Sure, NAND access. If you have a second, modded 3DS, sure, you can use DSiWarehax and use the otp.bin to shorten your steps. If you just have one 3DS, then you need a khax exploit, which were all patched in 11.2 (all known ones anyways). The only known exploit in 11.2 is a really bad userland hack that can takes weeks+ to run.
Hardmod you can extract your NAND. You still can't browse it without xorpads. So you'd still have to do the firm injection, write that image to your NAND, then continue from there. You can shorten steps by having your OTP.bin, but I don't think you can get around replacing firms if you're on 11.2.