HGAME2020 Week1 WriteUp

先把转爷设计的logo放出来，是真的好看。

Web

Cosmos 的博客

先按F12，没发现什么有用的信息，但提到了github，百度一下，猜可能是常见的git泄露，在URL后面加.git,不过没有文件。

然后再百度了一下，发现了这个.git目录下有config文件的存在

然后直接打开github看看，翻了半天，最后再commit这边找到了flag的信息

最后随便找个Base64解码工具得到了flag

接头霸王

一开始脑子没拐过来，被图片误导了一下，去尝试接了一下URL。。。后来才发现接的头是请求头，是让我从协会官网跳转过来

然后百度了一下，服务器是通过Referer来判断之前的页面的，
在请求头里加一句Referer: https://vidar.club/然后发送试试

一开始还以为是我发请求的方法不对，换了好几个软件发。。。
后来才发现是要让我从本地网络访问。。。
在请求头里加上X-forwarded-for: 127.0.0.1,继续发请求

第三次了，熟练了，直接改User-Agent: Cosmos Brower

突然说要规范请求格式，那就改吧，把GET改成POST

最后这个一脸懵逼，百度半天试着改Date，改if-modified-since，都没用，还试了下改本地时间，发现调不到2077年。。。
后来才发现居然有个叫if-unmodified-since的，这也太冷门了。。。
最后一次发送请求，加上if-unmodified-since： Fri, 01 Jan 2077 00:00:00 GMT成功得到flag。

Crypto

InfantRSA

一开始真不知道这题要干什么,不过后来根据学习资料和提示的代码，知道了要做什么。

首先按照学习资料，我们需要先得到密钥d，然后算出明文m，然后百度了一下，发现python有个gmpy2，赶紧装了一个试试。
下面是我用的一个解密的代码

import gmpy2

p = gmpy2.mpz(681782737450022065655472455411)
q = gmpy2.mpz(675274897132088253519831953441)
e = gmpy2.mpz(13)
phi_n = (p - 1) * (q - 1)
d = gmpy2.invert(e, phi_n)
print ("private key:")
print (d)

c = gmpy2.mpz(275698465082361070145173688411496311542172902608559859019841)
print ("plaintext:")
print (pow(c,d,p*q))

然后运行了一下得到了m=39062110472669388914389428064087335236334831991333245
尝试了一下int.to_bytes逆回去，发现貌似太长了。。。
百度了一下int.from_bytes的原理，其实只是把字符串转化成16进制，再变成十进制。
然后就简单了随便找了一个进制转换工具，转成16进制，再找了一个16进制转换成字符串的工具，最终得到flag

Misc

欢迎参加HGame！

这是我做出的第一题，看到题目地址是百度真想吐槽一下，然后把那串东西丢尽百度，还真百度出来了。。。
有道类似的题，先base64解码，再摩斯密码，网上的在线解码工具是真的无语，找一个好用的真难。
最后加上hgame{}，得到flag，但试了下不对，看了下公告是大写字母，再试了下还是不对，百度看了一下以前的的flag格式，把空格换成了_，终于对了，感觉是解码工具的锅，有的解出来连空格都没有。。。

壁纸

这题依旧的坑，解压打开发现只有一张图片(不过还挺好看的)
依旧先找百度，找到了点线索，想到了当初暑假那个游戏里的一题就是图种
改成zip先解压试试，发现尼玛需要密码，不过可以看到里面有个flag文件，然后这里有句注释。

那么图片id是啥呢，想到之前图片是p站的，先试了下画师的id，不行，看来真的是图本身的id，但我不会科学上网（虽然手机上的vpn勉强能用），怎么上p站呢，百度一下，找到了一个可以搜索p站图片的网站。

试了一下哈哈成功了，然后打开一看，又尼玛是密码。。。
百度了一下\u一般是unicode，然后找了一个unicode16进制转字符串工具，不过当时找的那个不大好，一定要补足四位，现在找了个能直接转的。

你没有看错，就是上面用过的那个，貌似多种格式的都可以，先用着看看。

签到题ProPlus

首先解压，发现还有个压缩包，但要密码，看了下另外一个txt，百度了一下fences和caeser发现是栅栏和凯撒，刚好有个栅栏密码和凯撒密码，然后，用第一句话试了一下，根据提示，试了下3字一组的栅栏密码和位移五次的凯撒密码，成功得到了一句英文，然后将第二段的进行同样的操作就得到了压缩包密码。

然后看了下那个OK。。。
醉了，是ook密码，网上很容易找到然后继续解码，然后是base32。。貌似有点长，没找到能解码的工具，迫不得已还是python解吧.

