For keys with no available public key, the only possible solution is an especial hardware like an ASIC miner to grind sha256 and rmd160 hashes at a rate of trillions/s for the cheapest ASIC and thousands of T/s for advanced ASICs. Then you could wait 10 years and see if development can increase the hash per second for your ASIC or not.

So, other than engineers, a factory with billions in equipment and a few million to spend on prototypes, what else we don't have?

Oh and that's just for keys from 66 up to 80.
However if you know the public key, there is at least a chance that you could work out things mathematically.

Regarding unexposed keys, of course there is a mathematical solution which is finding hash 160 and then hash 256 collisions, but I haven't seen any tool doing that, and it's not discussed here at all.

Ps, I have some ideas about finding collisions, it is related to sha256 checksum operation, if I could change the checksum requirement from 8 first characters of the second hash, by making it 32 character, I could work on finding collisions, in fact if we could replace sha256 with rmd160 and code something to extract rmd160 double hash checksum by using the first 20 characters of either first or second hash, again we could start working on collisions.

But that's all just an idea, I don't know if it works or not.