http://www.newscientist.com/article.ns?id=dn7085The article is written in a layman's style, I'd love to learn more about what they did from a technical standpoint.
What I don't understand is...
A. Why there wasn't another, easier way to get the bootloader code?
B. How they got the bootloader code to "Play" out from the piezo buzzer?
C. Why the piezo buzzer hack is easier than just soldering an I2C interface (or whatever) onto the flash ram and reading it directly?
D. If they could only get the bootloader code out through the piezo buzzer, then how the heck did they get their modified bootloader back into the player?