I explained it somewhere, but I don't want to search -o-
All titles on WiiU have 3 folders :
/code/ <-- contains the executable, signed and verified.
/content/ <-- contains addtional files (settings, binary). unsigned, not verified
/meta/ <-- contains title info (game's title in every language, icon, background image when launching the title, etc.), unsigned, unchecked.
if you create a program, and replace it in /code/ you can't launch it without signature check function patched. for example, HBL channel has the "hbl homebrew" executed, it's not signed and need CFW to be launched.
Haxchi is a NDS modified game with some additional function added to it:
/code/ <-- contain the NDS emulator
/content/ <-- NDS's ROM.zip (the game binary loaded by the emulator)
/meta/ (pictures)
Haxchi doesn't replace the emulator, but the NDS's game's ROM.
It's exploiting a vulnerability in the (unedited, still good signed) emulator, by loading a corrupted ROM.zip it crashes and execute haxchi's code location in the ROM instead of playing the ROM original game.
if you install haxchi in a pirated (WUPinstalled) NDS game, content in /code/ is not good signed and need CFW to launch, so it can't be used by haxchi.
you need cfw to launch haxchi to patch the console's signature check that you already have; that's useless.
if you set this NDS game as autoboot (with CBHC), you can launch it only if it's good signed, or else the emulator won't launch, and the console won't boot.