import base64
decode=base64.b32decode(b'NFLEET2SO4YEWR3HN5AUCQKBJZJVK2CFKVTUCQKBKFIUCQKBIVCUGQKZIFAUCRCPINCW6S2BIFAU6V2VNRCVCVSSGRXE6MTBKM3DIRKOO53UIMZPGB3DOV3ZINJVOOCHMNCTQ33LMJFXEQKPHBQSW3CBKNLC6MRTIFAUIKZVMM4WIQKBIRVWOQ2FIF3UCY2NIFIUCK2ZIFTUCOCBIZCECSKBKBDUCSKBMZGUCUKBJ5AUI2DHIFAUQN2ZJU2GKL3WNIXWINBQM5CTANJZOZHG2YLYLJQW6L2KMIYXGM3YJMYFIVRWK52G25LNMFYGMYKZF5GFUMKRHF3TMY2WLBQXC4DNOVLVO4KQPFLTSYSOHBJXIRJRMVWHEWTSOBWXCWBSNVIHSMTEKVIGGT3OIZLDE4LRLJZGY3DRNI4GY5SXPJTEK4SSJZMHAYJSME3FU4LMHFYGUODUNZLEIM2EOB4FMZDROFWWCNK2MFXS6STCGFZTG6CLGBKFMNSXORWXK3LBOBTGCWJPJRNDCUJZO43GGVSYMFYXA3LVK5LXCUDZK44WETRYKN2EKMLFNRZFU4TQNVYVQMTNKB4TEZCWJ5FU66BRNRXHON2OJRAXGVLVOR5HGTCJMJ3XMNLNFNVUE2SDFM3XC3LHPFCVKTLOGBUE2WKUGNSFKMCIKF4WQ2ZLNNFGSQ2PF5ZG2ZZWI5KU22RQNBRVCUJTORRTCSCRPFUGWT3LJRUVGRZYOIZHGNSHIVEWQMDYMNJVCM3IMYYTGULXNBCUW3KMPFJUOOCMGZ2TMV2BJFUFK6DGKNAXU2DGKYZVIR2XHBEXCULUGBIXAOCPPJLEU6BXKVRDGRCPKI4WI2LEJZDGMYKFKBUDEYLQMVGGC2TFGRNHSUDWONKHA33RG5AWYOKPNJJEY6DCKVRDGVCPKE4TS3LEJZDFQWKFF5YDAYKKMFFWC6TFGZNHSRDWON5HI4DROJAW4OKPNZIUYQSYLBRG4VCQKFHDK3TEHFFFKWKVF5XTANSGLJFXCN3EGZFDMQTWJUXXK4CLNZBW45CDNZITOTSVLBGHMUSQKFHDK3RZGFFFKNCVHFXVKK2ILJYW2NDEOFHDOQTWJEVXKNKPNVBW45CDNZ3TOTSVNZEHIUTWMNGTKSBRGJFDAMCWHFXVCK2ILJYWYNDUOFHDO2DOJEVSW6CPNVUXC43VNM4TC6TUKJDGGMTJNVZEMODEJQZVMTZSGMYTESRQGBLFM5BSNZHW2ZTRN5VGWMCVHFQXM2TQMM3HAKZQFN2TKT3NINYXM5KVGUYHUZDEIVRW22LOOJLDQZCMNZSE4MTOHEYUUVJUKZLDSNTOJ5WWE4DPIRZTEVJZMF3GU4DDGVYHKOBPOVYEW3SDOF3HIVJVGB4GITSJMRWXS5TSKY4FMTDOORHDC3TEHFFFKWLEKY4XC3SPNVGHA4CEJUZFQOJWNZUXAYZZOJ2XG6TUOBYXERDRKB2FKNKVPBTE4322NV4WM3SXHAYUI3DUHE4W2ZCOIZLFSZC2F5YW4S3NJQ2XIQSNK5RDQNSYOVYWG5DWOZZVI4DPOFZEY4CQMRRTOVKSLBHG64DRPBTEQUZZGFKHI5BZMRUWITSGKZRGI4D2OBXDM4KJGVHEMUCXOI2DMWCPOFTHIUDSOVKHAZ3SOI3HMTKXPBUDSSZWJY2WSQ2CNJBVGTKZMZJXK2TFLFTWOWLXNNVEOSBQOJXTG3KJJFDU2SSJPBUDSSZWJY2WSQ2CNJBVGTKZMZJXK2TFLFTWOWLXNNVEOSBQOJXTG3KJJFDU2SSJPBUDSSZWJY2WSQ2CNJBVGTKZMZJXK2TFLFTWOWLXNNVEOSBQOJXTG3ZUGNUEOULDM4YG6MKOIRMGIZCTKZZG6UKSIRFUCUSEOFAU4RDRIFDEIS2BKJCHCQKOIRYUCRSEJNAVERDRIFHEI4KBIZCEWQKSIRYUCTSEOFAUMRCLIFJEI4