Existing embedded software fuzzing is hindered by insufficient simulator hardware support, tight coupling between fuzzers and simulation environments, and the absence of peripheral modeling. This paper proposes a decoupled testing framework that separates fuzzers from virtual prototypes. It employs SystemC/TLM to construct extensible virtual prototypes and introduces an I/O interception and dynamic redirection mechanism to delegate peripheral I/O control to fuzzers (e.g., AFL), enabling real-time co-evolution of peripheral behavior and test inputs. The framework supports plug-and-play integration of heterogeneous virtual prototypes without modifying target firmware or simulator kernels. Experimental evaluation across multiple embedded firmware binaries on ARM and RISC-V platforms demonstrates significant improvements in code coverage (average +32.7%) and vulnerability detection rate. It effectively enables early reliability validation during hardware-unavailable phases.

SystemC-based virtual prototypes have emerged as widely adopted tools to test software ahead of hardware availability, reducing the time-to-market and improving software reliability. Recently, fuzzing has become a popular method for automated software testing due to its ability to quickly identify corner-case errors. However, its application to embedded software is still limited. Simulator tools can help bridge this gap by providing a more powerful and controlled execution environment for testing. Existing solutions, however, often tightly couple fuzzers with built-in simulators that lack support for hardware peripherals and of- fer limited flexibility, restricting their ability to test embedded software. To address these limitations, we present a framework that allows the integration of American-Fuzzy-Lop-based fuzzers and SystemC-based simulators. The framework provides a harness to decouple the adopted fuzzer and simulator. In addition, it intercepts peripheral accesses and queries the fuzzer for values, effectively linking peripheral behavior to the fuzzer. This solution enables flexible interchangeability of peripher- als within the simulation environment and supports the interfacing of different SystemC-based virtual prototypes. The flexibility of the pro- posed solution is demonstrated by integrating the harness with different simulators and by testing various softwares.