Follow these steps to become ROOT on your G1.
If you have RC30/RC8 or later, you must FIRST flash your phone to RC29/RC7 or lower to be able to exploit root access using the following steps. RC29 and lower users can skip this section.
1. Install Terminal Emulator on your G1. You can download and install it from the Market
2 Next we will need the CID of the SD-Card. So get the CID of your sdcard using following command in Terminal Emulator:
cat /sys/class/mmc_host/mmc1/mmc1:*/cid > /sdcard/cid.txt
3. Now connect your G1 to your PC and look for the cid.txt file on the SD-card
4. Reverse the CID with QMAT. (QMAT can be downloaded here http://revskills.de/pages/download.html)
Open QMAT and go to Cryptoanalysis Tools/Crypto Toolbox, enter here your CID next to the reverse string button.
Thats it, now you have your reverse CID
5. Now we will generate the goldcard.img. Go to the website http://revskills.de/pages/goldcard.html and fill in the reverse CID but remember to replace the first two characters of the reverse CID with 00
Hit continue and your goldcard image will be emailed to your address
6. Connect the G1 with inserted Fat32 a:4096 SD-Card. ( do this under windows via cmd: format F: /FS:FAT32 /A:4096 or in Ubuntu)
7. Unmount the SD-card off the G1. (Open the File Browser in Ubuntu and clicked on the orange button (looks like an eject button) for the g1 to unmount it)
8. Use dd for writing the goldcard.img to the sd-card: (for example if goldcard.img is on the desktop)
cd Desktop
dd if=goldcard.img of=/dev/sdb
9. Pull the USB-cable out of the g1 and push it in again and alllow the usb connection on the G1
10. Now copy the UK RC7 NBH to it
11. Unmount the G1 via eject button in ubuntus file browser
12. Disconnect the G1 from pc
13. Shut down the G1. Reboot it while holding the camera button
14. Let the G1 check the nbh. If you get the result is "not allowed" do steps 1-13 again
15. Press the power button to start downgrade to rc7
16. Reboot the G1 (follow the instructions on g1s display!)
17. Now you are on RC7!
Full manual will follow….