It seems 3DBrew isn't listing the exploit, despite presumably being the same one Neimod and Yellows8 found last year. 1. Which exact DS setting is vulnerable to the buffer overflow? EG: The nickname? Birthday? Favorite color? Etc... 2. The Loader.dat file, this is just compiled ARM 11, no? Is there a header? What exactly does it contain which disables real 3DS games from showing up and allows the Gateway card? Unless I'm missing something, it seems one could modify the exploit to run a ROM from the SD card rather than running the Loader.dat code to do whatever enables the Gateway card. Or alternately, change the Loader.dat code to run a ROM on the SD card.