Hmmm, I´m not a hacker, but my thinking is that the software first must talk the the 3DS-system, use an expolit and THAN run the actual code. So that the 3DS understand what the card (game) what´s to do the software must talk to the system in the system´s language and must use it´s encryption.
The Crown3DS-Code isn´t sign by Nintendo, so they MUST use an expolit. I can´t see any way else. The only way it, that they found the keys and can sign the code self, but if this is so, the card would be released.