Calypso: added public kernel patches

Reisyukaku · Aug 3, 2018 · 90ca2e97c6272c688eb57959f87aacf74e41d397 · 90ca2e9
1 parent 82a65dd
commit 90ca2e97c6272c688eb57959f87aacf74e41d397
Unified Split

Showing with 295 additions and 2 deletions.

+16 −1 src/firmware.c

+35 −0 src/hwinit/arm64.h

+14 −0 src/hwinit/util.c

+1 −0 src/hwinit/util.h

+8 −0 src/package.c

+221 −1 src/package.h
diff --git a/src/firmware.c b/src/firmware.c
@@ -140,7 +140,22 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) {
    
    //Patch Kernel
    if(!customKern) {
-        //TODO
+        u32 crc = crc32c(pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]);
+		const pkg2_kernel_id_t * id = pkg2_identify(crc);
+		
+		kernel_patch_t * kpatch = id->kernel_patchset;
+		if(kpatch!=NULL) {
+			for(int i=0; kpatch[i].id!=-1; i++) {
+				if(kpatch[i].id != ATM_ARR_PATCH)
+					*(vu32 *)(pkg2->data + kpatch[i].off) = kpatch[i].val;
+				else {
+					u32 * temp = (u32 *)kpatch[i].ptr;
+					for(int j=0; j< kpatch[i].val; j++) {
+						*(vu32*)(pkg2->data + kpatch[i].off + j*4) = temp[j];
+					}
+				}
+			}
+		}
    }

    u8 kipHash[0x20];
diff --git a/src/hwinit/arm64.h b/src/hwinit/arm64.h
@@ -0,0 +1,35 @@
+/*
+* Copyright (c) 2018 naehrwert
+*
+* This program is free software; you can redistribute it and/or modify it
+* under the terms and conditions of the GNU General Public License,
+* version 2, as published by the Free Software Foundation.
+*
+* This program is distributed in the hope it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+* more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _ARM64_H_
+#define _ARM64_H_
+
+#include "types.h"
+
+#define LSL0 0
+#define LSL16 16
+#define LSL32 32
+
+#define _PAGEOFF(x) ((x) & 0xFFFFF000)
+
+#define _ADRP(r, o) 0x90000000 | ((((o) >> 12) & 0x3) << 29) | ((((o) >> 12) & 0x1FFFFC) << 3) | ((r) & 0x1F)
+#define _BL(a, o) 0x94000000 | ((((o) - (a)) >> 2) & 0x3FFFFFF)
+#define _B(a, o) 0x14000000 | ((((o) - (a)) >> 2) & 0x3FFFFFF)
+#define _MOVKX(r, i, s) 0xF2800000 | (((s) & 0x30) << 17) | (((i) & 0xFFFF) << 5) | ((r) & 0x1F)
+#define _MOVZX(r, i, s) 0xD2800000 | (((s) & 0x30) << 17) | (((i) & 0xFFFF) << 5) | ((r) & 0x1F)
+#define _NOP() 0xD503201F
+
+#endif
diff --git a/src/hwinit/util.c b/src/hwinit/util.c
@@ -62,4 +62,18 @@ uPtr memsearch(const u8 *startPos, u32 searchSize, const void *pattern, u32 patt
        if (memcmp(pos, pattern, patternSize) == 0) return (uPtr)pos;
    }
    return 0;
+}
+
+#define CRC32C_POLY 0x82F63B78
+u32 crc32c(const void *buf, u32 len)
+{
+	const u8 *cbuf = (const u8 *)buf;
+	u32 crc = 0xFFFFFFFF;
+	while (len--)
+	{
+		crc ^= *cbuf++;
+		for (int i = 0; i < 8; i++)
+			crc = crc & 1 ? (crc >> 1) ^ CRC32C_POLY : crc >> 1;
+	}
+	return ~crc;
 }
diff --git a/src/hwinit/util.h b/src/hwinit/util.h
@@ -35,5 +35,6 @@ void musleep(u32 milliseconds);
 void usleep(u32 microseconds);
 void exec_cfg(u32 *base, const cfg_op_t *ops, u32 num_ops);
 uPtr memsearch(const u8 *startPos, u32 searchSize, const void *pattern, u32 patternSize);
+u32 crc32c(const void *buf, u32 len);