KBJZCHCQKGIRFUCUSEOFAU4RDRIFDEIS2BKJCHCQKOIRYUCRSEJNAVERDRIFHEI4KBIZCEWQKSIRYUCTSEOFBUQYKFI42TKM2ZJZ4UOSLDPFLHESTNOQ3XU5DFKNFHK2TCNFYHGWDCNJFVOTLMMEZWETBSGU2G4NDUMFEW26DQOJHDKNDZKZZEU3LUG55HIZKTJJ2WUYTJOBZVQYTKJNLU23DBGNREYMRVGRXDI5DBJFWXQ4DSJY2TI6KWOJFG25BXPJ2GKU2KOVVGE2LQONMGE2SLK5GWYYJTMJGDENJUNY2HIYKJNV4HA4SOGU2HSVTSJJWXIN32ORSVGSTVNJRGS4DTLBRGUS2XJVWGCM3CJQZDKNDOGR2GCSLNPBYHETRVGR4VM4SKNV2DO6TUMVJUU5LKMJUXA42YMJVEWV2NNRQTGYSMGI2TO3RZOBTHOQ3TMN3WYYSVGUVW4VDQIFTCWQTVNNKWWSDXINDUCTRZIEZVGS2TIR3UERDHI4VWOYTIJBFEENCBNB3UIZCROQ2GU22BHBAVCNCCOVXVOMCUPFAVOQKJHBATGVKMKNGDKQKEIFCSWQLCOFDHARRYIFBGOQ3GIFHDC2JQM4VUCQLXIJ3HISBLOAVUUMSZLFRGYU2GGFQWYN3CMRSWU2DJJJSTSMRZGU3HI2CTJBMSWMKUK42WK2CUK5NHG2SWOZFHKZBLF5NFO2DJIN3FKOLMLBMTIK3MMJKTKWLJLB3GI5TFMVZFSVLIGJIHIVJROVMG6VJRNVRESMLCPFRG4ZTWGJLG6WLHOIYVAWSWGJHVA4CXGFHVOSLMG4ZWEM3OOEZEMSLENI3VMTTCNQ3EMTS2NV4U4VZYNU2TGNZZNRQUOSKLHFKDEVTENJVDMVTUKRWGSSTFHEZDSNJWORUFGSCZFMYVIVZVMVUFIV22ONVFM5SKOVSCWL22K5UGSQ3WKU4WYWCZGQVWYYSVGVMWSWDWMR3GKZLSLFKWQMSQORKTC5KYN5KTC3LCJEYWE6LCNZTHMMSWOBUVCMKEI5UWQWLUHFDEEY3FNZKDGMCKGFIG4VCOKZZTOVLXNBFDSSKYKRJVQSDUGA4WIT3EKQ2TA6SWMJBTATJUKNSFGRRYGJWFEM3DKAZWM3SVJ5LE2MKXO52EIK2JNZKVEWCQOAYGIMKEMR5DKML2NRKE4MLTJFIWM2KKGEYFM6BWMRIGMULOKUVWITJRK55HIVCDIVXDA2DEJZFGGZJTKQYTANJRKBXFITSWONGFC6TIJIYUSWD2MFLEQZDXF5SCWZCRGVKXUVTCIMYFANDJMRJEMYZLNZJDGVKOGNIG4WCPKZGTGV3XNBBCWSLOLBJFQSDQGA4TSQ3EKQ2TA6SWMJHTCTTHGFBFGZSLM5GECTLXGVEFE33QON5FUSCXOVMEKM2ZIRIXS2BWIRVDEVKKJUVXATZZLF2UUK3XI5UGYRBQJBEG632TLI2VIZBWPBSFI5DHJZCEWSDPJ5TFEULLNJ4W4N3MNE3W4TCBMJDUKTCSMMVWS2CKJBWE6M3CIYZE6V2FGNGUSU3JGU4UERCTMZFWG5LNKB2GG42KOVMUC2CGPI3EOSDLOVITKZDDMZQTKWKUMR3UEQ2LNZVU2UCKMNWHUNTPGYYXS53NG5TVGRKVKBMWGZKTOBGG4MKCGFZGY6COGJATATLPMVTTIOLMINKFA4KUOZLUY2LGONJHM5LWPE4XKRTIKI3UWYTNGNFHAR3RMJXEITRRPJ5EGRKJLFHEWSTMLBRDKSTZOBSTIWLIIRBGYVKNOFXGCSTVMRGTGVCNJVMWG2LHNNVW4VSONJWG4NTQGVUEGRKNI5WFK6LRORZWWNKVF5RU2ULYM54XCR2SKN2FKM2PNVRHA3SHJVFVCUKTK5KHC3JRPF5HIUJZO54EGR2EINYVUVSHGJKGGNTCOVDVSWLXLJDEISTQI5YWE3SEJYYXU6SDIVEVSTSLJJWFQYRVJJ4XAZJTMFHESVDIKE4XA3JYGNATM