diff --git a/.github/workflows/mikrotik_patch_test.yml b/.github/workflows/mikrotik_patch_test.yml
new file mode 100644
index 0000000..b11130e
--- /dev/null
+++ b/.github/workflows/mikrotik_patch_test.yml
@@ -0,0 +1,396 @@
+name: Patch Mikrotik RouterOS
+on:
+  # push:
+  #   branches: [ "main" ]
+  # schedule:
+  #   - cron: "0 0 * * *"
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'RouterOS version, blank for latest'     
+        required: false
+        default: ''
+        type: string
+
+permissions:
+  contents: write
+
+jobs:
+  Patch_RouterOS_7:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        arch: [x86_64,arm64]
+        channel: [stable, testing]
+    env:
+      TZ: 'Asia/Shanghai'
+      LATEST_VERSION_URL: 'https://upgrade.mikrotik.com/routeros/NEWESTa7'
+      LATEST_VERSION: ""
+      BUILD_TIME: "0"
+      ARCH: ""
+      CUSTOM_LICENSE_PRIVATE_KEY: ${{ secrets.CUSTOM_LICENSE_PRIVATE_KEY }}
+      CUSTOM_LICENSE_PUBLIC_KEY: ${{ secrets.CUSTOM_LICENSE_PUBLIC_KEY }}
+      CUSTOM_NPK_SIGN_PRIVATE_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PRIVATE_KEY }}
+      CUSTOM_NPK_SIGN_PUBLIC_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PUBLIC_KEY }}
+      MIKRO_LICENSE_PUBLIC_KEY: ${{ secrets.MIKRO_LICENSE_PUBLIC_KEY }}
+      MIKRO_NPK_SIGN_PUBLIC_LKEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_LKEY }}
+      MIKRO_LICENCE_URL: ${{ secrets.MIKRO_LICENCE_URL }}
+      CUSTOM_LICENCE_URL: ${{ secrets.CUSTOM_LICENCE_URL }}
+      MIKRO_UPGRADE_URL: ${{ secrets.MIKRO_UPGRADE_URL }}
+      CUSTOM_UPGRADE_URL: ${{ secrets.CUSTOM_UPGRADE_URL }}
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+        
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11' 
+
+    - name: Cache Squashfs
+      id: cache-squashfs
+      uses: actions/cache@v4
+      with:
+        path: |
+          python3.sfs
+          option.sfs
+        key: busybox-python3-squashfs-${{ matrix.arch }}
+
+    - name: Create Squashfs for option and python3
+      if: steps.cache-squashfs.outputs.cache-hit != 'true'
+      run: |
+        sudo mkdir -p ./option-root/bin/
+        if [ "${{ matrix.arch }}" == "x86_64" ]; then
+          sudo cp busybox/busybox_x86_64 ./option-root/bin/busybox
+          sudo chmod +x ./option-root/bin/busybox
+        else if [ "${{ matrix.arch }}" == "arm64" ]; then
+          sudo cp busybox/busybox_aarch64 ./option-root/bin/busybox
+          sudo chmod +x ./option-root/bin/busybox
+        fi
+        sudo chmod +x ./busybox/busybox_x86_64
+        COMMANDS=$(./busybox/busybox_x86_64 --list)
+        for cmd in $COMMANDS; do
+            sudo ln -sf /pckg/option/bin/busybox ./option-root/bin/$cmd
+        done
+        sudo mksquashfs option-root option.sfs -quiet -comp xz -no-xattrs -b 256k
+        sudo rm -rf option-root
+        if [ "${{ matrix.arch }}" == "x86_64" ]; then
+          sudo wget -O cpython-3.11.9.tar.gz -nv https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-x86_64-unknown-linux-gnu-install_only.tar.gz
