I have noticed the *Check function and it does show some useful info regarding the libs etc.
From what I can tell, it decompresses any compressed sections of an eboot.
Therefore, somewhere in the process it HAS to decrypt them to decompress them. The biq question is, where are they stored?
If it extracts to a kind of 'tmp' storage area and somewhere we can get to, we should have a decyrpted eboot.
If its in RAM however, that is trickier.
EDIT: Ignore that, Captain said it better!