Merge pull request #20 from dev

Author: BC100Dev

AppManifest.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<ProjectConfig>
+    <InfoConfig>
+        <Name display="Instagram OSINT (Osintgram4j)" name="osintgram4j"/>
+        <Version ver="0.2" code="1" />
+        <Maintainers>
+            <Maintainer>BC100Dev ([email protected])</Maintainer>
+        </Maintainers>
+        <Sources type="git" url="https://github.com/BeChris100/osintgram4j" branch="master" />
+    </InfoConfig>
+    <Modules>
+        <Module name="core" executable="true" sources="src/">
+            <Dependency name="org.json:json" />
+            <ModLink name="ig_api" />
+            <ModLink name="commons" />
+            <ModLink name="mod_api"/>
+            <Class binName="osintgram4j" main="net.bc100dev.osintgram4j.MainClass" />
+            <Class binName="og4j-tests" main="net.bc100dev.osintgram4j.test.TestMain" scope="test" />
+        </Module>
+        <Module name="ig_api" executable="false" sources="instagram_api/src/">
+            <Dependency name="org.json:json"/>
+            <ModLink name="commons" />
+        </Module>
+        <Module name="mod_api" executable="false" sources="modapi/src/">
+            <Dependency name="org.json:json"/>
+            <ModLink name="commons" />
+        </Module>
+        <Module name="commons" executable="false" sources="modapi/src/" />
+        <Module name="updater" executable="true" sources="updater/src/">
+            <Class binName="og4j-updater" main="app.updater.UpdaterMain" />
+        </Module>
+    </Modules>
+</ProjectConfig>

NewREADME.md

@@ -24,7 +24,8 @@ With Privacy Policy in mind, you acknowledge:
 - **Logging**: Your actions are logged locally that can be used for debugging.
 - **No Server Uploads**: No data is being sent to any server without any explicit
   permission
-- **Privacy Focus**: Sensitive information is not specifically recorded.
+- **Sensitivity**: Some sensitive information is included, such as the commands that
+  you type (e.g. usernames) in the interactive Shell
 
 See the [full Privacy Policy](PrivacyPolicy.md) to review. Don't forget, use
 Osintgram4j responsibly, respect privacy of others, and always act ethically.
@@ -51,7 +52,7 @@ setup with the Shell scripts:
 
 The `--force-download` is an optional parameter. If given, it will always download
 the JDK and the libraries, no matter its state. Otherwise, it will try to detect
-JDK 21, and get the latest `org.json` library.
+JDK 21, and get the latest `org.json` and `org.apache:commons-cli` library.
 
 ## Client Mods
 Osintgram4j introduces a Modding API, which is something that I like. Having the
@@ -61,4 +62,4 @@ outdated from its original source. Allowing to customize and extend is functiona
 is something anyone would want.
 
 As always, prioritize privacy and security, along with downloading mods from trusted
-sources.
+sources.

README.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+These following versions are currently supported:
+
+| Version | Supported          |
+|---------|--------------------|
+| 0.2     | :white_check_mark: |
+| 0.1     | :white_check_mark: |
+
+## Reporting a Vulnerability
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.

SECURITY.md

@@ -62,6 +62,7 @@ if [ "$#" -ne 0 ]; then
         echo "Uninstalling osintgram4j"
         "$PREFIX" rm -rf /usr/bin/osintgram4j
         "$PREFIX" rm -rf /usr/bin/og4j-editor
+        "$PREFIX" rm -rf /usr/bin/og4j-logdata
 
         if [ -d "/usr/share/osintgram4j" ]; then
             "$PREFIX" rm -rf /usr/share/osintgram4j

build.sh

@@ -2,9 +2,6 @@
 
 public class Terminal {
 
-    public static native int windowLines();
-    public static native int windowColumns();
-
     public static void print(TermColor color, String msg, boolean reset) {
         if (msg != null)
             System.out.print(translateColor(color) + msg);

