diff --git a/dsrom/CBHC/Makefile b/dsrom/CBHC/Makefile
index 1d460f3..fbe0755 100644
--- a/dsrom/CBHC/Makefile
+++ b/dsrom/CBHC/Makefile
@@ -16,11 +16,16 @@ FIRMWARE = 550
 
 all: clean setup main
 
-$(CURDIR)/payload/arm_kernel_bin.h:  $(CURDIR)/payload/wupserver_bin.h $(CURDIR)/payload/arm_user_bin.h
+$(CURDIR)/payload/arm_kernel_bin.h:  $(CURDIR)/payload/titleprot_bin.h $(CURDIR)/payload/wupserver_bin.h $(CURDIR)/payload/arm_user_bin.h
 	@$(MAKE) --no-print-directory -C $(CURDIR)/arm_kernel -f  $(CURDIR)/arm_kernel/Makefile
 	@-mkdir -p $(CURDIR)/payload
 	@cp -p $(CURDIR)/arm_kernel/arm_kernel_bin.h $@
 
+$(CURDIR)/payload/titleprot_bin.h:
+	@$(MAKE) --no-print-directory -C $(CURDIR)/titleprot -f  $(CURDIR)/titleprot/Makefile
+	@-mkdir -p $(CURDIR)/payload
+	@cp -p $(CURDIR)/titleprot/titleprot_bin.h $@
+
 $(CURDIR)/payload/wupserver_bin.h:
 	@$(MAKE) --no-print-directory -C $(CURDIR)/../../wupserver -f  $(CURDIR)/../../wupserver/Makefile
 	@-mkdir -p $(CURDIR)/payload
@@ -46,5 +51,6 @@ clean:
 	rm -rf $(build) payload
 	rm -rf CBHC.elf CBHC.map
 	$(MAKE) --no-print-directory -C $(CURDIR)/arm_user -f  $(CURDIR)/arm_user/Makefile clean
-	@$(MAKE) --no-print-directory -C $(CURDIR)/../../wupserver -f  $(CURDIR)/../../wupserver/Makefile clean
+	$(MAKE) --no-print-directory -C $(CURDIR)/titleprot -f  $(CURDIR)/titleprot/Makefile clean
+	$(MAKE) --no-print-directory -C $(CURDIR)/../../wupserver -f  $(CURDIR)/../../wupserver/Makefile clean
 	$(MAKE) --no-print-directory -C $(CURDIR)/arm_kernel -f  $(CURDIR)/arm_kernel/Makefile clean
diff --git a/dsrom/CBHC/arm_kernel/source/wupserver.c b/dsrom/CBHC/arm_kernel/source/getbins.c
similarity index 50%
rename from dsrom/CBHC/arm_kernel/source/wupserver.c
rename to dsrom/CBHC/arm_kernel/source/getbins.c
index eb47efa..2e128b8 100644
--- a/dsrom/CBHC/arm_kernel/source/wupserver.c
+++ b/dsrom/CBHC/arm_kernel/source/getbins.c
@@ -1,5 +1,16 @@
+#include "../../payload/titleprot_bin.h"
 #include "../../payload/wupserver_bin.h"
 
