Bear in mind that if there was a interrupted firm update, the plaintext firm attack method relies on knowing the exact plaintext of the existing firm.....if you crashed half way through flashing firm you wouldnt have the exact plaintext as it would obviously of not completely written so you would not really be able to do the plaintext attack unless you
A) know the exact offset it crashed at and can make your own plaintext bricked firm
B) already have your xorpads to write a new firm (which is essentially nearly as good as having a nand backup as long as you know roughly what you messed up)
C) you fancy spending weeks going through every possible offset hoping to by chance get licky and manage to build a corrupt firm that mayches exactly how your firm was corrupt
Basically, unless we get a way of generating the xorpad for a bricked console on a different console using an existing pre-exisitng dump of the unique info used to make the console specific nand encryprion, im not certain but i assume the nand encryption is derived in some way from the otp, in which case maybe one day a otp dump may be enough to generate xorpads for another console, but honestly idk how things go at bootup and if the values loaded by otp could be substituted for those from another console (or even if the otp has anything to do with nand encryption)
Tldr: - make a god damn nand backup already ffs :^)