Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Continuing with my writeups on my “fails” or the ones I just couldn’t figure out in the timeframe alloted. I want to talk about how I went about trying to solve the challenge and where I went wrong. This should help me in the future by highlighting weaknesses and areas for improvement. Each post will focus on just one “fail” challenge. You can find all my writeups here.
Title: ICONic green bubbles
Description: What is the hex code for the Profile Picture with the number (802)495-9063
This challenge was under the Android section and worth 50 points making it the most difficult challenge.
With some more time after the end of the contest, I did some more thorough poking around aLEAPP and found the “App Icons” section. Initially, I just thought this was a database of the actual icons for any installed apps. I did not realize that it contained more than just that. The “App Icons” section displays information from the com.google.android.apps.nexuslauncher\databases\app_icons.db and for the com.google.android.apps.messaging application it displays the default icon and icons for contacts! Hovering over the icons reveals the phone number and shoving the image into any photo editor can grab the color hex code of ee675c.