Very interesting and fun box, way easier than it seemed. A little hint for anyone who is still looking for the root flag: once in take a very close look at every running process owned by root and every parameter they use, one will catch your attention because of its nature. If you’re not familiar with this particular process look it up on Google and read its documentation, one particular parameter will answer the question “what the heck is this ‘secret’ file for???”.
Good luck!