After 8 Years, Double Fine's Hack 'n' Slash Secret Room Has Finally Been Cracked

- Video Games, Security

Latest revision:

Brandon Dillon's portrait in Hack 'n' Slash

In the history of obscure video game secrets, not many has been quite infamous as the SecretRoom.lua puzzle in 2014's computer hacking game Hack 'n' Slash by Double Fine. Since the game's release, a mysterious encrypted file was found in the game files, yet despite the very nature of the game being about hacking it, nobody could figure out how to decrypt this specific file.

In the following weeks, everything about this puzzle was solved by the game's community, except the most important part: the decryption key. The encryption algorithm used was very strong with no known realistic exploits, and no clear hint could be found in or out of the game as to what the decryption key could be.

As such, players hit a wall, and despite brute-force attacks, despite inspecting in great detail the game's original prototype, despite analyzing every piece of promotional material and merch released, and despite reverse-engineering major parts of the game, nothing obvious was found that could help.

Still, hope was not lost. On 2011-07-13, Julix "NeoCortex" Pawel posted a 100 USD bounty for the solution, but despite trying to spread the word about it myself in gaming and cybersecurity communities, it largely went under the radar due to the game's niche.

Until now.

I'm happy to report Glenn "Netrix" Anderson finally cracked the password on 2022-12-09, and claimed the bounty! This discovery revealed additional insights into the game world and development, including the missing Act 1! It's nothing mind-blowing, but fans of the game can finally rest on this matter! You may see a cropped screenshot of said content in the post image above as evidence. I will leave the rest to the players to discover by themselves.

And now the moment you've been waiting for...

The password is... (hidden for spoilers)
Be brave.

It may sound surprising that such a seemingly-simple password was not found earlier, but it is not trivial, and again there were no clear hints about it either. However, there were some hints; it's just that the community did not used them correctly until 2022-12-02 when the game's project lead, Brandon Dillon, gave a very small push in the correct direction of attack that led to this final discovery.

For more detail about this puzzle and the full solution, I have updated my original blog post on the matter, The Hack 'n' Slash Puzzle Collection. Skip to the Secret room section for details.

Update 2022-12-28: Glenn Anderson posted on GitHub a write-up on how he achieved this, along with the tools he made to solve this puzzle. Brandon Dillon also acknowledged this achievement on Twitter.

It's not the end of the mysteries!

While this is a great discovery, there still remains an unsolved out-of-game puzzle: the cryptic drawing given to Guillaume Saby as part of the game's marketing in the Devs Play contest. For more details, please check the Devs Play hacked The Legend of Zelda cartridge section on The Hack 'n' Slash Puzzle Collection.

In addition, there may be a few additional hidden tidbits in the game's code or data. For example, a hidden Act 6 was found in the game that way. For those that would like to inspect said code and data, here are a few important details:

Related content I wrote

Open treasure chest with a question mark in it

The Future of the Video Game Randomizer List

- Video Games, Programming, Anecdotes

It's hard to believe that it's been almost 8 years since I first posted on the ROMhacking.net forums a list of video game randomizers that I found online, and that it would evolve into the massive project it has become today, with almost 900 entries currently being listed. It's always a strange…

Playing with an Xbox controller

My Personal Video Game Completion List

- Anecdotes, Video Games

I thought it would be fun to track the long list of video game that I have beaten and/or completed for reference, so I've done just that! There may be a few mistakes here and there due to secret features unknown to me, or due to misremembering details of my past gaming experiences, but I believe the…

Field of CG-rendered disembodied arms pointing at a dark sky at sunrise

Current Generative AIs Have Critical Quality Issues

- Business, Quality Assurance, Security

The hype for generative AI is real. It is now possible for anybody to dynamically generate various types of media that are good enough to be mistaken as real, at least at first glance, either for free or at a low cost. In addition, the seemingly-creative solutions they come up with, and the…

Cowboy riding a horse in the sunset

Upgrading Your Cybersecurity from Cowboys to Sheriffs

- Security, Business, Anecdotes

Roaming throughout the countryside, dangerous desperados are awaiting in their hideout for the perfect opportunity to rob their victims in silence. Powerless, the authorities have posted wanted posters on public boards with cash bounties for any information that could lead to their arrest or death…

Radiating business woman

Essential International Standards and Registries for Web Developers

- Programming, Quality Assurance, Security

The following is a collection of free international standards, registries and references that I collected throughout the years while developing websites and web services. These references, while very precise and technical by their nature, are extremely useful in order to ensure that a specific…

See all of my articles