Pith Number

pith:UKB6FRUV

pith:2026:UKB6FRUVB43OPDOPCLZCFAUXQD

not attested not anchored not stored refs resolved

Stop Starving or Stuffing Me: Boosting Firmware Fuzzing Efficiency with On-demand Input Delivery

Chung Hwan Kim, Keming Zhao, Le Guan, Peng Liu, Shandian Shen, Wei Zhou

Firmware fuzzers gain coverage by delivering inputs precisely at availability check points recovered via static and dynamic analysis.

arxiv:2605.16798 v1 · 2026-05-16 · cs.CR · cs.SE

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?

Add to your LaTeX paper

\usepackage{pith}
\pithnumber{UKB6FRUVB43OPDOPCLZCFAUXQD}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp

2 Internet Archive

3 Author claim open · sign in to claim

4 Citations open

5 Replications open

✓ Portable graph bundle live · download bundle · merged state

The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Compared to ad-hoc input delivery methods used in Fuzzware and MULTIFUZZ, FIDO increases their median code coverage by up to 115% and 54%, respectively. Compared to SEmu, which requires humans to manually specify input delivery points, FIDO still improves its coverage by up to 19%.

C2weakest assumption

The static and dynamic analysis reliably recovers the three-stage input processing routes (retrieval, availability check, processing) across diverse firmware without missing asynchronous behaviors or requiring extensive manual tuning.

C3one line summary

FIDO maps firmware input processing routes via analysis to deliver fuzzer inputs at availability checks, raising median coverage by up to 115% over ad-hoc methods in Fuzzware and MULTIFUZZ.

References

64 extracted · 64 resolved · 0 Pith anchors

[1] N. S. Agency, “Ghidra,” https://ghidra-sre.org/, 2023, last accessed: 2024-11-1 2023

[2] Ghidra-Server.org provides a collaboration server on the in- ternet for the software reverse engineering, 2025

[3] Sfuzz: Slice-based fuzzing for real- time operating systems, 2022

[4] Sharing more and checking less: Leveraging common input keywords to detect bugs in embedded systems, 2021

[5] Icicle: A re-designed emulator for grey-box firmware fuzzing, 2023

Formal links

2 machine-checked theorem links

Receipt and verification

First computed	2026-05-20T00:03:22.755586Z
Builder	pith-number-builder-2026-05-17-v1
Signature	Pith Ed25519 (`pith-v1-2026-05`) · public key
Schema	pith-number/v1.0

Canonical hash

a283e2c6950f36e78dcf12f222829780c7bc918709194794a1c44927264e8847

Aliases

arxiv: 2605.16798 · arxiv_version: 2605.16798v1 · doi: 10.48550/arxiv.2605.16798 · pith_short_12: UKB6FRUVB43O · pith_short_16: UKB6FRUVB43OPDOP · pith_short_8: UKB6FRUV

Agent API

Resolver JSON Graph JSON Events JSON Schema Signing key

Verify this Pith Number yourself

curl -sH 'Accept: application/ld+json' https://pith.science/pith/UKB6FRUVB43OPDOPCLZCFAUXQD \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: a283e2c6950f36e78dcf12f222829780c7bc918709194794a1c44927264e8847

Canonical record JSON

{
  "metadata": {
    "abstract_canon_sha256": "2248f8f2efec4f47dbfee1a288964f28f315c58b337a79daed5829f57fe2e190",
    "cross_cats_sorted": [
      "cs.SE"
    ],
    "license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-16T04:00:17Z",
    "title_canon_sha256": "b8eb6df18ec4cc5983a791d92c5cf3d04c8e5b072fe916cf9c063eb04e656c18"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.16798",
    "kind": "arxiv",
    "version": 1
  }
}