Searching for titles through ncm database is not correct. You should use ns service to list app records.
Also, realloc in each curl callback is a fastest way to out of memory due to fragmentation.
There will be enough firmware signing key. Or RCM payload signing key. After that you can do whatever you want with console - it is ultimate software entry point:) And probability of brute forcing/stealing is higher that finding another exploit.