+        else if [ "${{ matrix.arch }}" == "arm64" ]; then
+          sudo wget -O cpython-3.11.9.tar.gz -nv https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-aarch64-unknown-linux-gnu-install_only.tar.gz
+        fi
+        sudo tar -xf cpython-3.11.9.tar.gz
+        sudo rm cpython-3.11.9.tar.gz
+        sudo rm -rf ./python/include
+        sudo rm -rf ./python/share
+        sudo mksquashfs python python3.sfs -quiet -comp xz -no-xattrs -b 256k
+        sudo rm -rf python
+
+    - name: Get latest routeros version  
+      run: |
+        echo $(uname -a)
+        if [ "${{ inputs.version }}" == "" ]; then
+          LATEST_VERSION=$(wget -nv -O - ${{ env.LATEST_VERSION_URL }}.${{ matrix.channel }} | cut -d ' ' -f1)
+        else
+          LATEST_VERSION=${{ inputs.version }}
+        fi  
+        BUILD_TIME=$(date +"%s")
+        echo Latest Version:$LATEST_VERSION
+        echo Build Time:$BUILD_TIME
+        wget -nv -O CHANGELOG https://upgrade.mikrotik.com/routeros/$LATEST_VERSION/CHANGELOG
+        cat CHANGELOG
+        echo "LATEST_VERSION=${LATEST_VERSION}" >> $GITHUB_ENV
+        echo "BUILD_TIME=${BUILD_TIME}" >> $GITHUB_ENV
+        if [ "${{ matrix.arch }}" == "x86_64" ]; then
+          echo "ARCH=''" >> $GITHUB_ENV
+        else if [ "${{ matrix.arch }}" == "arm64" ]; then
+          echo "ARCH='-arm64'" >> $GITHUB_ENV
+        fi
+
+    - name: Cache NetInstall ${{ env.LATEST_VERSION }}
+      if: matrix.arch == 'x86_64'
+      id: cache-netinstall
+      uses: actions/cache@v4
+      with:
+        path: |
+          netinstall.zip
+        key: netinstall-${{ env.LATEST_VERSION }}
+
+    - name: Get netinstall-${{ env.LATEST_VERSION }}.zip
+      if: matrix.arch == 'x86_64' && steps.cache-netinstall.outputs.cache-hit != 'true'
+      run: |
+        sudo wget -nv -O netinstall.zip https://download.mikrotik.com/routeros/$LATEST_VERSION/netinstall-$LATEST_VERSION.zip
+
+    - name: Patch netinstall.exe
+      if: matrix.arch == 'x86_64'
+      run: |
+        sudo unzip netinstall.zip
+        sudo -E python3 patch.py netinstall netinstall.exe
+        sudo zip netinstall-$LATEST_VERSION.zip ./netinstall.exe
+
+    - name: Cache Mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}.ISO
+      id: cache-mikrotik
+      uses: actions/cache@v4
+      with:
+        path: |
+          mikrotik.iso
+        key: mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}
+
+    - name: Get mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}.iso
+      if: steps.cache-mikrotik.outputs.cache-hit != 'true'
+      run: |
+          sudo wget -nv -O mikrotik.iso https://download.mikrotik.com/routeros/$LATEST_VERSION/mikrotik-$LATEST_VERSION$ARCH.iso
+
+    - name: Patch mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}.iso
+      run: |
+        sudo apt-get install -y mkisofs > /dev/null
+        sudo mkdir ./iso 
+        sudo mount -o loop,ro mikrotik.iso ./iso
+        sudo mkdir ./new_iso
+        sudo cp -r ./iso/* ./new_iso/
+        sudo rsync -a ./iso/ ./new_iso/
