Backing up and decrypting are two completely different things.
It makes no sense to decrypt on the gateway, it’s both useless and severely compromises key management. (And even if the gateway had only the network session key, it still couldn’t autonomously reply to a node to maintain and ADR, path, since it has no way of knowing if another gateway still in contact with the network server has been asked to.)
However, if one wants to do a backup on the gateway, then it’s probably necessary to feed the packets to a centralized decryptor which is parallel to that of TTN’s server, because such stale packets are not LoRaWAN-compliant.
Building such is not all that complicated. However the debug tool that got built eventually became it’s own network server