# The Hack 'n' Slash Puzzle Collection

- Video Games, Security

This is a collection of all the secret hacking puzzles released between 2012 and 2015 related to the video game Hack 'n' Slash and its prototype. As far as I'm aware, all puzzles were designed by the game's project lead Brandon Dillon.

All the material is archived here for preservation purposes, except where specified. They are presented in chronological order of release.

## Prototype box art

The Hack 'n' Slash prototype received a fake box art, in the style of Super Nintendo Entertainment System game packaging.

The puzzle is located in the game's description on the bottom-left.

### Puzzle

Prototype box art

Close-up of description in prototype box art

### Solution

The seemingly-corrupted characters is actually a simple character substitution cipher, which can easily be cracked using properties of the English language. This is the fully-decoded message:

You are the hero foretold by the legends!
Set forth on a voyage of adventure and discovery. Face vicious monsters,
trick castle guards, meet magical friends, and uncover deeply hidden secrets
in a world full of mystery and intrigue.
The gods have created this world and placed you in it for a mysterious
purpose, but there work is not complete. Uncover the secrets of the world,
fight your way through dangerous enemies and deadly traps, and dismantle the
very underpinnings of reality.
Look behind the curtains of the world at the skull beneath the face. Shatter
it into a million pieces and reassemble it to your liking. There is no arcane
secret you cannot uncover. No magic you cannot unravel. You are the Destroyer
and the New Creator. I want you to understand who you are and why you are
here, hacker.


## Prototype hidden journal

This is an optional puzzle included in the Hack 'n' Slash prototype.

### Puzzle

In the installation directory of the prototype, the following encrypted file can be found:

Win/Hidden/HiddenJournal.txt


IMPORTANT: This puzzle requires running a copy of the Hack 'n' Slash prototype, which is bundled in Amnesia Fortnight 2012. There is also a physical Amnesia Fortnight 2012 Special Edition.

### Solution

After beating the prototype, get to the castle's courtyard. Take the left path, dodge the glitched tiles and jump into the very last one at the end of the path. You'll be teleported in the princess chambers. Inspect the painting on the wall to acquire the Hidden Journal book.

Exit the room through a hidden door on the left wall and get to the library. After picking up the book requested by the genie, go back to the library's entrance, climb the stairs labeled AF and pick up the book called AF.lua. If you don't know which one that is, go decode the alphabet near the end of the game and backtrack.

Afterwards, when you reach the room with the two pedestals, immediately after opening the portal, do not enter it. Instead, place AF.lua on the left pedestal and HiddenJournal.txt on the right pedestal. This will decode HiddenJournal.txt and you will be able to read it normally by using the book.

Note that while reading a book, you can flip through the pages by pressing Space.

## Full game announcement press release

This puzzle was hidden in the original press release announcing the full version of Hack 'n' Slash.

### Puzzle

—-TRACE BEGIN—-
> CONNECT host:www.hacknslashthegame.com port:80
> SEND ApplicationData
>> Host: hacknslashthegame.com
>>
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Connection: close
Content-Type: application/octet-stream

DOUBLE FINE ANNOUNCES PUZZLE ACTION GAME HACK ’N’ SLASH
Former Amnesia Fortnight Prototype to Launch in First Half 2014, Supported by Indie Fund and friends of Double Fine

SAN FRANCISCO–December 10, 2013–Double Fine Productions today announced that Hack ‘n’ Slash, a hacking themed puzzle action game for Windows, Mac, and Linux, will release in the first half of 2014. A version of the game debuted during Double Fine’s Amnesia Fortnight 2012 internal game jam. It was selected by the gaming public to be turned into a two-week prototype, after garnering more votes than any other Amnesia Fortnight pitch.

In Hack ‘n’ Slash, a young elf uses her computer hacking skills to cheat her way through a classic action/adventure game. The game was funded by Indie Fund, Humble Bundle, Hemisphere Games, make all, AppAbove Games, Adam Saltsman, The Behemoth, Morgan Webb, and Rob Reid as part of a two-game deal that also includes Spacebase DF-9, which released in Early Access Alpha and recouped its investment within two weeks.