+const unsigned char *get_titleprot_bin()
+{
+	return titleprot_bin;
+}
+
+unsigned int get_titleprot_bin_len()
+{
+	return titleprot_bin_len;
+}
+
 const unsigned char *get_wupserver_bin()
 {
 	return wupserver_bin;
diff --git a/dsrom/CBHC/arm_kernel/source/getbins.h b/dsrom/CBHC/arm_kernel/source/getbins.h
new file mode 100644
index 0000000..5587642
--- /dev/null
+++ b/dsrom/CBHC/arm_kernel/source/getbins.h
@@ -0,0 +1,17 @@
+
+#ifndef _GETBINS_H_
+#define _GETBINS_H_
+
+#define titleprot_addr 0x0510D984
+#define wupserver_addr 0x0510E570
+
+#define titleprot_phys (titleprot_addr - 0x05100000 + 0x13D80000)
+#define wupserver_phys (wupserver_addr - 0x05100000 + 0x13D80000)
+
+const unsigned char *get_titleprot_bin();
+unsigned int get_titleprot_bin_len();
+
+const unsigned char *get_wupserver_bin();
+unsigned int get_wupserver_bin_len();
+
+#endif
diff --git a/dsrom/CBHC/arm_kernel/source/main.c b/dsrom/CBHC/arm_kernel/source/main.c
index 7431844..d3422e8 100644
--- a/dsrom/CBHC/arm_kernel/source/main.c
+++ b/dsrom/CBHC/arm_kernel/source/main.c
@@ -3,7 +3,7 @@
 #include "reload.h"
 #include "elf_patcher.h"
 #include "../../payload/arm_user_bin.h"
-#include "wupserver.h"
+#include "getbins.h"
 static const char repairData_set_fault_behavior[] = {
 	0xE1,0x2F,0xFF,0x1E,0xE9,0x2D,0x40,0x30,0xE5,0x93,0x20,0x00,0xE1,0xA0,0x40,0x00,
 	0xE5,0x92,0x30,0x54,0xE1,0xA0,0x50,0x01,0xE3,0x53,0x00,0x01,0x0A,0x00,0x00,0x02,
@@ -43,7 +43,10 @@ static const char os_launch_hook[] = {
 
 static const char sd_path[] = "/vol/sdcard";
 
-#define wupserver_phys (0x0510E570 - 0x05100000 + 0x13D80000)
+#define LAUNCH_SYSMENU 0
+#define LAUNCH_HBL 1
+#define LAUNCH_MOCHA 2
+#define LAUNCH_CFW_IMG 3
 
 int _main()
 {
@@ -57,15 +60,18 @@ int _main()
 
 	unsigned int control_register = disable_mmu();
 
+	/* copy in ds vc title id to protect from moving/deleting */
+	kernel_memcpy((void*)(get_titleprot_bin()+get_titleprot_bin_len()-8), (void*)0x01E70108, 4);
+
+	/* get value CBHC used to boot up */
+	unsigned int launchmode = *(volatile u32*)0x01E7010C;
+
 	/* Save the request handle so we can reply later */
 	*(volatile u32*)0x01E10000 = *(volatile u32*)0x1016AD18;
 
 	/* Patch kernel_error_handler to BX LR immediately */
 	*(volatile u32*)0x08129A24 = 0xE12FFF1E;
 
-	/* apply IOS ELF launch hook (thanks dimok!) */
-	*(volatile u32*)0x0812A120 = ARM_BL(0x0812A120, kernel_launch_ios);
-
 	void * pset_fault_behavior = (void*)0x081298BC;
 	kernel_memcpy(pset_fault_behavior, (void*)repairData_set_fault_behavior, sizeof(repairData_set_fault_behavior));
 
@@ -79,61 +85,75 @@ int _main()
 	void * pUserBinDest = (void*)0x101312D0;
 	kernel_memcpy(pUserBinDest, (void*)pUserBinSource, sizeof(arm_user_bin));
 
-	// overwrite mcp_d_r code with wupserver
-	*(unsigned int*)(0x0510E56C - 0x05100000 + 0x13D80000) = 0x47700000; //bx lr
-	kernel_memcpy((void*)wupserver_phys, get_wupserver_bin(), get_wupserver_bin_len());
-	invalidate_dcache((u32)wupserver_phys, get_wupserver_bin_len());
-	invalidate_icache();
+	if(launchmode != LAUNCH_MOCHA)
+	{
+		// nop out memcmp hash checks
+		*(volatile u32*)(0x040017E0 - 0x04000000 + 0x08280000) = 0xE3A00000; // mov r0, #0
+		*(volatile u32*)(0x040019C4 - 0x04000000 + 0x08280000) = 0xE3A00000; // mov r0, #0
+		*(volatile u32*)(0x04001BB0 - 0x04000000 + 0x08280000) = 0xE3A00000; // mov r0, #0
+		*(volatile u32*)(0x04001D40 - 0x04000000 + 0x08280000) = 0xE3A00000; // mov r0, #0
 
