diff --git a/source/firm.c b/source/firm.c
index e13ad66..fa701bf 100755
--- a/source/firm.c
+++ b/source/firm.c
@@ -409,13 +409,20 @@ u32 patch1x2xNativeAndSafeFirm(bool enableExceptionHandlers)
 
 static __attribute__((noinline)) bool overlaps(u32 as, u32 ae, u32 bs, u32 be)
 {
-    if (as <= bs && bs <= ae)
+    if(as <= bs && bs <= ae)
         return true;
-    else if (bs <= as && as <= be)
+    if(bs <= as && as <= be)
         return true;
     return false;
 }
 
+static __attribute__((noinline)) bool inRange(u32 as, u32 ae, u32 bs, u32 be)
+{
+   if(as >= bs && ae <= be)
+        return true;
+   return false;
+}
+
 bool checkFirmPayload(void)
 {
     if(memcmp(firm->magic, "FIRM", 4) != 0 || firm->arm9Entry == NULL) //Allow for the ARM11 entrypoint to be zero in which case nothing is done on the ARM11 side
@@ -441,9 +448,11 @@ bool checkFirmPayload(void)
         if((section->offset < 0x200) ||
            (section->address + section->size < section->address) || //Overflow check
            ((u32)section->address & 3) || (section->offset & 0x1FF) || (section->size & 0x1FF) || //Alignment check
-           (overlaps((u32)section->address, (u32)section->address + section->size, 0x01FF8000, 0x01FF8000 + 0x8000)) ||
-           (overlaps((u32)section->address, (u32)section->address + section->size, 0x1FFFFC00, 0x20000000)) ||
-           (overlaps((u32)section->address, (u32)section->address + section->size, (u32)firm + section->offset, (u32)firm + size)))
+           (overlaps((u32)section->address, (u32)section->address + section->size, (u32)firm + section->offset, (u32)firm + size)) ||
+           ((!inRange((u32)section->address, (u32)section->address + section->size, 0x08000000, 0x08000000 + 0x00100000)) &&
+            (!inRange((u32)section->address, (u32)section->address + section->size, 0x18000000, 0x18000000 + 0x00600000)) &&
+            (!inRange((u32)section->address, (u32)section->address + section->size, 0x1FF00000, 0x1FFFFC00)) &&
+            (!inRange((u32)section->address, (u32)section->address + section->size, 0x20000000, 0x20000000 + 0x8000000))))
             return false;
 
         sha(hash, (u8 *)firm + section->offset, section->size, SHA_256_MODE);
diff --git a/source/start.s b/source/start.s
index 660c87c..528e970 100644
--- a/source/start.s
+++ b/source/start.s
@@ -58,11 +58,11 @@ _start:
 
     @ Set MPU permissions and cache settings
     ldr r0, =0xFFFF001D @ ffff0000 32k  | bootrom (unprotected part)
-    ldr r1, =0xFFF0001B @ fff00000 16k  | dtcm
+    ldr r1, =0xFFF0801B @ fff00000 16k  | dtcm
     ldr r2, =0x01FF801D @ 01ff8000 32k  | itcm
-    ldr r3, =0x08000029 @ 08000000 2M   | arm9 mem (O3DS / N3DS)
+    ldr r3, =0x08000027 @ 08000000 1M   | arm9 mem
     ldr r4, =0x10000029 @ 10000000 2M   | io mem (ARM9 / first 2MB)
-    ldr r5, =0x20000037 @ 20000000 256M | fcram (O3DS / N3DS)
+    ldr r5, =0x20000035 @ 20000000 128M | fcram
     ldr r6, =0x1FF00027 @ 1FF00000 1M   | dsp / axi wram
     ldr r7, =0x1800002D @ 18000000 8M   | vram (+ 2MB)
     mov r8, #0x29