The root tools I love on androidJCase, one of the authors of the Sunshine S-OFF tool, weaksauce, and probably others, has posted two pages dealing with some of how some root exploits actually worked.

It’s vague enough script kiddies aren’t going to grab it and turn every public USB charging station into a virus-ridden Android rooting/malware installing node of great evil, but detailed enough to let you know a little of how things were done.

It’s also probably far enough into the future that the phones it worked on have been patched ten times over, but you never know. It’s an interesting read.

As a note, he could also be posting that he uses purple hippos and screams TANSTAAFL to make the roots happen, but it seems a little more than that.

Details can be found in this post, and this post.