The Hack 'n' Slash Puzzle Collection
- Video Games, Security
Latest revision:
This is a collection of all the secret hacking puzzles released between 2012 and 2015 related to the video game Hack 'n' Slash and its prototype. As far as I'm aware, all puzzles were designed by the game's project lead Brandon Dillon.
All the material is archived here for preservation purposes, with the blessing of Brandon Dillon, and presented in chronological order of release.
Note: I have uploaded all of the free Hack 'n' Slash puzzles on the Internet Archive as well for convenience.
Prototype box art
The Hack 'n' Slash prototype received a fake box art, in the style of Super Nintendo Entertainment System game packaging.
The puzzle is located in the game's description on the bottom-left.
Solution
The seemingly-corrupted characters is actually a simple character substitution cipher, which can easily be cracked using properties of the English language. This is the fully-decoded message:
You are the hero foretold by the legends!
Set forth on a voyage of adventure and discovery. Face vicious monsters,
trick castle guards, meet magical friends, and uncover deeply hidden secrets
in a world full of mystery and intrigue.
The gods have created this world and placed you in it for a mysterious
purpose, but there work is not complete. Uncover the secrets of the world,
fight your way through dangerous enemies and deadly traps, and dismantle the
very underpinnings of reality.
Look behind the curtains of the world at the skull beneath the face. Shatter
it into a million pieces and reassemble it to your liking. There is no arcane
secret you cannot uncover. No magic you cannot unravel. You are the Destroyer
and the New Creator. I want you to understand who you are and why you are
here, hacker.
Prototype hidden journal
This is an optional puzzle included in the Hack 'n' Slash prototype.
IMPORTANT: This puzzle requires a copy of the Hack 'n' Slash prototype, which is bundled in Amnesia Fortnight 2012. A physical version of this bundle was also released as Amnesia Fortnight 2012 Special Edition.
Puzzle
In the installation directory of the prototype, the following encrypted file can be found:
Win/Hidden/HiddenJournal.txt
Solution
After beating the prototype, get to the castle's courtyard. Take the left path, dodge the glitched tiles and jump into the very last one at the end of the path. You'll be teleported in the princess chambers. Inspect the painting on the wall to acquire the Hidden Journal book.
Exit the room through a hidden door on the left wall and get to the library. After picking up the book requested by the genie, go back to the library's entrance, climb the stairs labeled AF
and pick up the book called AF.lua
. If you don't know which one that is, go decode the alphabet near the end of the game and backtrack.
Afterwards, when you reach the room with the two pedestals, immediately after opening the portal, do not enter it. Instead, place AF.lua
on the left pedestal and HiddenJournal.txt
on the right pedestal. This will decode HiddenJournal.txt
and you will be able to read it normally by using the book.
Note that while reading a book, you can flip through the pages by pressing Space.
Full game announcement press release
This puzzle was hidden in the original press release announcing the full version of Hack 'n' Slash.
IMPORTANT: The solution is a URL that no longer resolves. A backup of the reward is available below.
Puzzle
—-TRACE BEGIN—-
> CONNECT host:www.hacknslashthegame.com port:80
> SEND ApplicationData
>> GET /download/hacknslashannouncement.txt HTTP/1.1
>> Host: hacknslashthegame.com
>>
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Connection: close
Content-Type: application/octet-stream
DOUBLE FINE ANNOUNCES PUZZLE ACTION GAME HACK ’N’ SLASH
Former Amnesia Fortnight Prototype to Launch in First Half 2014, Supported by Indie Fund and friends of Double Fine
SAN FRANCISCO–December 10, 2013–Double Fine Productions today announced that Hack ‘n’ Slash, a hacking themed puzzle action game for Windows, Mac, and Linux, will release in the first half of 2014. A version of the game debuted during Double Fine’s Amnesia Fortnight 2012 internal game jam. It was selected by the gaming public to be turned into a two-week prototype, after garnering more votes than any other Amnesia Fortnight pitch.
