VES - A Component Version Extracting System for Large-Scale IoT Firmwares.

Open source components are widely used in IoT firmwares. Components of different versions have various vulnerabilities. For example, CVE-2020-8597 only affects specific version of pppd. Therefore, extracting the version of a component is of significance for discovering known vulnerabilities of devices. However, due to cross-architecture issue, extracting the versions of components from IoT firmwares in large scale is very challenging. To the best of our knowledge, there is no effective approach to extract component versions from large scale IoT firmwares. In this paper, we propose and implement an IR-based component Version Extracting and Recovering system for IoT firmwares, called VES. VES translates assembly codes into intermediate representation called VEX, and recovers the version string of a component by analyzing the data-flow of arguments of version-printing function. We implement VES and evaluate it on a large-scale dataset with 13,189 IoT firmwares of different architectures. VES can successfully extract the version information of 42,034 components with extraction rate of 96.48% and accuracy rate of 97.02%, which is 14.76% higher than the existing method.