22TPB2DQ6CFN53UERCNLFIWQMCZO5XHG52CIRGVSULIGBMXO3TTO5BEITKZKFUDAWLXNZZXOQSEJVMVC2BQLF3W443XIJCE2WKRNAYFS53OON3UERCNLFIWQMCZO5XHG52CIRGVSULIGBMXO3TTO5BEITKZKFUDAWLXNZ2GSRCVJBNGORCMK5BWGZDQI5MHA332NBHTAVSXJNNFKM3DIR4WY2JXHBJHQRCUGE3WCMKKO5XGCS3WIVGXCZTVIJYFG6DEOVGTK2DQGY4HIS3LGVKDSQSXNFLVMTZTKEYG6WJLGNDWG53XHFSVO3CUMM2TMZ3SKJGEY3SMN5RFKTLCMFVGKY2ZMV3EYU3QOVMTQUKWONWGY2TMGFHDMQ2NORJHMUCNMZKGW4CVGNHGKWKLGJJWS6D2GZWTKQKHK5ZTG3TNKBXXSVLVMJWXMTKFMJNFMWJVORKGIZ2EJRLWE2T2JAYEUT2YJZVFQ3SDMRXXC43DPFYHK52GNRZE4MJUNJYUK3SMGIYXC6TIJ4YFMV2LLJKTGY2EPFWGSNZYKJ4EIVBRG5QTCSTXNZQUW5SFJVUWI3CZMQYU43TQIJKHSWCUJZWE2Z2QKJQXQSBWOA2WQQ2FJVDTCWRTKRXVU22TFNQUOSJZKVVGITLXPBUHSS2DGZRXU3ZQKV4USL2GJRCWK4KYOVDUSULXLJLEQZCPNAZFUSZVJFRWSMLJJYYXU6SDIVEVSUDRPJ2W4UKUJFXDQVKNKI3HATZULJUGUQTLKVHDANKILJXXA22SFNFVOSJPKVIGGTKRNBTXS4KPGZSEITLZLB4VC6CIOJVWE4DOI5GUWUKRLBMG4ZCHNFWVESBUN5MWUMKTHF3XQRCHIRFW6N3QO5HXUWSUJFCDAV3TKIVXCZKZKFUEIQTUK5SDANSHLJCXM3LINFIFMSJTMJIDEWBVMRIEKTZSI5XE23RRMQ4WKMKXHFZVET3BLBBE2SKSNJRWSYSYMY4DC6CZM5TVSULLOJHTKUDROZHVKNCNIFKU4SLZLJWGGL32LBEGSU2GM5BUG2ZVNMVXKLZVNJTXQQSBO5UEUV3EPEXWIY3DJI2GCQKJMFKGWVCLG4XW25KQIVCUIQ2FNRFHUSRZKY4XU3SCM5BWQ4CDKNGTO3RLME2DI6RRKJBW2RBYOJ4EQUCVNY2SW6LVGY2FGWSPHBAVC2DJPJEDSST2MRSFUMDXMN3WGWLXOBCGY3KKGZ5HKNRUKRNHKNCBKF4GS6KIJZHHUZDUMQYXO43XMRMUC2CENRWU4NT2OU3DMVDQNE2UC53YNB4UQSSNPI4WYZBRO5VXUZBUIFUEIRTNJ43FI3JXGZ5HA2BVM42HO2CDJBGE2VBRNZSDCMDOPJHHOQTINJBGWT3BMJXDOSZXOJUEU2ZXO5BEGR2MJVTDA3SOGEYW4VCCPJBDKNTTIY4EG2JPKZRGENKQOBKDMM3RGFITIVZRLBTTERZYIZ2HI2ZLORIHEULUIRBUCQSEFNFTEMTZMZLW4MLPKVUEESKBNAXUMYTCGVIHAVBWHBEVCQLTIFIWM4LUORRXMMTQMRLUKSKBK5AUS5RZKUZHKZRXKV2WUQ2FIFCEGRJTGJYWEWCIHFYVQUTIINAUE2SDMI3VMTTSNIVTCTDHO5UECQL2NB2DS33NGE2TSYLMHF3VC3CNJU4DIWCWOI2XGQSSNUYE4L3EK4ZHAYRXOZIEOOCSO5UU642ZOBUEUSDCKE3TSMLCK5WHM5JQFNRHQRCEJFQTK2TNIVXWG5CUNYYFMOLFK4VXEYRXOZCUKTLIG5UU6WKTOB4DCT3CKFMDCMLCGZ2HM5JYO5MXQSCPJE3GQ4LOIVKVU5CEMYZVM5DRK4VTO6TYOZCWGSLKOJDUWWKTKIZDATZPMRLTC4DCG52FA3JYKF3XSR3VLE2WQS2IJRKTKOKGMZMGY5TRGIVTO6CCIREWKNDKNVCXCY3EKRWTARRZMRLSW4TCG53E2R2NKJ5GST3PMFYHQRSHMJITGOJRMJQWY5TVHA4GE6CIINETM6DJNVCWWZDUIR3DGVTUMFLSWN2UGRSDI4LBKNSWOVDRFNUDANLVGJHXA5KVKV5EIT2FIJUG4RCXMNUXKNKSKRGU2NCRI5DWGTS2PFFTO3CGJV3XU2CBLFNHOMLOJFZHKVKVPJCE6RKCNBXEIV3DNF2TKUSUJVGTIUKHI5RU4WTZJM3WYRSNO55GQQKZLJ3TC3SJOJ2VKVL2IRHUKQTINZCFOY3JOU2VEVCNJU2FCR2HMNHFU6KLG5WEMTLXPJUECWK2O4YW4SLSOVKVO6TENNHFCTDNGN4WG2LUPJYXK5BTMFFHIYLGG5FG2M3GOF3GQU2HKU4WC3SNOFQTOZTPK4YXCL3DNVQWIZLVF5DG6WSRGFYWG6LQG5YCW2BXMFYDSU3EOIYXCMZPK5UGQQ2XLIXUW3SPOI3EQZDRNUYXAK3TK5RGMK3BGJCUSWSYGBYWGNTSOJSDE2LCK5XCW6K2OQZTM4RUKVUGYUCXOB5EW3LVGM3EM5DBOYZUU3LOLBZHM6DBI5KU4YLOJVYWKNTGN5STE4LGKVXGCOLBOQXTC32ZKFWG2ZTZOB5HCK3IGNQXA5DBMZZEM3JTF5WXI2CDI5LDSS3OJ5YTMM3EN5WTC4BPONWWEZBLOEVUMSLEIRXHOS3DNNSWKWKPJVAVINSIKBSVKSSNF5RUCWK2IFXCWT3FNN2VGWSPHBAVCNSIKBRVKNKJHBRXOY2ZIFXDET3FGBYVGWRLGRAVCNSEKBRVKOKKHBZXOZCZIFVDAT3FGRYFGWRWGVAXO6KCKBZWGOKKMNVXUZBUIFUDAT3FGRYHSURVGVTTI52CKBXWGOJVKFVXUOLXIJUGYRCVLJ5EY5LHFM3FS4BSOMZXQ5TGLJXFIUSWK5EFOZTZMJTU6ZLGKNUDGTSKNZSDSSSVLFSFMOKKOVGTMNKOI5EGG23VMYZVK3CUNBLFQM3NLF5HE22FMNTHS2JRHFSGSZCOIZLGEZC2PJFXKULYGU4UWTDGGAZFUMBQKZLGQMLOHBWTIRDONYYG6ZD2KNNDGZSTKZDUQVTGKNRGUT3VKRJGQM2KJRXDSMKKKU2FMVRZGVWU2NRVIJEEQODPORTFQWLOKRJFMVZTK5RXS4TLJVSWMU3JGM4U43LEJZDFMWLELIXUU5KBGU2TSS2IMMYHCY3KMFJXC4DHGNEWMWKOOJZDC3RLLBCSWNCFKEZWSULVOBCHKQJQPA3TGZTSOZRXGS3ELFAWOUCVNBTFGZSZIJYHEMLWF5MFKNRUIV3XU2CRMVYEG5LHHB3TOWCYOJ3DQ42KMQ2ES2CQIVUGIU2QMNBHA4RROUXVQYZVGRKTI53IIFSXAQZLNMVXOTCULBZGMODVJI4XOSTIOZAWOZCTJBSEENLKGJ2XMWDGGVMVCN3XKJAWK4CDGZVSW52EKRMHEZRLOU2XQ52KPBVEGZZZKNDGIQRZM4ZHK5SXMY2WGVBXNNJHCQ2MMM4HAV22JN2W45BQGFSWE3ZYGVYWGM2ZK5SDQSSTMFFVQRLTNNFU2MSSGUXVQNKPO52TOSKTNYYUK6KKLE2EKY3UKRXDM5SDLJXGIMSFNZIEWVTNKNUHOTBVJNVE4MDFMMYU6YTTJRHSWRLQJZLFA2KXINBEQYSZGQVXEODOLJMGIZ2KKQ3G2WSFONRUGT2XOB5DSSDMJZ5HKN2DKRXGQS32LJITIRTTNBJG2NSQKBQTGSRSIYZWEQ2VGJYW26CMIZAWU5DPMNTFMNSUOM3XK52FGU2VGTLZK5HUEWCMKU2XK2T2NVYHUZDILIZXO3CKN5YGGU3ZKFXXUWSINY4WM2ZTKA2FGQKJGREFC52DIFCHQZ2DIFEHUQKFIFCGOQJULFAUCQRYO5BECRBUM5BUKQLXIFRU2QKRIEVVSQLHIE4ECRSEIFEUCUBPO5AUM3ZQNBKVU4TIGFWUCQKBIFAUESSSKU2UK4TLJJTWOZZ5HU======')
print(decode)