In Hack ‘n’ Slash, a young elf uses her computer hacking skills to cheat her way through a classic action/adventure game. The game was funded by Indie Fund, Humble Bundle, Hemisphere Games, make all, AppAbove Games, Adam Saltsman, The Behemoth, Morgan Webb, and Rob Reid as part of a two-game deal that also includes Spacebase DF-9, which released in Early Access Alpha and recouped its investment within two weeks.
“I’ve always loved games with lots of secrets in them,” said Hack ‘n’ Slash project lead Brandon Dillon, “and when I first discovered a hex editor in an emulator, it dawned on me that I could be a kind of digital treasure hunter—no game could keep even its deepest secrets from me if I adventured long enough in its code and memory.”
By subverting old-school gaming tropes with unique hacking mechanics, Hack ‘n’ Slash allows non-programmer players to experience that same sense of mystery and discovery.
“Look, I’m going to be honest with you here: I don’t really understand what’s going on inside this game’s code,” said Double Fine president and CEO Tim Schafer, who claims to possess a degree in computer science. “I believe it contains ‘algorithms.’ But I know what’s going on inside my heart when I play it. And that is joy.”
“We’re psyched to be helping with Hack’n'Slash because Amnesia Fortnight projects are about empowering individual creators,” said Indie Fund partner Ron Carmel, who definitely possesses a degree in computer science. “And I can confirm that this game’s code does contain algorithms.”
Hack ‘n’ Slash will be released for Windows, Mac, and Linux on Steam and DRM-free in the first half of 2014. It will include algorithms.
> CONNECT host:hacknslashthegame.com port:443
> SEND ClientHello suites:TLS_RSA_WITH_AES_256_CBC_SHA certs:x509 random:xIl3HWupPdsvwY94XV3UHtW04aE/wT4X8p7FmdSxW5w=
RECV ServerHello random:Up2+Rmzxa4CFywMpfAMCBn7wJHaiBnwEGslWPq4QaTQ=
RECV Certificate [verified]
RECV ServerHelloDone
> SEND ClientKeyExchange premaster:AwKV0UmxkA/iXZ4Y4NDn0P1Ju/m6GNL10FR7PuJae/83Ghy3Eo+6qDiJwQsNzjyB
... [encrypting provided premaster]
> ENCRYPT
... [computing master key]
... [sending ChangeCypherSpec]
> VERIFY
... [computing verify_data:Tcz7sewhNdF70Xmd]
... [sending Finished]
>SEND ApplicationData
>> ******************************************
>> ***************************
>>
... [sending ApplicationData encrypted_payload:9Uxik4wGjQEoga0gznSZM7H+x4gnbdG9iqVwCOucgvE=]
... [sending ApplicationData encrypted_payload:Z41sWWPE2pPTxXnfbb/ju+g9NGrE/7gMltSvCW2J5aLCjH0R5k8E1iHJydJ1OuguAyZqKPlUDOxVZ6I1dnIJkPBXre5y2wcZU5misdX8Hk+exdqsbpjeDRwQKxwxcOTm]
wqbzvEF9EWuIshMxNfrvhg75TbHD5/WY4dA8m73GW6kX6S7lszdMKCKr3QWz0/2EAwdkU51tyAqEMB1DR87/9PnAXnECqvbVZLWL8MBNgcyd4ri+YzRDF/R+XbJ3qXbRIfuaiJGqjB8AQSYTHdmBIqdcamc6404t5cw0Gx7oRyYmudXx4CZ1D2fpD801jKNOm/Zv0saw3XwF7j0gPvvKZBWmUzwGc9L8PNFkKzsliozmBUxyE3hdRu0L7G5fqviPejgjau3VBC3LI64nvNz8yQ27yoZKpaqAlAV69tnPkwqTGeXgFM6ev4w6CTFUYPHucogo5OJ3V0G0n69k8+aljaeeNTuVzmRML9bHJdzVB4s252NF2PrgPlzGQIgbih7P4unwshrtCLeg8zLF0AApCA==
—-TRACE END—-
Solution
The goal of this puzzle is to figure out the URL of the second request. Normally this wouldn't be possible beyond the domain name as it is an HTTPS request, but since this is a full trace from the client side that logged the AES-256 symmetrical key used to encrypt the rest of the path, that same key can be also used for decryption.
