I'm looking in to modifying an A9LH CFW which lives in NAND (e.g. shadowNAND) to add a security feature before booting arm9loaderhax.bin from SD card. My intention here is to create an un-circumventable PIN lock. I'm looking at the source code for shadowNAND (and indeed the @delebile's arm9loaderhax implementation) and they both have two payload stages. The basic function of the first seems to be to jump to the second, so I'm unclear on the purpose of having both. Furthermore, I'm unsure which of the payloads I should modify to add the features I want. Any ideas would be gratefully received!