After 8 Years, Double Fine's Hack 'n' Slash Secret Room Has Finally Been Cracked
- Video Games, Security
Latest revision:
In the history of obscure video game secrets, not many has been quite infamous as the SecretRoom.lua puzzle in 2014's computer hacking game Hack 'n' Slash by Double Fine. Since the game's release, a mysterious encrypted file was found in the game files, yet despite the very nature of the game being about hacking it, nobody could figure out how to decrypt this specific file.
In the following weeks, everything about this puzzle was solved by the game's community, except the most important part: the decryption key. The encryption algorithm used was very strong with no known realistic exploits, and no clear hint could be found in or out of the game as to what the decryption key could be.
As such, players hit a wall, and despite brute-force attacks, despite inspecting in great detail the game's original prototype, despite analyzing every piece of promotional material and merch released, and despite reverse-engineering major parts of the game, nothing obvious was found that could help.
Still, hope was not lost. On 2011-07-13, Julix "NeoCortex" Pawel posted a 100 USD bounty for the solution, but despite trying to spread the word about it myself in gaming and cybersecurity communities, it largely went under the radar due to the game's niche.
Until now.
I'm happy to report Glenn "Netrix" Anderson finally cracked the password on 2022-12-09, and claimed the bounty! This discovery revealed additional insights into the game world and development, including the missing Act 1! It's nothing mind-blowing, but fans of the game can finally rest on this matter! You may see a cropped screenshot of said content in the post image above as evidence. I will leave the rest to the players to discover by themselves.
And now the moment you've been waiting for...
The password is... (hidden for spoilers)
Be brave.
It may sound surprising that such a seemingly-simple password was not found earlier, but it is not trivial, and again there were no clear hints about it either. However, there were some hints; it's just that the community did not used them correctly until 2022-12-02 when the game's project lead, Brandon Dillon, gave a very small push in the correct direction of attack that led to this final discovery.
For more detail about this puzzle and the full solution, I have updated my original blog post on the matter, The Hack 'n' Slash Puzzle Collection. Skip to the Secret room section for details.
Update 2022-12-28: Glenn Anderson posted on GitHub a write-up on how he achieved this, along with the tools he made to solve this puzzle. Brandon Dillon also acknowledged this achievement on Twitter.
It's not the end of the mysteries!
While this is a great discovery, there still remains an unsolved out-of-game puzzle: the cryptic drawing given to Guillaume Saby as part of the game's marketing in the Devs Play contest. For more details, please check the Devs Play hacked The Legend of Zelda cartridge section on The Hack 'n' Slash Puzzle Collection.
In addition, there may be a few additional hidden tidbits in the game's code or data. For example, a hidden Act 6 was found in the game that way. For those that would like to inspect said code and data, here are a few important details:
- Game engine: Lua 5.1
- Graphics: DirectDraw Surface
- Audio: FMOD, which can be decoded with key
DFm3t4lFTW - Shaders: OpenGL
Related content I wrote
How to Play Liar's Deck (From Liar's Bar) - Full Rules and Variants
- Video Games, Game Design
The following are the rules of the Liar's Deck bluffing card game and its official variants, first introduced in the Liar's Bar video game. These rules are based on its in-game tutorials, observations I made from gameplay sessions, and comments from the game's developers. While there may be a few…
The New Open Source Video Game Randomizer List Is Now Live
- Video Games, Programming
Time to update your bookmarks! After a few months of work behind the scenes, the new open source version of The BIG List of Video Game Randomizer is now live for your enjoyment, with dark mode support and a brand new UI for better readability! The new URL is: https://randomizers.debigare.com/ (The…
The Future of the Video Game Randomizer List
- Video Games, Programming, Anecdotes
It's hard to believe that it's been almost 8 years since I first posted on the ROMhacking.net forums a list of video game randomizers that I found online, and that it would evolve into the massive project it has become today, with almost 900 entries currently being listed. It's always a strange…
My Personal Video Game Completion List
- Anecdotes, Video Games
I thought it would be fun to track the long list of video game that I have beaten and/or completed for reference, so I've done just that! There may be a few mistakes here and there due to secret features unknown to me, or due to misremembering details of my past gaming experiences, but I believe the…
Current Generative AIs Have Critical Quality Issues
- Business, Quality Assurance, Security
The hype for generative AI is real. It is now possible for anybody to dynamically generate various types of media that are good enough to be mistaken as real, at least at first glance, either for free or at a low cost. In addition, the seemingly-creative solutions they come up with, and the…