diff --git a/loader/linker.ld b/loader/linker.ld
index 38691c6..87f8b2b 100644
--- a/loader/linker.ld
+++ b/loader/linker.ld
@@ -1,7 +1,7 @@
 ENTRY(_start)
 SECTIONS
 {
-    . = 0x80F0000;
+    . = 0x1FF8000;
     .text.start : { *(.text.start) }
     .text : { *(.text) }
     .data : { *(.data) }
diff --git a/loader/source/cache.h b/loader/source/cache.h
deleted file mode 100644
index 8f80b43..0000000
--- a/loader/source/cache.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
-*   This file is part of Luma3DS
-*   Copyright (C) 2016 Aurora Wright, TuxSH
-*
-*   This program is free software: you can redistribute it and/or modify
-*   it under the terms of the GNU General Public License as published by
-*   the Free Software Foundation, either version 3 of the License, or
-*   (at your option) any later version.
-*
-*   This program is distributed in the hope that it will be useful,
-*   but WITHOUT ANY WARRANTY; without even the implied warranty of
-*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-*   GNU General Public License for more details.
-*
-*   You should have received a copy of the GNU General Public License
-*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*
-*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
-*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
-*   Notices displayed by works containing it.
-*/
-
-#pragma once
-
-#include "types.h"
-
-void flushCaches(void);
\ No newline at end of file
diff --git a/loader/source/cache.s b/loader/source/cache.s
deleted file mode 100644
index b2a8319..0000000
--- a/loader/source/cache.s
+++ /dev/null
@@ -1,54 +0,0 @@
-@   This file is part of Luma3DS
-@   Copyright (C) 2016 Aurora Wright, TuxSH
-@
-@   This program is free software: you can redistribute it and/or modify
-@   it under the terms of the GNU General Public License as published by
-@   the Free Software Foundation, either version 3 of the License, or
-@   (at your option) any later version.
-@
-@   This program is distributed in the hope that it will be useful,
-@   but WITHOUT ANY WARRANTY; without even the implied warranty of
-@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-@   GNU General Public License for more details.
-@
-@   You should have received a copy of the GNU General Public License
-@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-@
-@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
-@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
-@   Notices displayed by works containing it.
-
-.text
-.arm
-.align 4
-
-.global flushCaches
-.type flushCaches, %function
-flushCaches:
-    @ Clean and flush data cache
-    @ Adpated from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0155a/ch03s03s05.html ,
-    @ and https://github.com/gemarcano/libctr9_io/blob/master/src/ctr_system_ARM.c#L39 as well
-    @ Note: ARM's example is actually for a 8KB DCache (which is what the 3DS has)
-    @ Implemented in bootROM at address 0xffff0830
-
-    mov r1, #0                          @ segment counter
-    outer_loop:
-        mov r0, #0                      @ line counter
-
-        inner_loop:
-            orr r2, r1, r0                  @ generate segment and line address
-            mcr p15, 0, r2, c7, c14, 2      @ clean and flush the line
-            add r0, #0x20                   @ increment to next line
-            cmp r0, #0x400
-            bne inner_loop
-
-        add r1, #0x40000000
-        cmp r1, #0
-        bne outer_loop
-
-    mcr p15, 0, r1, c7, c10, 4              @ drain write buffer
-
-    @ Flush instruction cache
-    mcr p15, 0, r1, c7, c5, 0
-
-    bx lr
diff --git a/loader/source/main.c b/loader/source/main.c
index 6c0b9a7..675b4aa 100644
--- a/loader/source/main.c
+++ b/loader/source/main.c
@@ -20,7 +20,6 @@
 *   Notices displayed by works containing it.
 */
 
-#include "cache.h"
 #include "memory.h"
 #include "../build/bundled.h"
 
@@ -42,12 +41,12 @@ void main(void)
 {
     ownArm11();
 
-    vu32 *magic = (vu32 *)0x25000000;
-    magic[0] = 0xABADCAFE;
-    magic[1] = 0xDEADCAFE;
+    vu32 *payloadAddress = (vu32 *)0x23F00000;
+    payloadAddress[1] = 0xDEADCAFE;
 