+        sudo umount ./iso
+        sudo rm -rf ./iso
+        sudo mv ./new_iso/routeros-$LATEST_VERSION$ARCH.npk ./
+        sudo -E python3 patch.py npk routeros-$LATEST_VERSION$ARCH.npk
+        NPK_FILES=$(find ./new_iso/*.npk)
+        for file in $NPK_FILES; do
+            sudo -E python3 npk.py sign $file $file
+        done
+        sudo cp routeros-$LATEST_VERSION$ARCH.npk ./new_iso/
+        sudo -E python3 npk.py create ./new_iso/gps-$LATEST_VERSION$ARCH.npk ./option-$LATEST_VERSION$ARCH.npk option ./option.sfs -desc="busybox"
+        sudo cp option-$LATEST_VERSION$ARCH.npk ./new_iso/
+        sudo -E python3 npk.py create ./new_iso/gps-$LATEST_VERSION$ARCH.npk ./python3-$LATEST_VERSION$ARCH.npk python3 ./python3.sfs -desc="python 3.11.9"
+        sudo cp python3-$LATEST_VERSION$ARCH.npk ./new_iso/
+        
+        sudo mkdir ./efiboot
+        sudo mount -o loop ./new_iso/efiboot.img ./efiboot
+        if [ "${{ matrix.arch }}" == "x86_64" ]; then
+          sudo -E python3 patch.py kernel ./efiboot/EFI/BOOT/BOOTX64.EFI
+          sudo cp ./efiboot/EFI/BOOT/BOOTX64.EFI ./BOOTX64.EFI
+          sudo cp ./BOOTX64.EFI ./new_iso/isolinux/linux
+          sudo umount ./efiboot
+          sudo rm -rf ./efiboot
+          sudo mkisofs -o mikrotik-$LATEST_VERSION$ARCH.iso \
+                      -V "MikroTik $LATEST_VERSION ${{ matrix.arch }} Patched" \
+                      -sysid "" -preparer "MiKroTiK" \
+                      -publisher "" -A "MiKroTiK RouterOS" \
+                      -b isolinux/isolinux.bin \
+                      -c isolinux/boot.cat \
+                      -no-emul-boot \
+                      -boot-load-size 4 \
+                      -boot-info-table \
+                      -eltorito-alt-boot \
+                      -e efiboot.img \
+                      -no-emul-boot \
+                      -R -J \
+                      ./new_iso
+        else if [ "${{ matrix.arch }}" == "arm64" ]; then
+          sudo -E python3 patch.py kernel ./efiboot/EFI/BOOT/BOOTAA64.EFI
+          sudo cp ./efiboot/EFI/BOOT/BOOTAA64.EFI ./BOOTAA64.EFI
+          sudo umount ./efiboot
+          sudo rm -rf ./efiboot
+
+          sudo mkisofs -o mikrotik-$LATEST_VERSION$ARCH.iso \
+                      -V "MikroTik $LATEST_VERSION ${{ matrix.arch }} Patched" \
+                      -sysid "" -preparer "MiKroTiK" \
+                      -publisher "" -A "MiKroTiK RouterOS" \
+                      -eltorito-alt-boot \
+                      -e efiboot.img \
+                      -no-emul-boot \
+                      -R -J \
+                      ./new_iso
+        fi
+
+        sudo mkdir ./all_packages
+        sudo cp ./new_iso/*.npk ./all_packages/
+        sudo rm -rf ./new_iso
+        cd ./all_packages
+        if [ "${{ matrix.arch }}" == "x86_64" ]; then
+          sudo zip ../all_packages-x86-$LATEST_VERSION.zip *.npk
+        else if [ "${{ matrix.arch }}" == "arm64" ]; then
+          sudo zip ../all_packages-arm64-$LATEST_VERSION.zip *.npk
+        fi
+        cd ..
