Isnt it possible to decrypt the nand and reencrypt it partitally and then spoof the nintendo server? If an uodate is downloaded from the server it isnt encrypted yet with console specefic keys, so it has to happen inside the 3ds right after it? ( just speculation, i need to check this for sure, but i dont have the abilities to do so now)