Rating:
Fairly straightforward hash length extension attack using hashpumpy - and a bit of Python brute forcing to determine the key length.
https://advancedpersistentjest.com/2018/05/21/writeups-sign-cpushop-cats-rctf-part-1/
I don't remember