10.php - Take the JWT token and copy it - Go to JWT.io - Tase the token - Change the 'canViewFlag' value from false to true - Copy the new token - It should work with any key (see jwt.io) 11.php - The key you need is hidden in a cookie - Take the JWT token and copy it - Go to JWT.io - Tase the token - Change the 'canViewFlag' value from false to true - Change the 'Key' to what is found in the cookie - Copy the new token - It should work with any key (see jwt.io) 20.php - The key is hidden in ../getSecret.txt - Take the JWT token and copy it - Go to JWT.io - Tase the token - Change the 'canViewFlag' value from false to true - Change the 'Key' to what is found in getSecret.txt - Copy the new token - It should work with any key (see jwt.io)