然后又解出来了一个奇怪的东西，不过这次没有提示，不过和原来的差不多，后面也有等号，应该是base家族的，先继续试了下base32，不行，再试了下base64，成功了。。。
但这堆16进制是啥，仔细一看，两个关键词，png，idhr，原来是个png图片的十六进制代码，然后怎么把16进制代码转换回图片呢，最后还是用了python,生成了图片。

import base64
img= base64.b64decode(b'iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAOWUlEQVR4nO2aS64ENwwD3/0v7WyCSW8GcE8okbKrAO8a+lASV/23AAD+5c9dAADkgCEAwAcMAQA+YAgA8AFDAIAPGAIAfMAQAOADhgAAH7YM4e/vj/d40gE059vNmaxZao/Jb1s3xK0TV6WtmumapfaY/LZ1Q9w6cVXaqpmuWWqPyW9bN8StE1elrZrpmqX2mPy2dUPcOnFV2qqZrllqj8lvWzfErRNXpa2a6Zql9pj8tnVD3DpxVdqqma5Zao/Jb1s3xK0TV6WtmumapfaY/LZ1Q9w6cVXaqpmuWWqPyW9bN8StE1elrZrpmqX2mPy2dVOKOx1lnw7NLAsUutzsLIbwv5m+kBjC+7qmgyEUMn0hMYT3dU0HQyhk+kJiCO/rmg6GUMj0hcQQ3tc1HQyhkOkLiSG8r2s6GEIh0xcSQ3hf13QwhEKmLySG8L6u6WAIhUxfSAzhfV3TGW8IqQt0Qp8OzVJx7Ub3DOR9didNFfaEPh2apeLaje4ZyPvsTpoq7Al9OjRLxbUb3TOQ99mdNFXYE/p0aJaKaze6ZyDvsztpqrAn9OnQLBXXbnTPQN5nd9JUYU/o06FZKq7d6J6BvM/upKnCntCnQ7NUXLvRPQN5n91JU4U9oU+HZqm4dqN7BvI+u5OmCntCnw7NUnHtRvcM5H12J00V9oQ+HZql4tqN7hnI++xOmiqsuk91ztRFc2imrF8dL3VO2312J00VVt2nOmfqojk0U9avjpc6p+0+u5OmCqvuU50zddEcminrV8dLndN2n91JU4VV96nOmbpoDs2U9avjpc5pu8/upKnCqvtU50xdNIdmyvrV8VLntN1nd9JUYdV9qnOmLppDM2X96nipc9rusztpqrDqPtU5UxfNoZmyfnW81Dlt99mdNFVYdZ/qnKmL5tBMWb86XuqctvvsTpoqrLpPdc7URXNopqxfHS91Ttt9didNFVbdpzpn6qI5NFPWr46XOqftPruTpgrr6vMWxh9K6N5iCBjCSMYfSujeYggYwkjGH0ro3mIIGMJIxh9K6N5iCBjCSMYfSujeYggYwkjGH0ro3mIIGMJIxh9K6N5iCBjCSMYfSujeYggYwkjGH0ro3o43hGQcg0o1NDXddSVroQRDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqCHaEG553YNyGIcyVrJmt7zteSJujbipsXbjKWMla3bL254n4taImxprN54yVrJmt7zteSJujbipsXbjKWMla3bL254n4taImxprN54yVrJmt7zteSJujbipsXbjKWMla3bL254n4taImxprN54yVrJmt7zteSJujbipsXbjKWMla3bL254n4taImxprN54yVrJmt7zteSJujbipsXbjKWMla3bL257n9pfwCscwlbU5+nTpAf+BukUkHwCGAN9A3SKSDwBDgG+gbhHJB4AhwDdQt4jkA8AQ4BuoW0TyAWAI8A3ULSL5ADAE+AbqFpF8ABgCfAN1i0g+AAwBvtH+p+J2YYblSF1al7bdejhiJe92956thSHY+1TW5ehTWZsjVvJud+/ZWhiCvU9lXY4+lbU5YiXvdveerYUh2PtU1uXoU1mbI1bybnfv2VoYgr1PZV2OPpW1OWIl73b3nq2FIdj7VNbl6FNZmyNW8m5379laGIK9T2Vdjj6VtTliJe92956thSHY+1TW5ehTWZsjVvJud+/ZWhiCvU9lXY4+lbU5YiXvdveerYUh2PtU1uXoU1mbI1bybnfv2VpiQ1DGihYt9FBcenT30J1PnTNVs7UwhJ9IXTSXHt09dOdT50zVbC0M4SdSF82lR3cP3fnUOVM1WwtD+InURXPp0d1Ddz51zlTN1sIQfiJ10Vx6dPfQnU+dM1WztTCEn0hdNJce3T1051PnTNVsLQzhJ1IXzaVHdw/d+dQ5UzVbC0P4idRFc+nR3UN3PnXOVM3WwhB+InXRXHp099CdT50zVbO1Ng1BSfKgLAMw5HRopszZHWuXE3YDQyh6Dj2UJM+pO9YuJ+wGhlD0HHooSZ5Td6xdTtgNDKHoOfRQkjyn7li7nLAbGELRc+ihJHlO3bF2OWE3MISi59BDSfKcumPtcsJuYAhFz6GHkuQ5dcfa5YTdwBCKnkMPJclz6o61ywm7gSEUPYceSpLn1B1rlxN2A0Moeg49lCTPqTvWLifsRvuvy9uFhR7Kbm3JpGqbnDN1zzCEIYNKJlXb5Jype4YhDBlUMqnaJudM3TMMYcigkknVNjln6p5hCEMGlUyqtsk5U/cMQxgyqGRStU3OmbpnGMKQQSWTqm1yztQ9wxCGDCqZVG2Tc6buGYYwZFDJpGqbnDN1zzCEIYNKJlXb5Jype3aNIThQ9pm83A6kSxt8xEowBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwntiDUHZgDLWCcdpGXpozhO0VWKZU3cDyli78RxDT17a1JwnaKvEMqfuBpSxduM5hp68tKk5T9BWiWVO3Q0oY+3Gcww9eWlTc56grRLLnLobUMbajecYevLSpuY8QVslljl1N6CMtRvPMfTkpU3NeYK2Sixz6m5AGWs3nmPoyUubmvMEbZVY5tTdgDLWbjzH0JOXNjXnCdoqscypuwFlrN14jqEnL21qzhO0VWKZU3cDyli78RxDT17a1JwnaKvEMidlYd1NnpBTyXTNlMgPRaxH6p5hCEMG1Z3ToZkS+aGI9UjdMwxhyKC6czo0UyI/FLEeqXuGIQwZVHdOh2ZK5Ici1iN1zzCEIYPqzunQTIn8UMR6pO4ZhjBkUN05HZopkR+KWI/UPcMQhgyqO6dDMyXyQxHrkbpnGMKQQXXndGimRH4oYj1S9wxDGDKo7pwOzZTID0WsR+qeYQhDBtWd06GZEvmhiPVI3bP2X5dPEO2GnMn1d9e1W9sROaXBMIRjcibXf81xYggYQkrO5PqvOU4MAUNIyZlc/zXHiSFgCCk5k+u/5jgxBAwhJWdy/dccJ4aAIaTkTK7/muPEEDCElJzJ9V9znBgChpCSM7n+a44z1RCmD8rxHPUn5+yu64SZO8AQhizH9JzddZ0wcwcYwpDlmJ6zu64TZu4AQxiyHNNzdtd1wswdYAhDlmN6zu66Tpi5AwxhyHJMz9ld1wkzd4AhDFmO6Tm76zph5g4whCHLMT1nd10nzNwBhjBkOabn7K7rhJk7wBCGLMf0nN11nTBzB56sF8Ci/Vbb5PpT63q1Q4W1Xg2G8Fttk+tPrQtDCABD+K22yfWn1oUhBIAh/