Hi guys! Introduction: Like many other people, I started my research on the last Gateway Ultra release, for my own curiosity on how the exploit works itself and to take a look at their code. It was not actually difficult to go a bit deep, and also thanks to yfan_lu for his great explanation. So i've seen he actually posted his method to run arm11 code, and I thought on this solution to make arm9 code execution possible. I thought that using some of the GW payloads and manipulate them a bit was an easy solution for that, becouse they coded their payloads to make the same code be loaded with different firmware versions, and this should not contain any illegal thing (i'm ready to remove everything if i'm wrong). So, what is this? It's a simple and basic homebrew template to compile homebrews that will run on the arm9 kernel, like the we've seen time ago, through the new Web Browser vulnerability; I look at this as an useful thing, tools like the Multi-Decryptor can be potentially ported. The code will run at 0x08000000, and it can load payloads up to 600kb, so the old 22kb size is not a problem anymore. The main difference is that this runs on the kernel, not on Process9, so actually all the FS functions should be broken at this rate, someone should write a good library to interact with the SD. I could test this only on a 4.X system, so i put it here to let you guys test then give me feedback on other firmware versions, then i'll update it and put the new download in the OP. And the same is for the framebuffers location, it's possible that they change too in different firmwares. Since Gateway probably added checks on the Launcher.dat, i suggest to use other methods to run the web exploit, i like this solution that's offered by an user here on GBAtemp : http://dukesrg.no-ip.org/3ds/go Download Here is the download, looking for grat works: Download Here! Enjoy!