This is a long story. The workings of single-DIGiC cameras are already well understood. We know how to forge FIRs and we can execute code using this method. Our code gets executed without any interruption to the cameras proper function, we can hook into startup code and simply restart the camera or update the bootflag needed for execution of autoexec.bin. Same applies to autoexec.bin if the bootflag is enabled.