| CPC G06F 21/577 (2013.01) [G06F 8/53 (2013.01); G06F 8/71 (2013.01); G06F 16/245 (2019.01); G06F 2221/033 (2013.01)] | 20 Claims |
|
1. A system for identifying an origin of a device firmware component, the system comprising:
at least one processor circuit; and
at least one memory that stores program code configured to be executed by the at least one processor circuit, the program code comprising:
a firmware disassembler configured to disassemble firmware code to generate assembly code, wherein the firmware code is obtained from a portable device and an origin of the firmware code is unknown;
a decompiler configured to decompile the assembly code to generate first source code comprising a programming language;
a code neutralizer configured to generate a first neutralized code from the first source code, the first neutralized code comprising a plurality of symbols that describes logic of different portions of the first source code;
a firmware identifier configured to:
separate the first neutralized code into a first set of tokens;
compare the first set of tokens of the first neutralized code to a second set of tokens in a code repository using a text similarity;
generate a confidence score based at least on a number of matching tokens between the first set of tokens to the second set of tokens in the code repository, wherein the second set of tokens is associated with second source code that is different than the first source code, and wherein the first set of tokens and the second set of tokens are associated with a same library; and
identify the origin of the firmware code based on the confidence score, wherein the code repository is populated with one or more codes associated with a different computing architecture or compiler configuration than the firmware code; and
a vulnerability determiner configured to determine whether the firmware code contains a vulnerability based at least on the identified origin.
|