From Android Wiki
Start and connect to telnetd
This has been tested and is known to work on RC19 and RC29 on the G1. Google has already promised to patch this so check your version.
- Restart your phone
- Type telnetd and press enter - Yes, it will start up a Contact search, do not worry about this, just type telnetd and press enter (the enter button on the keypad).
- Download an Android Telnet client and connect to localhost.
- you now have root!
This gives you a root shell (basically, but not technically.... its confusing, dont ask) which you can use to gain more power.
Alternatively, you can use adb to forward a local port on your linux host to a port on the phone. This avoids the need to install a terminal on the phone:
# Type "telnetd\r" ON THE PHONE KEYBOARD, then: adb forward tcp:9988 tcp:23 telnet localhost 9988
1: download busybox by tapping and holding (long pressing) this file and choosing save link to your sd card (using android browser)
2: remount system as read-write
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
3: copy and rename busybox.xxx to /system/bin/busybox
dd if=/sdcard/download/busybox.xxx of=/system/bin/busybox
4: make it executable
chmod 4755 /system/bin/busybox
5: go there
6: this gives you cp (great for making more symlinks)
busybox cp -s busybox cp
7: start sh (on emulator enables up/down command memory)
8: to make more symlinks (busybox has hundreds of commands that are missing on G1) you do:
cp -s busybox <command>
for example, "cp -s busybox tar" will give you tar command :)
I would recommend you DO NOT OVERWRITE ANY EXISTING SYMLINKS!!! G1 has toolbox for most commands and the syntax is different. If you change the syntax, updates or scripts (like init.rc) could stop working.
P.S. if you want it all at once so you can paste it in one chunk, here you go:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system dd if=/sdcard/download/busybox.xxx of=/system/bin/busybox chmod 4755 /system/bin/busybox cd /system/bin/ busybox cp -s busybox cp busybox sh
Protect your root
New updates from google are geared at taking all of this away from you. There are some things you can do to block OTA updates and even to keep root after you update. It is recommended that you do not merely block updates and stay at your current version because some bugs (especially the root bug) can pose a serious risk to security and privacy if left un-patched.