search

M3ikShizuka / instagram-private-api

#instagram #private #api #signin #reverse #web #encrypt #decrypt #deobfuscate #session #PWD_INSTAGRAM_BROWSER
18 stars 4 forks source link

Help-me generate this successfully #2

Open pauloswear opened 1 year ago

pauloswear commented 1 year ago

Hello, i am using your model to try generate encrypted password, i will post my code, hope can you help-me

from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import base64
import struct
from datetime import datetime

def encrypt_password(password, key_id, public_key, version):
    iv = get_random_bytes(12)
    key = get_random_bytes(32)
    ad = str(int(datetime.now().timestamp())).encode()

    cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
    ciphertext, tag = cipher.encrypt_and_digest(password.encode())

    encrypted_key = base64.b64encode(seal_key(key, public_key)).decode()

    result = bytearray([1, int(key_id)])
    result.extend(struct.pack('<H', len(encrypted_key)))
    result.extend(base64.b64decode(encrypted_key))
    result.extend(tag)
    result.extend(ciphertext)

    payload = base64.b64encode(result).decode()

    return f"#PWD_INSTAGRAM_BROWSER:{version}:{int(datetime.now().timestamp())}:{payload}"

def seal_key(key, public_key):
    return public_key.encode() + key

But when I request login endpoint I can't login, it happens:

{"message":"CSRF token missing or incorrect","status":"fail"}

Non encrypted password with 0 version works fine

M3ikShizuka commented 1 year ago

Hello, @pauloswear. At the moment I cannot check if the method specified in this project works.

The message you received in response indicates a problem with the CSRFToken. "message":"CSRF token missing or incorrect"

Are you extracting the "X-CSRFToken" value from the header of the first server response to your request and using it in a subsequent login request?

As specified in the first step in the readme file: https://github.com/M3ikShizuka/instagram-private-api/blob/80cb8ea61ae7b3a2d770b76a355d7b1c4a05e52d/README.MD?plain=1#L28

pauloswear commented 1 year ago

Yes, I am extracting this. Is possible to exists another key that's missing on final password encrypted?

M3ikShizuka commented 1 year ago

Yes, it is possible. The last time I checked this was before I uploaded it to the repository. That was a long time ago, maybe something has changed since then.