The reconstructed URL is the following, which is the solution:
https://hacksnslashthegame.com/download/a-note-from-cbd.txt
Original reward
Here is a backup of the contents of a-note-from-cbd.txt
:
First, let me say that, if you decoded the hints in the press release to get here, amazing work! You either possess impressively detailed knowledge about the low-level aspects of modern encryption techniques, or you went out and learned a lot. Either way, cheers to you.
Second, now that you’re here, you’re probably wondering what the light was at the end of that enciphered tunnel. I hope you’re not disappointed that it’s just a text file written by me. If so, perhaps a kirby will cheer you up?
(>^^)>
They always cheer me up. The operating system class I took in college required programming an x86 OS that was bootable from being dd’ed onto a hard drive (that was a difficult but very fun project), and I personalized it by making the command prompt a kirby. It also had a system interrupt that would map DOOM’s shareware WAD into your process’s memory because apparently my priorities were:
1) Write an ELF loader
2) Port DOOM
3) Implement a file system
Regardless, that’s not why we’re here. We’re here because we’re proud to announce Hack 'n' Slash! I had a weird self-consciousness about the idea originally. I was convinced that it wasn’t going to get any votes during Amnesia Fortnight because I thought no one but me would be interested in playing that kind of game. Needless to say, I was very surprised and excited by the enthusiasm it garnered, and I’m so thrilled that we’re going to be able to move beyond the prototype and make a full game.
By now, you probably already know that the announcement image has some puzzles hidden in it. Or maybe you tackled this puzzle first before moving on to the other ones. In which case, holy crap, you have way more discipline than I do. And there are puzzles hidden in the announcement image! The idea with the announcement puzzles is that they’re wholly self-contained. You’re not going to need to stand by a payphone in San Francisco and then wind up dancing with a person in a gorilla suit. You’re not going to have to venture to some other part of the internet to get to the next step unless it’s to learn some new knowledge that will help you solve the puzzle.
To get pretentious for a second, this is related to the design philosophy of Hack 'n' Slash. You will certainly be able to pop out of the game and muck around in its data files to discover secrets, but it will never be a requirement; everything you’ll need to fully master the game will be contained in the game itself. We try to carry this over into the story as well. The game doesn’t spend a lot of time winking at you. The idea is just that Hack 'n' Slash is its own little universe and you can play an important part in one of its important stories. It’s just that its physics is governed by the code’s algorithms instead of particle interactions like our universe. And you get to mess with the physics. Hopefully that sounds cooler than some fourth-wall-breaking metagame experience; I think it does, anyway.
Also, this is a good opportunity to embed some gratitude. I’m really thankful to Matt Alderman for teaching me something that I believed but didn’t really *know*: there’s no magic, just things you don’t understand yet. He continues to be a valuable mentor and inspiration, and this game wouldn’t exist without our friendship.
And finally, I want to thank my fiancee. In the prototype, the most hidden secret was a love letter to her; if you’re really into the game, you may have already seen it. Just like how my team went from making a prototype to working on the full game, we went from being a couple to being engaged. Don’t tell Tim, but it’s an even better feeling than getting to make the full version of Hack 'n' Slash. The game also wouldn’t exist without her loving support. I love you, angel.
The best thing is that both she and Matt will likely read this, and Matt will be super grossed out.
Sincerely,
(>^^)> CBD_
Teaser website
When the Hack 'n' Slash website first went live, it only contained a single image as a teaser. Said image is the puzzle.
IMPORTANT: Solving this puzzle requires opening a ZIP file that is considered invalid by modern ZIP decompression utilities. To work around this, you may need to use one released before December 2013. If you need one, I have verified that 7-Zip version 9.20 is compatible.