     //Ensure that all memory transfers have completed and that the caches have been flushed
-    flushCaches();
+    ((void (*)())0xFFFF0830)();
+    ((void (*)())0xFFFF0AB4)();
 
-    ((void (*)())0x23F00000)();
+    ((void (*)())payloadAddress)();
 }
\ No newline at end of file
diff --git a/loader/source/start.s b/loader/source/start.s
index 8b08656..45f806d 100644
--- a/loader/source/start.s
+++ b/loader/source/start.s
@@ -39,9 +39,6 @@ _start:
     bic r0, #(1<<0)            @ - mpu disable
     mcr p15, 0, r0, c1, c0, 0  @ write control register
 
-    @ Flush caches
-    bl flushCaches
-
     @ Give read/write access to all the memory regions
     ldr r0, =0x3333333
     mcr p15, 0, r0, c5, c0, 2 @ write data access
@@ -69,10 +66,14 @@ _start:
     mcr p15, 0, r8, c2, c0, 0   @ Data cacheable 0, 2, 4
     mcr p15, 0, r8, c2, c0, 1   @ Inst cacheable 0, 2, 4
 
-    @ Enable caches / MPU / ITCM
+    @ Flush caches
+    ldr r0, =0xFFFF0830
+    blx r0
+    ldr r0, =0xFFFF0AB4
+    blx r0
+
+    @ Enable caches / MPU
     mrc p15, 0, r0, c1, c0, 0  @ read control register
-    orr r0, r0, #(1<<18)       @ - ITCM enable
-    orr r0, r0, #(1<<13)       @ - alternate exception vectors enable
     orr r0, r0, #(1<<12)       @ - instruction cache enable
     orr r0, r0, #(1<<2)        @ - data cache enable
     orr r0, r0, #(1<<0)        @ - mpu enable
diff --git a/source/installer.c b/source/installer.c
index a5fbca5..08cb4cf 100755
--- a/source/installer.c
+++ b/source/installer.c
@@ -50,8 +50,7 @@ u32 posY;
 
 void main(void)
 {
-    vu32 *magic = (vu32 *)0x25000000;
-    bool isOtpless = ISA9LH && magic[0] == 0xABADCAFE && magic[1] == 0xDEADCAFE;
+    bool isOtpless = ISA9LH && magic == 0xDEADCAFE;
 
     initScreens();
 
@@ -71,7 +70,6 @@ void main(void)
     }
     else
     {
-        magic[0] = magic[1] = 0;
         posY = drawString("Finalizing install...", 10, posY + SPACING_Y, COLOR_WHITE);
         pressed = 0;
     }
@@ -258,8 +256,10 @@ static inline void installer(bool isOtpless)
 
     if(!ISA9LH && ISN3DS)
     {
-        *(vu32 *)0x80FD0FC = 0xEAFFCBBF; //B 0x80F0000
-        memcpy((void *)0x80F0000, loader_bin, loader_bin_size);
+        const u8 ldrAndBranch[] = {0x00, 0x00, 0x9F, 0xE5, 0x10, 0xFF, 0x2F, 0xE1, 0x00, 0x80, 0xFF, 0x01};
+
+        memcpy((void *)0x80FD0FC, ldrAndBranch, sizeof(ldrAndBranch));
+        memcpy((void *)0x1FF8000, loader_bin, loader_bin_size);
 
         writeFirm((u8 *)FIRM0_100_OFFSET, false, FIRM0100_SIZE);
 
diff --git a/source/installer.h b/source/installer.h
index 37bfe7e..5f073a6 100644
--- a/source/installer.h
+++ b/source/installer.h
@@ -23,6 +23,7 @@
 #define MAX_STAGE1_SIZE   0x1E70
 #define MAX_STAGE2_SIZE   0x89A00
 
+extern u32 magic;
 extern const u8 key2s[5][AES_BLOCK_SIZE];
 
 static inline void installer(bool isOtpless);
diff --git a/source/start.s b/source/start.s
index d545d4d..c108bc6 100644
--- a/source/start.s
+++ b/source/start.s
@@ -24,6 +24,13 @@
 .align 4
 .global _start
 _start:
+    b start
+
+.global magic
+magic:
+    .word 0
+
+start:
     @ Disable interrupts
     mrs r0, cpsr
     orr r0, #0x1C0