-	// replace ioctl 0x62 code with jump to wupserver
-	*(unsigned int*)(0x05026BA8 - 0x05000000 + 0x081C0000) = 0x47780000; // bx pc
-	*(unsigned int*)(0x05026BAC - 0x05000000 + 0x081C0000) = 0xE59F1000; // ldr r1, [pc]
-	*(unsigned int*)(0x05026BB0 - 0x05000000 + 0x081C0000) = 0xE12FFF11; // bx r1
-	*(unsigned int*)(0x05026BB4 - 0x05000000 + 0x081C0000) = 0x0510E570; // wupserver code
+		// patch OS launch sig check
+		*(volatile u32*)(0x0500A818 - 0x05000000 + 0x081C0000) = 0x20002000; // mov r0, #0; mov r0, #0
 
-	// fix 10 minute timeout that crashes MCP after 10 minutes of booting
-	*(volatile u32*)(0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT
+		// patch MCP authentication check
+		*(volatile u32*)(0x05014CAC - 0x05000000 + 0x081C0000) = 0x20004770; // mov r0, #0; bx lr
 
-	// patch cached cert check
-	*(volatile u32*)(0x05054D6C - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, 0
-	*(volatile u32*)(0x05054D70 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
+		// fix 10 minute timeout that crashes MCP after 10 minutes of booting
+		*(volatile u32*)(0x05022474 - 0x05000000 + 0x081C0000) = 0xFFFFFFFF; // NEW_TIMEOUT
 
-	// patch cert verification
-	*(volatile u32*)(0x05052A90 - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, #0
-	*(volatile u32*)(0x05052A94 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
+		// replace ioctl 0x62 code with jump to wupserver
+		*(volatile u32*)(0x05026BA8 - 0x05000000 + 0x081C0000) = 0x47780000; // bx pc
+		*(volatile u32*)(0x05026BAC - 0x05000000 + 0x081C0000) = 0xE59F1000; // ldr r1, [pc]
+		*(volatile u32*)(0x05026BB0 - 0x05000000 + 0x081C0000) = 0xE12FFF11; // bx r1
+		*(volatile u32*)(0x05026BB4 - 0x05000000 + 0x081C0000) = wupserver_addr; // wupserver code
 
-	// patch MCP authentication check
-	*(volatile u32*)(0x05014CAC - 0x05000000 + 0x081C0000) = 0x20004770; // mov r0, #0; bx lr
+		// patch cert verification
+		*(volatile u32*)(0x05052A90 - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, #0
+		*(volatile u32*)(0x05052A94 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
 
-	// patch IOSC_VerifyPubkeySign to always succeed
-	*(volatile u32*)(0x05052C44 - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, #0
-	*(volatile u32*)(0x05052C48 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
+		// patch IOSC_VerifyPubkeySign to always succeed
+		*(volatile u32*)(0x05052C44 - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, #0
+		*(volatile u32*)(0x05052C48 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
 
-	// patch OS launch sig check
-	*(volatile u32*)(0x0500A818 - 0x05000000 + 0x081C0000) = 0x20002000; // mov r0, #0; mov r0, #0
+		// patch cached cert check
+		*(volatile u32*)(0x05054D6C - 0x05000000 + 0x081C0000) = 0xE3A00000; // mov r0, 0
+		*(volatile u32*)(0x05054D70 - 0x05000000 + 0x081C0000) = 0xE12FFF1E; // bx lr
 
