I’m looking for somebody with reverse engineering skills who could teach me how to get the signature key hash from the iOS version of Instagram.
I have a jailbroken iPhone 6 with iOS 9.0 which I could use.
You would need to tell me the exact steps needed to extract the key from the App and answer possible questions.
I have basic reverse engineering skills on Android but none on iOS so I want to get this going asap.
Of course I will pay for your time and service, please tell me your offers.
Why do you want to do this?
I want to automate my account
What exactly do you mean by “automate my account”?
I want to use the Instagram API with my account to perform actions like uploading pictures etc.
Then you don’t have to get the signature or something like that; just reverse the API that uploads pictures will do the job
Instagram signs every request with a hmac sha hash.
A request looks like as an example.
nc8e1774526bf84b58bb4ffebb357bddb822a5183e0355db1effc2dad47107a29 is generated by a hmac function with a key.
Without this key I cannot generate the signature and requests won’t get accepted.
Basically I checked the App with IDA and followed your iOSAppReverseEngineering.pdf
I think I know where the key gets generated and I’m trying to gett it with LLDB and a breakpoint but I’m having many issues where I could need help.
For example I used the ASLR offset + the pointer from IDA to get the address
Then I set a breakpoint which worked but as soon as the breakpoint hits I get
`(lldb) Process 21538 stopped
- thread #13: tid = 0x6538, 0xff76545e, stop reason = EXC_BAD_ACCESS (code=1, address=0xff76545e)
frame #0: 0xff76545e
error: memory read failed for 0xff765400`
and the app continues to run but not fully. I can see the loading circle spinning but nothing else works.
For such issues which are very time consuming to resolve on my own, I’d like to have somebody in chat/skype to talk to and help me resolve these issues.
I’d pay for the time this takes.
Okay, it is possible to extract the key but there’s a catch.
It seems the key gets altered by the app if you try to extract it so it will return a valid hash key but it seems this key is rate limited.
Unmodified/Unjailbroken devices use a different key to generate the hash so it seems to change dynamically when you try to mess with the app.
I already had a reverse engineerer look at this without success.
This seems like a very difficult task and I’d need an experienced pro to look at this and verify it for me.
Have you fixed this issue? Pls share some info