The only thing 9.5 really patches on original 3DS consoles is patching on unreleased exploit used by yellows8 involving the Arm9 (he discovered it. Whether or not he was actually using it as his entry point is not known publicly). 9.5's new protections involve mostly the n3DS
Gateway's multirom menu had stopped working on 9.5 initially mostly due to accident and not by design. Something just happened to have changed enough in 9.5 that broke the multi-rom menu. If it was by design, it would have taken Gateway longer to release a fix for it. Judging by the fact they had a fix out less then 24 hours after the firmware patch went live, this tells me that it wasn't something Nintendo did to purposely bork Gateway. Usually the times when emunand fails to boot entirely after updating it to a new firmware version is the instances where Nintendo was attempting to block Gateway.
Currently it appears to be impossible to block emunand entirely on original 3DS hardware. n3DS uses additional encryption for Arm9 and that's where they had a chance at preventing emunand. But even then it seems they still failed at implementing it correctly given the statements made by yellows8, Smealum, and that other guy who's name I can't spell correctly and wont bother.
At this point, the Gateway team going out of business/dropping support for Gateway is the only end game for 3DS owners. As long as Gateway devs continue to work, original 3DS will remain exploitable for the foreseeable future. Things for the n3DS are a bit murky right now as it's still to early to tell. But things turning out the same for the n3DS as it was for the 3DS is a definite possibility.
Of coarse it's possible someone else might pick up the mantle of future Gateway updates once Gateway inevitably goes under. All flashcart companies eventually disappear, It's an inevitable fact of life in the world of piracy.
Given the nature of the 3DS scene as it stands now, I don't really see that as a likely outcome though. We can only hope Gateway will last as long as Nintendo's update support for the 3DS does.
Example being the DSi. 1.4.5 I think was the last update Nintendo ever pushed out for that console and it's pretty much a discontinued product from Nintendo's vantage point. It's only logical to assume the 3DS will reach this stage too. But I don't see that happening until well into their next generation console. Will Gateway as we know now still be around? Most likely not I'm afraid.
For those looking to reverse engineer Gateway's exploit. I would have to say it might be worth while looking into what purpose the Gateway cart actually serves in the exploit process. Most assume it's just a DRM device, and that is true. But that's just the end result. How that works is the important part. I would bet the bulk of their "patches" to memory/firmware during the exploit process is actually stored on the Gateway card and not in their loader. Their loader is basically just the front end for the device. Why else do major updates require updating the Gateway card?
To install their latest batch of system patches into the Gateway card of coarse!
Some things like classic mode emunand don't need the Gateway card and their launcher.dat contains everything needed for that. But as soon as you want to do something that requires patching encryption checks, the Gateway card comes into play.
Remember that the device's DRM isn't aimed solely at blocking clones. It's also designed to prevent people from booting Gateway mode without any flashcart at all (aka CFW as people call that), and the best way to protect against that is to put the most important parts of their exploit in the card it self.
Of coarse this means you'd have to actually buy/own a Gateway card before you can fully reverse engineer it. Given that the major devs in the 3DS scene are so devoted to "not supporting piracy", I can see why they never bothered.