+
+    - name: Cache refind
+      if: matrix.arch == 'x86_64'
+      id: cache-refind
+      uses: actions/cache@v4
+      with:
+        path: refind-bin-0.14.2.zip
+        key: refind
+
+    - name: Get refind
+      if: matrix.arch == 'x86_64' && steps.cache-refind.outputs.cache-hit != 'true'
+      run: sudo wget -nv -O refind-bin-0.14.2.zip https://nchc.dl.sourceforge.net/project/refind/0.14.2/refind-bin-0.14.2.zip
+
+    - name: Create install-image-${{ env.LATEST_VERSION }}.img
+      if: matrix.arch == 'x86_64'
+      run: |
+        sudo modprobe nbd
+        sudo apt-get install -y qemu-utils extlinux > /dev/null
+        # Loading system
+        # Copyright (C) 1994-2015 H. Peter Anvin et al
+        # 20210811
+        # CHS EDD
+        sudo xxd -p -u /usr/bin/extlinux | tr -d '\n' | sed \
+          -e 's/0D0A5359534C494E555820362E30342000/4C6F6164696E672073797374656D0D0A00/g' \
+          -e 's/20436F707972696768742028432920313939342D3230313520482E20506574657220416E76696E20657420616C0D0A/00436F707972696768742028432920313939342D3230313520482E20506574657220416E76696E20657420616C0D0A/g' \
+          -e 's/203230323130383131/003230323130383131/g' \
+          -e 's/43485300454444/00485300004444/g' | xxd -p -r >extlinux 
+        sudo chmod +x extlinux
+        
+        truncate --size 128M install-image-$LATEST_VERSION.img
+        sudo qemu-nbd -c /dev/nbd0 -f raw install-image-$LATEST_VERSION.img
+        sudo mkfs.vfat -n "Install" /dev/nbd0
+        sudo mkdir ./install
+        sudo mount /dev/nbd0 ./install
+        sudo mkdir -p ./install/EFI/BOOT
+        sudo unzip refind-bin-0.14.2.zip refind-bin-0.14.2/refind/refind_x64.efi
+        sudo cp refind-bin-0.14.2/refind/refind_x64.efi ./install/EFI/BOOT/BOOTX64.EFI
+        sudo rm -rf refind-bin-0.14.2
+        echo -e 'timeout 0\ntextonly\ntextmode 0\nshowtools shutdown, reboot, exit\nmenuentry "Install RouterOS" {\n\tloader /linux\n\toptions "load_ramdisk=1 root=/dev/ram0 -install -hdd"\n}\ndefault_selection /EFI/BOOT/BOOTX64.EFI' \
+          > refind.conf
+        sudo cp refind.conf ./install/EFI/BOOT/
+        sudo rm refind.conf
+        sudo ./extlinux --install -H 64 -S 32 ./install/
+        echo -e 'default system\nLABEL system\n\tKERNEL linux\n\tAPPEND load_ramdisk=1 -install -hdd' \
+          > syslinux.cfg
+        sudo cp syslinux.cfg ./install/
+        sudo rm syslinux.cfg
+        sudo cp ./BOOTX64.EFI ./install/linux
+        NPK_FILES=($(find ./all_packages/*.npk))
+        for ((i=1; i<=${#NPK_FILES[@]}; i++))
+        do
+          echo "${NPK_FILES[$i-1]}=>$i.npk" 
+          sudo cp ${NPK_FILES[$i-1]} ./install/$i.npk
+        done
+        sudo touch ./install/CHOOSE
+        sudo touch ./install/autorun.scr 
+        sudo umount /dev/nbd0
+        sudo qemu-nbd -d /dev/nbd0
+        sudo rm -rf ./install
+        sudo zip install-image-$LATEST_VERSION.zip ./install-image-$LATEST_VERSION.img
+        sudo rm ./install-image-$LATEST_VERSION.img
+
+
+    - name: Create chr-${{ env.LATEST_VERSION }}${{ env.ARCH }}.img
+      run: |
+        truncate --size 128M chr-$LATEST_VERSION$ARCH.img
+        sgdisk --clear --set-alignment=2 \
+            --new=1::+32M --typecode=1:8300 --change-name=1:"RouterOS Boot" --attributes=1:set:2 \
+            --new=2::-0 --typecode=2:8300 --change-name=2:"RouterOS" \
+            --gpttombr=1:2 \
+            chr-$LATEST_VERSION$ARCH.img
+        dd if=chr-$LATEST_VERSION$ARCH.img of=pt.bin bs=1 count=66 skip=446
+        echo -e "\x80" | dd of=pt.bin  bs=1 count=1  conv=notrunc
+        sgdisk --mbrtogpt --clear --set-alignment=2 \
+            --new=1::+32M --typecode=1:8300 --change-name=1:"RouterOS Boot" --attributes=1:set:2 \