“I’ve always loved games with lots of secrets in them,” said Hack ‘n’ Slash project lead Brandon Dillon, “and when I first discovered a hex editor in an emulator, it dawned on me that I could be a kind of digital treasure hunter—no game could keep even its deepest secrets from me if I adventured long enough in its code and memory.”

By subverting old-school gaming tropes with unique hacking mechanics, Hack ‘n’ Slash allows non-programmer players to experience that same sense of mystery and discovery.

“Look, I’m going to be honest with you here: I don’t really understand what’s going on inside this game’s code,” said Double Fine president and CEO Tim Schafer, who claims to possess a degree in computer science. “I believe it contains ‘algorithms.’ But I know what’s going on inside my heart when I play it. And that is joy.”

“We’re psyched to be helping with Hack’n'Slash because Amnesia Fortnight projects are about empowering individual creators,” said Indie Fund partner Ron Carmel, who definitely possesses a degree in computer science. “And I can confirm that this game’s code does contain algorithms.”

Hack ‘n’ Slash will be released for Windows, Mac, and Linux on Steam and DRM-free in the first half of 2014. It will include algorithms.

> CONNECT host:hacknslashthegame.com port:443
> SEND ClientHello suites:TLS_RSA_WITH_AES_256_CBC_SHA certs:x509 random:xIl3HWupPdsvwY94XV3UHtW04aE/wT4X8p7FmdSxW5w=
RECV ServerHello random:Up2+Rmzxa4CFywMpfAMCBn7wJHaiBnwEGslWPq4QaTQ=
RECV Certificate [verified]
RECV ServerHelloDone
> SEND ClientKeyExchange premaster:AwKV0UmxkA/iXZ4Y4NDn0P1Ju/m6GNL10FR7PuJae/83Ghy3Eo+6qDiJwQsNzjyB
... [encrypting provided premaster]
> ENCRYPT
... [computing master key]
... [sending ChangeCypherSpec]
> VERIFY
... [computing verify_data:Tcz7sewhNdF70Xmd]
... [sending Finished]
>SEND ApplicationData
>> ******************************************
>> ***************************
>>
wqbzvEF9EWuIshMxNfrvhg75TbHD5/WY4dA8m73GW6kX6S7lszdMKCKr3QWz0/2EAwdkU51tyAqEMB1DR87/9PnAXnECqvbVZLWL8MBNgcyd4ri+YzRDF/R+XbJ3qXbRIfuaiJGqjB8AQSYTHdmBIqdcamc6404t5cw0Gx7oRyYmudXx4CZ1D2fpD801jKNOm/Zv0saw3XwF7j0gPvvKZBWmUzwGc9L8PNFkKzsliozmBUxyE3hdRu0L7G5fqviPejgjau3VBC3LI64nvNz8yQ27yoZKpaqAlAV69tnPkwqTGeXgFM6ev4w6CTFUYPHucogo5OJ3V0G0n69k8+aljaeeNTuVzmRML9bHJdzVB4s252NF2PrgPlzGQIgbih7P4unwshrtCLeg8zLF0AApCA==
—-TRACE END—-


IMPORTANT: The solution is a URL that no longer resolves. The reward is embedded at the end of the solution below.

### Solution

The goal of this puzzle is to figure out the URL of the second request. Normally this wouldn't be possible beyond the domain name as it is an HTTPS request, but since this is a full trace from the client side that logged the AES-256 symmetrical key used to encrypt the rest of the path, that same key can be also used for decryption.

The reconstructed URL is the following, which is the solution:

https://hacksnslashthegame.com/download/a-note-from-cbd.txt


Here was the contents of the TXT file:

First, let me say that, if you decoded the hints in the press release to get here, amazing work! You either possess impressively detailed knowledge about the low-level aspects of modern encryption techniques, or you went out and learned a lot. Either way, cheers to you.

Second, now that you’re here, you’re probably wondering what the light was at the end of that enciphered tunnel. I hope you’re not disappointed that it’s just a text file written by me. If so, perhaps a kirby will cheer you up?