 #endif
diff --git a/src/package.c b/src/package.c
@@ -87,6 +87,14 @@ void pkg1_unpack(pk11_offs *offs, u8 *pkg1) {
    }
 }

+const pkg2_kernel_id_t *pkg2_identify(u32 id)
+{
+	for (u32 i = 0; _pkg2_kernel_ids[i].crc32c_id; i++)
+		if (id == _pkg2_kernel_ids[i].crc32c_id)
+			return &_pkg2_kernel_ids[i];
+	return NULL;
+}
+
 void buildFirmwarePackage(u8 *kernel, u32 kernel_size, link_t *kips_info) {
    u8 *pdst = (u8 *)0xA9800000;

diff --git a/src/package.h b/src/package.h
@@ -1,5 +1,6 @@
 #pragma once
 #include "hwinit.h"
+#include "hwinit/arm64.h"

 #define PKG2_MAGIC 0x31324B50
 #define PKG2_SEC_BASE 0x80000000
@@ -8,6 +9,28 @@

 #define INI1_MAGIC 0x31494E49

+#define FREE_CODE_OFF_1ST_100 0x4797C
+#define FREE_CODE_OFF_1ST_200 0x6486C
+#define FREE_CODE_OFF_1ST_300 0x494A4
+#define FREE_CODE_OFF_1ST_302 0x494BC
+#define FREE_CODE_OFF_1ST_400 0x52890
+#define FREE_CODE_OFF_1ST_500 0x5C020
+
+#define ID_SND_OFF_100 0x23CC0
+#define ID_SND_OFF_200 0x3F134
+#define ID_SND_OFF_300 0x26080
+#define ID_SND_OFF_302 0x26080
+#define ID_SND_OFF_400 0x2AF64
+#define ID_SND_OFF_500 0x2AD34
+
+#define ID_RCV_OFF_100 0x219F0
+#define ID_RCV_OFF_200 0x3D1A8
+#define ID_RCV_OFF_300 0x240F0
+#define ID_RCV_OFF_302 0x240F0
+#define ID_RCV_OFF_400 0x28F6C
+#define ID_RCV_OFF_500 0x28DAC
+
+
 static u8 customSecmon = 0;
 static u8 customWarmboot = 0;
 static u8 customKern = 0;
@@ -89,9 +112,206 @@ typedef struct {
 	u32 sm_off;
 } pk11_header;