Solution
This JPEG file actually contains several layers of embedded files within them. Looking at the JPEG's metadata, it has the following subject:
You may have figured out that this JPEG is more than just an image. It is not an ARG. It is not a transmedia narrative. It's just a puzzle we've built for you that will give you some more Hack 'n' Slash tidbits as you peel back its layers. If you're into that kind of thing, we hope you enjoy it!
The first thing to notice is in the visible picture itself. The grid actually represents the following text:
THE FI
VE BOX
ING WI
ZARDS
JUMP Q
UICKLY
The next step is to open this file as a ZIP archive instead of a JPEG image, as hinted by its filename. A successful extraction reveals 3 files:
MainTheme.mp3
Outdoors.mp4
WorldTablet.txt
MainTheme.mp3
contains a normal music track. However, its metadata mentions aes-256-cbc
as the genre. This is actually a type of cipher. The metadata also contains the following hint in the comments:
passwords read like incantations when spoken in all capital letters
WorldTablet.txt
is a normal text file, but it is not easily readable. To do so, the text must be set so that a line break occurs every 68 consecutive characters. The easiest way to do is to turn on word-wrapping in a text editor and resize the window's width accordingly. Doing so will reveal a message duplicated in 2 columns, and some of the words between the 2 columns are not aligned exactly the same way. By crossing eyes, it's possible to isolate these words and see the following hidden hint pop out of the text:
the embedded application is enciphered with the incantation presented by the first observed glyphs
Outdoors.mp4
is a video file, although some of its frames contains glyphs in the bottom-left corner. Decoding these glyphs using the grid from the original picture reveals the following hint:
most of the time we only see the things that we expect to often secrets are in plain sight but remain invisible to us size up the medium you are observing and you may find it supports modes of expression you do not expect images can contain words words can produce images something that appears to be a recording of life may actually be a container filled with the sequences of images and channels of audio that you expect but that container can hold
Outdoors.mp4
also contains another secret. Within its file structure lies a hidden file called crackme.enc
which must be extracted. Using the previous hints, it's possible to deduce that this file can be decoded using AES-256-CBC with the password THE FIVE BOXING WIZARDS JUMP QUICKLY
.
The result is a Windows executable program, whose metadata contains the following:
One last puzzle brought to you by Double Fine Productions, and a very special Hack ‘n’ Slash character, Ida.
Executing the program prompts for an incantation. Note that the incantation to input depends on the computer the program is being executed on. The only way to figure out what it is is to use standard software debugging or reverse-engineering tools.
A full reverse-engineering of the program reveals that the incantation is generated using this procedure:
- Get the SHA-1 hash of the Windows system volume GUID path
- Copy the first 4 characters of a predetermined block of text in the incantation
- Count all matches in said predetermined block of text for the last 4 characters of the partially-constructed incantation
- Pick a match using the following formula, with match 0 being the leftmost match and following matches incrementally larger by 1: (bitwise XOR of the 2 leftmost bytes of the hash) modulo (number of matches)
- Append the 4 characters immediately following the selected match at the end of the incantation
- Drop the 2 leftmost bytes of the hash
- Repeat steps 3 to 6 until no match is found or until all bytes of the hash have been used
- Complete the rest of the incantation with what immediately followed the last 4 copied characters up to the next period
The predetermined block of text referred above is the following:
AND WITH THIS INCANTATION I DO SO ENSORCELL MATTERS SUCH THAT THE MAGIC OF THIS APPLICATION PRODUCES A RESULT THAT MUST INVARIABLY ENGENDER MAGNIFICENT AMPLIFICATION OF THE DESIRED OUTCOMES THAT WE PRODUCE. AND WITH THIS INCANTATION I THEE BOND INTO REALMS FOREVER INTWINING OURSELVES TO OUR COMBINED DESTINIES WHICH PRODUCE A KIND OF INFINITE REWARD IN THE CONSTRUCTION OF MECHANISMS TO AID OUR DISCOVERY OF KNOWLEDGE AND TRUTH. AND WITH THIS INCANTATION I REVEAL MYSELF TO BE CAPABLE OF CHALLENGES OF THE MIND AND SPIRIT WHICH STRENGTHEN AND EMBOLDEN MY CAPACITY FOR TAKING CONTROL OVER THAT WHICH WAS ALWAYS OUR BIRTHRIGHT THOUGH SOMESTIMES WE FOOL EVEN OURSELVES TO PROTECT THAT WHICH CANNOT BE PROTECTED. WITH THIS INCANTATION I OPEN THE LOCK CLASPED SIMPLY TO PROVIDE OPPORTUNITY FOR DEMONSTRATION OF MY POWER. AND WITH THIS INCANTATION I FOREVER OPEN THE BOUNDARIES OF UNDRESTANDING SUCH THAT I ALWAYS REALIZE THE POWERS I HAVE OVER HIDDEN BUT NOT INACCESSIBLE TRUTHS. AND WITH THE MECHANISMS OF THIS INCANTATION I CAN BREAK THE BONDS THAT WERE NEVER REALLY THERE DESPITE THE INSISTENCE OF THOSE PRESENTING THEMSELVES AS WIZARDS. AND WITH THIS INCANTATION I OBSERVE THE FINITE IN THE INFINITE THAT HAS PRODUCED MUCH WONDER AND MAGIC IN OUR WORLD AND COMMIT TO THE PURSUITE OF UNDERSTANDING. AND WITH THIS INCANTATION I DO DECLARE THAT BIRTHRIGHT HAS NO STANDING IN THE CHAMBERS OF WISDOM. AND WITH THIS INCANTATION I DO PRESENT MATTERS SUCH THAT IT IS OBSERVABLE THAT NO CREATURE SHOULD BE RESTRAINED BY THE FEAR OF OTHERS.
Upon entering the correct incantation, a success message is generated, and a message is automatically copied to the clipboard. That message is generated using the following transformation:
Windows system volume GUID path → SHA-1 → Base64 encoding → append before the current string either FROM/DEBUGGER
if a debugger is attached to the process or SUCCESS/HASH/
otherwise → RSA 512-bit encryption → Base64 encoding → append before the current string @Noughtceratops
with a space in-between
Note that the RSA public key used during this transformation is the following:
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMeqDCPIoPMd8CSnjGI96lJG3ijSEMDFuJCG4yaWUgbzpHijnyhQtAWn8PXhWOeie0v56AcqjXtKuSeSeLalrZsCAwEAAQ==
The final message was designed to be pasted on Twitter to be decoded by Brandon Dillon using his corresponding private RSA key.
T-shirt
There is an official Hack 'n' Slash T-shirt.
A puzzle is hidden on its tag.
IMPORTANT: The solution is a URL that no longer resolves. A backup of the reward is available below.
Puzzle
Note that the T-shirt size is irrelevant. The one in my wardrobe says XL
instead of MD
, but is otherwise identical in design.
Solution
The pixelated rounded rectangle around the Hack 'n' Slash logo contains vertical bars. Said vertical bars form the following barcode:
This barcode can be decoded to:
+thegame.com/shirt
When combining this partial URL with the message inside the rounded rectangle, the following HTTP URL can be formed, which is the solution:
http://hacknslashthegame.com/shirt
Original reward
The URL redirected the user to a store page for purchasing the Hack 'n' Slash T-shirt, as some kind of self-reference.
Amnesia Fortnight 2014 launch video
This puzzle is hidden in the Amnesia Fortnight 2014 launch video, while Brandon Dillon is on the screen between 2:28 and 3:04.
IMPORTANT: The solution is a URL that no longer resolves. A backup of the reward is available below.
IMPORTANT: This puzzle requires decoding the glyphs showcased in the earlier teaser website image puzzle.
Solution
Using the alphabet from the teaser website image, the first 3 encoded messages decodes to, in order:
http
hacknslashthegame
com
Similarly, the alphabet in the second-to-last screen decodes to vertical
, and the last one to horizontal
. However, those last two words are not part of the solution, but a hint that indicates how to read the numbers on these screens. Said numbers must then be combined to form a nonogram which must then be solved.