(>^^)>

They always cheer me up. The operating system class I took in college required programming an x86 OS that was bootable from being dd’ed onto a hard drive (that was a difficult but very fun project), and I personalized it by making the command prompt a kirby. It also had a system interrupt that would map DOOM’s shareware WAD into your process’s memory because apparently my priorities were:

2) Port DOOM
3) Implement a file system

Regardless, that’s not why we’re here. We’re here because we’re proud to announce Hack 'n' Slash! I had a weird self-consciousness about the idea originally. I was convinced that it wasn’t going to get any votes during Amnesia Fortnight because I thought no one but me would be interested in playing that kind of game. Needless to say, I was very surprised and excited by the enthusiasm it garnered, and I’m so thrilled that we’re going to be able to move beyond the prototype and make a full game.

By now, you probably already know that the announcement image has some puzzles hidden in it. Or maybe you tackled this puzzle first before moving on to the other ones. In which case, holy crap, you have way more discipline than I do. And there are puzzles hidden in the announcement image! The idea with the announcement puzzles is that they’re wholly self-contained. You’re not going to need to stand by a payphone in San Francisco and then wind up dancing with a person in a gorilla suit. You’re not going to have to venture to some other part of the internet to get to the next step unless it’s to learn some new knowledge that will help you solve the puzzle.

To get pretentious for a second, this is related to the design philosophy of Hack 'n' Slash. You will certainly be able to pop out of the game and muck around in its data files to discover secrets, but it will never be a requirement; everything you’ll need to fully master the game will be contained in the game itself. We try to carry this over into the story as well. The game doesn’t spend a lot of time winking at you. The idea is just that Hack 'n' Slash is its own little universe and you can play an important part in one of its important stories. It’s just that its physics is governed by the code’s algorithms instead of particle interactions like our universe. And you get to mess with the physics. Hopefully that sounds cooler than some fourth-wall-breaking metagame experience; I think it does, anyway.

Also, this is a good opportunity to embed some gratitude. I’m really thankful to Matt Alderman for teaching me something that I believed but didn’t really *know*: there’s no magic, just things you don’t understand yet. He continues to be a valuable mentor and inspiration, and this game wouldn’t exist without our friendship.

And finally, I want to thank my fiancee. In the prototype, the most hidden secret was a love letter to her; if you’re really into the game, you may have already seen it. Just like how my team went from making a prototype to working on the full game, we went from being a couple to being engaged. Don’t tell Tim, but it’s an even better feeling than getting to make the full version of Hack 'n' Slash. The game also wouldn’t exist without her loving support. I love you, angel.

The best thing is that both she and Matt will likely read this, and Matt will be super grossed out.

Sincerely,
(>^^)> CBD_


## Teaser website

When the Hack 'n' Slash website first went live, it only contained a single image as a teaser. Said image is the puzzle.

### Puzzle

Hack 'n' Slash original teaser image

IMPORTANT: This puzzle requires interacting with a Windows executable file.

### Hint

The file name of this image contains a clue.

If, despite that clue, you are not able to proceed, you might need to use a different software to open or repair the file, as newer applications perform file validation checks that didn't appear to exist back when this puzzle was originally published.

### Solution

This JPEG file actually contains several layers of embedded files within them. Looking at the JPEG's metadata, it has the following subject:

You may have figured out that this JPEG is more than just an image. It is not an ARG. It is not a transmedia narrative. It's just a puzzle we've built for you that will give you some more Hack 'n' Slash tidbits as you peel back its layers. If you're into that kind of thing, we hope you enjoy it!


The first thing to notice is in the visible picture itself. The grid actually represents the following text:

THE FI
VE BOX
ING WI
ZARDS
JUMP Q
UICKLY


The next step is to open this file as a ZIP archive instead of a JPEG image, as hinted by its filename. The easiest way to do so is to rename the file to change its extension. Note that since the file is not a fully-valid ZIP archive, programs that validate its content prior to extraction may detect the file as corrupted. A successful extraction however reveals 3 files:

