Please do not believe for a second that SHA256 is unbreakable. It is unbroken, as far as we know, but there are no mathematical proofs showing it is unbreakable and without that it is reasonable to conclude it can and will eventually be broken.  It makes a great deal of sense that SHA256 would have a back-door, and I believe that the choosing of these constants is a major clue.  If you are familiar with the π(), PI, function, also known as the prime counting function, you will see this function has not yet been completely solved, but it can be proven that if solved, the function can be used to solve P(n) where P is the function that produces the nth prime.  While the π() has not been solved, there are extremely close approximations that have been contrived which follow the exact value of π() for some number of digits before curling away from it.  I went down a rabbit hole on this under the false impression that ln(x) approaches  π(x) as x approaches infinity trying to create a curl adjustment function based on this fact in such a way that the curl would meet ln(x) at some logarithmic scale of x.  While I may have failed at solving the π(x) function my research shows that it is extremely likely that P(n) can be approximated with another function for small values of n (such as 72 used by SHA256).  I also want to note there is nothing particularly special about the rightshift function, it is simply floor(x/2^n) where n is the number of digits shifted.  The rotate right function can also be expressed using floor, subtraction, division, and powers. The XOR functions are used in triplicate so they define a relationship between the bits a_1 ^ b_1 ^ c_1 will be true if a_1 is different than b_1 and c_1 is false, but if c_1 is true than the result will be true if a_1 is the same as b_1.  This is about as far as I have gotten on cracking SHA256, but I assure you, it can be cracked. It will just take more time, and I am probably not the person to do it.