Skip to content

Component detection

Component detection is part of ONEKEY's firmware composition analysis. After extraction is complete, we detect components by analyzing the extracted files.

There are multiple methods we use to identify components:

  1. Rules: Created by ONEKEY researchers, these rules identify components based on the file information such as file name, file type, file content, and symbols.
  2. Package managers: If a firmware uses a package manager, we list the components it includes. Supported package managers are: opkg, ipkg, and dpkg.
  3. Lock files: If a firmware includes an application with a lock file (such as Python wheel or JavaScript package.json), we list the components it includes.
  4. Go binaries: These are self-describing binaries with all dependencies statically built-in. ONEKEY runs collectors to identify these built-in dependencies.
  5. Linux distribution: A specialized rule collects this information.
  6. SBOM: Imported when uploading firmware. Supported SBOM formats are: CycloneDX JSON (versions 1.2 - 1.6) and CycloneDX XML (versions 1.1 - 1.6).
  7. Real Time Operating Systems (RTOS): A specialized type of operating system used primarily to handle time-critical tasks. We collect standard/cryptographic libraries and TCP/IP stacks from them.

Once the components of a firmware are identified, we list our findings on the Components page in Analysis view. Click on a component to see more details:

Component details popup 1

  • Update: The update part of the version (for example openssh with p1 as update).
  • File count: Number of files a component contains.
  • Vendor: Organization or entity that developed, produced, or distributed the component.
  • Product: Name of the software, hardware, or firmware to which the CPE refers.
  • Licenses: Open source or proprietary license information. The dropdown in edit mode lists valid SPDX license identifiers.
  • Tags: A label that indicates the component's purpose (for example CRYPTOGRAPHY, OS, BOOTLOADER) or its source (for example GO for Go binaries, PYTHON for Python wheel).

We show the methods and sources used in identifying the selected component on the Evidences tab.

Evidence tab