DefCon CTF 2008: Shakespeare Challenge
During the Saturday night Kenshoto-hosted sky-box party, an "extra credit" challenge was handed out:
Here (http://www.kenshoto.com/shaks.txt.gz) is the copy of Shakespeare's complete works you've always wanted. Find the longest sequence of executable x86 machine code which does not touch memory*, (and send us the MD5 of it)
You may assume that all registers are clear (0) on entry. Also, the sequence may not jump out of the bards work. The answer should be the text from the beginning instruction to the beginning of the instruction that terminates the sequence ie:
In The String: 
  `Ct%RRRRABBBCBCBCBAAAAAAABCBCBCBCBCBCBCBCBS
The solution would be 
  t%RRRRABBBCBCBCBAAAAAAABCBCBCBCBCBCBCBCB
Because the executed instructions would be: 
  inc ebx
  jz 0x29 (remember, all regs start as 0 including eflags)
  inc edx
Then the push ebx terminates the sequence because it touches the stack.
REMEMBER: we want the MD5 of the matching sequence!
*A note on the "touch memory" constraint: None of the instructions may read or write memory from ANY address during their execution. This includes stack accesses (push/pop/stos) etc...
Shellphish and Guard@MyLan0 solved this during CTF (earning them each 300 break-through points). We solved this using entirely Free Software, but only after CTF had ended (actually, done on the plane back from DefCon). We're happy to confirm the solution, but Kenshoto asked us to not publish it. Email Doc Brown if you have an answer you want to verify.
CTF 2008