There seems to be a page on wiki about such a diag tool. However please not count on someone would leak it. So sorry i forgot which title it has. It would do much things to your device, however it may not access anything that is too sensitive (ie, crypto, SoC). It may have many priveledges at least including scan chips that is outside the SoC (as your expression)..Even it has power to burn code into the SoC, it may only have the encrypted data (the repair center may hardly hold the decrypted one).
It may help debug, but now how to make the system think or just ignore the homebrew is legit IS a PROBLEM.
AES do against know-text attack, but modifying it may need the action inside the SoC...
Also it may remove itself from the memory or other (ie save) media. If there is only a signal or titleid it would not be too much help.
I have no experience in 3ds hacking now. these are JUST MY OPINION.
(even getting an encrypted one would be much work. and it may burn those downloaded - take a look at if your device is the latest firmware version - if not that means they used the one prepared - but bypass would let other device upgrade your system without alert. That is not a too serious situation - so they don't need to force the SoC to do without Homemenu.)
Well if you think that should be consider at once, talk to them on the IRC (check the address efnet.org and channel #3dsdev do please talk politely). Maybe there is one that too talented can find something out.
If I'm understanding you correctly (frankly, your English isn't great. Sorry :3) the title that the diag tool is run under is disguised as the System Settings. I'll go ahead and ask the devs on IRC, but I guess there's not much to do after reading what you've posted. Most, if not all, of the Nintendo staff aren't going to leak the tool, and it might even be encrypted like everything else 3DS. Even if I were to get the software, I doubt I would be able to do anything with it. The level of encryption is so high that I can't even view a save file in a game from the SD card. It wouldn't be on the SD card unless by mistake, but I doubt that. My games aren't even in the same folder T_T and there's no way of telling which is which. I was just thinking find a way to trick the system into thinking it's in diag mode or something, and then exploiting it from there. That's probably unlikely, though. aarg.
I've been trying to crack the 3DS's encryption for months. So far, I've only been able to scratch the surface. Any changes I make to anything render the part I changed (mainly save data) unusable. I'm so used to just waiting around for a hack to come for these systems, but now I know how hard it is to actually make successful hacks. I just hate, hate, HATE, NINTENDO, HOW YOU WON'T LET US DO WHAT WE WANT WITH THE SYSTEM WE BOUGHT. I just wish Satoru Iwata were reading these. He's an amazing man, but I think he needs to get his priorities straight, and I think it's customers before games, games before security, and security before updates. I'm even fine if they do what Sony did with the PS3, and make it so that the system can't be emulated, which blocks a lot of piracy. Seeing as you can't even modify the 3DS titles to work, yet, I don't get why we can't at least run homebrew. I'm even fine with updates to the systems that don't delete homebrew loaders or applications, except the ones that are used for illegal purposes.
Anyways, I have no lead on anything, but I feel like I'm so close to getting the encryption concept of the 3DS, even though it's supposedly random. If it really were random, the 3DS wouldn't be able to read the titles. I think there's a method to the madness, and that the best way to figure it out for now is to analyze the way the encryption is generated, and look for patterns. It'd be a lot easier if I could analyze the 3DS reading the files, but I'm pretty sure there's no way to do that. Streetpass would be the best place to start, though, since it requires no software invasion, just monitoring, and I'm sure that it uses similar, if not the exact same encryption techniques that disallow the emulation or simulation of Streetpass. Things I expect to be the same are the ID or serial number of the device, even if it's translated to some other form. Then I at least know something that helps, and the ultimate goal is probably to disable the random encryption process entirely. I might not be an official 3DBrew dev, but I'm still going to try my best to crack this thing for the 3DS owners that have been patiently waiting for an exploit to come out.