Certain network requests contain something called a "transferable_id", is this related at all?
Good luck faking https
(It's reasonably easy if you can install your custom certificate, at which point you have zero practical reasons to do a system transfer apart from moving your memeverse account)
My friend (whose GBATemp username is ariankordi, which I'll now say because he replied to this) was able to change certain system-specific values sent to Nintendo's account servers this way, maybe it could apply to other stuff too?
-start running Fiddler
-connect your 3DS to a Fiddler proxy
-find the domain of the server in RAM using NTR CFW; write this down somewhere
-change this domain to your computer's IP somewhere, so HTTPS requests are directly viewable in Fiddler
-have Fiddler use a customrules.js or something similar to change the values and send them back to Nintendo's servers, then pass them down to the system again
-???
-profit?
I wasn't able to do this (didn't have to, because I found part of the account data in RAM that I could manipulate, something that probably isn't possible here), but it's a concept, and someone talented could look into this if they wanted to.
It may require a certificate to work, and may also be tracked by console-specific things like certiificates or NAND IDs that are checked against the console, so I don't know if this'll work for transfers... but I'm sure someone in this scene has the time to look into this.