HGAME2020 Week1 WriteUp
先把转爷设计的logo放出来,是真的好看。
Web
Cosmos 的博客
先按F12,没发现什么有用的信息,但提到了github,百度一下,猜可能是常见的git泄露,在URL后面加.git,不过没有文件。
然后再百度了一下,发现了这个.git目录下有config文件的存在
然后直接打开github看看,翻了半天,最后再commit这边找到了flag的信息
最后随便找个Base64解码工具得到了flag
接头霸王
一开始脑子没拐过来,被图片误导了一下,去尝试接了一下URL。。。后来才发现接的头是请求头,是让我从协会官网跳转过来
然后百度了一下,服务器是通过Referer来判断之前的页面的,
在请求头里加一句Referer: https://vidar.club/
然后发送试试
一开始还以为是我发请求的方法不对,换了好几个软件发。。。
后来才发现是要让我从本地网络访问。。。
在请求头里加上X-forwarded-for: 127.0.0.1
,继续发请求
第三次了,熟练了,直接改User-Agent: Cosmos Brower
突然说要规范请求格式,那就改吧,把GET改成POST
最后这个一脸懵逼,百度半天试着改Date
,改if-modified-since
,都没用,还试了下改本地时间,发现调不到2077年。。。
后来才发现居然有个叫if-unmodified-since
的,这也太冷门了。。。
最后一次发送请求,加上if-unmodified-since: Fri, 01 Jan 2077 00:00:00 GMT
成功得到flag。
Crypto
InfantRSA
一开始真不知道这题要干什么,不过后来根据学习资料和提示的代码,知道了要做什么。
首先按照学习资料,我们需要先得到密钥d,然后算出明文m,然后百度了一下,发现python有个gmpy2,赶紧装了一个试试。
下面是我用的一个解密的代码
import gmpy2
p = gmpy2.mpz(681782737450022065655472455411)
q = gmpy2.mpz(675274897132088253519831953441)
e = gmpy2.mpz(13)
phi_n = (p - 1) * (q - 1)
d = gmpy2.invert(e, phi_n)
print ("private key:")
print (d)
c = gmpy2.mpz(275698465082361070145173688411496311542172902608559859019841)
print ("plaintext:")
print (pow(c,d,p*q))
然后运行了一下得到了m=39062110472669388914389428064087335236334831991333245
尝试了一下int.to_bytes逆回去,发现貌似太长了。。。
百度了一下int.from_bytes的原理,其实只是把字符串转化成16进制,再变成十进制。
然后就简单了随便找了一个进制转换工具,转成16进制,再找了一个16进制转换成字符串的工具,最终得到flag
Misc
欢迎参加HGame!
这是我做出的第一题,看到题目地址是百度真想吐槽一下,然后把那串东西丢尽百度,还真百度出来了。。。
有道类似的题,先base64解码,再摩斯密码,网上的在线解码工具是真的无语,找一个好用的真难。
最后加上hgame{},得到flag,但试了下不对,看了下公告是大写字母,再试了下还是不对,百度看了一下以前的的flag格式,把空格换成了_,终于对了,感觉是解码工具的锅,有的解出来连空格都没有。。。
壁纸
这题依旧的坑,解压打开发现只有一张图片(不过还挺好看的)
依旧先找百度,找到了点线索,想到了当初暑假那个游戏里的一题就是图种
改成zip先解压试试,发现尼玛需要密码,不过可以看到里面有个flag文件,然后这里有句注释。
那么图片id是啥呢,想到之前图片是p站的,先试了下画师的id,不行,看来真的是图本身的id,但我不会科学上网(虽然手机上的vpn勉强能用),怎么上p站呢,百度一下,找到了一个可以搜索p站图片的网站。
试了一下哈哈成功了,然后打开一看,又尼玛是密码。。。
百度了一下\u一般是unicode,然后找了一个unicode16进制转字符串工具,不过当时找的那个不大好,一定要补足四位,现在找了个能直接转的。
你没有看错,就是上面用过的那个,貌似多种格式的都可以,先用着看看。
签到题ProPlus
首先解压,发现还有个压缩包,但要密码,看了下另外一个txt,百度了一下fences和caeser发现是栅栏和凯撒,刚好有个栅栏密码和凯撒密码,然后,用第一句话试了一下,根据提示,试了下3字一组的栅栏密码和位移五次的凯撒密码,成功得到了一句英文,然后将第二段的进行同样的操作就得到了压缩包密码。
然后看了下那个OK。。。
醉了,是ook密码,网上很容易找到然后继续解码,然后是base32。。貌似有点长,没找到能解码的工具,迫不得已还是python解吧.