+            --new=2::-0 --typecode=2:8300 --change-name=2:"RouterOS" \
+            chr-$LATEST_VERSION$ARCH.img
+        dd if=mbr.bin of=chr-$LATEST_VERSION$ARCH.img  bs=1 count=446 conv=notrunc
+        dd if=pt.bin of=chr-$LATEST_VERSION$ARCH.img  bs=1 count=66 seek=446 conv=notrunc
+
+        sudo qemu-nbd -c /dev/nbd0 -f raw chr-$LATEST_VERSION$ARCH.img
+        sudo mkfs.vfat -n "Boot" /dev/nbd0p1
+        sudo mkfs.ext4 -F -L "RouterOS"  -m 0 /dev/nbd0p2
+        sudo mkdir -p ./img/{boot,routeros}
+        sudo mount /dev/nbd0p1 ./img/boot/
+        sudo mkdir -p  ./img/boot/{BOOT,EFI/BOOT}
+        if [ "${{ matrix.arch }}" == "x86_64" ]; then
+          sudo cp BOOTX64.EFI ./img/boot/EFI/BOOT/BOOTX64.EFI
+          sudo ./extlinux --install  -H 64 -S 32 ./img/boot/BOOT
+          echo -e "default system\nlabel system\n\tkernel /EFI/BOOT/BOOTX64.EFI\n\tappend load_ramdisk=1 root=/dev/ram0 quiet" > syslinux.cfg
+          sudo cp syslinux.cfg ./img/boot/BOOT/
+          sudo rm syslinux.cfg
+        else if [ "${{ matrix.arch }}" == "amd64" ]; then
+          sudo cp BOOTAA64.EFI ./img/boot/EFI/BOOT/BOOTAA64.EFI
+        fi
+        sudo umount /dev/nbd0p1
+        sudo mount  /dev/nbd0p2 ./img/routeros/
+        sudo mkdir -p ./img/routeros/{var/pdb/{system,option},boot}
+        sudo cp ./all_packages/option-$LATEST_VERSION$ARCH.npk ./img/routeros/var/pdb/option/image
+        sudo cp ./all_packages/routeros-$LATEST_VERSION$ARCH.npk ./img/routeros/var/pdb/system/image
+        sudo umount /dev/nbd0p2
+        sudo rm -rf ./img
+        sudo qemu-nbd -d /dev/nbd0
+
+        sudo qemu-img convert -f raw -O qcow2 chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.qcow2
+        sudo qemu-img convert -f raw -O vmdk chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.vmdk
+        sudo qemu-img convert -f raw -O vpc chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.vhd
+        sudo qemu-img convert -f raw -O vhdx chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.vhdx
+        sudo qemu-img convert -f raw -O vdi chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.vdi
+
+        sudo zip chr-$LATEST_VERSION$ARCH.qcow2.zip chr-$LATEST_VERSION$ARCH.qcow2
+        sudo zip chr-$LATEST_VERSION$ARCH.vmdk.zip chr-$LATEST_VERSION$ARCH.vmdk
+        sudo zip chr-$LATEST_VERSION$ARCH.vhd.zip chr-$LATEST_VERSION$ARCH.vhd
+        sudo zip chr-$LATEST_VERSION$ARCH.vhdx.zip chr-$LATEST_VERSION$ARCH.vhdx
+        sudo zip chr-$LATEST_VERSION$ARCH.vdi.zip chr-$LATEST_VERSION$ARCH.vdi
+        sudo zip chr-$LATEST_VERSION$ARCH.img.zip chr-$LATEST_VERSION$ARCH.img
+
+        sudo rm *.qcow2
+        sudo rm *.vmdk
+        sudo rm *.vhd
+        sudo rm *.vhdx
+        sudo rm *.vdi
+        sudo rm *.img
+
+    - name: Upload artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: "RouterOS ${{ env.LATEST_VERSION }}"
+        path: |
+          mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}.iso
+          chr-${{ env.LATEST_VERSION }}*.zip
+          netinstall-${{ env.LATEST_VERSION }}.zip
+          install-image-${{ env.LATEST_VERSION }}.zip
+          routeros-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
+          option-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
+          all_packages-*-${{ env.LATEST_VERSION }}.zip
+
+    # - name: Upload Files
+    #   run: |
+    #     mkdir -p ./publish/$LATEST_VERSION
+    #     echo $LATEST_VERSION $BUILD_TIME > ./publish/NEWESTa7.${{ matrix.channel }}
+    #     cp CHANGELOG ./publish/$LATEST_VERSION/
+    #     cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
+    #     cp *.EFI ./publish/$LATEST_VERSION/
+    #     sudo apt-get install -y lftp > /dev/null 2>&1
