Once you've figured out how to decrypt the FIRM, you can search for some same byte arrays and replace those, as rx does.I'll try to get it to work with that soon, although it's not as easy as just switching firm files, lol
Also you may need to get it into IDA. Well no legal ways to get official SDK, so those signatures for ida 6.6 (also.. eh pirated) is illegal.
Hope you good luck, And hope it would soon reach a stage that you could open-source it.