-	// patch default title id
-	*(volatile u32*)(0x050B817C - 0x05074000 + 0x08234000) = *(volatile u32*)0x01E70100;
-	*(volatile u32*)(0x050B8180 - 0x05074000 + 0x08234000) = *(volatile u32*)0x01E70104;
+		// change system.xml to syshax.xml
+		*(volatile u32*)(0x050600F0 - 0x05060000 + 0x08220000) = 0x79736861; // ysha
+		*(volatile u32*)(0x050600F4 - 0x05060000 + 0x08220000) = 0x782E786D; // x.xm
 
-	// allow custom bootLogoTex and bootMovie.h264
-	*(volatile u32*)(0xE0030D68 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0
-	*(volatile u32*)(0xE0030D34 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0
+		*(volatile u32*)(0x05060114 - 0x05060000 + 0x08220000) = 0x79736861; // ysha
+		*(volatile u32*)(0x05060118 - 0x05060000 + 0x08220000) = 0x782E786D; // x.xm
 
-	// allow any region title launch
-	*(volatile u32*)(0xE0030498 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0
+		// jump to titleprot code (titleprot_addr+4)
+		*(volatile u32*)(0x05107F70 - 0x05100000 + 0x13D80000) = 0xF005FD0A; //bl (titleprot_addr+4)
+		// overwrite mcp_d_r code with titleprot
+		*(volatile u32*)titleprot_phys = 0x20004770; // mov r0, #0; bx lr
+		kernel_memcpy((void*)(titleprot_phys+4), get_titleprot_bin(), get_titleprot_bin_len());
+		invalidate_dcache((u32)(titleprot_phys+4), get_titleprot_bin_len());
+		invalidate_icache();
 
-	// force check USB storage on load
-	*(volatile u32*)(0xE012202C - 0xE0000000 + 0x12900000) = 0x00000001; // find USB flag
+		// overwrite mcp_d_r code with wupserver
+		*(volatile u32*)(0x0510E56C - 0x05100000 + 0x13D80000) = 0x47700000; //bx lr
+		kernel_memcpy((void*)wupserver_phys, get_wupserver_bin(), get_wupserver_bin_len());
+		invalidate_dcache((u32)wupserver_phys, get_wupserver_bin_len());
+		invalidate_icache();
 
-	// nop out memcmp hash checks
-	*(volatile u32*)(0x040017E0 - 0x04000000 + 0x08280000) = 0xE3A00000; // mov r0, #0
-	*(volatile u32*)(0x040019C4 - 0x04000000 + 0x08280000) = 0xE3A00000; // mov r0, #0
-	*(volatile u32*)(0x04001BB0 - 0x04000000 + 0x08280000) = 0xE3A00000; // mov r0, #0
-	*(volatile u32*)(0x04001D40 - 0x04000000 + 0x08280000) = 0xE3A00000; // mov r0, #0
+		// apply IOS ELF launch hook (thanks dimok!)
+		*(volatile u32*)0x0812A120 = ARM_BL(0x0812A120, kernel_launch_ios);
+
+		// allow any region title launch
+		*(volatile u32*)(0xE0030498 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0
+
+		// allow custom bootLogoTex and bootMovie.h264
+		*(volatile u32*)(0xE0030D68 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0
+		*(volatile u32*)(0xE0030D34 - 0xE0000000 + 0x12900000) = 0xE3A00000; // mov r0, #0
+	}
 
 	//custom fw.img reboot
-	if(*(volatile u32*)0x01E70120 == 1)
+	if(launchmode == LAUNCH_CFW_IMG)
 	{
 		int i;
 		for (i = 0; i < 32; i++)
@@ -148,12 +168,12 @@ int _main()
 			((char*)(0x05059938 - 0x05000000 + 0x081C0000))[i] = os_launch_hook[i];
 	}
 