Unfortunately, the resulting nonogram is not solvable by itself, as it does not have a unique solution. However, the parts of the nonogram that are solvable partially reveals a QR code, which can then be decoded and reconstructed despite the missing data by using the properties of QR codes. For reference, this is the reconstructed QR code:
The decoded QR code is the following message:
/shirt
When combining this to the first part of the message, the following URL can be formed, which is the solution:
http://hacknslashthegame.com/shirt
Original reward
The URL redirected the user to a store page for purchasing the Hack 'n' Slash T-shirt previously showcased.
Development blog post
This puzzle was published on the short-lived development blog of Hack 'n' Slash.
Puzzle
SGGCSNTSSSFEESRWOTOSOYGL
LESMDETNOEDRTSOOOTSTGERO
AFFESAEEENTETEONEYRTGDTY
EDNEESYEYTGEDNRLRIIETEST
RSYEGUERRE.OMMM.MC...EGR
RW.RFHWWE.HHMRMCHHHFWW..
.A.M...IIE.SSNEEEEIARNN.
..HHLWHKHNMLHRNKSVRLRHWV
DMLBDVRTHFBTBEERHERVDHLD
HVDTGSYMN.OOO...N...SNSR
.NNNNONNEAAAAOII.TW...TT
TTTTWWTTTTTTP..GG.FFLW..
EHVHNTTT.H.DD..RW.IALLUA
ZZB.E.OIPB..BEAANRI...RR
UO.OE..OEEOOUAOOOO.OIIOI
IIIAOA.OAAAATTSDGSTTTL..
.LNFSSII.PW..CL.IFEVFFFP
LN.YH.MCCRAU....EEELEAEO
TTTGUOUUEE..EOOOORUKAAEY
ESIILAINWIIUSNN.L..EOOAU
..SOUIAASASUEIUNSI..$...
.O.YE.IAAA.....X...OFTF.
GGSBAJOOBPPAAOOOAAE....L
........OEMLMBAH..ANZZUU
Hint
The following message appeared in the source code of the blog a few days after the original puzzle was published:
<!--
Y'all have worked out so much already! The properties you've discovered in the text might even be useful in fields other than cryptography.
Here's a new hint that might push things along!
QlpoORdyRThQkAAAAAA=
> CBD_
-->
Solution
First, the hint is actually the output of null data being compressed using the bzip2 algorithm, and encoded in Base64.
As for the actual problem, it is a message encoded using the Burrows–Wheeler transform, which is also used in bzip2. This is the decoded message:
THE.BURROWS.WHEELER.TRANSFORM.HAS.ALWAYS.BEEN.ONE.OF.MY.FAVORITES.BECAUSE.THE.IDEA.OF.BEING.ABLE.TO.JUST.REORDER.INFORMATION.AND.HAVE.THE.NEW.CONFIGURATION.POSSESS.EXTRA.MEANING.WITHOUT.HAVING.LOST.ANYTHING.FEELS.LIKE.MAGIC.ALSO.IT.WAS.NOT.DISCOVERED.THAT.LONG.AGO.IT.IS.FUN.TO.PONDER.WHAT.OTHER.MAGICAL.TRANSFORMATIONS.WE.HAVE.YET.TO.DISCOVER.BY.THE.WAY.THIS.IS.THE.ONLY.PUZZLE.ON.THE.BLOG.SO.FAR.TUMBLR.REMOVED.SOME.OF.MY.STEGANOGRAPHY.WHEN.I.UPLOADED.IMAGES.BUT.WE.WILL.FIGURE.OUT.SOMETHING.TO.DO.I.WANTED.TO.MAKE.SURE.THERE.WAS.AT.LEAST.ONE.PUZZLE.FOR.YOU.WONDERFUL.FOLKS$
Early Access launch trailer
This puzzle was hidden in the YouTube description of the Hack 'n' Slash Early Access launch trailer.
IMPORTANT: This puzzle requires a North American copy of The Legend of Zelda.
