April 28, 2026 21:48 · April 1, 2026 12:38 · March 13, 2026 10:44 · February 2, 2026 14:48 · November 24, 2025 14:23 · July 9, 2025 20:11
 From 62db1c0b62250ac6901d6287833f1197e1569a56 Mon Sep 17 00:00:00 2001
 From: Ilya Zhuravlev <whatever@xyz.is>
 Date: Tue, 28 Apr 2026 23:18:25 +0200
 Subject: [PATCH] usb: devio: bypass permission checks for kamakiri

 ---
 drivers/usb/core/devio.c | 7 +++++++
 1 file changed, 7 insertions(+)

 diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
 import os
 import struct
 import asyncio
 import hashlib
 import xmltodict

 from pyshark import FileCapture
 from argparse import ArgumentParser

 class DownloadAgent:
 #!/usr/bin/env bash

 set -euo pipefail

 TOOLCHAIN_DIR="$HOME/toolchains"
 ARM32_URL="https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel/arm-gnu-toolchain-13.2.Rel1-x86_64-arm-none-linux-gnueabihf.tar.xz"
 ARM64_URL="https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel/arm-gnu-toolchain-13.2.Rel1-x86_64-aarch64-none-linux-gnu.tar.xz"
 ARM32_DIR="arm-gnu-toolchain-13.2.Rel1-x86_64-arm-none-linux-gnueabihf"
 ARM64_DIR="arm-gnu-toolchain-13.2.Rel1-x86_64-aarch64-none-linux-gnu"
 #!/usr/bin/env python3

 import struct
 import sys

 """
 struct boot_img_hdr
 {
    uint8_t magic[BOOT_MAGIC_SIZE];
    uint32_t kernel_size;                /* size in bytes */
 #!/usr/bin/env bash

 if [ $# -eq 0 ]; then
    echo "Usage: $0 <kernel_directory>"
    exit 1
 fi

 KERNEL_DIR="$1"
 TOOLCHAIN_DIR="$(pwd)/toolchain"
 CLANG_DIR="$TOOLCHAIN_DIR/clang-r383902"
 #!/bin/bash

 REPO_PATH=""
 REMOTE_URL=""
 SOURCE_BRANCH=""
 TARGET_BRANCH=""
 TEMP_BRANCH="temp"
 CHUNK_SIZE=8000  # Number of commits per chunk

 GREEN='\033[0;32m'
 int fastboot_oem_unlock(char *arg, void *data, uint sz)

 {
    bool bVar1;
    int ret;
    char *error;
    char *str;
    uint unlock_allowed;
    char acStack_90[127];
    undefined local_11;
 [PL0] Build Time: 20140925-030705
 [SD0] Bus Width: 1
 [SD0] SET_CLK(260kHz): SCLK(259kHz) MODE(0) DDR(0) DIV(193) DS(0) RS(0)
 [SD0] Switch to High-Speed mode!
 [SD0] SET_CLK(260kHz): SCLK(259kHz) MODE(2) DDR(1) DIV(96) DS(0) RS(0)
 [SD0] Bus Width: 8
 [SD0] Size: 7456 MB, Max.Speed: 52000 kHz, blklen(512), nblks(15269888), ro(0)
 [SD0] Initialized
 [SD0] SET_CLK(52000kHz): SCLK(50000kHz) MODE(2) DDR(1) DIV(0) DS(0) RS(0)
 msdc_ett_offline_to_pl: size<2> m_id<0x45>
 diff --git a/device/src/controller.cc b/device/src/controller.cc
 index ce19f5c..2d9815a 100644
 --- a/device/src/controller.cc
 +++ b/device/src/controller.cc
 @@ -196,8 +196,10 @@ static future_t* start_up(void) {
   }
 #endif
 
 -  ble_supported = last_features_classic_page_index >= 1 &&
 -                  HCI_LE_HOST_SUPPORTED(features_classic[1].as_array);
	From 62db1c0b62250ac6901d6287833f1197e1569a56 Mon Sep 17 00:00:00 2001
	From: Ilya Zhuravlev <whatever@xyz.is>
	Date: Tue, 28 Apr 2026 23:18:25 +0200
	Subject: [PATCH] usb: devio: bypass permission checks for kamakiri

