[rgovostes]

Neat discovery. I would argue that this isn't really a dictionary attack because by taking permutations of words, you are not searching for actual words like STUD. Straightforward brute force may be cleaner, faster, and avoid duplicates.

Breaking simple (non-cryptographic) hashes is usually a great use case for an SMT solver like Microsoft's Z3. Unfortunately the approach is mostly defeated by the mapping of the input buttons to a set of arbitrary constants, so it resorts to considering a large number of disjunct possibilities---basically a very fancy brute force.

Nonetheless, I took a stab at it and I was indeed able to find the solution TXTUDUTXTUDUTXTUDU -- but I had to cheat and tell it the code repeats 3 times.

https://gist.github.com/rgov/e2d8f6831288ca739d5c51b0c9f4005...

[bbayles]

Really cool! I'll play with this to see if I can come up with some missing hashes for Tony Hawk 3.

[rgovostes]

In this case it's probably smarter to resort to brute force.

Here's a C program that will run a lot faster than the Python. On my M1 Max MacBook Pro, I can evaluate all 9-button combos in 5.2 seconds. Each extra button should increase the runtime by a factor of 8. Allowing up to n repetitions should multiply the runtime by n. So you should be able to evaluate virtually all combinations in like 20 minutes without further acceleration.

https://gist.github.com/rgov/f471423e13e955c074ba9bac36c961b...