 used (it works):
0443b39a54b05f064a4917a3d1da4d6524a3fb0878eacabf1424515051674daa
not working anymore , does anyone still working with him this method ?
This is for instagram 9.2.0:
012a54f51c49aa8c5c322416ab1410909add32c966bbaa0fe3dc58ac43fd7ede