Explains the bugs I found in various Windows CE 5 & 6 kernel mode drivers on the Microsoft Zune MP3 players and how I exploited them to gain full Kernel RW. Shows how I combined this with an exploit for an IE6 CVE to gain 1-click "root" on the Microsoft Zune HD, bypassing DRM to preserve Apps from becoming lost media.
Walks through the exploits used to gain the first unsigned code execution and BootROM dumps on the iPod Nano 6 and iPod Nano7