-	// change system.xml to syshax.xml
-	*(volatile u32*)(0x050600F0 - 0x05060000 + 0x08220000) = 0x79736861; //ysha
-	*(volatile u32*)(0x050600F4 - 0x05060000 + 0x08220000) = 0x782E786D; //x.xm
+	// patch default title id to system menu
+	*(volatile u32*)(0x050B817C - 0x05074000 + 0x08234000) = *(volatile u32*)0x01E70100;
+	*(volatile u32*)(0x050B8180 - 0x05074000 + 0x08234000) = *(volatile u32*)0x01E70104;
 
-	*(volatile u32*)(0x05060114 - 0x05060000 + 0x08220000) = 0x79736861; //ysha
-	*(volatile u32*)(0x05060118 - 0x05060000 + 0x08220000) = 0x782E786D; //x.xm
+	// force check USB storage on load
+	*(volatile u32*)(0xE012202C - 0xE0000000 + 0x12900000) = 0x00000001; // find USB flag
 
 	*(volatile u32*)(0x1555500) = 0;
 
diff --git a/dsrom/CBHC/arm_kernel/source/reload.c b/dsrom/CBHC/arm_kernel/source/reload.c
index 22aa77b..5aff760 100644
--- a/dsrom/CBHC/arm_kernel/source/reload.c
+++ b/dsrom/CBHC/arm_kernel/source/reload.c
@@ -3,7 +3,7 @@
 #include "utils.h"
 #include "reload.h"
 #include "elf_patcher.h"
-#include "wupserver.h"
+#include "getbins.h"
 
 extern char __file_start, __file_end;
 
@@ -40,7 +40,7 @@ void kernel_launch_ios(u32 launch_address, u32 L, u32 C, u32 H)
 		section_write_word(ios_elf_start, 0x05026BA8, 0x47780000); // bx pc
 		section_write_word(ios_elf_start, 0x05026BAC, 0xE59F1000); // ldr r1, [pc]
 		section_write_word(ios_elf_start, 0x05026BB0, 0xE12FFF11); // bx r1
-		section_write_word(ios_elf_start, 0x05026BB4, 0x0510E570); // wupserver code
+		section_write_word(ios_elf_start, 0x05026BB4, wupserver_addr); // wupserver code
 
 		// patch cert verification
 		section_write_word(ios_elf_start, 0x05052A90, 0xE3A00000); // mov r0, #0
@@ -55,15 +55,21 @@ void kernel_launch_ios(u32 launch_address, u32 L, u32 C, u32 H)
 		section_write_word(ios_elf_start, 0x05054D70, 0xE12FFF1E); // bx lr
 
 		// change system.xml to syshax.xml
-		section_write_word(ios_elf_start, 0x050600F0, 0x79736861); //ysha
-		section_write_word(ios_elf_start, 0x050600F4, 0x782E786D); //x.xm
+		section_write_word(ios_elf_start, 0x050600F0, 0x79736861); // ysha
+		section_write_word(ios_elf_start, 0x050600F4, 0x782E786D); // x.xm
 
-		section_write_word(ios_elf_start, 0x05060114, 0x79736861); //ysha
-		section_write_word(ios_elf_start, 0x05060118, 0x782E786D); //x.xm
+		section_write_word(ios_elf_start, 0x05060114, 0x79736861); // ysha
+		section_write_word(ios_elf_start, 0x05060118, 0x782E786D); // x.xm
+
+		// jump to titleprot code (titleprot_addr+4)
+		section_write_word(ios_elf_start, 0x05107F70, 0xF005FD0A); //bl (titleprot_addr+4)
+		// overwrite mcp_d_r code with titleprot
+		section_write_word(ios_elf_start, titleprot_addr, 0x20004770); // mov r0, #0; bx lr
+		section_write(ios_elf_start, titleprot_addr+4, get_titleprot_bin(), get_titleprot_bin_len());
 
 		// overwrite mcp_d_r code with wupserver
-		section_write_word(ios_elf_start, 0x0510E56C, 0x47700000); //bx lr
-		section_write(ios_elf_start, 0x0510E570, get_wupserver_bin(), get_wupserver_bin_len());
+		section_write_word(ios_elf_start, 0x0510E56C, 0x47700000); // bx lr
+		section_write(ios_elf_start, wupserver_addr, get_wupserver_bin(), get_wupserver_bin_len());
 
