Research On Vulnerability Mining Of OpenWrt-Router Firmware Based On Taint Analysis

In the era of rapid development of big data and artificial intelligence,smart electronic products such as computers,pads,and mobile phones have greatly enriched people’s daily lives.People can use these electronic products to watch videos,listen to music,play games.Intelligent electronic products inspire people’s eagerness for intelligent life.In order to meet the needs of customers for intelligent life and to enhance brand competitiveness,manufacturers have launched smart IOT devices such as smart sockets,smart air conditioners,and smart routers.However,the emergence of Io T devices has also brought many security issues,among which the router as the Internet entrance has become the focus of attackers.How to discover the security threats and vulnerabilities faced by routers has become the research focus of researchers.Existing router vulnerability mining techniques are often based on manual fuzzy tests such as black box and white box tests.The test efficiency is low,the process is not standardized,and large-scale security analysis of routers cannot be performed.Therefore,based on the work of the predecessors,this paper studies the architecture of Open Wrt routers and the commonly used security analysis tools for routers in detail,and summarized the existing security analysis technologies of routers.This paper designs a command execution vulnerability mining framework based on static taint analysis for the firmware of Open Wrt routers,and implements a vulnerability mining tool.This tool implements automatic decompression of firmware and file extraction,as well as conversion of Lua files to binary files,using Buildroot and Angr to perform binary file filtering and VEX intermediate representation generation,and generates inter-procedural control flow graph and cross-file call graph,using backward taint analysis to mine possible command execution vulnerabilities in binary files.This paper conducted an experimental analysis and verification of 87 publicly vulnerability-disclosed firmware and 465 vulnerability-undisclosed firmware.The tool was able to find 68 published vulnerable firmware and 84 vulnerable firmware,proving the effectiveness of this tool in vulnerability mining.