conference logo

Playlist "Electromagnetic Field 2018"

Taking Over The World with Scratch

Kev Sheldrake

Scratch is a popular language/IDE for teaching children to code. It is possible to extend the offline version of Scratch 2 with a Python module that communicates with Scratch via a web service.

I have extended Scratch to control Midi instruments and Arduino projects, including controlling Lego Power Functions motors, having reverse engineered the infrared protocol they use.

In addition, and perhaps most scarily, I have implemented a TCP/IP sockets extension with which I have exploited vulnerabilities in network services and gained remote code execution. It is literally possible to create 0day exploits with Scratch!

I will discuss the framework and the format of the extensions, and I will demonstrate my projects, including hacking a target virtual machine, controlling Lego motors and making noises with a Midi instrument.

Scratch is a popular language/IDE for teaching children to code. It is possible to extend the offline version of Scratch 2 with a Python module that communicates with Scratch via a web service.

I have extended Scratch to control Midi instruments and Arduino projects, including controlling Lego Power Functions motors, having reverse engineered the infrared protocol they use.

In addition, and perhaps most scarily, I have implemented a TCP/IP sockets extension with which I have exploited vulnerabilities in network services and gained remote code execution. It is literally possible to create 0day exploits with Scratch!

I will discuss the framework and the format of the extensions, and I will demonstrate my projects, including hacking a target virtual machine, controlling Lego motors and making noises with a Midi instrument.