TY - EJOU AU - Ding, Yixin AU - Zhao, Xinjian AU - Wu, Zicheng AU - Zhu, Yichen AU - Bai, Longkun AU - Han, Hao TI - ADFEmu: Enhancing Firmware Fuzzing with Direct Memory Access (DMA) Input Emulation Using Concolic Execution and Large Language Models (LLMs) T2 - Computers, Materials \& Continua PY - 2025 VL - 84 IS - 3 SN - 1546-2226 AB - Fuzz testing is a widely adopted technique for uncovering bugs and security vulnerabilities in embedded firmware. However, many embedded systems heavily rely on peripherals, rendering conventional fuzzing techniques ineffective. When peripheral responses are missing or incorrect, fuzzing a firmware may crash or exit prematurely, significantly limiting code coverage. While prior re-hosting approaches have made progress in simulating Memory-Mapped Input/Output (MMIO) and interrupt-based peripherals, they either ignore Direct Memory Access (DMA) or handle it oversimplified. In this work, we present ADFEmu, a novel automated firmware re-hosting framework that enables effective fuzzing of DMA-enabled firmware. ADFEmu integrates concolic execution with large language models (LLMs) to semantically emulate DMA operations and synthesize peripheral input sequences intelligently. Specifically, it learns DMA transfer patterns from the firmware’s context and employs guided symbolic execution to explore deeper and more diverse execution paths. This approach allows firmware to operate stably without hardware dependencies while achieving higher fidelity in emulation. Evaluated on real-world embedded firmware samples, ADFEmu achieves a 100% re-hosting success rate, improves total execution path exploration by 5.31%, and triggers more crashes compared to the state-of-the-art. These results highlight ADFEmu’s effectiveness in overcoming long-standing limitations of DMA emulation and its potential to advance automated vulnerability discovery in peripheral-rich embedded environments. KW - Fuzz testing; firmware rehosting; DMA; concolic execution; LLMs DO - 10.32604/cmc.2025.065672