I updated to 10.6 not knowing that it forces ironhax to update before launching, and expecting to have smashbroshax as a backup (I use my 3DS mainly at home so having a way to send beacons isn't an issue). I've used smashbroshax before and gotten it to work succesfully on 1.1.2, but I've since taken updates to Smash. I tried to remove the update data from the sd, but my game only goes back to 1.0.1 which doesn't have a corresponding pcap file.
However, looking through the code for smashbroshax (specifically generate_smashbrosrop_addrs.sh) it seems that you can take the code.bin from that version and use it to get some ROP addresses that it uses to build for specific versions. Is it possible to get that code.bin from just the eShop update data? If not, I'm pretty sure at least some cart versions are 1.0.1 and we could get a dump from there. If anyone has already tried this then feel free to let me know, but I didn't catch any evidence of it anywhere.
However, looking through the code for smashbroshax (specifically generate_smashbrosrop_addrs.sh) it seems that you can take the code.bin from that version and use it to get some ROP addresses that it uses to build for specific versions. Is it possible to get that code.bin from just the eShop update data? If not, I'm pretty sure at least some cart versions are 1.0.1 and we could get a dump from there. If anyone has already tried this then feel free to let me know, but I didn't catch any evidence of it anywhere.