commons/src/net/bc100dev/commons/Terminal.java

@@ -15,8 +15,7 @@
         {
             "manufacturer": "Apple",
             "model": "iPhone 13 Pro",
-            "android": false,
-            "ios": true,
+            "os": "iOS",
             "client_type": "Browser",
             "client_app": {
                 "application_version": ""
@@ -33,8 +32,7 @@
         {
             "manufacturer": "Google",
             "model": "Pixel 8 Pro",
-            "android": true,
-            "ios": false,
+            "os": "Android",
             "client_type": "App",
             "client_app": {
                 "application_version": ""
@@ -52,4 +50,4 @@
             "ios_values": {}
         }
     ]
-}
+}

extres/coms/devices-example.json

@@ -0,0 +1,42 @@
+[
+    "25/7.1.1; 440dpi; 1080x1920; Xiaomi; Mi Note 3; jason; qcom",
+    "23/6.0.1; 480dpi; 1080x1920; Xiaomi; Redmi Note 3; kenzo; qcom",
+    "23/6.0; 480dpi; 1080x1920; Xiaomi; Redmi Note 4; nikel; mt6797",
+    "24/7.0; 480dpi; 1080x1920; Xiaomi/xiaomi; Redmi Note 4; mido; qcom",
+    "23/6.0; 480dpi; 1080x1920; Xiaomi; Redmi Note 4X; nikel; mt6797",
+    "27/8.1.0; 440dpi; 1080x2030; Xiaomi/xiaomi; Redmi Note 5; whyred; qcom",
+    "23/6.0.1; 480dpi; 1080x1920; Xiaomi; Redmi 4; markw; qcom",
+    "27/8.1.0; 440dpi; 1080x2030; Xiaomi/xiaomi; Redmi 5 Plus; vince; qcom",
+    "25/7.1.2; 440dpi; 1080x2030; Xiaomi/xiaomi; Redmi 5 Plus; vince; qcom",
+    "26/8.0.0; 480dpi; 1080x1920; Xiaomi; MI 5; gemini; qcom",
+    "27/8.1.0; 480dpi; 1080x1920; Xiaomi/xiaomi; Mi A1; tissot_sprout; qcom",
+    "26/8.0.0; 480dpi; 1080x1920; Xiaomi; MI 6; sagit; qcom",
+    "25/7.1.1; 440dpi; 1080x1920; Xiaomi; MI MAX 2; oxygen; qcom",
+    "24/7.0; 480dpi; 1080x1920; Xiaomi; MI 5s; capricorn; qcom",
+    "26/8.0.0; 480dpi; 1080x1920; samsung; SM-A520F; a5y17lte; samsungexynos7880",
+    "26/8.0.0; 480dpi; 1080x2076; samsung; SM-G950F; dreamlte; samsungexynos8895",
+    "26/8.0.0; 640dpi; 1440x2768; samsung; SM-G950F; dreamlte; samsungexynos8895",
+    "26/8.0.0; 420dpi; 1080x2094; samsung; SM-G955F; dream2lte; samsungexynos8895",
+    "26/8.0.0; 560dpi; 1440x2792; samsung; SM-G955F; dream2lte; samsungexynos8895",
+    "24/7.0; 480dpi; 1080x1920; samsung; SM-A510F; a5xelte; samsungexynos7580",
+    "26/8.0.0; 480dpi; 1080x1920; samsung; SM-G930F; herolte; samsungexynos8890",
+    "26/8.0.0; 480dpi; 1080x1920; samsung; SM-G935F; hero2lte; samsungexynos8890",
+    "26/8.0.0; 420dpi; 1080x2094; samsung; SM-G965F; star2lte; samsungexynos9810",
+    "26/8.0.0; 480dpi; 1080x2076; samsung; SM-A530F; jackpotlte; samsungexynos7885",
+    "24/7.0; 640dpi; 1440x2560; samsung; SM-G925F; zerolte; samsungexynos7420",
+    "26/8.0.0; 420dpi; 1080x1920; samsung; SM-A720F; a7y17lte; samsungexynos7880",
+    "24/7.0; 640dpi; 1440x2560; samsung; SM-G920F; zeroflte; samsungexynos7420",
+    "24/7.0; 420dpi; 1080x1920; samsung; SM-J730FM; j7y17lte; samsungexynos7870",
+    "26/8.0.0; 480dpi; 1080x2076; samsung; SM-G960F; starlte; samsungexynos9810",
+    "26/8.0.0; 420dpi; 1080x2094; samsung; SM-N950F; greatlte; samsungexynos8895",
+    "26/8.0.0; 420dpi; 1080x2094; samsung; SM-A730F; jackpot2lte; samsungexynos7885",
+    "26/8.0.0; 420dpi; 1080x2094; samsung; SM-A605FN; a6plte; qcom",
+    "26/8.0.0; 480dpi; 1080x1920; HUAWEI/HONOR; STF-L09; HWSTF; hi3660",
+    "27/8.1.0; 480dpi; 1080x2280; HUAWEI/HONOR; COL-L29; HWCOL; kirin970",
+    "26/8.0.0; 480dpi; 1080x2032; HUAWEI/HONOR; LLD-L31; HWLLD-H; hi6250",
+    "26/8.0.0; 480dpi; 1080x2150; HUAWEI; ANE-LX1; HWANE; hi6250",
+    "26/8.0.0; 480dpi; 1080x2032; HUAWEI; FIG-LX1; HWFIG-H; hi6250",
+    "27/8.1.0; 480dpi; 1080x2150; HUAWEI/HONOR; COL-L29; HWCOL; kirin970",
+    "26/8.0.0; 480dpi; 1080x2038; HUAWEI/HONOR; BND-L21; HWBND-H; hi6250",
+    "23/6.0.1; 420dpi; 1080x1920; LeMobile/LeEco; Le X527; le_s2_ww; qcom"
+]

