What about finding where the ROM itself is loaded into RAM and replacing it via a browser hack?It is more than certainly possible, but they use simple signing techniques. The files can be decrypted, but as far as I know they don't yet have a re-encryptor for it.