Question: in step 3, how to get the public key from scriptSig? In simple terms, I give you scriptSig, will you be able to tell the public key?
Probably. There is nothing in the script that identifies data as a public key, but you can probably deduce it.
The typical P2PKH scriptsig is:
PUSHDATA(72)
PUSHDATA(33)