Help/Support Teach me how to extract the Instagram signature key hash from iOS

maddo7 · November 22, 2016

Hello,

I didn't find a "want to buy" or "paid" section of the forum so I'm posting it here.

I'm looking for somebody with reverse engineering skills who could teach me how to get the signature key hash from the iOS version of Instagram.

I have a jailbroken iPhone 6 with iOS 9.0 which I could use.

You would need to tell me the exact steps needed to extract the key from the App and answer possible questions.

I have basic reverse engineering skills on Android but none on iOS so I want to get this going asap.

Of course I will pay for your time and service, please tell me your offers.

Crypto · November 22, 2016

Of course I will pay for your time and service, please tell me your offers.

@ZahirSher

STRINGCEIL · November 22, 2016

Hmmm so ? Here isn't allow buy or sell

maddo7 · November 22, 2016

The rules say "selling anything in general is prohibited."

I'm not selling something and I don't want to buy a product/something.

I'm looking for a service which could be free as well. The terms are between me and the person who accepts the request.

Updated November 22, 2016 by maddo7

November 23, 2016

The rules say "selling anything in general is prohibited."

I'm not selling something and I don't want to buy a product/something.

I'm looking for a service which could be free as well. The terms are between me and the person who accepts the request.

I googled signature key hash and I don't think iOS has anything like it

maddo7 · November 24, 2016

I googled signature key hash and I don't think iOS has anything like it

When you take a look at instagram requets it usually looks like this:

signed_body=e365434d1344fc5d73f85bb72b2d7e3474dd8227275071cb9dd9649ca4f0216d.%7B%22media_id%22%3A%22528086397952388638_263262746%22%7D&ig_ sig_key_version=4&src=timeline&d=0

So the first hash before the . is generated by using hmac sha256 on the string after the . with a special key.

I need the key that generates "e365434d1344fc5d73f85bb72b2d7e3474dd8227275071cb9dd9649ca4f0216d" out of "%7B%22media_id%22%3A%22528086397952388638_263262746%22%7D"

Crypto · November 24, 2016

When you take a look at instagram requets it usually looks like this:

signed_body=e365434d1344fc5d73f85bb72b2d7e3474dd8227275071cb9dd9649ca4f0216d.%7B%22media_id%22%3A%22528086397952388638_263262746%22%7D&ig_ sig_key_version=4&src=timeline&d=0

So the first hash before the . is generated by using hmac sha256 on the string after the . with a special key.

I need the key that generates "e365434d1344fc5d73f85bb72b2d7e3474dd8227275071cb9dd9649ca4f0216d" out of "%7B%22media_id%22%3A%22528086397952388638_263262746%22%7D"

Why do you need this?