But the guide says that the original public key can be found inside the locking script, the attacker don't have to find any hashes:
https://i.imgur.com/xzzqrYX.pngThat is the input
For spending it, one mus provide a key that it's hash is equal to the value in blockchain.
By the way, for proven the ownership of one UTXO locked by a p2pkh script you must: provide the public key and a valid signature for it. Then the coins are locked again in a new p2pkh, and until the owner sped it again the public key will be kept secret. That's why you shouldn't re-use addressees, the public key will be disclosed after the firs transaction.