+enum
+{
+	// Generic instruction patches
+	SVC_VERIFY_DS = 0x10, // 0x0-0xF are RESERVED.
+	DEBUG_MODE_EN,
+	ATM_GEN_PATCH,
+	// >4 bytes patches. Value is a pointer of a u32 array.
+	ATM_ARR_PATCH,
+};
+
+typedef struct _kernel_patch_t
+{
+	u32 id;
+	u32 off;
+	u32 val;
+	u32 *ptr;
+} kernel_patch_t;
+
+typedef struct _pkg2_kernel_id_t
+{
+	u32 crc32c_id;
+	kernel_patch_t *kernel_patchset;
+} pkg2_kernel_id_t;
+
+
+static u32 PRC_ID_SND_100[] =
+{
+	0xA9BF2FEA, 0x2A0E03EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B,
+	0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9412948,	0xA8C12FEA
+};
+#define FREE_CODE_OFF_2ND_100 (FREE_CODE_OFF_1ST_100 + sizeof(PRC_ID_SND_100) + 4)
+static u32 PRC_ID_RCV_100[] =
+{
+	0xA9BF2FEA, 0x2A1C03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A,
+	0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9412968, 0xA8C12FEA
+};
+
+static u32 PRC_ID_SND_200[] =
+{
+	0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B,
+	0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9413148, 0xA8C12FEA
+};
+#define FREE_CODE_OFF_2ND_200 (FREE_CODE_OFF_1ST_200 + sizeof(PRC_ID_SND_200) + 4)
+static u32 PRC_ID_RCV_200[] =
+{
+	0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148,
+	0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9413168, 0xA8C12FEA
+};
+
+static u32 PRC_ID_SND_300[] =
+{
+	0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B,
+	0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA
+};
+#define FREE_CODE_OFF_2ND_300 (FREE_CODE_OFF_1ST_300 + sizeof(PRC_ID_SND_300) + 4)
+static u32 PRC_ID_RCV_300[] =
+{
+	0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148,
+	0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA
+};
+
+static u32 PRC_ID_SND_302[] =
+{
+	0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B,
+	0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA
+};
+#define FREE_CODE_OFF_2ND_302 (FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302) + 4)
+static u32 PRC_ID_RCV_302[] =
+{
+	0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148,
+	0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA
+};
+
+static u32 PRC_ID_SND_400[] =
+{
+	0x2A1703EA, 0xD37EF54A, 0xF86A6B8A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9,
+	0xEB09015F, 0x54000060, 0xF94053EA, 0xF9415948, 0xF94053EA
+};
+#define FREE_CODE_OFF_2ND_400 (FREE_CODE_OFF_1ST_400 + sizeof(PRC_ID_SND_400) + 4)
+static u32 PRC_ID_RCV_400[] =
+{
+	0xF9403BED, 0x2A0E03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A,
+	0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B28, 0xD503201F
+};
+
+static u32 PRC_ID_SND_500[] =
+{
+	0x2A1703EA, 0xD37EF54A, 0xF86A6B6A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9,
+	0xEB09015F, 0x54000060, 0xF94043EA, 0xF9415948, 0xF94043EA
+};
+#define FREE_CODE_OFF_2ND_500 (FREE_CODE_OFF_1ST_500 + sizeof(PRC_ID_SND_500) + 4)
+static u32 PRC_ID_RCV_500[] =
+{
+	0xF9403BED, 0x2A1503EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A,
+	0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B08, 0xF9406FEA
+};
+
+
+static kernel_patch_t kern1[] = {
+	{ SVC_VERIFY_DS, 0x3764C, _NOP(), NULL },          // Disable SVC verifications
+	{ DEBUG_MODE_EN, 0x44074, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch
+	// Atmosphère kernel patches.
+	{ ATM_GEN_PATCH, ID_SND_OFF_100, _B(ID_SND_OFF_100, FREE_CODE_OFF_1ST_100), NULL},    // Send process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_1ST_100, sizeof(PRC_ID_SND_100) >> 2, PRC_ID_SND_100}, // Send process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_1ST_100 + sizeof(PRC_ID_SND_100),                      // Branch back and skip 1 instruction.
