Extracting Instagram signature key

after pulling apart instagram apk + included binaries, i have managed to extract instagram’s signature key used to sign requests to their private api. so this is how i managed to extract the key

How it works?

Java_com_instagram_strings_StringBridge_getSignatureString function get the signature key from Scrambler::getString function which then encrypt the data using crypto_auth_hmacsha256_init function in order to produce a hash required for the api requests.

pseudocode

in order to extract the signature key, we can hook the strlen function which is called before the encryption. for the hooking process, we can utilize Simone Margaritelli(evilsocket) awesome project - arminject. you can get the modified version for extracting the signature key from: https://github.com/mokhdzanifaeq/arminject

poc