I'm not up to date on how emuNANDs work, I assume it uses files from an external device and does read/write to it.
Based on how everything works, I'd say emuNAND has an IOSU exploit minimum, not only to access external devices, but also because otherwise I'm not sure how possible it would be to hook all processes up to it.
We'd need to do a lot more research to make it happen regardless.
So, the way it'd probably work is you plug in a big enough hard drive to put the NAND and eMMC data on, "reboot" everything clean which you should be able to do with an IOSU exploit, then redirect all calls to storage to the hard drive.
If they try to ban you, I'm not sure how exactly it works but it seems it's tied to your NNID and stored on the console, same as all other NNID data.
I'm also not sure how exactly the storage key stuff works so I'm not going to go in detail on that because I'm probably wrong.
Here's a little bit of info on the first stage of gateway's payload & take a look at their code http://yifan.lu/2015/01/10/reversing-gateway-ultra-first-stage-part-1/