Authors:
(1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de);
(2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de);
(3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de);
(4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Table of Links Abstract and 1 Introduction 2 Background 3 Design and Implementation of Licma and 3.1 Design 3.2 Implementation 4 Methodology and 4.1 Searching and Downloading Python Apps 4.2 Comparison with Previous Studies 5 Evaluation and 5.1 GitHub Python Projects 5.2 MicroPython 6 Comparison with previous studies 7 Threats to Validity 8 Related Work 9 Conclusion, Acknowledgments, and References 5.2 MicroPython When we applied LICMA upon the 5 source files containing crypto API usages of the MicroPython data set, we identified no misuse. For this reason, we inspected the MicroPython repositories for usages of other crypto functions not covered by LICMA and identified 5 additional files. We notice that the crypto module ucryptolib which is provided by MicroPython, is only used by tests in 2 projects. For the remaining 3 findings, the crypto functions are written in C rather than Python. Thus, these files were removed due to our filter steps described in Section 4.1.2. Our small analysis of MicroPython projects shows that for further exploration of MicroPython applications, we need to consider custom implementations of AES in Python and C. This seems to be a common pattern for embedded code where performance is important and low-level code is often shipped as custom C blobs. Thus, we can observe the importance of hybrid analysis approaches [5, 10]. This paper is available on arxiv under CC BY 4.0 DEED license. Authors: (1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de); (2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de); (3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de); (4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Authors: Authors: (1) Anna-Katharina Wickert, Technische Universität Darmstadt, Darmstadt, Germany (wickert@cs.tu-darmstadt.de); (2) Lars Baumgärtner, Technische Universität Darmstadt, Darmstadt, Germany (baumgaertner@cs.tu-darmstadt.de); (3) Florian Breitfelder, Technische Universität Darmstadt, Darmstadt, Germany (florian.breitfelder@tu-darmstadt.de); (4) Mira Mezini, Technische Universität Darmstadt, Darmstadt, Germany (mezini@cs.tu-darmstadt.de). Table of Links Abstract and 1 Introduction Abstract and 1 Introduction 2 Background 2 Background 3 Design and Implementation of Licma and 3.1 Design 3 Design and Implementation of Licma and 3.1 Design 3.2 Implementation 3.2 Implementation 4 Methodology and 4.1 Searching and Downloading Python Apps 4 Methodology and 4.1 Searching and Downloading Python Apps 4.2 Comparison with Previous Studies 4.2 Comparison with Previous Studies 5 Evaluation and 5.1 GitHub Python Projects 5 Evaluation and 5.1 GitHub Python Projects 5.2 MicroPython 5.2 MicroPython 6 Comparison with previous studies 6 Comparison with previous studies 7 Threats to Validity 7 Threats to Validity 8 Related Work 8 Related Work 9 Conclusion, Acknowledgments, and References 9 Conclusion, Acknowledgments, and References 5.2 MicroPython When we applied LICMA upon the 5 source files containing crypto API usages of the MicroPython data set, we identified no misuse. For this reason, we inspected the MicroPython repositories for usages of other crypto functions not covered by LICMA and identified 5 additional files. We notice that the crypto module ucryptolib which is provided by MicroPython, is only used by tests in 2 projects. For the remaining 3 findings, the crypto functions are written in C rather than Python. Thus, these files were removed due to our filter steps described in Section 4.1.2. LICMA LICMA Our small analysis of MicroPython projects shows that for further exploration of MicroPython applications, we need to consider custom implementations of AES in Python and C. This seems to be a common pattern for embedded code where performance is important and low-level code is often shipped as custom C blobs. Thus, we can observe the importance of hybrid analysis approaches [5, 10]. This paper is available on arxiv under CC BY 4.0 DEED license. This paper is available on arxiv under CC BY 4.0 DEED license. available on arxiv

Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.

MicroPython Analysis: Exploring Crypto API Usage and Custom Implementations

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Grassroots Distributed Systems for Digital Sovereignty: Abstract and Introduction

When APIs Talk Too Much – A Lesson About Hidden Paths

What MCP Means for Secure AI Integrations and the Future of Agentic Workflows

How to Implement API Versioning in ASP.NET Core

Securing Your MCP Server: a Step-by-Step Guide

What Happens in The Cloud Doesn’t Stay in The Cloud: A Not-So-Serious Guide to NIST SP 800–228

Grassroots Distributed Systems for Digital Sovereignty: Abstract and Introduction

When APIs Talk Too Much – A Lesson About Hidden Paths

What MCP Means for Secure AI Integrations and the Future of Agentic Workflows

How to Implement API Versioning in ASP.NET Core

Securing Your MCP Server: a Step-by-Step Guide

What Happens in The Cloud Doesn’t Stay in The Cloud: A Not-So-Serious Guide to NIST SP 800–228

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps