How SuperOneClick roots an Android phone

SuperOneClick is widely used to root Android phones. If you own an Android handset, the chances are that you may have used it. This program gives you the ability to root your handset with one click, and it works great with mobile devices running Android 2.3-4.0. However few people ever introduce how it works. I’ll try to explain it a little bit here.
To start with, you need to know something about ADB (Android Debug Bridge). You may not hear about it, but I bet you use it often. Go to settings->Developer options, check USB debugging and you enables ADB. It’s designed for developers to test Android apps. In fact many apps use it to manage your handset, including root programs like Z4root and SuperOneClick etc.
In order to root your device, you need to install the drivers from the official manufacturer, enable USB debugging and installing apps from other sources. Then connect your phone to the PC via USB. At the same time, download and install SuperOneClick on your PC. It will automatically install the app on your handset.
The rooting process is like this.
1. Copy rageagainstthecage to /data/local/tmp folder. This is a temp folder in Linux where apps can be executed by even normal users. The command line is as follows:
c:\users\imb>$adb push rageagainstthecage /data/local/tmp
2. Use ADB shell to change the permission of rageagainstthecage. Command lines:
c:\users\imb>adb shell
$ cd /data/local/tmp
$ chmod 777 rageagainstthecage
3. Run rageagainstthecage.
$ ./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C             
[*] checking NPROC limit …
[+] RLIMIT_NPROC={2410, 2410}
[*] Searching for adb …
[+] Found adb as PID 19374
[*] Spawning children. Don’t type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] 7-4-3-C@web.de so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. Restart adb server on desktop and re-login.
$
4. Now exit ADB shell, later reenter ADB shell. If the comman prompt turns from $ to #, root access is obtained, otherwise repeat the command.
 c:\users\imb>adb shell
#
5. Change the permission of system folder from read to read and write, and copy su to /system/bin/ folder. su allows you to switch from normal user to root.
# mount -o remount rw /system
#adb push su /system/bin
6. Copy Superuser.apk to the device and install it.
#adb push Superuser.apk /data/local/tmp
#adb install /data/local/tmp/Superuser.apk
7. Reboot the phone and finish the rooting process.
#adb reboot
Here rageagainstthecage used in this process is to exploit the system and gain root access, which enables SuperOneClick to change the permission of \system folder and copy su here. Root access is managed by people via the Superuser.apk process, with which you should be familiar.
Here are some mostly used adb command lines.
adb devices    //view devices connected to the PC.
adb install <filename>   //install an app on the phone.
adb uninstall <appname>  //remove an app from the phone
adb shell       //login to shell
adb push <resource> <destination>  //copy file from PC to Android devices.
adb pull <destination> <resource>    //copy file from Android devices to PC.
adb help    //view help information