By privileged, I obviously mean those of us who use libkhax! I've made a few tools that can take advantage of bootstrap's kernel access. First is service-patch. This tool, as the name suggests, is able to patch services in two ways. First of all, it patches the currently-running homebrew to have full service access, without ninjhax limitations. It does this by patching the PID of Cubic Ninja to zero, and all PIDs below five have automatic full access to all services. The tool also provides infrastructure to patch the code of any currently-running process. If you tried to do this with the debug SVCs, the process would crash on execution of whatever code you patched, but service-patch queries the location of the code under the kernel addressing-mode, and patches the code by directly accessing the memory. The next tool is i2c. As its name suggests as well, the program is able to access the I2C registers. This can be neat especially for ARM9 homebrew developers (rxTools comes to mind), as you can do such things as querying the current battery level from I2C. Check 3DBrew for all currently-known I2C functions. NOTE: ALWAYS BE CAREFUL MESSING AROUND WITH I2C AND BE SURE OF WHAT YOU'RE DOING. DEVELOPERS HAVE BRICKED THEIR 3DS DOING THINGS AS SIMPLE AS MESSING WITH THE LED REGISTERS. There's also dump-kernelmem. This dumps the kernel memory. I'd also like to give a quick mention to the bootstrap branch of Decrypt9. This has existed for quite a while already, but it's apparently been undiscovered so far! To run Decrypt9 from bootstrap, compile Decrypt9, then replace the payload.bin in bootstrap with Decrypt9.bin (renamed, of course, to payload.bin). It even supports the N3DS! Have fun developing!