Extracting Instagram signature key

after pulling apart instagram apk + included binaries, i have managed to extract instagram’s signature key used to sign requests to their private api. so this is how i managed to extract the key

How it works

Java_com_instagram_strings_StringBridge_getSignatureString function get the signature key from Scrambler::getString function which then encrypt the data using crypto_auth_hmacsha256_init function in order to produce a hash required for the api requests

pseudocode

Hooking system function

in order to extract the signature key, we can hook the strlen function which is called before the encryption. for the hooking process, we can utilize Simone Margaritelli(evilsocket) awesome project - arminject. you can get the modified version for extracting the signature key from: https://github.com/mokhdzanifaeq/arminject

poc