extres/coms/devices-ig-private-api.json

@@ -1,3 +1,3 @@
 main-class=net.bc100dev.osintgram4j.LogMainClass
 classpath=core.jar
-java-options=-Xmx256m -Xms128m -Dog4j.location.app_dir=$APPDIR -Dog4j.location.bin_dir=$BINDIR -Dog4j.location.root_dir=$ROOTDIR
+java-options=-Xmx128m -Xms64m -Dog4j.location.app_dir=$APPDIR -Dog4j.location.bin_dir=$BINDIR -Dog4j.location.root_dir=$ROOTDIR

extres/og4j-logdata-launcher.properties

@@ -0,0 +1,24 @@
+package com.instagram.api;
+
+public class APIException extends Exception {
+
+    public APIException() {
+        super();
+    }
+
+    public APIException(String message) {
+        super(message);
+    }
+
+    public APIException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public APIException(Throwable cause) {
+        super(cause);
+    }
+
+    protected APIException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+        super(message, cause, enableSuppression, writableStackTrace);
+    }
+}

instagram_api/src/com/instagram/api/APIException.java

@@ -1,5 +1,8 @@
 package com.instagram.api;
 
+import java.util.HashMap;
+import java.util.Map;
+
 public class Constants {
 
     public static final String URL_API = "https://i.instagram.com/api/v1";
@@ -10,6 +13,11 @@ public class Constants {
 
     public static String LOCALE = "en_US";
 
+    public static Map<String, String> putDefaultHeaders() {
+        Map<String, String> headers = new HashMap<>();
+        return headers;
+    }
+
     public static class Privates {
 
             /*

instagram_api/src/com/instagram/api/Constants.java

@@ -1,23 +1,34 @@
 package com.instagram.api.user;
 
+import com.instagram.api.APIException;
 import com.instagram.api.Constants;
 
 import javax.crypto.Cipher;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import javax.net.ssl.HttpsURLConnection;
+import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
 import java.security.KeyFactory;
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
-import java.util.List;
+import java.util.HashMap;
 import java.util.Map;
+import java.util.logging.Level;
+
+import static osintgram4j.commons.AppConstants.log_net;
 
 public class UserManager {
 
+    /*
+    private static final String FILTER_PLACEHOLDER_NAME = "__name__";
+    private static final String FILTER_PLACEHOLDER_ID = "__userID__";
+    private static final String FILTER_PLACEHOLDER_SESSION_ID = "__sessionID__";
+     */
+
     /*
     TODO: Steps on encrypting the password, and logging in
      1. Retrieve the header values (see below comment from TypeScript/JavaScript)
@@ -33,7 +44,30 @@ public class UserManager {
     'ig-set-password-encryption-pub-key': pwPubKey,
      */
 