Puzzle
UEFUQ0gAQF4AKCUSHSocJA0KFxAOGxgeHCQdmBEKDBQkFyQcFQocESkkCw4kCxsKHw5FT0Y=
Solution
This is Base64 data. The decoded version is an IPS patch for The Legend of Zelda. Applying the patch, and entering the cave at the very beginning of the game, causes the old man giving Link the wooden sword to say the following instead of his normal dialog:
IT'S DANGEROUS TO
HACK N SLASH! BE BRAVE.
Tweet to the National Security Agency (NSA)
This is a reply from Brandon Dillon to the NSA's official Twitter account for recruitment, which was itself a puzzle.
Puzzle
NSA's tweet:
tpfccdlfdtte pcaccplircdt dklpcfrp?qeiq lhpqlipqeodf gpwafopwprti izxndkiqpkii krirrifcapnc dxkdciqcafmd vkfpcadf. #MissionMonday #NSA #news
Brandon Dillon's reply:
.@NSACareers gipkfrp,xnip rircdxrxwafm dfvr<3eiki'r pepql'f'rnpr ercipoliw!40 808-l5657-eg 0ec
Solution
Both messages use the same simple character substitution cipher, which can easily be cracked using statistical properties of the English language. The spaces that appear every 12 characters are irrelevant.
The decoded NSA message, after adding in spaces for readability:
want to know what it takes to work at nsa? check back each monday in may as we explore careers essential to protecting our nation. #MissionMonday #NSA #news
Brandon Dillon's decoded reply, after adding in spaces for readability:
.@NSACareers dear nsa, please stop spying on us <3 here's a hack 'n' slash steam key! 40808-k5657-hd0ht
Secret room
This is an optional puzzle included in the full version of Hack 'n' Slash.
IMPORTANT: This puzzle requires a copy of Hack 'n' Slash.
Puzzle
In the installation directory of Hack 'n' Slash, the following encrypted file can be found:
Data/Content/Secret/Rooms/SecretRoom.lua
Hint
Brandon Dillon replied the following on Twitter after being asked whether brute-force would be practical or not to solve this puzzle:
I don't think it'd be practical to brute-force it. The passphrase shows up in the game.
Solution
Near the end of the game, in the DRMRoof
room, a pedestal can be found with a book on it. Books in the game are actually pointers to the game's loaded files. If the data is not valid Lua bytecode, a protective barrier appears around the book, preventing it from being taken. Also, when a book is on the pedestal, the related data gets encrypted in RAM every time the player character enters the room, causing the barrier to appear if there wasn't one. Note that because of this property, encrypted data may be encrypted again if not careful, requiring multiple decryptions afterwards.
To decode the data, the player character is supposed to jack into the pedestal with their broken sword, and input the correct password. This may cause the protective barrier to disappear if the decrypted data is valid Lua bytecode. Note that doing so allows the player character to pick it up and place a different book in its place if they so choose.
Decoding the book already on the pedestal by default allows the player to proceed to the princess chambers immediately on the right of the pedestal without causing the game to crash, as said book points to the code of said chambers.
By using normal game mechanics, it is possible to acquire a book pointing to Data/Content/Secret/Rooms/SecretRoom.lua
. There are multiple ways to do so, for example by using the LIBRARY_ROOT_PATH
artifact hidden in the chest in the rightmost cell of the Armory
room to set it to the root directory, then picking up the book manually from the library. (I recommend completing Act 4 before Act 3 to get the bombs early in order to bypass the gate blocking said chest.) Similarly, it is also possible to hack DRMRoof
itself to modify the exit on the right of the pedestal in the init
function to also point to Data/Content/Secret/Rooms/SecretRoom.lua
instead of the princess chambers.
To solve the puzzle, the player character must switch the book on the pedestal to one that points to the secret room, input the correct password, then enter said room using the technique described in the previous paragraph.
Technically speaking, the input password is hashed using SHA-256, which is then used as the key to decode the file using the AES-256-CBC algorithm with a null IV. Due to this, and due to the lack of clear hints as to what the password could be, it took 8 years before it was finally cracked by Glenn "Netrix" Anderson. You may find more information about how he did so on his GitHub account.