Fbb5PpT68IQAsAQfqttcv2pdWEIAWAIv9U2uf7UujCEADCE32qbXH9qXRhCABjCb7VNrj+1LgwhAAzht9om159al9wQlMM84XVr5sBRm0N/dW2pb7vPG8RwiOsYphJHbQ791bWlvu0+bxDDIa5jmEoctTn0V9eW+rb7vEEMh7iOYSpx1ObQX11b6tvu8wYxHOI6hqnEUZtDf3VtqW+7zxvEcIjrGKYSR20O/dW1pb7tPm8QwyGuY5hKHLU59FfXlvq2+7xBDIe4jmEqcdTm0F9dW+rb7vMGMRziOoapxFGbQ391balvu88bxHCI6ximEkdtDv3VtaW+7T4d4qaSegTq+h05u2OpuUUzDOEBhnDWciu5RTMM4QGGcNZyK7lFMwzhAYZw1nIruUUzDOEBhnDWciu5RTMM4QGGcNZyK7lFMwzhAYZw1nIruUUzDOEBhnDWciu5RTMM4QGGcNZyK7lFMwzhAYZw1nIruUWzdkNQLm3ycitzqut3aJtaf7Jm3fqvhSGU9anMqa7foW1q/cmadeu/FoZQ1qcyp7p+h7ap9Sdr1q3/WhhCWZ/KnOr6Hdqm1p+sWbf+a2EIZX0qc6rrd2ibWn+yZt36r4UhlPWpzKmu36Ftav3JmnXrvxaGUNanMqe6foe2qfUna9at/1oYQlmfypzq+h3aptafrFm3/mthCGV9KnOq63dom1p/smbd+q+FIdDnwKckeeYOMAT6HPeUJM/cAYZAn+OekuSZO8AQ6HPcU5I8cwcYAn2Oe0qSZ+4AQ6DPcU9J8swdYAj0Oe4pSZ65AwyBPsc9Jckzd4Ah0Oe4pyR55g4wBPoc95Qkz9wBhlDUZzLug+6Yp2s3xvfZnTRVWHWfybgOefSh3NJnd9JUYdV9JuM65NGHckuf3UlThVX3mYzrkEcfyi19didNFVbdZzKuQx59KLf02Z00VVh1n8m4Dnn0odzSZ3fSVGHVfSbjOuTRh3JLn91JU4VV95mM65BHH8otfXYnTRVW3WcyrkMefSi39NmdNFVYdZ/JuA559KHc0qcjaSqpg3IfYNrr1n+XE+4EQ3iQupDuA0x73frvcsKdYAgPUhfSfYBpr1v/XU64EwzhQepCug8w7XXrv8sJd4IhPEhdSPcBpr1u/Xc54U4whAepC+k+wLTXrf8uJ9wJhvAgdSHdB5j2uvXf5YQ7wRAepC6k+wDTXrf+u5xwJxjCg9SFdB9g2uvWf5cT7kRqCLc8pWZKunt01ebo85qc3YWd8JSaKXEskKM2R5/X5Owu7ISn1EyJY4EctTn6vCZnd2EnPKVmShwL5KjN0ec1ObsLO+EpNVPiWCBHbY4+r8nZXdgJT6mZEscCOWpz9HlNzu7CTnhKzZQ4FshRm6PPa3J2F3bCU2qmxLFAjtocfV6Ts7uwE55SMyWOBXLU5ujzmpzdhZ3wlJopcSyQozZHn9fk3P4SAI4HQwCADxgCAHzAEADgA4YAAB8wBAD4gCEAwAcMAQA+YAgA8AFDAIAP/wAFo0hUZrh1mAAAAABJRU5ErkJggg==')
file = open('decode.png','wb')
file.write(img)
file.close()

不过现在发现base64其实直接就可以用html在网页中显示

然后得到了一张二维码

![](https://img.blueflame.org.cn/images/2020/02/decode.png" alt="" width="260" height="260" />

扫了一下就得到了flag hgame{3Nc0dInG_@lL_iN_0Ne!}