-    public static User login(String username, String password) {
+    public static User login(String username, String password) throws IOException, APIException {
+        if (Constants.Privates.PASS_ENC_KEY_ID == null)
+            throw new NullPointerException("Password Encryption Key ID has not been initialized");
+
+        if (Constants.Privates.PASS_ENC_PUB_KEY == null)
+            throw new NullPointerException("Password Encryption Public Key has not been initialized");
+
+        if (Constants.Privates.IG_AUTH_HEADER == null)
+            throw new NullPointerException("Instagram Authentication Header has not been initialized");
+
+        if (Constants.Privates.WWW_CLAIM == null)
+            throw new NullPointerException("Instagram WWW Claim has not been initialized");
+
+        String encPass;
+        try {
+            encPass = PasswordEncryption.toEncryptedPassword(password.toCharArray());
+        } catch (GeneralSecurityException ex) {
+            log_net.log(Level.SEVERE, "Failed to encrypt password", ex);
+            throw new APIException(ex);
+        }
+
+        Map<String, String> loginHeaders = new HashMap<>(Constants.putDefaultHeaders());
+        loginHeaders.put("enc_password", PasswordEncryption.writePassword(encPass));
+
         //https://www.instagram.com/api/v1/accounts/login/ajax
         //https://www.instagram.com/api/v1/accounts/login/ajax?force_classic_login
 
@@ -167,7 +201,7 @@ public static String writePassword(String encryptedPassword) {
             return String.format("#PWD_INSTAGRAM:4:%d:%s", timestamp, encryptedPassword);
         }
 
-        public static String toEncryptedPassword(String password) throws GeneralSecurityException {
+        public static String toEncryptedPassword(char[] password) throws GeneralSecurityException {
             KeyFactory keyFact = KeyFactory.getInstance("RSA");
             X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(Constants.Privates.PASS_ENC_PUB_KEY));
             PublicKey publicKey = keyFact.generatePublic(pubKeySpec);
@@ -189,7 +223,8 @@ public static String toEncryptedPassword(String password) throws GeneralSecurity
             long time = System.currentTimeMillis() / 1000L;
             aesCipher.updateAAD(String.valueOf(time).getBytes());
 
-            byte[] aesEncrypted = aesCipher.doFinal(password.getBytes());
+            String _pass = new String(password);
+            byte[] aesEncrypted = aesCipher.doFinal(_pass.getBytes());
             byte[] sizeBuffer = ByteBuffer.allocate(2).putShort((short) rsaEncrypted.length).array();
             byte[] authTag = aesCipher.getIV();
 

instagram_api/src/com/instagram/api/user/UserManager.java

@@ -163,7 +163,7 @@ private static void execute(String pass, TypeAction action, File file) {
     public static void main(String[] args) {
         Options opts = new Options();
 
-        Option passOption = new Option("p", "pass", true, "The password used for encrypting the log file");
+        Option passOption = new Option("p", "pass", true, "The password used for encrypting the log file (defaults to \"ask\", prompting for password)");
         passOption.setRequired(false);
         opts.addOption(passOption);
 
@@ -175,7 +175,7 @@ public static void main(String[] args) {
         decryptOption.setRequired(false);
         opts.addOption(decryptOption);
 
-        Option openOption = new Option("o", "open", false, "Open a specific log file");
+        Option openOption = new Option("o", "open", false, "Open a specific log file, and print its contents out");
         openOption.setRequired(false);
         opts.addOption(openOption);
 

src/net/bc100dev/osintgram4j/LogMainClass.java

@@ -7,7 +7,7 @@
 
 import java.util.List;
 
-public class AppManager extends Command {
+public class ClientManager extends Command {
 
     @Override
     public int launchCmd(String[] args, List<ShellEnvironment> env) {