 		// apply IOS ELF launch hook (thanks dimok!)
 		section_write_word(ios_elf_start, 0x0812A120, ARM_BL(0x0812A120, kernel_launch_ios));
diff --git a/dsrom/CBHC/arm_kernel/source/wupserver.h b/dsrom/CBHC/arm_kernel/source/wupserver.h
deleted file mode 100644
index a456229..0000000
--- a/dsrom/CBHC/arm_kernel/source/wupserver.h
+++ /dev/null
@@ -1,8 +0,0 @@
-
-#ifndef _WUPSERVER_H_
-#define _WUPSERVER_H_
-
-const unsigned char *get_wupserver_bin();
-unsigned int get_wupserver_bin_len();
-
-#endif
diff --git a/dsrom/CBHC/main.c b/dsrom/CBHC/main.c
index 460b21b..43d97ae 100644
--- a/dsrom/CBHC/main.c
+++ b/dsrom/CBHC/main.c
@@ -38,7 +38,7 @@ static unsigned int getButtonsDown(unsigned int padscore_handle, unsigned int vp
 #define SD_HBL_PATH "/vol/external01/wiiu/apps/homebrew_launcher/homebrew_launcher.elf"
 #define SD_MOCHA_PATH "/vol/external01/wiiu/apps/mocha/mocha.elf"
 
-static const char *verChar = "CBHC v1.3 by FIX94";
+static const char *verChar = "CBHC v1.4 by FIX94";
 
 #define DEFAULT_DISABLED 0
 #define DEFAULT_SYSMENU 1
@@ -230,6 +230,13 @@ uint32_t __main(void)
 	OSScreenSetBufferEx(1, (void*)(0xF4000000 + screen_buf0_size));
 	OSScreenEnable(1);
 
+	unsigned long long(*OSGetTitleID)();
+	OSDynLoad_FindExport(coreinit_handle, 0, "OSGetTitleID", &OSGetTitleID);
+	unsigned int dsvcid = (unsigned int)(OSGetTitleID(0) & 0xFFFFFFFF);
+
+	char verInfStr[64];
+	__os_snprintf(verInfStr,64,"%s (DS Title %08X)", verChar, dsvcid);
+
 	unsigned int padscore_handle;
 	OSDynLoad_Acquire("padscore.rpl", &padscore_handle);
 
@@ -265,7 +272,7 @@ uint32_t __main(void)
 		goto cbhc_menu;
 
 	OSScreenClearBuffer(0);
-	OSScreenPutFont(0, 0, verChar);
+	OSScreenPutFont(0, 0, verInfStr);
 	OSScreenPutFont(0, 1, "Autobooting...");
 	OSScreenFlipBuffers();
 
@@ -291,7 +298,7 @@ uint32_t __main(void)
 		goto doIOSUexploit;
 
 	OSScreenClearBuffer(0);
-	OSScreenPutFont(0, 0, verChar);
+	OSScreenPutFont(0, 0, verInfStr);
 	OSScreenPutFont(0, 1, "Entering Menu...");
 	OSScreenFlipBuffers();
 	waitCnt = 30;
@@ -365,8 +372,7 @@ cbhc_menu:	;
 		if(redraw)
 		{
 			OSScreenClearBuffer(0);
-			OSScreenPutFont(0, 0, verChar);
-
+			OSScreenPutFont(0, 0, verInfStr);
 			char printStr[64];
 			__os_snprintf(printStr,64,"%c Boot System Menu", 0 == PosX ? '>' : ' ');
 			OSScreenPutFont(0, 1, printStr);
@@ -408,8 +414,9 @@ doIOSUexploit:
 	OSScreenFlipBuffers();
 
