Are you kidding us or are you serious? Trying to get a private key from a hash160 is like trying to unblend a smoothie back into whole fruits. The bananas, strawberries, and crypto magic are gone forever. No matter how hard you try, you’re not getting that banana back!" 🍌😂

Go back a few pages and see how the kangaroo script works. See the sequence of operations it performs.

modulo = gmpy2.mpz(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F)
order = gmpy2.mpz(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141)
Gx = gmpy2.mpz(0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)
Gy = gmpy2.mpz(0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8)
PG = (Gx, Gy)

def add(P, Q):
    if P == (0, 0): return Q
    if Q == (0, 0): return P
    Px, Py = P
    Qx, Qy = Q
    if Px == Qx:
        if Py == Qy:
            inv_den = gmpy2.invert(Py << 1, modulo)
            m = (3 * Px * Px * inv_den) % modulo
        else:
            return (0, 0)
    else:
        inv_dx = gmpy2.invert(Qx - Px, modulo)
        m = ((Qy - Py) * inv_dx) % modulo
    x = (m * m - Px - Qx) % modulo
    y = (m * (Px - x) - Py) % modulo
    return (x, y)

def mul(k, P=PG):
    R0, R1 = (0, 0), P
    for i in reversed(range(k.bit_length())):
        if (k >> i) & 1:
            R0, R1 = add(R0, R1), add(R1, R1)
        else:
            R1, R0 = add(R0, R1), add(R0, R0)
    return R0

def X2Y(X, y_parity, p=modulo):
    X3_7 = (pow(X, 3, p) + 7) % p
    if gmpy2.jacobi(X3_7, p) != 1:
        return None
    Y = gmpy2.powmod(X3_7, (p + 1) >> 2, p)
    return Y if (Y & 1) == y_parity else (p - Y)

The function mul(k, P=PG) is performing scalar multiplication on the elliptic curve:

It takes a number k (the private key).
It multiplies it by the generator point PG (which is a fixed point on the curve).
This gives a new point (X, Y), which is the public key.
Since elliptic curves don't have normal multiplication, we use point addition (add()) repeatedly to get k * PG.

👉 This is a one-way operation!

Given k, we can compute (X, Y).
But given (X, Y), finding k is impossible (this is the ECDLP problem).

Bitcoin doesn’t store (X, Y) directly; instead, it compresses the public key using X2Y(X, y_parity).

A full public key is (X, Y).
A compressed public key is just X and y_parity (0 or 1 for even/odd Y).
The function X2Y(X, y_parity) helps recover Y from X.
After this, Bitcoin:

Hashes the compressed public key (SHA-256 → RIPEMD-160 → hash160).
Encodes it into a Bitcoin address with  →  (Base58Check).

👉 So, when someone says they can reverse hash160 back to a private key, they’re skipping all these steps!
That’s why it’s impossible. 😆