Pop Team Eric (100 points)

reverse

Description

Dio: What is the flag?
Jojo: I don’t know!
Dio: I’m throwing away my humanity, Jojo!
Attachment: pop-team-eric_4abbdf0c2df09a1dbfffd9283cf6e0ff.zip

After download the attachment, there is a popiku.html file, which has around 40MB. Looking at the file there seems to be a long base64 string, which then I tried to extract it out with cat popiku.html | grep -oE "UE.+AAA==" | base64 --decode > out. Then I tried to look at the file type with file out, which shows Zip archive data, at least v1.0 to extract, compression method=store. By unzipping the out file, we can find that the flag is in the project.json (line 870, 902, 934…)

hkcert22{l_rea11y_diont_kn0wn}