Payload counters (6-bit → Base64URL index)
c0 =
c1 =
c2 =
c3 =
ASCII byte counters (8-bit → character code)
byte0 =
byte1 =
byte2 =
“Signature” counters (XOR result → Base64URL index)
sig0 =
sig1 =
sig2 =
sig3 =
XOR computation (header ⊕ payload ⊕ key)
H
P
K
⊕
CSS techniques abused
@counter-style base64url — 64 symbols, system: fixed 0@counter-style ascii — 95 symbols, system: fixed 32:has(#id:checked) — reads checkbox state from anywhere in the formcounter-increment — accumulates bit weights (32, 16, 8, 4, 2, 1)content: counter(…, base64url) — renders live Base64URL output- Header XOR-folded to 24-bit constant (
0x5C2834) — baked into selectors
- 96 mismatch selectors — any single bit difference → INVALID