RC30 Root Attempts
From Android Wiki
How to get root on any (current) G1
Downgrading to RC29
That's right, it can be done!
It involves using the HTC bootloader (the red, green, and blue diagnostic screen, which does not check versions) to downgrade to RC29, then exploiting the root shell bug. Full steps, from RC30 stock to JesusFreke's modded RC30 update, are available here: Root For RC30.
More information about the downgrade part of the process (and pictures of the HTC bootloader doing its thing) are here: .
List of tried and failed attempts and keeping RC30 from removing root access
Adding setuid shells (sh) to different locations (tested on RC30 patch only)
Once root was obtained, a setuid root version of sh was copied to different locations in an attempt to have one live past the update. Update script seems to have completely changed all permissions in /system to foil this attempt.
This is because update script will recursively remove suid bit and then set it for a few binaries:
$ grep set_perm META-INF/com/google/android/update-script set_perm_recursive 0 0 0755 0644 SYSTEM: set_perm_recursive 0 2000 0755 0755 SYSTEM:bin set_perm 0 3004 02755 SYSTEM:bin/ping set_perm 0 3003 02755 SYSTEM:bin/netcfg set_perm 1002 1002 0440 SYSTEM:etc/dbus.conf set_perm 0 2000 0550 SYSTEM:etc/init.goldfish.sh set_perm 1002 1002 0440 SYSTEM:etc/hcid.conf set_perm 1014 2000 0550 SYSTEM:etc/dhcpcd/dhcpcd-run-hooks
Working root after RC30
A method has been found that lets you install a modifified RC30, provided you haven't yet installed an official RC30.