kexec uses a hijacked kernel module to direct to a different kernel placed on the SDcard. Sort of like how SS works, but a bit differently. All SS does is direct the kernel to a different image. Kexec needs a hijacked module to load an insecure kernel. While this sounds easy to implement, trust me it will most likely never happen with the note 3. The problem is that the note 3 doesn't have any modules. And don't ask about inserting them, because the kernel will not run them. They are completely disabled in this kernel. That property is set when the kernel is compiled, so with it being disabled, we cannot enable it, and we cannot hijack the modules, because they are completely disabled.