Ok, nobody helped me fast enough so I did everything manually. I now have a decrypted firm0/1 from when I tried the payloads here, and from a GW a9lh install.
There are 3 chunks of data that differ between the two. Keep in mind that these offsets are from examining just the 8,192KB (8,388,608 bytes) that make up the firm0 & Firm1 combined)
000f0760-000f0f64 (yes, it stops being different in the middle of a row)
006D0000-006d24F0
006d2800-006D4000
Edit: and I learned 2 things by looking at the stage2_2.bin from here.
1) I didn't even need to decrypt the firms
2) That particular payload isn't one of those 3 above. It starts at 002D0000.
I hope this is enough information, because I need to sleep. Or do I need to up those 3 sections somewhere for use (from my encrypted firm0/1, now that I know better)? But surely I can't link to them from here, can I?
Edit: The last bit is unimportant (I think). On the GW a9lh, it's zeroed out. It's not on my pre-GW dump.
Edit2: Here are the 2 sections that are different. Hope this helps. If it's not allowed, please have a mod edit the post as I am going to sleep for real now and won't be on tomorrow...
https://dl.dropboxusercontent.com/u/24345169/NewN3ds_GW_payloads.zip
@
liomajor