Let me say right of the bat that this is just a theory, and I know that theories have a bad reputation around here for being misguided and wrong. This may well apply to my theory as well, but I would like to know whether or not it does. I've been mulling it over for the past half hour, and I don't personally see any flaws. The eShop does not work on outdated firmwares, and EmuNAND cannot be updated past 9.5 on the New 3DS. As a result, making the eShop work within emuNAND on a New 3DS is impossible. How does the eShop know what firmware we're on? From what I understand, it looks at the version number of every installed system title, and checks to see if any of them are out of date. Updating only certain titles is not enough—all of them must be updated in order for the eShop to work. However, we can install titles with spoofed version numbers. Yes, this breaks signature checks, but we don't care about signature checks, because we're in emuNAND! Let's say that we're running emuNAND 9.0-E. We can use Yellows8's awesome System Update Reports to get a list of every title that has been updated between 9.0 and 9.6. We can then download the 9.0 versions of these titles, and create CIAs with modified version numbers, to make it look like they've been updated, even though they have not been. Afterwards, all of these CIAs can be installed to emuNAND. In theory, I don't see any reason why this shouldn't satisfy the eShop. I'm aware that there are simpler methods for making the eShop work on outdated firmwares, but none of them public. I am personally interested in this because it would make it much easier to fix the eShop on region-changed systems, although I know it would be useful for other reasons as well. ...would this work?