The thing about it is, even if you remove the check for Ironfall, it's still not that useful, because you'd need to run homebrew/code to do it in the first place, and if you can do that, then why bother fixing Ironfall? I mean yeah, it'd be a cool proof of concept, but still not that great. And since it's in the firmware itself, that'd require modifying it, which breaks signatures, and there's no realistically easy to use boot-time exploit that we have in our possession like the PSP had, where we boot right into permanent CFW (and again, if you had that, you wouldn't need Ironfall in the first place).
Well, yes and no. Technically anyone with Ironfall can use BrowserHax as well, but people opt to use Ironhax because it's more stable... BrowserHax only works like 1/4 of the times I try it. (Plus you don't need an Internet connection but that's minor - you do need one to set it up the first time so it's a moot point I suppose)
Anyway - I have emuNAND set up so my main system is still on 9.2 but my emuNAND is fully updated. Sometimes I need -hax to access certain things, like dumping extdata without needing SaveDataFiler. When you load emuNAND you're already patching stuff every time you load it up, so if you're able to fix the update blacklist with kernel access, it might stay that way.
I'm also thinking of the "Flash cart timewarp" thing that cearp made a while back, same idea.