+    #     sudo -E lftp -u ${{ secrets.SSH_USERNAME }},'${{ secrets.SSH_PASSWORD }}' sftp://${{ secrets.SSH_SERVER }}:${{ secrets.SSH_PORT }} <<EOF
+    #     set sftp:auto-confirm yes
+    #     mirror --reverse --verbose --only-newer ./publish ${{ secrets.SSH_DIRECTORY }}
+    #     bye
+    #     EOF
+
+    # - name: Delete Release tag ${{ env.LATEST_VERSION }}
+    #   run: |
+    #     HEADER="Authorization: token ${{ secrets.GITHUB_TOKEN }}"
+    #     RELEASE_INFO=$(curl -s -H $HEADER https://api.github.com/repos/${{ github.repository }}/releases/tags/$LATEST_VERSION)
+    #     RELEASE_ID=$(echo $RELEASE_INFO | jq -r '.id')
+    #     echo "Release ID: $RELEASE_ID"
+    #     if [ "$RELEASE_ID" != "null" ]; then
+    #         curl -X DELETE -H "$HEADER" https://api.github.com/repos/${{ github.repository }}/git/refs/tags/$LATEST_VERSION
+    #         echo "Tag $LATEST_VERSION deleted successfully."
+    #         curl -X DELETE -H "$HEADER" https://api.github.com/repos/${{ github.repository }}/releases/$RELEASE_ID
+    #         echo "Release with tag $LATEST_VERSION deleted successfully."
+    #     else
+    #         echo "Release not found for tag: $LATEST_VERSION)"
+    #     fi
+
+    # - name: Create Release tag ${{ env.LATEST_VERSION }}
+    #   uses: softprops/action-gh-release@v2
+    #   with:
+    #     name: "RouterOS ${{ env.LATEST_VERSION }}"
+    #     body_path: "CHANGELOG"
+    #     tag_name: ${{ env.LATEST_VERSION }}
+    #     make_latest:  ${{ matrix.channel == 'stable'}}
+    #     prerelease:  ${{ matrix.channel == 'testing' }}
+    #     files: |
+    #       mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}.iso
+    #       chr-${{ env.LATEST_VERSION }}*.zip
+    #       netinstall-${{ env.LATEST_VERSION }}.zip
+    #       install-image-${{ env.LATEST_VERSION }}.zip
+    #       routeros-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
+    #       option-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
+    #       all_packages-*-${{ env.LATEST_VERSION }}.zip
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 228f8b9..f3e6679 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,5 +2,4 @@ __pycache__/
 venv/
 keygen/
 app/
-test_*.py
-mikrotik*
\ No newline at end of file
+test_*.py
\ No newline at end of file
diff --git a/busybox/busybox_aarch64 b/busybox/busybox_aarch64
new file mode 100644
index 0000000..72cca47
Binary files /dev/null and b/busybox/busybox_aarch64 differ
diff --git a/busybox/busybox_x86_64 b/busybox/busybox_x86_64
index 91e5834..f72ded6 100644
Binary files a/busybox/busybox_x86_64 and b/busybox/busybox_x86_64 differ
diff --git a/patch.py b/patch.py
index 91febc2..21b8efc 100644
--- a/patch.py
+++ b/patch.py
@@ -72,6 +72,52 @@ def patch_squashfs(path,key_dict):
                         open(file,'wb').write(data)
 
 
+def patch_elf(data: bytes,key_dict:dict):
+    def find_7zXZ_data(data:bytes):
+        offset1 = 0
+        _data = data
+        while b'\xFD7zXZ\x00\x00\x01' in _data:
+            offset1 = offset1 + _data.index(b'\xFD7zXZ\x00\x00\x01') + 8
+            _data = _data[offset1:]
+        offset1 -= 8
+        offset2 = 0
+        _data = data
+        while b'\x00\x01\x59\x5A' in _data:
+            offset2 = offset2 + _data.index(b'\x00\x01\x59\x5A') + 4
+            _data = _data[offset2:]
+        offset2
+        return data[offset1:offset2] 
+
+    initrd_xz = find_7zXZ_data(data)
+    initrd = lzma.decompress(initrd_xz)
+    new_initrd = initrd  
+    for old_public_key,new_public_key in key_dict.items():
+        if old_public_key in new_initrd:
+            print(f'initramfs public key patched {old_public_key[:16].hex().upper()}...')
