Get the length of the Instagram encrypted password

Related tags

Cryptographyinstagramfacebookencryptionvulnerabilitypaddingpenetration-testing-tools
Overview

instagram-weak-encryption

Get the length of the Instagram encrypted password

Introduction

Instagram and Facebook encrypt the password submitted at login to sending this to the server, but the encryption has not padding so it's easy to exctract the password length from the ciphertext.

Encryption phases

Instagram use AES256-GCM to encrypt the password in this with an 12 byte IV and a timestamp as AD.

We can see the current Instagram encryption configurations at this endpoint. For example:

"encryption": {
  "key_id": "251",
  "public_key": "64c25328c4ba5e40f4e249310b861aa616488e096d4de6f2018c3c33c5e6d75c",
  "version": "10"
  }

This is a ciphertext example: #PWD_INSTAGRAM_BROWSER:10:1633796717:AY5QAElzjWV0j+OJ+qAnNXpQjZ6TN7A980Y2RMlrl63z80AkALvvb1IHYpzDXeX5w/Mf1jxTbF2PVJRh/Q99+J7FXkgmnE9qOhatEbKkdyoatN952Dee/PC8CiWLJTcoFDiCFovU9uwijaIDycIQ7w==

We can se that it have a fixed structure that can be expressed like this:

: : :

In addiction we know the ciphertext structures:

key_id|encrypted_key|tag|aes_output

This is an encryption preudo-code example.

int[32] key = create_random_key();
int[12] iv = create_random_iv();
int[16] tag;
byte[] ad = get_timestamp();
string plaintext = password;

ciphertext = encrypt_aes_256_gcm(
  iv,
  key,
  tag,
  plaintext,
  ad 
);

The problem

By collecting two or more ciphertexts we can see that the ciphertext length depends on the plaintext length so there is not any padding applied to the plaintext. For example:

Password length 8: #PWD_INSTAGRAM_BROWSER:10:1633796644:AY5QAOHhnlwGkvikhrThjD0/XSZAVlJ+dFBGNAtG4JhnP5c42slFXO0H0xpE3W2JSlcdjDEDI1O/CioKL5zXhXCfkRpL+ItOqUB0jhpl/D3EcTEI9iTq0XSpmGDvxb7fwaCvNFv2xFj4lvsv

Password length 12: #PWD_INSTAGRAM_BROWSER:10:1633796717:AY5QAElzjWV0j+OJ+qAnNXpQjZ6TN7A980Y2RMlrl63z80AkALvvb1IHYpzDXeX5w/Mf1jxTbF2PVJRh/Q99+J7FXkgmnE9qOhatEbKkdyoatN952Dee/PC8CiWLJTcoFDiCFovU9uwijaIDycIQ7w==

Therefore we need to setup a way to extract the password length from the ciphertext

Calculate the length

It's very easy to calculate the password length simply by count the ciphertext length and see the base64 padding. We need to calculate:

  1. The base64 blocks number
  2. How many '=' base64 pad there are
  3. The difference between the ciphertext length and a one char password ciphertext length (136 chars)

I combined these points to create a simple Python script to calculate the exact length of a password:

c = enc.split(':')[3] if ':' in enc else enc
cl = len(c)
pad = (int)((cl / 4) - 36)
pad1 = 1 if c[-1] == '=' else 0
pad2 = 1 if c[-2] == '=' else 0
pl = (len(c) - 136 - pad - pad1 - pad2)
print(pl)

Impact

To exploit this you need to read the comminication between the client and server. I have imaginad three possibile scenario:

  1. An attacker have physical access to the victim machine
  2. MITM attack
  3. Bad VPN that can read the traffic
Owner
Giuseppe Criscione
MSc in "Network and Security Systems" at University of Catania. Cyber Security Engineer && Android Developer
Giuseppe Criscione
GitHub Repository
A Python script to implement Hill's Cipher Encryption and Decryption.

Hill_Cipher-Encryption_and_Decryption A Python script to implement Hill's Cipher Encryption and Decryption. Initially in the Encryption part, the Plai

Vishvendra Singh 1 Jan 19, 2022
Enchpyter, is able to encrypt and decrypt words as you determine, of course, according to the alphabet.