+		_B(FREE_CODE_OFF_1ST_100 + sizeof(PRC_ID_SND_100), ID_SND_OFF_100 + 4), NULL},
+	{ ATM_GEN_PATCH, ID_RCV_OFF_100, _B(ID_RCV_OFF_100, FREE_CODE_OFF_2ND_100), NULL},    // Receive process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_2ND_100, sizeof(PRC_ID_RCV_100) >> 2, PRC_ID_RCV_100}, // Receive process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_2ND_100 + sizeof(PRC_ID_RCV_100),                      // Branch back and skip 1 instruction.
+	_B(FREE_CODE_OFF_2ND_100 + sizeof(PRC_ID_RCV_100), ID_RCV_OFF_100 + 4), NULL},
+	{0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF}
+};
+
+static kernel_patch_t kern2[] = {
+	{ SVC_VERIFY_DS, 0x54834, _NOP(), NULL },          // Disable SVC verifications
+	{ DEBUG_MODE_EN, 0x6086C, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch
+	// Atmosphère kernel patches.
+	{ ATM_GEN_PATCH, ID_SND_OFF_200, _B(ID_SND_OFF_200, FREE_CODE_OFF_1ST_200), NULL},    // Send process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_1ST_200, sizeof(PRC_ID_SND_200) >> 2, PRC_ID_SND_200}, // Send process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_1ST_200 + sizeof(PRC_ID_SND_200),                      // Branch back and skip 1 instruction.
+		_B(FREE_CODE_OFF_1ST_200 + sizeof(PRC_ID_SND_200), ID_SND_OFF_200 + 4), NULL},
+	{ ATM_GEN_PATCH, ID_RCV_OFF_200, _B(ID_RCV_OFF_200, FREE_CODE_OFF_2ND_200), NULL},    // Receive process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_2ND_200, sizeof(PRC_ID_RCV_200) >> 2, PRC_ID_RCV_200}, // Receive process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_2ND_200 + sizeof(PRC_ID_RCV_200),                      // Branch back and skip 1 instruction.
+		_B(FREE_CODE_OFF_2ND_200 + sizeof(PRC_ID_RCV_200), ID_RCV_OFF_200 + 4), NULL},
+	{0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF}
+};
+static kernel_patch_t kern3[] = {
+	{ SVC_VERIFY_DS, 0x3BD24, _NOP(), NULL },          // Disable SVC verifications
+	{ DEBUG_MODE_EN, 0x483FC, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch
+	// Atmosphère kernel patches.
+	{ ATM_GEN_PATCH, ID_SND_OFF_300, _B(ID_SND_OFF_300, FREE_CODE_OFF_1ST_300), NULL},    // Send process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_1ST_300, sizeof(PRC_ID_SND_300) >> 2, PRC_ID_SND_300}, // Send process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_1ST_300 + sizeof(PRC_ID_SND_300),                      // Branch back and skip 1 instruction.
+		_B(FREE_CODE_OFF_1ST_300 + sizeof(PRC_ID_SND_300), ID_SND_OFF_300 + 4), NULL},
+	{ ATM_GEN_PATCH, ID_RCV_OFF_300, _B(ID_RCV_OFF_300, FREE_CODE_OFF_2ND_300), NULL},    // Receive process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_2ND_300, sizeof(PRC_ID_RCV_300) >> 2, PRC_ID_RCV_300}, // Receive process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_2ND_300 + sizeof(PRC_ID_RCV_300),                      // Branch back and skip 1 instruction.
+		_B(FREE_CODE_OFF_2ND_300 + sizeof(PRC_ID_RCV_300), ID_RCV_OFF_300 + 4), NULL},
+	{0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF}
+};
+static kernel_patch_t kern302[] = {
+	{ SVC_VERIFY_DS, 0x3BD24, _NOP(), NULL },          // Disable SVC verifications
+	{ DEBUG_MODE_EN, 0x48414, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch
+	// Atmosphère kernel patches.
+	{ ATM_GEN_PATCH, ID_SND_OFF_302, _B(ID_SND_OFF_302, FREE_CODE_OFF_1ST_302), NULL},    // Send process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_1ST_302, sizeof(PRC_ID_SND_302) >> 2, PRC_ID_SND_302}, // Send process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302),                      // Branch back and skip 1 instruction.
+		_B(FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302), ID_SND_OFF_302 + 4), NULL},