 	memcpy((void*)0xF5E70100, &sysmenu, 8);
-	*(volatile unsigned int*)0xF5E70120 = (launchmode == LAUNCH_CFW_IMG);
-	DCStoreRange((void*)0xF5E70100, 0x40);
+	*(volatile unsigned int*)0xF5E70108 = dsvcid;
+	*(volatile unsigned int*)0xF5E7010C = launchmode;
+	DCStoreRange((void*)0xF5E70100, 0x20);
 
 	int (*OSForceFullRelaunch)(void);
 	OSDynLoad_FindExport(coreinit_handle, 0, "OSForceFullRelaunch", &OSForceFullRelaunch);
diff --git a/dsrom/CBHC/titleprot/Makefile b/dsrom/CBHC/titleprot/Makefile
new file mode 100644
index 0000000..78d3ea0
--- /dev/null
+++ b/dsrom/CBHC/titleprot/Makefile
@@ -0,0 +1,76 @@
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+ifeq ($(filter $(DEVKITARM)/bin,$(PATH)),)
+export PATH:=$(DEVKITARM)/bin:$(PATH)
+endif
+
+CC = arm-none-eabi-gcc
+# LINK = arm-none-eabi-gcc
+LINK = arm-none-eabi-ld
+AS = arm-none-eabi-as
+OBJCOPY = arm-none-eabi-objcopy
+CFLAGS += -Wall -mbig-endian -std=c99 -mcpu=arm926ej-s -Os -s -mthumb -I$(DEVKITPRO)/libnds/include
+LDFLAGS += --script=ccd00.ld -EB -L"$(DEVKITARM)/arm-none-eabi/lib"
+
+CFILES = $(wildcard source/*.c)
+BINFILES = $(wildcard data/*.*)
+OFILES = $(CFILES:source/%.c=build/%.o)
+DFILES = $(CFILES:source/%.c=build/%.d)
+SFILES = $(wildcard source/*.s)
+OFILES += $(SFILES:source/%.s=build/%.o)
+OFILES += $(BINFILES:data/%=build/%.o)
+PROJECTNAME = ${shell basename "$(CURDIR)"}
+CWD = "$(CURDIR)""
+
+#---------------------------------------------------------------------------------
+# canned command sequence for binary data, taken from devkitARM
+#---------------------------------------------------------------------------------
+define bin2o
+	bin2s $< | $(AS) -o $(@)
+	echo "extern const u8" `(echo $(<F) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"_end[];" > source/`(echo $(<F) | tr . _)`.h
+	echo "extern const u8" `(echo $(<F) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"[];" >> source/`(echo $(<F) | tr . _)`.h
+	echo "extern const u32" `(echo $(<F) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`_size";" >> source/`(echo $(<F) | tr . _)`.h
+endef
+
+.PHONY:=all dirs
+
+all: dirs $(PROJECTNAME).bin $(PROJECTNAME)_bin.h
+
+dirs:
+	@mkdir -p build
+
+$(PROJECTNAME).bin: $(PROJECTNAME).elf
+#	$(OBJCOPY) -O binary $< $@
+	$(OBJCOPY) -j .text -j .rodata -O binary $< $@
+
+$(PROJECTNAME)_bin.h: $(PROJECTNAME).bin
+	xxd -i $< | sed "s/unsigned/static const unsigned/g;s/$(PROJECTNAME)$*/$(PROJECTNAME)/g" > $@
+
+$(PROJECTNAME).elf: $(OFILES)
+	$(LINK) $(LDFLAGS) -o $(PROJECTNAME).elf $(sort $(filter-out build/crt0.o, $(OFILES)))
+
+clean:
+	@rm -f build/*.o build/*.d
+	@rmdir build 2>/nul; true