Enchpyter Enchpyter is a program do encrypt and decrypt any word you want (just letters). You enter how many letters jumps and write the word, so, the

João Assalim 2 Oct 10, 2022
Aplicação de monitoramento de valores de criptos através da API do Mercado Bitcoin.

myCrypto_MercadoBitcoin Aplicação de monitoramento de valores de criptos através da API do Mercado Bitcoin. Apoie esse projeto! 💵 💵 Olá! Você pode r

Vinícius Azevedo 122 Nov 27, 2022
Arithmos Cipher is a simple Cryptography that I created myself in Python

Arithmos Cipher is a simple Cryptography that I created myself in Python

LyQuid :3 3 Oct 19, 2022
A python tool to track prices of various cryptocurrencies and alert

CryptoPriceTracker This is a tool to track prices of various cryptocurrencies and alert the user once the user defined maximum & minimum target is rea

1 Oct 01, 2021
Blockchain Python Implementation

Blockchain Python Implementation

0918nobita 2 Nov 21, 2021
Amazing CryptoWAF was a CTF challenge for ALLES! CTF 2021

ctf-cryptowaf The AmazingCryptoWAF ™️ is used by the "noter" web app, to offer automagically military encryption for any user data. Even if an attacke

32 Jan 02, 2023
A curated list for getting up to speed on crypto and decentralized networks

crypto reading list A curated list for getting up to speed on crypto and decentralized networks. The content on the toplevel page contains what we con

Jump Crypto 1.1k Jan 07, 2023
Cryptocurrency application that displays instant cryptocurrency prices and reads prices with the Google Text-to-Speech library.

📈 Cryptocurrency Price App 💰 ◽ Cryptocurrency application that displays instant cryptocurrency prices and reads prices with the Google Text-to-Speec

Furkan Mert 2 Nov 08, 2021
Simple one-time pad (OTP) encryption

Introduction What you will make In this resource you will learn how to create and use an encryption technique known as the one-time pad. This method o

Rabih ND 6 Nov 06, 2022
An advanced caesar cypher python module

CaesarPlus An advanced caesar cypher python module What is CaesarPlus CaesarPlus is a advanced caesar cypher python module that is more secure than ca

1 Mar 18, 2022
Simple python crypto bot to trade crypto on Binance based on RSI. Utilizing web sockets to get real-time prices

Py Crypto Bot Using Binance WebSocket API to get real-time price data for cryptocurrencies. Using the TA-Lib library to calculate the RSI and execute

Kennedy Ngugi Mwaura 15 Jan 04, 2023
This is an experimental AES-encrypted RPC API for ESP 8266.

URPC This is an experimental AES-encrypted RPC API for ESP 8266. Usage The server folder contains a sample ESP 8266 project. Simply set the values in

Ian Walton 1 Oct 26, 2021
Python ASN.1 library with a focus on performance and a pythonic API

asn1crypto A fast, pure Python library for parsing and serializing ASN.1 structures. Features Why Another Python ASN.1 Library? Related Crypto Librari

Will Bond 282 Dec 11, 2022
Encrypt your code without a worry. Stark utilizes the base64, hashlib and Crypto lib to encrypt your code which cannot be decrypted with any online tools.

Stark Encrypt your code without a worry. Stark utilizes the base64, hashlib and Crypto lib to encrypt your code which cannot be decrypted with any onl

cliphd 3 Sep 10, 2021
This project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method.

To achieve this, the APIs of different services are used, sending only a part of the Hash of the password we want to check, for example, the first 5 characters.

Telefónica 36 Jul 06, 2022
Deribit_Algo_Project_Python - Deribit algo project written in python trading crypto futures

This is a Algo/script trading for Deribit. You need an account with deribit, to

24 Jan 09, 2023
Deriving RSA public keys from message-signature pairs

The repository contains: Experimental code to calculate RSA public keys based on two known message-signature pairs

Silent Signal 120 Dec 31, 2022
Python App To Encrypt Data (image, text, all data)

Python App To Encrypt Data (image, text, all data)

1 Oct 29, 2021
Small utility to encrypt and decrypt messages

Safe Safe is a small utility to encrypt and decrypt messages using a pair of public and private keys. Installation You need to have GPG installed in y

Gustavo Eguez 2 Dec 21, 2021