	---
	drivers/usb/core/devio.c \| 7 +++++++
	1 file changed, 7 insertions(+)

	diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
	import os
	import struct
	import asyncio
	import hashlib
	import xmltodict

	from pyshark import FileCapture
	from argparse import ArgumentParser

	class DownloadAgent:
FireOS version	LK build description	PL build description
Fire OS 6.5.4.4 (NS6544/3230)	`a135012-20210311_160052`	`???????????????????????`
Fire OS ?.?.?.? (NS????/????)	`7b1780d-20210416_071610`	`???????????????????????`
Fire OS 6.5.4.8 (NS6548/3254)	`039b456-20210609_071445`	`???????????????????????`
Fire OS 6.5.4.8 (NS6548/3290)	`77c8c2e-20211019_182552`	`???????????????????????`
Fire OS 6.5.5.0 (NS6550/3741)	`5da77ac-20210918_073605`	`???????????????????????`
Fire OS 6.5.6.1 (NS6561/4957)	`3c87b1c-20220128_013456`	`5cb33b1-20230721_165438`
Fire OS 6.5.6.2 (NS6562/5145)	`3c87b1c-20220128_013456`	`79a3b50-20231019_075356`
Fire OS 6.5.6.2 (NS6562/5154)	`3c87b1c-20220128_013456`	`79a3b50-20231019_075356`
	#!/usr/bin/env bash

	set -euo pipefail

	TOOLCHAIN_DIR="$HOME/toolchains"
	ARM32_URL="https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel/arm-gnu-toolchain-13.2.Rel1-x86_64-arm-none-linux-gnueabihf.tar.xz"
	ARM64_URL="https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel/arm-gnu-toolchain-13.2.Rel1-x86_64-aarch64-none-linux-gnu.tar.xz"
	ARM32_DIR="arm-gnu-toolchain-13.2.Rel1-x86_64-arm-none-linux-gnueabihf"
	ARM64_DIR="arm-gnu-toolchain-13.2.Rel1-x86_64-aarch64-none-linux-gnu"
	#!/usr/bin/env python3

	import struct
	import sys

	"""
	struct boot_img_hdr
	{
	uint8_t magic[BOOT_MAGIC_SIZE];
	uint32_t kernel_size; /* size in bytes */
	#!/usr/bin/env bash

	if [ $# -eq 0 ]; then
	echo "Usage: $0 <kernel_directory>"
	exit 1
	fi

	KERNEL_DIR="$1"
	TOOLCHAIN_DIR="$(pwd)/toolchain"
	CLANG_DIR="$TOOLCHAIN_DIR/clang-r383902"
	#!/bin/bash

	REPO_PATH=""
	REMOTE_URL=""
	SOURCE_BRANCH=""
	TARGET_BRANCH=""
	TEMP_BRANCH="temp"
	CHUNK_SIZE=8000 # Number of commits per chunk

	GREEN='\033[0;32m'
	int fastboot_oem_unlock(char arg, void data, uint sz)

	{
	bool bVar1;
	int ret;
	char *error;
	char *str;
	uint unlock_allowed;
	char acStack_90[127];
	undefined local_11;
	[PL0] Build Time: 20140925-030705
	[SD0] Bus Width: 1
	[SD0] SET_CLK(260kHz): SCLK(259kHz) MODE(0) DDR(0) DIV(193) DS(0) RS(0)
	[SD0] Switch to High-Speed mode!
	[SD0] SET_CLK(260kHz): SCLK(259kHz) MODE(2) DDR(1) DIV(96) DS(0) RS(0)
	[SD0] Bus Width: 8
	[SD0] Size: 7456 MB, Max.Speed: 52000 kHz, blklen(512), nblks(15269888), ro(0)
	[SD0] Initialized
	[SD0] SET_CLK(52000kHz): SCLK(50000kHz) MODE(2) DDR(1) DIV(0) DS(0) RS(0)
	msdc_ett_offline_to_pl: size<2> m_id<0x45>
	diff --git a/device/src/controller.cc b/device/src/controller.cc
	index ce19f5c..2d9815a 100644
	--- a/device/src/controller.cc
	+++ b/device/src/controller.cc
	@@ -196,8 +196,10 @@ static future_t* start_up(void) {
	}
	#endif

	- ble_supported = last_features_classic_page_index >= 1 &&
	- HCI_LE_HOST_SUPPORTED(features_classic[1].as_array);