If it's as simple as that, you wouldn't happen to know the right offset from the beginning to the end, would you?
I'm not lying to you lol. I think this was in my post (or maybe I only posted for 4.x), but for 9.x, encrypted part 2 is at 0x0001A000 for 0x4000. Once you decrypt that, ARM11 usercode is at 0x1B90 of the decrypted portion (I have that memorized because of all the code replacing I had to do). To get it to run, just reverse the process.