I do want to second the idea of keeping the payload on the boot partition. The boot partition is normally not to be used, but it's not going to hurt anything if it is. Mostly it just generally isn't user account accessible once mounted for security reasons and of course the amount of free space on it is pitiful (but a payload is a matter of less than a couple hundred kilobytes versus more than 20MB free with this current setup, so a payload won't even make a noticeable difference.) Not all RPi models have built-in WiFi anyway (the cheaper RPi Zero might make the most sense for this particular setup anyway,) and even then it's a pain to configure networking on a headless device (basically you must connect it to a screen once anyway and you have to know what to run and everything. But IMO there's no real reason this particular thing shouldn't more or less just work "out of the box" for most. Eg it should be able to basically work for anyone.) I already edited the modchip.sh on mine to point to /boot/payload.bin and as far as I can tell it works just fine (I've tested a few times and it seems ok so far at least.) IMO this is simpler and cleaner than networking anyway and thus basically all networking stuff could be disabled (and DHCP at least does seem to have a delay to it even if nothing else does, but also that would mean less stuff would be going on, less memory used, etc etc, which may be beneficial in such a minimal setup.)
BTW, I have had filesystem damage on a RPi before from power losses. Actually it has happened to me several times and this last time I decided just to actually image the flash drive to a backup file so I could just restore it if it happened again. Basically I have one in another room just acting as a dedicated server to do various things including sharing an external drive across the network. I really want to bring up the idea of going to a read-only design. You can surely get ideas from Knoppix and the much simpler Finnix Linux live rescue systems that are built to run from an optical disc (and thus boot from a read-only filesystem.) They use some form of RAM filesystem overlay (eg like a "ramdrive" in DOS/Windows) so logs and such can write but the entire core is entirely read-only. (Knoppix is kind of commercial, so I don't know if they are as open as they should be, but Finnix was always free and open, plus it's smaller and simpler with the original design intended to fit on those card-shaped CDRs, so it is probably a better one to look at.) This is not a gaming setup or anything like that, so you can even take more RAM from the GPU to dedicated to system use (I think the default is something like 32MiB to the GPU? We probably only need something like 8 just for plugging it into a screen with normal resolutions and it only doing text.) Alternately, if it's simpler, perhaps just more partitions with core system files on a read-only filesystem and stuff that needs writing symlinking (or hardlinking if it's strictly necessary, but surely not) to a separate read/write partition. Not much should really be needed as most things that do writing can be disabled or outright removed. In fact, I imagine the greater majority of writing going on normally is just in the logs? I won't lie -- I've never done anything like trying to make a Linux system's core read-only, so I'm not sure what all needs to be accommodated, but I know a lot of people have done this, so the work is already done and the info is out there. (And honestly I think that much is beyond me. I can do a little bit in Linux, but not something like that. Otherwise I'd go ahead and just share my work here.)
Linux and its modern journalizing filesystems are great at handling power failures in general, but there are limits on what even those things can do and if it's being shut off in the middle of operations often enough that could do it. I wouldn't count on it to be 100% guaranteed to remain intact.
Alternately, perhaps it could automatically do a system shutdown after a successful payload delivery? You'd have to power cycle to use it again so this could be a bit bothersome to some, but it would be ready for power loss within mere seconds after being used rather than technically never. In most cases you only want to deliver a payload once every so often anyway (even if you do it again it would usually be long enough to reboot.) You'd still need to wait just a bit before cutting the power supply to be safe, but overall it would be a lot safer.
Oh, I'd like to second this idea too. We don't need a fully featured OS here after all. And generally you want to keep it off except when you're using it. Boot time as it is right now is positively horrendous. I'm thinking of figuring out how to add a LED to indicate when it's ready or something as things stand right now... But then right now it's a full fledged OS rather than a specialized setup (and what we're doing here is just about as specialized as it gets. Frankly I'm actually more surprised I couldn't find a ton of people doing this with an Arduino type device as it doesn't even need an OS to do all this. (I saw the tinker thing, but it's meant to go inside with some major soldering and is as "test phase" as it gets... There's no technical reason someone couldn't rig up something with one of the many Arduino-style devices out there with USB, but unfortunately that sort of coding is far beyond my ability.)
EDIT: Ok, I said all that about being unable to do it myself and... Well, ok, I wasn't wrong. But anyway, I did google up a lot of various guides and did what I could. I removed a bunch of stuff (honestly a heck of a lot more can go, but I don't know enough to tell what.) I did what I could to make it read-only too. I definitely didn't do it right, but, well, the system runs and it sends the payload, so whatever I guess. It looks like I completely broke systemd, so I'm not sure why it does work, lol. Regardless, it now boots up very very fast. I also found out how to control the activity LED, so I put a command to blink it at a specific rate once modchip.sh begins running to indicate that it is "ready" -- however, it seems it will still be a few seconds after this point before the payload actually gets delivered, so it's apparently running too soon (guess I could have added a sleep to the start of the script of approximately the right time, but oh well. Adding a sleep 4 before the loop in the /usr/bin/blinkact I threw together seemed to time it almost exactly right.) This way it could somehow indicate readiness without actually soldering in an LED or anything like that. I also edited modchip.sh to point to /boot/payload.bin instead with no ill effects. All networking stuff is gone and basically broken at this point, so with this setup you have to do it that way, but it's quick and easy IMO. And to make things worse, for some reason I absolutely could not shrink the filesystem. I have no clue why. (Resize2fs would keep insisting it was already the minimum size and apparently gparted and everything else use resize2fs...) I told resize2fs to force a resize and it still works, but this doesn't fix the partition table (I'm not quite sure how to do that.) So anyway, it won't actually fit on a 2GB card, but if written until it breaks I think it should actually be fine (all actual data should be physically before 1.3GB or so.) Anyway, all this mess aside, it functions and that is good enough for now I guess.
I'll go ahead and share it here. I'm afraid I can't link to the guides or say exactly what all I did because it was a long process googling all sorts of things and a bunch of sites. Anyway, anyone is welcome to do whatever they want with this including deleting it and starting over from scratch:
https://www43.zippyshare.com/v/lZ27NP34/file.html
I'm actually considering rigging up something a little more permanent myself which would mean no hub. The idea I have in mind is to stuff a RPi Zero into a simple box with a really simple power supply (probably a really small battery -- maybe even something for a drone) and glue a type-c connector on one end so it can be just plugged in as needed kind of like how I presume the SX "modchip" works. The other end of the connector's very short cable would just be soldered into the USB port for maximum simplicity. So I'd like to ask for more specifics. First, is that actually on the +5V output as this implies, and second, how big of a resistor is needed? Namely, is a 1/4 watt enough or does it have to be better than that? (Some people might even want to use SMD, but I'm keeping this simple and where it can be undone later if something like perhaps ReBug's internal thing works out and I eventually change over to something like that.) It seems my current hub doesn't prevent the reboot causing surge anyway.