+	{ ATM_GEN_PATCH, ID_RCV_OFF_302, _B(ID_RCV_OFF_302, FREE_CODE_OFF_2ND_302), NULL},    // Receive process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_2ND_302, sizeof(PRC_ID_RCV_302) >> 2, PRC_ID_RCV_302}, // Receive process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_2ND_302 + sizeof(PRC_ID_RCV_302),                      // Branch back and skip 1 instruction.
+		_B(FREE_CODE_OFF_2ND_302 + sizeof(PRC_ID_RCV_302), ID_RCV_OFF_302 + 4), NULL},
+	{0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF}
+};
+static kernel_patch_t kern4[] = {
+	{ SVC_VERIFY_DS, 0x41EB4, _NOP(), NULL },          // Disable SVC verifications
+	{ DEBUG_MODE_EN, 0x4EBFC, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch
+	// Atmosphère kernel patches.
+	{ ATM_GEN_PATCH, ID_SND_OFF_400, _B(ID_SND_OFF_400, FREE_CODE_OFF_1ST_400), NULL},    // Send process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_1ST_400, sizeof(PRC_ID_SND_400) >> 2, PRC_ID_SND_400}, // Send process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_1ST_400 + sizeof(PRC_ID_SND_400),                      // Branch back and skip 2 instructions.
+		_B(FREE_CODE_OFF_1ST_400 + sizeof(PRC_ID_SND_400), ID_SND_OFF_400 + 8), NULL},
+	{ ATM_GEN_PATCH, ID_RCV_OFF_400, _B(ID_RCV_OFF_400, FREE_CODE_OFF_2ND_400), NULL},    // Receive process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_2ND_400, sizeof(PRC_ID_RCV_400) >> 2, PRC_ID_RCV_400}, // Receive process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_2ND_400 + sizeof(PRC_ID_RCV_400),                      // Branch back and skip 1 instruction.
+		_B(FREE_CODE_OFF_2ND_400 + sizeof(PRC_ID_RCV_400), ID_RCV_OFF_400 + 4), NULL},
+	{0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF}
+};
+
+static kernel_patch_t kern5[] = {
+	{ SVC_VERIFY_DS, 0x45E6C, _NOP(), NULL },          // Disable SVC verifications
+	{ DEBUG_MODE_EN, 0x5513C, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch
+	// Atmosphère kernel patches.
+	{ ATM_GEN_PATCH, ID_SND_OFF_500, _B(ID_SND_OFF_500, FREE_CODE_OFF_1ST_500), NULL},    // Send process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_1ST_500, sizeof(PRC_ID_SND_500) >> 2, PRC_ID_SND_500}, // Send process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_1ST_500 + sizeof(PRC_ID_SND_500),                      // Branch back and skip 2 instructions.
+		_B(FREE_CODE_OFF_1ST_500 + sizeof(PRC_ID_SND_500), ID_SND_OFF_500 + 8), NULL},
+	{ ATM_GEN_PATCH, ID_RCV_OFF_500, _B(ID_RCV_OFF_500, FREE_CODE_OFF_2ND_500), NULL},    // Receive process id branch.
+	{ ATM_ARR_PATCH, FREE_CODE_OFF_2ND_500, sizeof(PRC_ID_RCV_500) >> 2, PRC_ID_RCV_500}, // Receive process id code.
+	{ ATM_GEN_PATCH, FREE_CODE_OFF_2ND_500 + sizeof(PRC_ID_RCV_500),                      // Branch back and skip 2 instructions.
+		_B(FREE_CODE_OFF_2ND_500 + sizeof(PRC_ID_RCV_500), ID_RCV_OFF_500 + 8), NULL},
+	{0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF}
+};
+
+static const pkg2_kernel_id_t _pkg2_kernel_ids[] =
+{
+	{ 0x427f2647, kern1 },   //1.0.0
+	{ 0xae19cf1b, kern2 },   //2.0.0 - 2.3.0
+	{ 0x73c9e274, kern3 },   //3.0.0 - 3.0.1
+	{ 0xe0e8cdc4, kern302 }, //3.0.2
+	{ 0x485d0157, kern4 },   //4.0.0 - 4.1.0
+	{ 0xf3c363f2, kern5 },   //5.0.0 - 5.1.0
+	{ 0, 0 }                              //End.
+};
+
 pkg2_hdr_t *unpackFirmwarePackage(u8 *data);
 void pkg1_unpack(pk11_offs *offs, u8 *pkg1);
 void buildFirmwarePackage(u8 *kernel, u32 kernel_size, link_t *kips_info);
 size_t calcKipSize(pkg2_kip1_t *kip1);
 void pkg2_parse_kips(link_t *info, pkg2_hdr_t *pkg2);
-void loadKip(link_t *info, char *path);
+void loadKip(link_t *info, char *path);
+const pkg2_kernel_id_t *pkg2_identify(u32 id);