• MainTheme.mp3
• Outdoors.mp4
• WorldTablet.txt

MainTheme.mp3 contains a normal music track. However, its metadata mentions aes-256-cbc as the genre. This is actually a type of cipher. The metadata also contains the following hint in the comments:

passwords read like incantations when spoken in all capital letters


WorldTablet.txt is a normal text file, but it is not easily readable. To do so, the text must be set so that a line break occurs every 68 consecutive characters. The easiest way to do is to turn on word-wrapping in a text editor and resize the window's width accordingly. Doing so will reveal a message duplicated in 2 columns, and some of the words between the 2 columns are not aligned exactly the same way. By crossing eyes, it's possible to isolate these words and see the following hidden hint pop out of the text:

the embedded application is enciphered with the incantation presented by the first observed glyphs


Outdoors.mp4 is a video file, although some of its frames contains glyphs in the bottom-left corner. Decoding these glyphs using the grid from the original picture reveals the following hint:

most of the time we only see the things that we expect to often secrets are in plain sight but remain invisible to us size up the medium you are observing and you may find it supports modes of expression you do not expect images can contain words words can produce images something that appears to be a recording of life may actually be a container filled with the sequences of images and channels of audio that you expect but that container can hold


Outdoors.mp4 also contains another secret. Within its file structure lies a hidden file called crackme.enc which must be extracted. Using the previous hints, it's possible to deduce that this file can be decoded using AES-256-CBC with the password THE FIVE BOXING WIZARDS JUMP QUICKLY.

The result is a Windows executable program, whose metadata contains the following:

One last puzzle brought to you by Double Fine Productions, and a very special Hack ‘n’ Slash character, Ida.


Executing the program prompts for an incantation. Note that the incantation to input depends on the computer the program is being executed on. The only way to figure out what it is is to use standard software debugging or reverse-engineering tools.

A full reverse-engineering of the program reveals that the incantation is generated using this procedure:

1. Get the SHA-1 hash of the Windows system volume GUID path
2. Copy the first 4 characters of a predetermined block of text in the incantation
3. Count all matches in said predetermined block of text for the last 4 characters of the partially-constructed incantation
4. Pick a match using the following formula, with match 0 being the leftmost match and following matches incrementally larger by 1: (bitwise XOR of the 2 leftmost bytes of the hash) modulo (number of matches)
5. Append the 4 characters immediately following the selected match at the end of the incantation
6. Drop the 2 leftmost bytes of the hash
7. Repeat steps 3 to 6 until no match is found or until all bytes of the hash have been used
8. Complete the rest of the incantation with what immediately followed the last 4 copied characters up to the next period

The predetermined block of text referred above is the following:

AND WITH THIS INCANTATION I DO SO ENSORCELL MATTERS SUCH THAT THE MAGIC OF THIS APPLICATION PRODUCES A RESULT THAT MUST INVARIABLY ENGENDER MAGNIFICENT AMPLIFICATION OF THE DESIRED OUTCOMES THAT WE PRODUCE. AND WITH THIS INCANTATION I THEE BOND INTO REALMS FOREVER INTWINING OURSELVES TO OUR COMBINED DESTINIES WHICH PRODUCE A KIND OF INFINITE REWARD IN THE CONSTRUCTION OF MECHANISMS TO AID OUR DISCOVERY OF KNOWLEDGE AND TRUTH. AND WITH THIS INCANTATION I REVEAL MYSELF TO BE CAPABLE OF CHALLENGES OF THE MIND AND SPIRIT WHICH STRENGTHEN AND EMBOLDEN MY CAPACITY FOR TAKING CONTROL OVER THAT WHICH WAS ALWAYS OUR BIRTHRIGHT THOUGH SOMESTIMES WE FOOL EVEN OURSELVES TO PROTECT THAT WHICH CANNOT BE PROTECTED. WITH THIS INCANTATION I OPEN THE LOCK CLASPED SIMPLY TO PROVIDE OPPORTUNITY FOR DEMONSTRATION OF MY POWER. AND WITH THIS INCANTATION I FOREVER OPEN THE BOUNDARIES OF UNDRESTANDING SUCH THAT I ALWAYS REALIZE THE POWERS I HAVE OVER HIDDEN BUT NOT INACCESSIBLE TRUTHS. AND WITH THE MECHANISMS OF THIS INCANTATION I CAN BREAK THE BONDS THAT WERE NEVER REALLY THERE DESPITE THE INSISTENCE OF THOSE PRESENTING THEMSELVES AS WIZARDS. AND WITH THIS INCANTATION I OBSERVE THE FINITE IN THE INFINITE THAT HAS PRODUCED MUCH WONDER AND MAGIC IN OUR WORLD AND COMMIT TO THE PURSUITE OF UNDERSTANDING. AND WITH THIS INCANTATION I DO DECLARE THAT BIRTHRIGHT HAS NO STANDING IN THE CHAMBERS OF WISDOM. AND WITH THIS INCANTATION I DO PRESENT MATTERS SUCH THAT IT IS OBSERVABLE THAT NO CREATURE SHOULD BE RESTRAINED BY THE FEAR OF OTHERS.


Upon entering the correct incantation, a success message is generated, and a message is automatically copied to the clipboard. That message is generated using the following transformation:

Windows system volume GUID path → SHA-1 → Base64 encoding → append before the current string either FROM/DEBUGGER if a debugger is attached to the process or SUCCESS/HASH/ otherwise → RSA 512-bit encryption → Base64 encoding → append before the current string @Noughtceratops with a space in-between

The RSA public key used to do the encoding is the following:

MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMeqDCPIoPMd8CSnjGI96lJG3ijSEMDFuJCG4yaWUgbzpHijnyhQtAWn8PXhWOeie0v56AcqjXtKuSeSeLalrZsCAwEAAQ==


As a reference, I have produced an analysis of all possible incantations with their frequencies. Here is also the C++ source code I wrote to generate said analysis.

## T-shirt

There is an official Hack 'n' Slash T-shirt.

A puzzle is hidden on its tag.

### Puzzle

Hack 'n' Slash T-shirt tag

Note that the T-shirt size is irrelevant. The one in my wardrobe says XL instead of MD, but is otherwise identical in design.

IMPORTANT: The solution is a URL that no longer resolves. The reward is embedded at the end of the solution below.

### Solution

The pixelated rounded rectangle around the Hack 'n' Slash logo contains vertical bars. Said vertical bars form the following barcode:

This barcode can be decoded to:

+thegame.com/shirt


When combining this partial URL with the message inside the rounded rectangle, the following HTTP URL can be formed, which is the solution:

http://hacknslashthegame.com/shirt


Note that this URL redirected the user to a store page for purchasing the very T-shirt this puzzle is located on.

## Amnesia Fortnight 2014 launch video

This puzzle is hidden in the Amnesia Fortnight 2014 launch video, while Brandon Dillon is on the screen between 2:28 and 3:04.

### Puzzle

IMPORTANT: The solution is a URL that no longer resolves. The reward is embedded at the end of the solution below. Also, this puzzle requires solving part of the previously-described teaser website image puzzle.

### Solution

Using the alphabet from the teaser website image, the first 3 encoded messages decodes to, in order:

http
hacknslashthegame
com


Similarly, the alphabet in the second-to-last screen decodes to vertical, and the last one to horizontal. However, those last two words are not part of the solution, but a hint that indicates how to read the numbers on these screens. Said numbers must then be combined to form a nonogram which must then be solved.

Unfortunately, the resulting nonogram is not solvable by itself, as it does not have a unique solution. However, the parts of the nonogram that are solvable partially reveals a QR code, which can then be decoded and reconstructed despite the missing data by using the properties of QR codes. For reference, this is the reconstructed QR code:

The decoded QR code is the following message:

/shirt


When combining this to the first part of the message, the following URL can be formed, which is the solution:

http://hacknslashthegame.com/shirt


Note that this URL redirected the user to a store page for purchasing the official Hack 'n' Slash T-shirt described in the previous section.

## Development blog post

This puzzle was published on the short-lived development blog of Hack 'n' Slash.