import base64
decode=base64.b32decode(b'NFLEET2SO4YEWR3HN5AUCQKBJZJVK2CFKVTUCQKBKFIUCQKBIVCUGQKZIFAUCRCPINCW6S2BIFAU6V2VNRCVCVSSGRXE6MTBKM3DIRKOO53UIMZPGB3DOV3ZINJVOOCHMNCTQ33LMJFXEQKPHBQSW3CBKNLC6MRTIFAUIKZVMM4WIQKBIRVWOQ2FIF3UCY2NIFIUCK2ZIFTUCOCBIZCECSKBKBDUCSKBMZGUCUKBJ5AUI2DHIFAUQN2ZJU2GKL3WNIXWINBQM5CTANJZOZHG2YLYLJQW6L2KMIYXGM3YJMYFIVRWK52G25LNMFYGMYKZF5GFUMKRHF3TMY2WLBQXC4DNOVLVO4KQPFLTSYSOHBJXIRJRMVWHEWTSOBWXCWBSNVIHSMTEKVIGGT3OIZLDE4LRLJZGY3DRNI4GY5SXPJTEK4SSJZMHAYJSME3FU4LMHFYGUODUNZLEIM2EOB4FMZDROFWWCNK2MFXS6STCGFZTG6CLGBKFMNSXORWXK3LBOBTGCWJPJRNDCUJZO43GGVSYMFYXA3LVK5LXCUDZK44WETRYKN2EKMLFNRZFU4TQNVYVQMTNKB4TEZCWJ5FU66BRNRXHON2OJRAXGVLVOR5HGTCJMJ3XMNLNFNVUE2SDFM3XC3LHPFCVKTLOGBUE2WKUGNSFKMCIKF4WQ2ZLNNFGSQ2PF5ZG2ZZWI5KU22RQNBRVCUJTORRTCSCRPFUGWT3LJRUVGRZYOIZHGNSHIVEWQMDYMNJVCM3IMYYTGULXNBCUW3KMPFJUOOCMGZ2TMV2BJFUFK6DGKNAXU2DGKYZVIR2XHBEXCULUGBIXAOCPPJLEU6BXKVRDGRCPKI4WI2LEJZDGMYKFKBUDEYLQMVGGC2TFGRNHSUDWONKHA33RG5AWYOKPNJJEY6DCKVRDGVCPKE4TS3LEJZDFQWKFF5YDAYKKMFFWC6TFGZNHSRDWON5HI4DROJAW4OKPNZIUYQSYLBRG4VCQKFHDK3TEHFFFKWKVF5XTANSGLJFXCN3EGZFDMQTWJUXXK4CLNZBW45CDNZITOTSVLBGHMUSQKFHDK3RZGFFFKNCVHFXVKK2ILJYW2NDEOFHDOQTWJEVXKNKPNVBW45CDNZ3TOTSVNZEHIUTWMNGTKSBRGJFDAMCWHFXVCK2ILJYWYNDUOFHDO2DOJEVSW6CPNVUXC43VNM4TC6TUKJDGGMTJNVZEMODEJQZVMTZSGMYTESRQGBLFM5BSNZHW2ZTRN5VGWMCVHFQXM2TQMM3HAKZQFN2TKT3NINYXM5KVGUYHUZDEIVRW22LOOJLDQZCMNZSE4MTOHEYUUVJUKZLDSNTOJ5WWE4DPIRZTEVJZMF3GU4DDGVYHKOBPOVYEW3SDOF3HIVJVGB4GITSJMRWXS5TSKY4FMTDOORHDC3TEHFFFKWLEKY4XC3SPNVGHA4CEJUZFQOJWNZUXAYZZOJ2XG6TUOBYXERDRKB2FKNKVPBTE4322NV4WM3SXHAYUI3DUHE4W2ZCOIZLFSZC2F5YW4S3NJQ2XIQSNK5RDQNSYOVYWG5DWOZZVI4DPOFZEY4CQMRRTOVKSLBHG64DRPBTEQUZZGFKHI5BZMRUWITSGKZRGI4D2OBXDM4KJGVHEMUCXOI2DMWCPOFTHIUDSOVKHAZ3SOI3HMTKXPBUDSSZWJY2WSQ2CNJBVGTKZMZJXK2TFLFTWOWLXNNVEOSBQOJXTG3KJJFDU2SSJPBUDSSZWJY2WSQ2CNJBVGTKZMZJXK2TFLFTWOWLXNNVEOSBQOJXTG3KJJFDU2SSJPBUDSSZWJY2WSQ2CNJBVGTKZMZJXK2TFLFTWOWLXNNVEOSBQOJXTG3ZUGNUEOULDM4YG6MKOIRMGIZCTKZZG6UKSIRFUCUSEOFAU4RDRIFDEIS2BKJCHCQKOIRYUCRSEJNAVERDRIFHEI4KBIZCEWQKSIRYUCTSEOFAUMRCLIFJEI4KBJZCHCQKGIRFUCUSEOFAU4RDRIFDEIS2BKJCHCQKOIRYUCRSEJNAVERDRIFHEI4KBIZCEWQKSIRYUCTSEOFBUQYKFI42TKM2ZJZ4UOSLDPFLHESTNOQ3XU5DFKNFHK2TCNFYHGWDCNJFVOTLMMEZWETBSGU2G4NDUMFEW26DQOJHDKNDZKZZEU3LUG55HIZKTJJ2WUYTJOBZVQYTKJNLU23DBGNREYMRVGRXDI5DBJFWXQ4DSJY2TI6KWOJFG25BXPJ2GKU2KOVVGE2LQONMGE2SLK5GWYYJTMJGDENJUNY2HIYKJNV4HA4SOGU2HSVTSJJWXIN32ORSVGSTVNJRGS4DTLBRGUS2XJVWGCM3CJQZDKNDOGR2GCSLNPBYHETRVGR4VM4SKNV2DO6TUMVJUU5LKMJUXA42YMJVEWV2NNRQTGYSMGI2TO3RZOBTHOQ3TMN3WYYSVGUVW4VDQIFTCWQTVNNKWWSDXINDUCTRZIEZVGS2TIR3UERDHI4VWOYTIJBFEENCBNB3UIZCROQ2GU22BHBAVCNCCOVXVOMCUPFAVOQKJHBATGVKMKNGDKQKEIFCSWQLCOFDHARRYIFBGOQ3GIFHDC2JQM4VUCQLXIJ3HISBLOAVUUMSZLFRGYU2GGFQWYN3CMRSWU2DJJJSTSMRZGU3HI2CTJBMSWMKUK42WK2CUK5NHG2SWOZFHKZBLF5NFO2DJIN3FKOLMLBMTIK3MMJKTKWLJLB3GI5TFMVZFSVLIGJIHIVJROVMG6VJRNVRESMLCPFRG4ZTWGJLG6WLHOIYVAWSWGJHVA4CXGFHVOSLMG4ZWEM3OOEZEMSLENI3VMTTCNQ3EMTS2NV4U4VZYNU2TGNZZNRQUOSKLHFKDEVTENJVDMVTUKRWGSSTFHEZDSNJWORUFGSCZFMYVIVZVMVUFIV22ONVFM5SKOVSCWL22K5UGSQ3WKU4WYWCZGQVWYYSVGVMWSWDWMR3GKZLSLFKWQMSQORKTC5KYN5KTC3LCJEYWE6LCNZTHMMSWOBUVCMKEI5UWQWLUHFDEEY3FNZKDGMCKGFIG4VCOKZZTOVLXNBFDSSKYKRJVQSDUGA4WIT3EKQ2TA6SWMJBTATJUKNSFGRRYGJWFEM3DKAZWM3SVJ5LE2MKXO52EIK2JNZKVEWCQOAYGIMKEMR5DKML2NRKE4MLTJFIWM2KKGEYFM6BWMRIGMULOKUVWITJRK55HIVCDIVXDA2DEJZFGGZJTKQYTANJRKBXFITSWONGFC6TIJIYUSWD2MFLEQZDXF5SCWZCRGVKXUVTCIMYFANDJMRJEMYZLNZJDGVKOGNIG4WCPKZGTGV3XNBBCWSLOLBJFQSDQGA4TSQ3EKQ2TA6SWMJHTCTTHGFBFGZSLM5GECTLXGVEFE33QON5FUSCXOVMEKM2ZIRIXS2BWIRVDEVKKJUVXATZZLF2UUK3XI5UGYRBQJBEG632TLI2VIZBWPBSFI5DHJZCEWSDPJ5TFEULLNJ4W4N3MNE3W4TCBMJDUKTCSMMVWS2CKJBWE6M3CIYZE6V2FGNGUSU3JGU4UERCTMZFWG5LNKB2GG42KOVMUC2CGPI3EOSDLOVITKZDDMZQTKWKUMR3UEQ2LNZVU2UCKMNWHUNTPGYYXS53NG5TVGRKVKBMWGZKTOBGG4MKCGFZGY6COGJATATLPMVTTIOLMINKFA4KUOZLUY2LGONJHM5LWPE4XKRTIKI3UWYTNGNFHAR3RMJXEITRRPJ5EGRKJLFHEWSTMLBRDKSTZOBSTIWLIIRBGYVKNOFXGCSTVMRGTGVCNJVMWG2LHNNVW4VSONJWG4NTQGVUEGRKNI5WFK6LRORZWWNKVF5RU2ULYM54XCR2SKN2FKM2PNVRHA3SHJVFVCUKTK5KHC3JRPF5HIUJZO54EGR2EINYVUVSHGJKGGNTCOVDVSWLXLJDEISTQI5YWE3SEJYYXU6SDIVEVSTSLJJWFQYRVJJ4XAZJTMFHESVDIKE4XA3JYGNATM22TPB2DQ6CFN53UERCNLFIWQMCZO5XHG52CIRGVSULIGBMXO3TTO5BEITKZKFUDAWLXNZZXOQSEJVMVC2BQLF3W443XIJCE2WKRNAYFS53OON3UERCNLFIWQMCZO5XHG52CIRGVSULIGBMXO3TTO5BEITKZKFUDAWLXNZ2GSRCVJBNGORCMK5BWGZDQI5MHA332NBHTAVSXJNNFKM3DIR4WY2JXHBJHQRCUGE3WCMKKO5XGCS3WIVGXCZTVIJYFG6DEOVGTK2DQGY4HIS3LGVKDSQSXNFLVMTZTKEYG6WJLGNDWG53XHFSVO3CUMM2TMZ3SKJGEY3SMN5RFKTLCMFVGKY2ZMV3EYU3QOVMTQUKWONWGY2TMGFHDMQ2NORJHMUCNMZKGW4CVGNHGKWKLGJJWS6D2GZWTKQKHK5ZTG3TNKBXXSVLVMJWXMTKFMJNFMWJVORKGIZ2EJRLWE2T2JAYEUT2YJZVFQ3SDMRXXC43DPFYHK52GNRZE4MJUNJYUK3SMGIYXC6TIJ4YFMV2LLJKTGY2EPFWGSNZYKJ4EIVBRG5QTCSTXNZQUW5SFJVUWI3CZMQYU43TQIJKHSWCUJZWE2Z2QKJQXQSBWOA2WQQ2FJVDTCWRTKRXVU22TFNQUOSJZKVVGITLXPBUHSS2DGZRXU3ZQKV4USL2GJRCWK4KYOVDUSULXLJLEQZCPNAZFUSZVJFRWSMLJJYYXU6SDIVEVSUDRPJ2W4UKUJFXDQVKNKI3HATZULJUGUQTLKVHDANKILJXXA22SFNFVOSJPKVIGGTKRNBTXS4KPGZSEITLZLB4VC6CIOJVWE4DOI5GUWUKRLBMG4ZCHNFWVESBUN5MWUMKTHF3XQRCHIRFW6N3QO5HXUWSUJFCDAV3TKIVXCZKZKFUEIQTUK5SDANSHLJCXM3LINFIFMSJTMJIDEWBVMRIEKTZSI5XE23RRMQ4WKMKXHFZVET3BLBBE2SKSNJRWSYSYMY4DC6CZM5TVSULLOJHTKUDROZHVKNCNIFKU4SLZLJWGGL32LBEGSU2GM5BUG2ZVNMVXKLZVNJTXQQSBO5UEUV3EPEXWIY3DJI2GCQKJMFKGWVCLG4XW25KQIVCUIQ2FNRFHUSRZKY4XU3SCM5BWQ4CDKNGTO3RLME2DI6RRKJBW2RBYOJ4EQUCVNY2SW6LVGY2FGWSPHBAVC2DJPJEDSST2MRSFUMDXMN3WGWLXOBCGY3KKGZ5HKNRUKRNHKNCBKF4GS6KIJZHHUZDUMQYXO43XMRMUC2CENRWU4NT2OU3DMVDQNE2UC53YNB4UQSSNPI4WYZBRO5VXUZBUIFUEIRTNJ43FI3JXGZ5HA2BVM42HO2CDJBGE2VBRNZSDCMDOPJHHOQTINJBGWT3BMJXDOSZXOJUEU2ZXO5BEGR2MJVTDA3SOGEYW4VCCPJBDKNTTIY4EG2JPKZRGENKQOBKDMM3RGFITIVZRLBTTERZYIZ2HI2ZLORIHEULUIRBUCQSEFNFTEMTZMZLW4MLPKVUEESKBNAXUMYTCGVIHAVBWHBEVCQLTIFIWM4LUORRXMMTQMRLUKSKBK5AUS5RZKUZHKZRXKV2WUQ2FIFCEGRJTGJYWEWCIHFYVQUTIINAUE2SDMI3VMTTSNIVTCTDHO5UECQL2NB2DS33NGE2TSYLMHF3VC3CNJU4DIWCWOI2XGQSSNUYE4L3EK4ZHAYRXOZIEOOCSO5UU642ZOBUEUSDCKE3TSMLCK5WHM5JQFNRHQRCEJFQTK2TNIVXWG5CUNYYFMOLFK4VXEYRXOZCUKTLIG5UU6WKTOB4DCT3CKFMDCMLCGZ2HM5JYO5MXQSCPJE3GQ4LOIVKVU5CEMYZVM5DRK4VTO6TYOZCWGSLKOJDUWWKTKIZDATZPMRLTC4DCG52FA3JYKF3XSR3VLE2WQS2IJRKTKOKGMZMGY5TRGIVTO6CCIREWKNDKNVCXCY3EKRWTARRZMRLSW4TCG53E2R2NKJ5GST3PMFYHQRSHMJITGOJRMJQWY5TVHA4GE6CIINETM6DJNVCWWZDUIR3DGVTUMFLSWN2UGRSDI4LBKNSWOVDRFNUDANLVGJHXA5KVKV5EIT2FIJUG4RCXMNUXKNKSKRGU2NCRI5DWGTS2PFFTO3CGJV3XU2CBLFNHOMLOJFZHKVKVPJCE6RKCNBXEIV3DNF2TKUSUJVGTIUKHI5RU4WTZJM3WYRSNO55GQQKZLJ3TC3SJOJ2VKVL2IRHUKQTINZCFOY3JOU2VEVCNJU2FCR2HMNHFU6KLG5WEMTLXPJUECWK2O4YW4SLSOVKVO6TENNHFCTDNGN4WG2LUPJYXK5BTMFFHIYLGG5FG2M3GOF3GQU2HKU4WC3SNOFQTOZTPK4YXCL3DNVQWIZLVF5DG6WSRGFYWG6LQG5YCW2BXMFYDSU3EOIYXCMZPK5UGQQ2XLIXUW3SPOI3EQZDRNUYXAK3TK5RGMK3BGJCUSWSYGBYWGNTSOJSDE2LCK5XCW6K2OQZTM4RUKVUGYUCXOB5EW3LVGM3EM5DBOYZUU3LOLBZHM6DBI5KU4YLOJVYWKNTGN5STE4LGKVXGCOLBOQXTC32ZKFWG2ZTZOB5HCK3IGNQXA5DBMZZEM3JTF5WXI2CDI5LDSS3OJ5YTMM3EN5WTC4BPONWWEZBLOEVUMSLEIRXHOS3DNNSWKWKPJVAVINSIKBSVKSSNF5RUCWK2IFXCWT3FNN2VGWSPHBAVCNSIKBRVKNKJHBRXOY2ZIFXDET3FGBYVGWRLGRAVCNSEKBRVKOKKHBZXOZCZIFVDAT3FGRYFGWRWGVAXO6KCKBZWGOKKMNVXUZBUIFUDAT3FGRYHSURVGVTTI52CKBXWGOJVKFVXUOLXIJUGYRCVLJ5EY5LHFM3FS4BSOMZXQ5TGLJXFIUSWK5EFOZTZMJTU6ZLGKNUDGTSKNZSDSSSVLFSFMOKKOVGTMNKOI5EGG23VMYZVK3CUNBLFQM3NLF5HE22FMNTHS2JRHFSGSZCOIZLGEZC2PJFXKULYGU4UWTDGGAZFUMBQKZLGQMLOHBWTIRDONYYG6ZD2KNNDGZSTKZDUQVTGKNRGUT3VKRJGQM2KJRXDSMKKKU2FMVRZGVWU2NRVIJEEQODPORTFQWLOKRJFMVZTK5RXS4TLJVSWMU3JGM4U43LEJZDFMWLELIXUU5KBGU2TSS2IMMYHCY3KMFJXC4DHGNEWMWKOOJZDC3RLLBCSWNCFKEZWSULVOBCHKQJQPA3TGZTSOZRXGS3ELFAWOUCVNBTFGZSZIJYHEMLWF5MFKNRUIV3XU2CRMVYEG5LHHB3TOWCYOJ3DQ42KMQ2ES2CQIVUGIU2QMNBHA4RROUXVQYZVGRKTI53IIFSXAQZLNMVXOTCULBZGMODVJI4XOSTIOZAWOZCTJBSEENLKGJ2XMWDGGVMVCN3XKJAWK4CDGZVSW52EKRMHEZRLOU2XQ52KPBVEGZZZKNDGIQRZM4ZHK5SXMY2WGVBXNNJHCQ2MMM4HAV22JN2W45BQGFSWE3ZYGVYWGM2ZK5SDQSSTMFFVQRLTNNFU2MSSGUXVQNKPO52TOSKTNYYUK6KKLE2EKY3UKRXDM5SDLJXGIMSFNZIEWVTNKNUHOTBVJNVE4MDFMMYU6YTTJRHSWRLQJZLFA2KXINBEQYSZGQVXEODOLJMGIZ2KKQ3G2WSFONRUGT2XOB5DSSDMJZ5HKN2DKRXGQS32LJITIRTTNBJG2NSQKBQTGSRSIYZWEQ2VGJYW26CMIZAWU5DPMNTFMNSUOM3XK52FGU2VGTLZK5HUEWCMKU2XK2T2NVYHUZDILIZXO3CKN5YGGU3ZKFXXUWSINY4WM2ZTKA2FGQKJGREFC52DIFCHQZ2DIFEHUQKFIFCGOQJULFAUCQRYO5BECRBUM5BUKQLXIFRU2QKRIEVVSQLHIE4ECRSEIFEUCUBPO5AUM3ZQNBKVU4TIGFWUCQKBIFAUESSSKU2UK4TLJJTWOZZ5HU======')
print(decode)
然后又解出来了一个奇怪的东西,不过这次没有提示,不过和原来的差不多,后面也有等号,应该是base家族的,先继续试了下base32,不行,再试了下base64,成功了。。。
但这堆16进制是啥,仔细一看,两个关键词,png,idhr,原来是个png图片的十六进制代码,然后怎么把16进制代码转换回图片呢,最后还是用了python,生成了图片。
import base64
img= base64.b64decode(b'iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAOWUlEQVR4nO2aS64ENwwD3/0v7WyCSW8GcE8okbKrAO8a+lASV/23AAD+5c9dAADkgCEAwAcMAQA+YAgA8AFDAIAPGAIAfMAQAOADhgAAH7YM4e/vj/d40gE059vNmaxZao/Jb1s3xK0TV6WtmumapfaY/LZ1Q9w6cVXaqpmuWWqPyW9bN8StE1elrZrpmqX2mPy2dUPcOnFV2qqZrllqj8lvWzfErRNXpa2a6Zql9pj8tnVD3DpxVdqqma5Zao/Jb1s3xK0TV6WtmumapfaY/LZ1Q9w6cVXaqpmuWWqPyW9bN8StE1elrZrpmqX2mPy2dVOKOx1lnw7NLAsUutzsLIbwv5m+kBjC+7qmgyEUMn0hMYT3dU0HQyhk+kJiCO/rmg6GUMj0hcQQ3tc1HQyhkOkLiSG8r2s6GEIh0xcSQ3hf13QwhEKmLySG8L6u6WAIhUxfSAzhfV3TGW8IqQt0Qp8OzVJx7Ub3DOR9didNFfaEPh2apeLaje4ZyPvsTpoq7Al9OjRLxbUb3TOQ99mdNFXYE/p0aJaKaze6ZyDvsztpqrAn9OnQLBXXbnTPQN5nd9JUYU/o06FZKq7d6J6BvM/upKnCntCnQ7NUXLvRPQN5n91JU4U9oU+HZqm4dqN7BvI+u5OmCntCnw7NUnHtRvcM5H12J00V9oQ+HZql4tqN7hnI++xOmiqsuk91ztRFc2imrF8dL3VO2312J00VVt2nOmfqojk0U9avjpc6p+0+u5OmCqvuU50zddEcminrV8dLndN2n91JU4VV96nOmbpoDs2U9avjpc5pu8/upKnCqvtU50xdNIdmyvrV8VLntN1nd9JUYdV9qnOmLppDM2X96nipc9rusztpqrDqPtU5UxfNoZmyfnW81Dlt99mdNFVYdZ/qnKmL5tBMWb86XuqctvvsTpoqrLpPdc7URXNopqxfHS91Ttt9didNFVbdpzpn6qI5NFPWr46XOqftPruTpgrr6vMWxh9K6N5iCBjCSMYfSujeYggYwkjGH0ro3mIIGMJIxh9K6N5iCBjCSMYfSujeYggYwkjGH0ro3mIIGMJIxh9K6N5iCBjCSMYfSujeYggYwkjGH0ro3o43hGQcg0o1NDXddSVroQRDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqAFDKARDqANDqCHaEG553YNyGIcyVrJmt7zteSJujbipsXbjKWMla3bL254n4taImxprN54yVrJmt7zteSJujbipsXbjKWMla3bL254n4taImxprN54yVrJmt7zteSJujbipsXbjKWMla3bL254n4taImxprN54yVrJmt7zteSJujbipsXbjKWMla3bL254n4taImxprN54yVrJmt7zteSJujbipsXbjKWMla3bL257n9pfwCscwlbU5+nTpAf+BukUkHwCGAN9A3SKSDwBDgG+gbhHJB4AhwDdQt4jkA8AQ4BuoW0TyAWAI8A3ULSL5ADAE+AbqFpF8ABgCfAN1i0g+AAwBvtH+p+J2YYblSF1al7bdejhiJe92956thSHY+1TW5ehTWZsjVvJud+/ZWhiCvU9lXY4+lbU5YiXvdveerYUh2PtU1uXoU1mbI1bybnfv2VoYgr1PZV2OPpW1OWIl73b3nq2FIdj7VNbl6FNZmyNW8m5379laGIK9T2Vdjj6VtTliJe92956thSHY+1TW5ehTWZsjVvJud+/ZWhiCvU9lXY4+lbU5YiXvdveerYUh2PtU1uXoU1mbI1bybnfv2VpiQ1DGihYt9FBcenT30J1PnTNVs7UwhJ9IXTSXHt09dOdT50zVbC0M4SdSF82lR3cP3fnUOVM1WwtD+InURXPp0d1Ddz51zlTN1sIQfiJ10Vx6dPfQnU+dM1WztTCEn0hdNJce3T1051PnTNVsLQzhJ1IXzaVHdw/d+dQ5UzVbC0P4idRFc+nR3UN3PnXOVM3WwhB+InXRXHp099CdT50zVbO1Ng1BSfKgLAMw5HRopszZHWuXE3YDQyh6Dj2UJM+pO9YuJ+wGhlD0HHooSZ5Td6xdTtgNDKHoOfRQkjyn7li7nLAbGELRc+ihJHlO3bF2OWE3MISi59BDSfKcumPtcsJuYAhFz6GHkuQ5dcfa5YTdwBCKnkMPJclz6o61ywm7gSEUPYceSpLn1B1rlxN2A0Moeg49lCTPqTvWLifsRvuvy9uFhR7Kbm3JpGqbnDN1zzCEIYNKJlXb5Jype4YhDBlUMqnaJudM3TMMYcigkknVNjln6p5hCEMGlUyqtsk5U/cMQxgyqGRStU3OmbpnGMKQQSWTqm1yztQ9wxCGDCqZVG2Tc6buGYYwZFDJpGqbnDN1zzCEIYNKJlXb5Jype3aNIThQ9pm83A6kSxt8xEowBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwnswBDMYQh0YwntiDUHZgDLWCcdpGXpozhO0VWKZU3cDyli78RxDT17a1JwnaKvEMqfuBpSxduM5hp68tKk5T9BWiWVO3Q0oY+3Gcww9eWlTc56grRLLnLobUMbajecYevLSpuY8QVslljl1N6CMtRvPMfTkpU3NeYK2Sixz6m5AGWs3nmPoyUubmvMEbZVY5tTdgDLWbjzH0JOXNjXnCdoqscypuwFlrN14jqEnL21qzhO0VWKZU3cDyli78RxDT17a1JwnaKvEMidlYd1NnpBTyXTNlMgPRaxH6p5hCEMG1Z3ToZkS+aGI9UjdMwxhyKC6czo0UyI/FLEeqXuGIQwZVHdOh2ZK5Ici1iN1zzCEIYPqzunQTIn8UMR6pO4ZhjBkUN05HZopkR+KWI/UPcMQhgyqO6dDMyXyQxHrkbpnGMKQQXXndGimRH4oYj1S9wxDGDKo7pwOzZTID0WsR+qeYQhDBtWd06GZEvmhiPVI3bP2X5dPEO2GnMn1d9e1W9sROaXBMIRjcibXf81xYggYQkrO5PqvOU4MAUNIyZlc/zXHiSFgCCk5k+u/5jgxBAwhJWdy/dccJ4aAIaTkTK7/muPEEDCElJzJ9V9znBgChpCSM7n+a44z1RCmD8rxHPUn5+yu64SZO8AQhizH9JzddZ0wcwcYwpDlmJ6zu64TZu4AQxiyHNNzdtd1wswdYAhDlmN6zu66Tpi5AwxhyHJMz9ld