It turned out to be the last sentence of the loading screen message, which states:
Now loading...
It's dangerous to hack 'n' slash. Be brave.
In other words, the password is:
Be brave.
Entering this password, then entering the decrypted room as described above, shows a special message from Brandon Dillon to the player before triggering the game's win state. Using graphics not normally shown elsewhere in the game, Brandon explains the game's backstory, the missing Act 1, and some additional insights into the people that made the game possible.
Devs Play hacked The Legend of Zelda cartridge
This puzzle has not been solved yet! If you figure something out not documented below, please contact me!
UPDATE 2024-07-21: New hint from Brandon Dillon below!
In season 1 episode 4 of Double Fine Productions's YouTube series Devs Play titled Legend of Zelda, Brandon Dillon hacked an original cartridge of The Legend of Zelda, with the description of the video containing the actual patch applied on the ROM. At the end of the video, he offered to give the cartridge to the first person that could find the hacked ending message in this patch. The winner was Guillaume Saby.
Brandon Dillon shipped him the cartridge, while mentioning on his Twitter account that he drew a puzzle and stuck it on the cartridge, and gave him the choice whether or not to share the puzzle. The tweet included a partially-hidden picture of the cartridge as proof.
Guillaume Saby decided to share the puzzle to the world, which was located on the front and back panels of the cartridge.
Hint
Brandon Dillon mentioned the following on the 2weeks's official Discord server during a discussion about this puzzle being the last one to be solved:
I'm hesitant to give out too many hints (I somewhat controversially appreciate that one of the puzzles remains unsolved) but I will say that the fact that 162 = 9x9x2 was just a happy accident.
Partial solution
The only pertinent pieces of information that has been discovered so far is that each drawing represent a 9x9 binary data matrix, and that each bit is encoded by whether the line in the corresponding square of the grid is a slash or a backslash.
For instance, converting each slash to a 0
and each backslash to a 1
gives the following binary matrices.
Front side:
000011011
101010001
011101110
010011010
101110001
111101110
110010101
110101100
110010001
Back side:
011101001
110000110
100011011
100100100
101111010
011111110
111001110
110000100
111000111
What to do with this information is currently unknown.
Post image and puzzles: © 2012-2015 Double Fine Productions
Related content I wrote
The New Open Source Video Game Randomizer List Is Now Live
- Video Games, Programming
Time to update your bookmarks! After a few months of work behind the scenes, the new open source version of The BIG List of Video Game Randomizer is now live for your enjoyment, with dark mode support and a brand new UI for better readability! The new URL is: https://randomizers.debigare.com/ (The…
The Future of the Video Game Randomizer List
- Video Games, Programming, Anecdotes
It's hard to believe that it's been almost 8 years since I first posted on the ROMhacking.net forums a list of video game randomizers that I found online, and that it would evolve into the massive project it has become today, with almost 900 entries currently being listed. It's always a strange…
My Personal Video Game Completion List
- Anecdotes, Video Games
I thought it would be fun to track the long list of video game that I have beaten and/or completed for reference, so I've done just that! There may be a few mistakes here and there due to secret features unknown to me, or due to misremembering details of my past gaming experiences, but I believe the…
Current Generative AIs Have Critical Quality Issues
- Business, Quality Assurance, Security
The hype for generative AI is real. It is now possible for anybody to dynamically generate various types of media that are good enough to be mistaken as real, at least at first glance, either for free or at a low cost. In addition, the seemingly-creative solutions they come up with, and the…
After 8 Years, Double Fine's Hack 'n' Slash Secret Room Has Finally Been Cracked
- Video Games, Security
In the history of obscure video game secrets, not many has been quite infamous as the SecretRoom.lua puzzle in 2014's computer hacking game Hack 'n' Slash by Double Fine. Since the game's release, a mysterious encrypted file was found in the game files, yet despite the very nature of the game being…