Cryptography is a fundamental mechanism for security, various cryptographic algorithms are widely used in IoT firmwares, and identifying cryptographic algorithms is paramount for IoT security. RSA algorithm is the most popular asymmetric key cryptographic algorithm in use. Insecure RSA padding mode may result in padding oracle attack, causing certificate leakage, random number prediction, and plaintext recovery. In this paper, we show how to extract binaries from IoT firmwares, then describe 7 padding modes in RSA algorithm, and identify RSA padding in two methods -- function-name matching and IR expression constant analysis. We use Angr VEX model to translate specific code block into intermediate representation, and analyze their constant value to track RSA parameter int padding. We collect and filter 159 firmwares from 6 different vendors, analyze 7 kinds of RSA paddings using function-name matching, and 4 kinds of RSA paddings in RSA functions which contain parameter int padding using IR expression constant analysis. Then we identify 335 RSA paddings, and find out that flawed padding is still broadly in use in IoT environment.