After 8 Years, Double Fine's Hack 'n' Slash Secret Room Has Finally Been Cracked
- Video Games, Security
Last revision:
In the history of obscure video game secrets, not many has been quite infamous as the SecretRoom.lua puzzle in 2014's computer hacking game Hack 'n' Slash by Double Fine. Since the game's release, a mysterious encrypted file was found in the game files, yet despite the very nature of the game being about hacking it, nobody could figure out how to decrypt this specific file.
In the following weeks, everything about this puzzle was solved by the game's community, except the most important part: the decryption key. The encryption algorithm used was very strong with no known realistic exploits, and no clear hint could be found in or out of the game as to what the decryption key could be.
As such, players hit a wall, and despite brute-force attacks, despite inspecting in great detail the game's original prototype, despite analyzing every piece of promotional material and merch released, and despite reverse-engineering major parts of the game, nothing obvious was found that could help.
Still, hope was not lost. On 2011-07-13, Julix "NeoCortex" Pawel posted a 100 USD bounty for the solution, but despite trying to spread the word about it myself in gaming and cybersecurity communities, it largely went under the radar due to the game's niche.
Until now.
I'm happy to report Glenn "Netrix" Anderson finally cracked the password on 2022-12-09, and claimed the bounty! This discovery revealed additional insights into the game world and development, including the missing Act 1! It's nothing mind-blowing, but fans of the game can finally rest on this matter! You may see a cropped screenshot of said content in the post image above as evidence. I will leave the rest to the players to discover by themselves.
And now the moment you've been waiting for...
The password is... (hidden for spoilers)
Be brave.
It may sound surprising that such a seemingly-simple password was not found earlier, but it is not trivial, and again there were no clear hints about it either. However, there were some hints; it's just that the community did not used them correctly until 2022-12-02 when the game's project lead, Brandon Dillon, gave a very small push in the correct direction of attack that led to this final discovery.
For more detail about this puzzle and the full solution, I have updated my original blog post on the matter, The Hack 'n' Slash Puzzle Collection. Skip to the Secret room section for details.
Update 2022-12-28: Glenn Anderson posted on GitHub a write-up on how he achieved this, along with the tools he made to solve this puzzle. Brandon Dillon also acknowledged this achievement on Twitter.
It's not the end of the mysteries!
While this is a great discovery, there still remains an unsolved out-of-game puzzle: the cryptic drawing given to Guillaume Saby as part of the game's marketing in the Devs Play contest. For more details, please check the Devs Play hacked The Legend of Zelda cartridge section on The Hack 'n' Slash Puzzle Collection.
In addition, there may be a few additional hidden tidbits in the game's code or data. For example, a hidden Act 6 was found in the game that way. For those that would like to inspect said code and data, here are a few important details:
- Game engine: Lua 5.1
- Graphics: DirectDraw Surface
- Audio: FMOD, which can be decoded with key
DFm3t4lFTW - Shaders: OpenGL
Related articles I wrote
Upgrading Your Cybersecurity from Cowboys to Sheriffs
- Security, Business, Anecdotes
Roaming throughout the countryside, dangerous desperados are awaiting in their hideout for the perfect opportunity to rob their victims in silence. Powerless, the authorities have posted wanted posters on public boards with cash bounties for any information that could lead to their arrest or death…
Essential International Standards and Registries for Web Developers
- Programming, Quality Assurance, Security
The following is a collection of free international standards, registries and references that I collected throughout the years while developing websites and web services. These references, while very precise and technical by their nature, are extremely useful in order to ensure that a specific…
Beating Illusion of Gaia in 17 Minutes
- Video Games, Security
I crafted a tool-assisted speedrun (TAS) of the Super NES action-adventure game Illusion of Gaia (also known as Illusion of Time in Europe) which beats the game as fast as possible on the American version. The final time is 16:48 when using TAS timing (from initial power on to the last input) and…
Resolving Playstation Vita Error Code NP-9968-2
- Video Games, Security, Anecdotes
For about 2 years, I was not able to install any new software on my PlayStation Vita, for seemingly no reason. I could make new purchases from the PlayStation Store, but the download would always fail, and only on my Vita. No issues whatsoever with my PlayStation 3 nor my PlayStation 4, but for some…
The Hack 'n' Slash Puzzle Collection
- Video Games, Security
This is a collection of all the secret hacking puzzles released between 2012 and 2015 related to the video game Hack 'n' Slash and its prototype. As far as I'm aware, all puzzles were designed by the game's project lead Brandon Dillon. All the material is archived here for preservation purposes…