My A9LH payload 3DSafe has a built-in version of SafeA9LHInstaller. The problem I'm having is that this version only works when otp.bin is present on the SD card, even though I'm running from within A9LH. The official build of SafeA9LHInstaller can read the OTP from memory. The key part seems to be here: https://github.com/AuroraWright/SafeA9LHInstaller/blob/master/source/installer.c#L74 If I put some alerts throughout this function in my payload, I find that the OTP_FROM_MEM region is indeed equal to the array of zeros and, thus, empty. This occurs even if I check this very early on in the execution of the payload. I'm wondering whether it is to be expected in a stage2 payload for the OTP to be present in this region of memory yet, or whether it's only available after jumping to the payload on SD card for some reason. Thanks in advance!