A few exploits were used to make this rooting method happen. Like most devices, the first step is to work around the bootloader, as it write protects the /system partition to prevent tampering.
Typically, nothing is really allowed to write to /system outside of the bootloader and recovery. To gain access, Justin crafted an app to take advantage of the second "Master Key" exploit, which uses the signing key of a trusted application but installs modified code to gain system-level privileges. See, those things can be used for good. It's worth noting, since Justin's method currently makes use of this exploit, which was fixed by Google for Android 4.3, this specific rooting method will cease to work if the firmware is updated to the most recent version of the OS.
Thanks to the first exploit, Justin's app can now run as system. At this stage, the software prepares some files and configuration changes to help elevate the app from being a system user to a root user. If you're following along with the instructions above, this is when the phone reboots and the app must be reinstalled.
At this stage, the app moves on to establishing a more permanent root. To begin with, a small ext4 system image is placed in /data/xbin.img and mounted over the /system/xbin folder. The new folder contains everything that originally existed in /system/xbin, but also adds the necessary su and busybox binaries. To keep root locked in on subsequent reboots, Justin has the app listen for BOOT_COMPLETE, then re-mounts the new /system/xbin image. Due to the way the file is stored, wiping data or uninstalling the app will require re-rooting the device. Justin has also included options to disable and re-enable root if necessary.