Right now I'm in the middle of arranging some tools that can be used to install and launch your totally legit, legal 3DS backups. The first thing that I absolutely cannot start anything without is the exploit used in the gateway website. I considered the possible methods of running the launcher.dat file from the website, and here's what I think so far: First, and most importantly, the website exploit does not use the DS profile at all, or even install the DS profile exploit, which means you have to use the website. Now that we know this, here's what I think is going on with the exploit itself... 1. The exploit is capable of running a launcher.dat file on the SD card, probably by a buffer exploit. However, it can't just run any valid launcher.dat file, it HAS to be the gateway launcher.dat file. 2. Gateway launcher.dat files are encrypted by gateway. If you try to run a homebrew launcher.dat file using the website exploit, the exploit will not work. This is because the exploit recognizes that the loader you are trying to execute is not a valid Gateway loader. This causes you to be kicked back to the home menu with no changes applied. So if it's encrypted, we can just emulate the encryption, right? Wrong! There are tools out there that can simulate the Gateway encryption on a launcher, but the exploit still won't launch the launcher from the SD card. This is probably due to filesize, but I'm not entirely sure. The exploit has some way of knowing that the loader you are trying to execute is not gateway-official, and prevents it from launching. Now, we also know that you can run ANY launcher using the ROP loader .nds file on a flash cart. However flashcarts are not always an option for people, or people prefer a softmod over buying a flashcart (like me). The ROP loader has a couple different loading options, one of which being able to load encrypted files, and the other being to load unencrypted files. The one on the web loads encrypted files only, which means that if you want to load a CFW, be it the original or Palantine, you can't do it. Now, my question is this: Is there currently a way to reverse the gateway go exploit to allow the execution of unsigned/homebrew launchers? Or, even better, is there another exploit that does not require the use of a flash cart? I'm on 4.x, of course. Answers are appreciated greatly.