ahmdrz / goinsta

Unofficial Instagram API written in Golang
MIT License
895 stars 247 forks source link

Password encryption #331

Closed TheForgotten69 closed 3 years ago

TheForgotten69 commented 3 years ago

Anyone did try to port the code to encrypt password in golang? https://github.com/dilame/instagram-private-api/issues/1010

Per this discussion, all I have is this and I think I'm missing something as there is no tag in golang (it's WIP I know it's not pretty lol)

` func EncodePassword(pass string, instaClient *Client) (out string, err error) {

//necessary for password format
curTime := fmt.Sprintf("%d", time.Now().UnixNano()/int64(time.Second))
bPassword := []byte(pass)

//AES-init
//nonce is only 12 bytes
nonce := make([]byte, 12)
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
    panic(err.Error())
}
key :=  make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, key); err != nil {
    panic(err.Error())
}
//RSA-init
//The pubkey is always base64 encoded
bPubKey, err :=base64.StdEncoding.DecodeString(instaClient.EncryptionPubKey)
if err != nil {
    return
}
//THE RSA key that we received is used to encrypt the password, then everything is wrapped in AES-GCM Encryption
//The key is an RSA key in RSA_PKCS1_PADDING Type
blockRSA, _ := pem.Decode(bPubKey)
if blockRSA == nil  || blockRSA.Type != "PUBLIC KEY" {
    return "", errors.New("public key error")
}
pub, err := x509.ParsePKIXPublicKey(blockRSA.Bytes)
if err != nil {
    return "", err
}
//RSA encrypt
bEncryptedKey, err := rsa.EncryptPKCS1v15(rand.Reader, pub.(*rsa.PublicKey), key)
if err != nil {
    return

}
fmt.Println(bEncryptedKey)
//Cypher
blockAES, err := aes.NewCipher(key)
if err != nil {
    return
}
//Example again: https://stackoverflow.com/questions/62076725/instagram-enc-password-generation
AesGcm, err := cipher.NewGCM(blockAES)
if err != nil {
    panic(err.Error())
}
ciphertext := AesGcm.Seal(nil, nonce, bPassword, []byte(curTime))
fmt.Println(AesGcm.Overhead())
//authTag= https://github.com/golang/go/issues/24990
//payload = base64.b64encode((b"\x01\x00" + publickeyid.to_bytes(2, byteorder='big') + iv + len(enc_session_key).to_bytes(2, byteorder='big') + enc_session_key + tag + ciphertext))
pubKeyId := append([]byte("\u0001"), []byte(instaClient.EncryptionKeyID)[0:2]...)
lenEncryptedKey := []byte(string(len(bEncryptedKey)))[0:2]
tag := ciphertext[len(ciphertext)-16:]
fcipherText := ciphertext[:len(ciphertext)-16]
finalS := append(append(append(append(append(pubKeyId, nonce...), lenEncryptedKey...), bEncryptedKey...), tag...), fcipherText...)
fmt.Println(finalS)

out = fmt.Sprintf("#PWD_INSTAGRAM:4:%s:%s", curTime,  base64.StdEncoding.EncodeToString(finalS))

} `

aliforever commented 3 years ago

Check this out: https://github.com/aliforever/go-nodejs-rsa-gcm

It can be used to encrypt instagram's password

TheForgotten69 commented 3 years ago

thanks @aliforever !