Add a new research section for the signature format.

README.md

@@ -27,6 +27,7 @@ of the work. It has an HTTP server that has an API that allows fetching and uplo
 
 ## Research
 
+* [Signature](signature/README.md)
 * [Locator Service](locator/README.md)
 * [Cache Server API](server/README.md)
 

registration/README.md

@@ -3,9 +3,7 @@
 Cache registration is the process that is typically necessary
 for Apple devices to use the cache.
 
-Unfortunately, the request that registers the cache seems to be "signed".
+Unfortunately, the request that registers the cache seems to be signed.
-
-I did however figure out that the length of the signed payload is a Big Endian 32-bit integer before the payload. Still working out the signature format.
 
 ```text
 Registration URL: https://lcdn-registration.apple.com/lcdn/register

signature/README.md

@@ -0,0 +1,11 @@
+# Signatures
+
+Unfortunately I'm not super familiar with signature formats and such in the Apple Ecosystem.
+
+However using a HEX Editor and a lot of coffeee, I'm confident I can break the signature algorithm.
+
+The signatures of the request seem to have two parts, a longer top part, and a shorter bottom part.
+
+The payload is in between these two parts.
+
+A 32-bit big endian unsigned number represents the payload size, and directly following the payload is a 32-bit big endian unsigned number representing the remaining bytes in the signature (however do note that there seem to be two trailing null characters).