diff --git a/source/crypto.c b/source/crypto.c
index fcd524a..ab1418e 100755
--- a/source/crypto.c
+++ b/source/crypto.c
@@ -259,7 +259,7 @@ void decArm9Bin(void *armHdr, u8 mode){
     u8 keyX[0x10];
     u8 keyY[0x10];
     u8 CTR[0x10];
-    u32 slot = mode ? 0x16 : 0x15;
+    u8 slot = mode ? 0x16 : 0x15;
 
     //Setup keys needed for arm9bin decryption
     memcpy(keyY, armHdr+0x10, 0x10);
@@ -290,7 +290,7 @@ void setKeyXs(void *armHdr){
     void *decKey = keyData+0x10;
     aes_setkey(0x11, key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
     aes_use_keyslot(0x11);
-    for(u32 slot = 0x19; slot < 0x20; slot++){
+    for(u8 slot = 0x19; slot < 0x20; slot++){
         aes(decKey, keyData, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
         aes_setkey(slot, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
         *(u8*)(keyData+0xF) += 1;
diff --git a/source/draw.c b/source/draw.c
index 1bb0010..dc31184 100644
--- a/source/draw.c
+++ b/source/draw.c
@@ -37,7 +37,7 @@ void clearScreen(void){
 
 void loadSplash(void){
     //Check if it's a no-screen-init A9LH boot via PDN_GPU_CNT
-    if (*((u8*)0x10141200) == 0x1) return;
+    if (*(u8*)0x10141200 == 0x1) return;
     clearScreen();
     if(fileRead(fb->top_left, "/rei/splash.bin", 0x46500) != 0) return;
     u64 i = 0xFFFFFF; while(--i) __asm("mov r0, r0"); //Less Ghetto sleep func
diff --git a/source/firm.c b/source/firm.c
index ad43a23..4e87948 100755
--- a/source/firm.c
+++ b/source/firm.c
@@ -26,6 +26,8 @@ char *firmPathPatched = NULL;
 
 void setupCFW(void){
 
+    u8 overrideConfig = 0;
+
     //Detect the console being used
     if(PDN_MPCORE_CFG == 1) console = 0;
 
@@ -33,20 +35,47 @@ void setupCFW(void){
     pressed = HID_PAD;
 
     //Determine if A9LH is installed via PDN_SPI_CNT and an user flag
-    if((*((u8*)0x101401C0) == 0x0) || fileExists("/rei/installeda9lh")){
+    if((*(u8*)0x101401C0 == 0x0) || fileExists("/rei/installeda9lh")){
         a9lhSetup = 1;
         //Check flag for > 9.2 SysNAND
         if(fileExists("/rei/updatedsysnand")) updatedSys = 1;
     }
 
-    /* If L is pressed, and on an updated SysNAND setup the SAFE MODE combo
-       is not pressed, boot 9.0 FIRM */
-    if((pressed & BUTTON_L1) && !(updatedSys && pressed == SAFEMODE)) mode = 0;
+    //If using A9LH and it's a MCU reboot, try to force boot options
+    if(a9lhSetup && *(u8*)0x10010000 && fileExists("rei/lastbootcfg")){
+        u8 tempConfig;
+        fileRead((u8*)&tempConfig, "rei/lastbootcfg", 1);
 
