As far as I am aware, Tulip is unable to detect a flag leaking in base64 format.

Maybe something could be done inside the assembler to detect valid base64 strings in the payload (regex?), decode then and then try to match the flag regex to this data.

The same applies for hexadecimal byte-strings.