I understand the importance of finding out and understanding all of the system calls, but is the intention to use this information to find an additional (easier to achieve) exploit and then use that to run unsigned code? Or is the intention to use the current exploit? If I had to guess i'd think the intention would be to just run unsigned code, and keep a lookout if an easier exploit pops up along the way (after everything is properly dumped and mapped).
From what I understand (at least according to the posts i've followed) people are trying to recreate loading metldr to decrypt .pkg's and .self's. I'm not completely solid on why but people are also trying to dump LV2 (possibly the two goals are related?). Ultimately the goal is to use the decrypted information to run unsigned code.