Watch below the 32C3 keynote titled Breaking the 3DS with smea, derrek, plutoo. Interesting speech covering how they exploited each level of the 3DS operating system, starting with userspace, kernelspace, and finally to gain code-execution in the security processor using ROP and other techniques.
They start by presenting a summary of the security system of the 3DS from the ground up and they proceed to elaborately exploit each layer of the 3DS operating system, starting with userspace, kernelspace, and finally gain code-execution in the security processor.
They also present how they figured out a hardware secret built into the console, and an early break in the chain of trust.