Read my post again. It doesn't break any signatures. Each individual file inside of the .CIA (there are usually SEVERAL) is signed by NUS. With a valid signature. Spoofing the version just spoofs the version on the header of the .CIA itself. The .CIA NEVER has a valid signature when 3DNUS creates it, spoofing or not, because nobody has the signing keys.
As I said, I've done the whitelist by myself with 3DNUS and spoofing and none of my consoles are bricked. And of course I did it to SYSNAND. There is zero point of doing it on EMUNAND because at that point, you've already been able to launch an exploit and playing DS games with the blue card simply will not work on emunand.
A CIA is a container for a bunch of signed data. Version numbers lie in the TMD and ticket, so modifying them will break signatures. The reason that DS whitelist breaking thing works is because the 3DS uses a fallback whitelist when it can't load the newer one from ctrnand.
Also there's only one TWL_FIRM for N3DS, and MSET doesn't break the ability to play DS and DSi stuff from emunand.