Originally Posted by Keropon
I quote SifJar from the GBAtemp forums:
Obviously, this isn't an ideal situation as you are limited to using what is loaded in memory, and it's not very straight forward. So the best option would be to use ROP to execute a kernel exploit, disable the security system and thus allow executing code from anywhere in memory (or at least from somewhere you can influence from code). Then you can load code into memory and run it freely.
So, it's a step.
Sounds like a small step and anything useful is still very far away.