So I was thinking, if you were on 9.8 or something that wasn't exploitable, couldn't you possibly hex edit the sysNAND itself to be exploitable? You'd need a hard mod, and transfer the sysNAND image to the computer so you could manually edit it. Then once you're done making your changes, transfer it back to the 3DS and boom, it's now exploited. Like, for example, you could take a look at Pasta CFW, look at the offsets for it, then manually hex edit the sysNAND of 9.8. You wouldn't need any exploits since you're directly modifying the sysNAND anyway. Just find the code that checked for CIA signing or whatever, and patch that, then transfer it back... Would that be possible / easily feasible, given good knowledge of C/C++ and a basic understanding of operating systems and filesystem formats? Hopefully the sysNAND isn't encrypted or anything like that.