{"id":22822197,"url":"https://github.com/datalux/instagram-weak-encryption","last_synced_at":"2025-10-07T08:31:23.172Z","repository":{"id":104251201,"uuid":"417037583","full_name":"Datalux/instagram-weak-encryption","owner":"Datalux","description":"Get the length of the Instagram encrypted password","archived":false,"fork":false,"pushed_at":"2023-11-07T00:01:40.000Z","size":9,"stargazers_count":48,"open_issues_count":3,"forks_count":10,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-14T22:45:07.183Z","etag":null,"topics":["encryption","facebook","instagram","padding","penetration-testing-tools","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Datalux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-14T07:48:43.000Z","updated_at":"2025-01-10T22:36:39.000Z","dependencies_parsed_at":"2024-12-12T16:11:11.240Z","dependency_job_id":"49efc637-d63c-4f93-a810-a3524f032237","html_url":"https://github.com/Datalux/instagram-weak-encryption","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Datalux%2Finstagram-weak-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Datalux%2Finstagram-weak-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Datalux%2Finstagram-weak-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Datalux%2Finstagram-weak-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Datalux","download_url":"https://codeload.github.com/Datalux/instagram-weak-encryption/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235607123,"owners_count":19017298,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","facebook","instagram","padding","penetration-testing-tools","vulnerability"],"created_at":"2024-12-12T16:11:00.971Z","updated_at":"2025-10-07T08:31:17.904Z","avatar_url":"https://github.com/Datalux.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# instagram-weak-encryption\nGet the length of the Instagram encrypted password\n\n# Introduction\nInstagram and Facebook encrypt the password submitted at login to sending this to the server, but the encryption has not padding so it's easy to exctract the **password length** from the ciphertext.\n\n# Encryption phases\nInstagram use AES256-GCM to encrypt the password in this with an 12 byte IV and a timestamp as AD. \n\nWe can see the current Instagram encryption configurations at this [endpoint](https://www.instagram.com/data/shared_data/).\nFor example:\n```json\n\"encryption\": {\n  \"key_id\": \"251\",\n  \"public_key\": \"64c25328c4ba5e40f4e249310b861aa616488e096d4de6f2018c3c33c5e6d75c\",\n  \"version\": \"10\"\n  }\n```\n\nThis is a ciphertext example:\n`#PWD_INSTAGRAM_BROWSER:10:1633796717:AY5QAElzjWV0j+OJ+qAnNXpQjZ6TN7A980Y2RMlrl63z80AkALvvb1IHYpzDXeX5w/Mf1jxTbF2PVJRh/Q99+J7FXkgmnE9qOhatEbKkdyoatN952Dee/PC8CiWLJTcoFDiCFovU9uwijaIDycIQ7w==`\n\n\nWe can se that it have a fixed structure that can be expressed like this: \n\n`\u003capp_type\u003e:\u003cencryption_version\u003e:\u003ctimestamp\u003e:\u003cbase64_ciphertext\u003e`\n\nIn addiction we know the ciphertext structures:\n\n`key_id|encrypted_key|tag|aes_output`\n\n\nThis is an encryption preudo-code example.\n```\nint[32] key = create_random_key();\nint[12] iv = create_random_iv();\nint[16] tag;\nbyte[] ad = get_timestamp();\nstring plaintext = password;\n\nciphertext = encrypt_aes_256_gcm(\n  iv,\n  key,\n  tag,\n  plaintext,\n  ad \n);\n```\n\n# The problem\n\nBy collecting two or more ciphertexts we can see that the ciphertext length depends on the plaintext length so there is not any padding applied to the plaintext.\nFor example:\n\n\nPassword length 8: `#PWD_INSTAGRAM_BROWSER:10:1633796644:AY5QAOHhnlwGkvikhrThjD0/XSZAVlJ+dFBGNAtG4JhnP5c42slFXO0H0xpE3W2JSlcdjDEDI1O/CioKL5zXhXCfkRpL+ItOqUB0jhpl/D3EcTEI9iTq0XSpmGDvxb7fwaCvNFv2xFj4lvsv`\n\nPassword length 12: `#PWD_INSTAGRAM_BROWSER:10:1633796717:AY5QAElzjWV0j+OJ+qAnNXpQjZ6TN7A980Y2RMlrl63z80AkALvvb1IHYpzDXeX5w/Mf1jxTbF2PVJRh/Q99+J7FXkgmnE9qOhatEbKkdyoatN952Dee/PC8CiWLJTcoFDiCFovU9uwijaIDycIQ7w==`\n\nTherefore we need to setup a way to extract the password length from the ciphertext\n\n# Calculate the length\nIt's very easy to calculate the password length simply by count the ciphertext length and see the base64 padding.\nWe need to calculate:\n1. The base64 blocks number\n2. How many '=' base64 pad there are\n3. The difference between the ciphertext length and a one char password ciphertext length (136 chars)\n\nI combined these points to create a simple Python script to calculate the exact length of a password:\n```Python\nc = enc.split(':')[3] if ':' in enc else enc\ncl = len(c)\npad = (int)((cl / 4) - 36)\npad1 = 1 if c[-1] == '=' else 0\npad2 = 1 if c[-2] == '=' else 0\npl = (len(c) - 136 - pad - pad1 - pad2)\nprint(pl)\n```\n\n# Impact\nTo exploit this you need to read the comminication between the client and server.\nI have imaginad three possibile scenario:\n1. An attacker have physical access to the victim machine\n2. MITM attack\n3. Bad VPN that can read the traffic\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatalux%2Finstagram-weak-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatalux%2Finstagram-weak-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatalux%2Finstagram-weak-encryption/lists"}