Oct 19, 2020
Magnet Weekly CTF Challenge Week #2
Challenge 2 (OCT 12–18) PIP Install 30
What domain was most recently viewed via an app that has picture-in-picture capability?
Funnily enough, this was the same domain hinted in the hosts file from the first week.
Just as a quick side note, I processed the image with ALEAPP.
I first tried to research PIP in android and came across the Andriod Dev article that described the option needed to be defined in the application manifest. Doing a grep over the image for PictureInPicture didn’t really come back anything that I was looking for.
After a bit of Googling it seemed that there weren't many applications that support PIP:
I did know from personal experience that Chrome supports PIP, so I looked at the browser history first. After sorting by date, the same domain observed in the first week’s challenge was there. Probably not a coincidence, because it was right!!
I also spent some time in MUS_Android.tar\data\app\com.android.chrome-ZInqyvcvN8i5rNvBCJTHpg== to see if I could confirm the PIP functionality in Chrome data itself which didn’t lead me very far…
I tried to find some more information if there is an artefact that can tell you when an application potentially went into Picture-In-Picture, like in Usage statistic database for example, but had no luck. Maybe some of the other players were more successful.
Week 2 down!
Answer: malliesae.com