1wkzd4AhDFmO6Tm76zph5g4whCHLMT1nd10nzNwBhjBkOabn7K7rhJk7wBCGLMf0nN11nTBzB56sF8Ci/Vbb5PpT63q1Q4W1Xg2G8Fttk+tPrQtDCABD+K22yfWn1oUhBIAh/Fbb5PpT68IQAsAQfqttcv2pdWEIAWAIv9U2uf7UujCEADCE32qbXH9qXRhCABjCb7VNrj+1LgwhAAzht9om159al9wQlMM84XVr5sBRm0N/dW2pb7vPG8RwiOsYphJHbQ791bWlvu0+bxDDIa5jmEoctTn0V9eW+rb7vEEMh7iOYSpx1ObQX11b6tvu8wYxHOI6hqnEUZtDf3VtqW+7zxvEcIjrGKYSR20O/dW1pb7tPm8QwyGuY5hKHLU59FfXlvq2+7xBDIe4jmEqcdTm0F9dW+rb7vMGMRziOoapxFGbQ391balvu88bxHCI6ximEkdtDv3VtaW+7T4d4qaSegTq+h05u2OpuUUzDOEBhnDWciu5RTMM4QGGcNZyK7lFMwzhAYZw1nIruUUzDOEBhnDWciu5RTMM4QGGcNZyK7lFMwzhAYZw1nIruUUzDOEBhnDWciu5RTMM4QGGcNZyK7lFMwzhAYZw1nIruUWzdkNQLm3ycitzqut3aJtaf7Jm3fqvhSGU9anMqa7foW1q/cmadeu/FoZQ1qcyp7p+h7ap9Sdr1q3/WhhCWZ/KnOr6Hdqm1p+sWbf+a2EIZX0qc6rrd2ibWn+yZt36r4UhlPWpzKmu36Ftav3JmnXrvxaGUNanMqe6foe2qfUna9at/1oYQlmfypzq+h3aptafrFm3/mthCGV9KnOq63dom1p/smbd+q+FIdDnwKckeeYOMAT6HPeUJM/cAYZAn+OekuSZO8AQ6HPcU5I8cwcYAn2Oe0qSZ+4AQ6DPcU9J8swdYAj0Oe4pSZ65AwyBPsc9Jckzd4Ah0Oe4pyR55g4wBPoc95Qkz9wBhlDUZzLug+6Yp2s3xvfZnTRVWHWfybgOefSh3NJnd9JUYdV9JuM65NGHckuf3UlThVX3mYzrkEcfyi19didNFVbdZzKuQx59KLf02Z00VVh1n8m4Dnn0odzSZ3fSVGHVfSbjOuTRh3JLn91JU4VV95mM65BHH8otfXYnTRVW3WcyrkMefSi39NmdNFVYdZ/JuA559KHc0qcjaSqpg3IfYNrr1n+XE+4EQ3iQupDuA0x73frvcsKdYAgPUhfSfYBpr1v/XU64EwzhQepCug8w7XXrv8sJd4IhPEhdSPcBpr1u/Xc54U4whAepC+k+wLTXrf8uJ9wJhvAgdSHdB5j2uvXf5YQ7wRAepC6k+wDTXrf+u5xwJxjCg9SFdB9g2uvWf5cT7kRqCLc8pWZKunt01ebo85qc3YWd8JSaKXEskKM2R5/X5Owu7ISn1EyJY4EctTn6vCZnd2EnPKVmShwL5KjN0ec1ObsLO+EpNVPiWCBHbY4+r8nZXdgJT6mZEscCOWpz9HlNzu7CTnhKzZQ4FshRm6PPa3J2F3bCU2qmxLFAjtocfV6Ts7uwE55SMyWOBXLU5ujzmpzdhZ3wlJopcSyQozZHn9fk3P4SAI4HQwCADxgCAHzAEADgA4YAAB8wBAD4gCEAwAcMAQA+YAgA8AFDAIAP/wAFo0hUZrh1mAAAAABJRU5ErkJggg==')
file = open('decode.png','wb')
file.write(img)
file.close()
不过现在发现base64其实直接就可以用html在网页中显示
然后得到了一张二维码
![](https://img.blueflame.org.cn/images/2020/02/decode.png" alt="" width="260" height="260" />
扫了一下就得到了flag hgame{3Nc0dInG_@lL_iN_0Ne!}