Spinlock | CyberStart Completion



A large bank has refitted all of their vaults with the new SpinLock Extreme. As fancy as it sounds we believe it has a rather critical vulnerability, one we think the Yakoottees have been exploiting in a series of recent bank robberies. The physical vault itself requires a special keycard to be inserted which, after checking the authenticity of the card, re-aligns the circular locking mechanism to unlock it and updates the interface to show it’s unlocked. However, we believe that the organisation has been remote accessing the interface on the vault, and unlocking the vault by doing it in reverse: getting the interface to unlock, which unlocks the physical vault itself. If we can confirm the method, we’ll be one step closer to understanding how this cyber gang operates!

Tip: Unlock the vault to get the flag.


Take a look in the source code to get a better idea of how the lock works. Maybe we can try running some of the functions with our own input…

How to Solve:

  1. Right-click on the spinning circles.
  2. Click inspect.
  3. Expand the <script> under the <div class="interface">.
  4. In the script you will see two variables near the top: circles and turnCircle.
  5. Open the Console tab.
  6. Use the turnCircle function to turn each circle between -81 and -4. a. turnCircle("one", -50) b. turnCircle("two", -50) c. turnCircle("three", -50)
  7. An animation will play and give you your flag.