5. Use the ECDSA point doubling formula and point addition formula on the generator point to get the public key. This will probably take a few days.
I think this is basically intractable manually if done naively. You're talking hundreds of millions of 32 bit operations. Even if you were able to retire one per second and worked 12 hours per day you're talking 6+ years.I think hundreds of millions for the naïve point doubling/addition formula is a few magnitudes too high. My guess is a few millions at most. I count approx. a thousand 256-bit modulo multiplications and 380 modulo divisions in my naïve implementation. The divisions are probably the most expensive ones, but I think each should only take a few thousand 32 bit operations. You can avoid most modulo divisions by working with fractions at the cost of a few more multiplications.
Still you need a few days (and a few more to check your result).
And you don't need to compute any hash if you use the old send to pubkey outputs, this should save you a few days.
I'm not sure if the OP would consider this cheating, as it would not compute a Bitcoin address.