Ghostintheshellcode Stage 5 CCTV Forensics 250pts

Stage 5
Question: cctv
250 Points
File: cctv-88cbfd616c1ce146ca6b738772c10bea

The CCTV page has 9 animated gifs. Collect them all!

carl@b:~/cctv$ ls
code.gif  davinci.gif  destroycard.gif  game.gif  gibson1.gif  gibson2.gif  gibson3.gif  hops.gif  otv.gif

This took a long time while we tried a bunch of useless ideas.
-All of the gifs were exploded into single frames and each was checked for any watermarks or interesting information.
-We tried to find any hidden data stored between the frames.  I hear you can append a zip file to the end of a gif file and each can be opened with native tools.
-Looked for something interesting based on the timing of each frames.
-Loaded them into gimp and noticed the timing was between 0-70ms per frame, which made me think hidden octal numbers, but this was a dead end, for now.

We massaged each of the files through imagemagick over and over with no results.  At one point, I came across this page: http://www.imagemagick.org/discourse-server/viewtopic.php?f=1&t=11988 which led me to look for "ticks".  Imagemagick's identify command can show ticks if you use %T.

carl@b:~/cctv$ info="%T"
carl@b:~/cctv$ identify -format "$info" *.gif

1531521641211231061411441461531541461521411631460120001101211051441441661701721261011071011061460120014616116414516116410112310410610110614716116414401200001031621411631501451441011561441021651621561451440120014114711010712116114116314414614112413111011014101201461411231071241211041431701411471461611470120000147131121161145141146144163166170147141141147012012114514114114614116314414612110513112210516301214612116414414717112514114416614217210114614614101200

I'm pretty certain the only reason this looked interesting to me was because I saw the file in gimp earlier and 0-70ms made me think "octal".  Otherwise, I probably would have missed it. 

carl@b:~/cctv$ identify -format "$info" *.gif > file.out
carl@b:~/cctv$ more file.out
1531521641211231061411441461531541461521411631460120001101211051441441661701721261011071011061460120014616116414516116410112310410610110614716116414401200001031621411631501451441011561441021651621561451440120014114711010712116114116314414614112413111011014101201461411231071241211041431701411471461611470120000147131121161145141146144163166170147141141147012012114514114114614116314414612110513112210516301214612116414414717112514114416614217210114614614101200

Break up the string into sets of 3 digits:

carl@b:~/cctv$ egrep -o "[0-9]{3}" file.out > file2.out
carl@b:~/cctv$ more file2.out
153
152
164
121
[...]

carl@b:~/cctv$ perl octa -a file2.out
carl@b:~/cctv$ more file2.out.as
kjtQSFadfklfjasf
NULHQEddvxzVAGAFf
SOH     !1      1PNULCrashedAndBurned
SOHA9AAPfaSGTQDcxagfqg
NULFFJNLLFFLL))Q        P

The key is in octal in the ticks inside game.gif.  The key is "CrashedAndBurned".

The octa file is octala.pl from Mike Golvach: http://linuxshellaccount.blogspot.com/2008/05/perl-script-to-do-lame-encryption-with.html.  Thanks to him for his script.