### Puzzle

SGGCSNTSSSFEESRWOTOSOYGL
LESMDETNOEDRTSOOOTSTGERO
AFFESAEEENTETEONEYRTGDTY
EDNEESYEYTGEDNRLRIIETEST
RSYEGUERRE.OMMM.MC...EGR
RW.RFHWWE.HHMRMCHHHFWW..
.A.M...IIE.SSNEEEEIARNN.
..HHLWHKHNMLHRNKSVRLRHWV
DMLBDVRTHFBTBEERHERVDHLD
HVDTGSYMN.OOO...N...SNSR
.NNNNONNEAAAAOII.TW...TT
TTTTWWTTTTTTP..GG.FFLW..
EHVHNTTT.H.DD..RW.IALLUA
ZZB.E.OIPB..BEAANRI...RR
UO.OE..OEEOOUAOOOO.OIIOI
IIIAOA.OAAAATTSDGSTTTL..
.LNFSSII.PW..CL.IFEVFFFP
LN.YH.MCCRAU....EEELEAEO
TTTGUOUUEE..EOOOORUKAAEY
ESIILAINWIIUSNN.L..EOOAU
..SOUIAASASUEIUNSI..$... .O.YE.IAAA.....X...OFTF. GGSBAJOOBPPAAOOOAAE....L ........OEMLMBAH..ANZZUU  ### Hint The following message appeared in the source code of the blog a few days after the original puzzle was published: <!-- Y'all have worked out so much already! The properties you've discovered in the text might even be useful in fields other than cryptography. Here's a new hint that might push things along! QlpoORdyRThQkAAAAAA= > CBD_ -->  ### Solution First, the hint is actually the output of null data being compressed using the bzip2 algorithm, and encoded in Base64. As for the actual problem, it is a message encoded using the Burrows–Wheeler transform, which is also used in bzip2. This is the decoded message: THE.BURROWS.WHEELER.TRANSFORM.HAS.ALWAYS.BEEN.ONE.OF.MY.FAVORITES.BECAUSE.THE.IDEA.OF.BEING.ABLE.TO.JUST.REORDER.INFORMATION.AND.HAVE.THE.NEW.CONFIGURATION.POSSESS.EXTRA.MEANING.WITHOUT.HAVING.LOST.ANYTHING.FEELS.LIKE.MAGIC.ALSO.IT.WAS.NOT.DISCOVERED.THAT.LONG.AGO.IT.IS.FUN.TO.PONDER.WHAT.OTHER.MAGICAL.TRANSFORMATIONS.WE.HAVE.YET.TO.DISCOVER.BY.THE.WAY.THIS.IS.THE.ONLY.PUZZLE.ON.THE.BLOG.SO.FAR.TUMBLR.REMOVED.SOME.OF.MY.STEGANOGRAPHY.WHEN.I.UPLOADED.IMAGES.BUT.WE.WILL.FIGURE.OUT.SOMETHING.TO.DO.I.WANTED.TO.MAKE.SURE.THERE.WAS.AT.LEAST.ONE.PUZZLE.FOR.YOU.WONDERFUL.FOLKS$


## Early Access launch trailer

This puzzle was hidden in the YouTube description of the Hack 'n' Slash Early Access launch trailer.

### Puzzle

UEFUQ0gAQF4AKCUSHSocJA0KFxAOGxgeHCQdmBEKDBQkFyQcFQocESkkCw4kCxsKHw5FT0Y=


IMPORTANT: This puzzle requires a North American copy of The Legend of Zelda.

### Solution

This is Base64 data. The decoded version is an IPS patch for The Legend of Zelda. Applying the patch, and entering the cave at the very beginning of the game, causes the old man giving Link the wooden sword to say the following instead of his normal dialog:

   IT'S DANGEROUS TO
HACK N SLASH! BE BRAVE.


## Tweet to the National Security Agency (NSA)

This is a reply from Brandon Dillon to the NSA's official Twitter account for recruitment, which was itself a puzzle.

### Puzzle

NSA's tweet:

tpfccdlfdtte pcaccplircdt dklpcfrp?qeiq lhpqlipqeodf gpwafopwprti izxndkiqpkii krirrifcapnc dxkdciqcafmd vkfpcadf. #MissionMonday #NSA #news


.@NSACareers gipkfrp,xnip rircdxrxwafm dfvr<3eiki'r pepql'f'rnpr ercipoliw!40 808-l5657-eg 0ec


### Solution

Both messages use the same simple character substitution cipher, which can easily be cracked using properties of the English language. Spaces are irrelevant.