-    /* If L or R aren't pressed on a 9.0/9.2 SysNAND, or the 9.0 FIRM is selected
-       or R is pressed on a > 9.2 SysNAND, boot emuNAND */
-    if((updatedSys && (!mode || ((pressed & BUTTON_R1) && pressed != SAFEMODE))) ||
-       (!updatedSys && mode && !(pressed & BUTTON_R1))) emuNAND = 1;
+        //Always force a sysNAND boot when quitting AGB_FIRM
+        if(*(u8*)0x10010000 == 0x7) {
+            mode = updatedSys ? 1 : (tempConfig & 0x1);
+            emuNAND = 0;
+            overrideConfig = 1;
+        //Else, force the last boot options unless A is pressed
+        } else if(!(pressed & BUTTON_A)) {
+            mode = tempConfig & 0x1;
+            emuNAND = (tempConfig >> 1) & 0x1;
+            overrideConfig = 1;
+        }
+    }
+
+    if(!overrideConfig){
+
+        /* If L is pressed, and on an updated SysNAND setup the SAFE MODE combo
+           is not pressed, boot 9.0 FIRM */
+        if((pressed & BUTTON_L1) && !(updatedSys && pressed == SAFEMODE)) mode = 0;
+
+        /* If L or R aren't pressed on a 9.0/9.2 SysNAND, or the 9.0 FIRM is selected
+           or R is pressed on a > 9.2 SysNAND, boot emuNAND */
+        if((updatedSys && (!mode || ((pressed & BUTTON_R1) && pressed != SAFEMODE))) ||
+           (!updatedSys && mode && !(pressed & BUTTON_R1))) emuNAND = 1;
+
+        //Write the current boot options on A9LH
+        if(a9lhSetup){
+            u8 tempConfig = (mode | (emuNAND << 1)) & 0x3;
+            fileWrite((u8*)&tempConfig, "rei/lastbootcfg", 1);
+        }
+    }
 
     if(mode) firmPathPatched = emuNAND ? "/rei/patched_firmware_emu.bin" :
                                          "/rei/patched_firmware_sys.bin";
@@ -142,8 +171,11 @@ u8 loadEmu(void){
 
 //Patches
 u8 patchFirm(void){
+
+    //Skip patching
     if(usePatchedFirm) return 0;
 
+    //Apply emuNAND patches
     if(emuNAND){
         if (loadEmu()) return 1;
     }
@@ -168,8 +200,8 @@ u8 patchFirm(void){
         *arm9 = 0x801B01C;
     }
 
+    //Patch FIRM reboots, not on 9.0 FIRM as it breaks firmlaunchhax
     if(mode){
-        //Patch FIRM reboots, not on 9.0 FIRM as it breaks firmlaunchhax
         u32 rebootOffset = 0,
             fOpenOffset = 0;
 
@@ -187,8 +219,8 @@ u8 patchFirm(void){
 
         //Patch path for emuNAND-patched FIRM
         if(emuNAND){
-            u32 *pos_path = memsearch((u32*)rebootOffset, L"sys", size, 6);
-            memcpy((u8*)pos_path, L"emu", 6);
+            u32 *pos_path = memsearch((u32*)rebootOffset, L"sy", size, 4);
+            memcpy((u8*)pos_path, L"emu", 5);
         }
     }
 
diff --git a/source/firm.h b/source/firm.h
index 146596c..f1f3f77 100644
--- a/source/firm.h
+++ b/source/firm.h
@@ -12,7 +12,8 @@
 #define HID_PAD            ((~*(u16*)0x10146000) & 0xFFF)
 #define BUTTON_R1          (1 << 8)
 #define BUTTON_L1          (1 << 9)
-#define SAFEMODE           (BUTTON_L1 | BUTTON_R1 | 1 | (1 << 6))
+#define BUTTON_A           1
+#define SAFEMODE           (BUTTON_L1 | BUTTON_R1 | BUTTON_A | (1 << 6))
 
 void setupCFW(void);
 u8 loadFirm(void);
diff --git a/source/patches.c b/source/patches.c
index c343613..4060bcc 100644
--- a/source/patches.c
+++ b/source/patches.c
@@ -54,7 +54,6 @@ void getfOpen(void *pos, u32 size, u32 *off){
     //Calculate fOpen
     u32 p9addr = *(u32*)(memsearch(pos, "ess9", size, 4) + 0xC);
     u32 p9off = (u32)(memsearch(pos, "code", size, 4) + 0x1FF);
-
     unsigned char pattern[] = {0xB0, 0x04, 0x98, 0x0D};
 
     *off = (u32)memsearch(pos, pattern, size, 4) - 2 - p9off + p9addr;