given my lacking math skills - i think what we *would' need to crack is the two prime numbers p1,p2 - which means its a 112 Bit problem.
these prime numbers are the public key, which when cracked lead to the private key - having the private key means we can sign whatever message (serial+opt) we want.
and 112bits of ECC is unbroken as of now (at least i read that somewhere recently).
so we should focus on checking the bootloader + its firmware verification .. hash, crc, whatever - then simply replace the two primes with a public/private key of our own, and flash the GEL file - once done, you can sign your own license keys and voila.
just skipping the checks might prove difficult, because they could get very creative where they do such checks, and it would be hard to find for a new FW version.
compromising the public key (primes) is much easier, and much harder for them to get rid of - unless they start to move the whole ECC framework into the FGPA, because then its game over ;-)
btw - i wonder if they paid for the commercial license of MIRACL ;-)