+	@rm -f $(PROJECTNAME).elf $(PROJECTNAME).bin $(PROJECTNAME)_bin.h
+	@echo "all cleaned up !"
+
+-include $(DFILES)
+
+build/%.o: source/%.c
+	$(CC) $(CFLAGS) -c $< -o $@
+	@$(CC) -MM $< > build/$*.d
+
+build/%.o: source/%.s
+	$(CC) $(CFLAGS) -xassembler-with-cpp -c $< -o $@
+	@$(CC) -MM $< > build/$*.d
+
+build/%.bin.o: data/%.bin
+	@echo $(notdir $<)
+	@$(bin2o)
+
+build/%.tga.o: data/%.tga
+	@echo $(notdir $<)
+	@$(bin2o)
diff --git a/dsrom/CBHC/titleprot/ccd00.ld b/dsrom/CBHC/titleprot/ccd00.ld
new file mode 100644
index 0000000..aacaae3
--- /dev/null
+++ b/dsrom/CBHC/titleprot/ccd00.ld
@@ -0,0 +1,16 @@
+OUTPUT_ARCH(arm)
+
+MEMORY
+{
+	RAMX (rx) : ORIGIN = 0x0510D988, LENGTH = 0x0000134
+}
+
+SECTIONS
+{
+	.text : {
+		build/crt0.o(.init)
+		*(.text)
+		*(.rodata)
+	}
+}
+
diff --git a/dsrom/CBHC/titleprot/ccd00.specs b/dsrom/CBHC/titleprot/ccd00.specs
new file mode 100644
index 0000000..ccff243
--- /dev/null
+++ b/dsrom/CBHC/titleprot/ccd00.specs
@@ -0,0 +1,4 @@
+%rename link old_link
+
+*link:
+%(old_link) -T ./ccd00.ld%s
diff --git a/dsrom/CBHC/titleprot/source/crt0.s b/dsrom/CBHC/titleprot/source/crt0.s
new file mode 100644
index 0000000..8efde36
--- /dev/null
+++ b/dsrom/CBHC/titleprot/source/crt0.s
@@ -0,0 +1,23 @@
+.section ".init"
+.thumb
+.syntax unified
+
+.globl _start
+
+_start:
+	ldr r0, =#0x00050000
+	cmp r0, r1
+	bne nomatch
+	ldr r0, =#0x00000000 @will be written in by CBHC
+	cmp r0, r2
+	beq match
+nomatch:
+	@orignal code
+	movs r0, #0x9F
+	movs r3, #0x9F
+	bx lr
+match:
+	@return delete error
+	movs r0, #0
+	ldr r3, =#(0x05108236+1)
+	bx r3
diff --git a/installer/src/main.c b/installer/src/main.c
index b03b94b..0ba1e11 100644
--- a/installer/src/main.c
+++ b/installer/src/main.c
@@ -125,7 +125,7 @@ int availSort(const void *c1, const void *c2)
 void printhdr_noflip()
 {
 #ifdef CB
-	println_noflip(0,"CBHC v1.3 by FIX94");
+	println_noflip(0,"CBHC v1.4 by FIX94");
 #else
 	println_noflip(0,"Haxchi v2.3u1 by FIX94");
 #endif
diff --git a/release/wiiu/apps/cbhc/meta.xml b/release/wiiu/apps/cbhc/meta.xml
index 08ae718..61ec169 100644
--- a/release/wiiu/apps/cbhc/meta.xml
+++ b/release/wiiu/apps/cbhc/meta.xml
@@ -2,9 +2,9 @@
 <app version="1">
   <name>CBHC</name>
   <coder>FIX94</coder>
-  <version>1.2</version>
+  <version>1.4</version>
   <url>https://github.com/FIX94/haxchi</url>
-  <release_date>20161213200000</release_date>
+  <release_date>20161216200000</release_date>
   <short_description>Coldboot Haxchi Installer</short_description>
   <long_description>WARNING! This will install Coldboot Haxchi on your system.
 ONLY USE THIS IF YOU ARE WILLING TO TAKE A RISK OF BRICKING YOUR CONSOLE.