Ok, I didn't know that, this seemed like an obvious thing to do, given that it's cleared by Kernel9, as you run code earlier, you can just read the actual OTP hash used in the decryption of the nand keystore.
Sure you didn't just look at 3dbrew recent changes?
--------------------- MERGED ---------------------------
Besides, that attack is far harder to pull off than downgrading to use the 2.X OTP flaw.