+            new_initrd = new_initrd.replace(old_public_key,new_public_key)
+    filters=[{"id": lzma.FILTER_LZMA2, "preset": 9,}] 
+    new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=filters)
+    assert len(new_initrd_xz) <= len(initrd_xz),'new initrd xz size is too big'
+    new_initrd_xz = new_initrd_xz.ljust(len(initrd_xz),b'\0')
+    new_data = data.replace(initrd_xz,new_initrd_xz)
+    return new_data
+
+def patch_kernel(data:bytes,key_dict):
+    assert data[:2] == b'MZ', 'not a valid pe file'
+    if data[:2] == b'MZ':
+        print('patching EFI Kernel')
+        if data[56:60] == b'ARM\x64':
+            print('patching arm64')
+            return patch_elf(data,key_dict)
+        else:
+            print('patching x86_64')
+            return patch_bzimage(data,key_dict)
+    elif data[:4] == b'\x7FELF':
+        print('patching ELF')
+        return patch_elf(data,key_dict)
+    else:
+        raise Exception('unknown kernel format')
+
 def patch_npk_file(key_dict,kcdsa_private_key,eddsa_private_key,input_file,output_file=None):
     npk = NovaPackage.load(input_file)    
     if npk[NpkPartID.NAME_INFO].data.name == 'system':
@@ -79,13 +125,10 @@ def patch_npk_file(key_dict,kcdsa_private_key,eddsa_private_key,input_file,outpu
         for item in file_container:
             if item.name == b'boot/EFI/BOOT/BOOTX64.EFI':
                 print(f'patch {item.name} ...')
-                item.data = patch_bzimage(item.data,key_dict)
-                open('linux','wb').write(item.data)
+                item.data = patch_kernel(item.data,key_dict)
             elif item.name == b'boot/kernel':
-                from netinstall import patch_elf
                 print(f'patch {item.name} ...')
-                item.data = patch_elf(item.data,key_dict)
-                open('linux','wb').write(item.data)
+                item.data = patch_kernel(item.data,key_dict)
        
         npk[NpkPartID.FILE_CONTAINER].data = file_container.serialize()
         try:
@@ -123,6 +166,9 @@ if __name__ == '__main__':
     npk_parser = subparsers.add_parser('npk',help='patch and sign npk file')
     npk_parser.add_argument('input',type=str, help='Input file')
     npk_parser.add_argument('-o','--output',type=str,help='Output file')
+    kernel_parser = subparsers.add_parser('kernel',help='patch kernel file')
+    kernel_parser.add_argument('input',type=str, help='Input file')
+    kernel_parser.add_argument('-o','--output',type=str,help='Output file')
     netinstall_parser = subparsers.add_parser('netinstall',help='patch netinstall file')
     netinstall_parser.add_argument('input',type=str, help='Input file')
     netinstall_parser.add_argument('-o','--output',type=str,help='Output file')
@@ -136,6 +182,10 @@ if __name__ == '__main__':
     if args.command =='npk':
         print(f'patching {args.input} ...')
         patch_npk_file(key_dict,kcdsa_private_key,eddsa_private_key,args.input,args.output)
+    elif args.command == 'kernel':
+        print(f'patching {args.input} ...')
+        data = patch_kernel(open(args.input,'rb').read(),key_dict)
+        open(args.output or args.input,'wb').write(data)
     elif args.command == 'netinstall':
         from netinstall import patch_netinstall
         print(f'patching {args.input} ...')