The decoded NSA message:

wanttoknowwhatittakestoworkatnsa?checkbackeachmondayinmayasweexplorecareersessentialtoprotectingoutnation. #MissionMonday #NSA #news


.@NSACareers dearnsa,pleasestopspyingonus<3here'sahack'n'slashsteamkey!40808-k5657-hd0ht


## Secret room

This is an optional puzzle included in the full version of Hack 'n' Slash.

### Puzzle

In the installation directory of Hack 'n' Slash, the following encrypted file can be found:

Data/Content/Secret/Rooms/SecretRoom.lua


IMPORTANT: This puzzle requires running a copy of Hack 'n' Slash.

### Solution

Near the end of the game, in the DRMRoof room, a pedestal can be found with a book on it. Books in the game are actually pointers to the game's loaded files. If the data is not valid Lua bytecode, a protective barrier appears around the book, preventing it from being taken. Also, when a book is on the pedestal, the related data gets encrypted in RAM every time the player character enters the room, causing the barrier to appear if there wasn't one. Note that because of this property, encrypted data may be encrypted again if not careful, requiring multiple decryptions afterwards.

To decode the data, the player character is supposed to jack into the pedestal with their broken sword, and input the correct password. This may cause the protective barrier to disappear if the decrypted data is valid Lua bytecode. Note that doing so allows the player character to pick it up and place a different book in its place if they so choose.

Decoding the book already on the pedestal by default allows the player to proceed to the princess chambers immediately on the right of the pedestal without causing the game to crash, as said book points to the code of said chambers.

By using normal game mechanics, it is possible to acquire a book pointing to Data/Content/Secret/Rooms/SecretRoom.lua. There are multiple ways to do so, for example by hacking the library's entry floor to point to the game's root directory, then picking up the book manually. Similarly, it is also possible to hack DRMRoof itself to modify the exit on the right of the pedestal to also point to Data/Content/Secret/Rooms/SecretRoom.lua instead of the princess chambers.

It is believed that to solve the puzzle, the player character must switch the book on the pedestal to one that points to the secret room, input the correct password, then enter said room using the technique described in the previous paragraph.

Problem is... no one has figured out what the password is. If clues are hidden somewhere, they have either been missed or overlooked. Given the similarity between this puzzle and the prototype's, I would not be surprised if such a clue exists somewhere in the game's code or data.

Brute force attacks have been attempted, but so far have been unsuccessful. Direct attacks on the cipher used by the pedestal have also been considered, but are currently unlikely. For reference, the input password is hashed using SHA-256, then an attempt to decode the data using AES-256-CBC with a null IV is performed, using the hash as the key. If it helps, based on the way the game is structured and the way Lua headers are encoded, it is very likely that the first bytes of the file should decode to:

1B 4C 75 61 51 00 01 04 04 04 08 00 2A 00 00 00
40 44 61 74 61 2F 43 6F 6E 74 65 6E 74 2F 53 65
63 72 65 74 2F 52 6F 6F 6D 73 2F 53 65 63 72 65
74 52 6F 6F 6D 2E 6C 75 61 00 00 00 00 00 00 00
00 00 00 00 02


The original discussion thread can be found on the Double Fine forums.

## Devs Play hacked The Legend of Zelda cartridge

In season 1 episode 4 of Double Fine Productions's YouTube series Devs Play titled Legend of Zelda, Brandon Dillon hacked an original cartridge of The Legend of Zelda, with the description of the video containing the actual patch applied on the ROM. At the end of the video, he offered to give the cartridge to the first person that could find the hacked ending message in this patch. The winner was Guillaume Saby.

Brandon Dillon shipped him the cartridge, while mentioning on his Twitter account that he drew a puzzle and stuck it on the cartridge, and gave him the choice whether or not to share the puzzle. The tweet included a partially-hidden picture of the cartridge as proof.

Guillaume Saby decided to share the puzzle to the world, which was located on the front and back panels of the cartridge.

### Puzzle

Front of modified The Legend of Zelda cartridge

Back of modified The Legend of Zelda cartridge