• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[HOWTO] Unlock TF700T in 2020

Search This thread
By:
Advanced…
D

d.l.i.w

Member
Aug 24, 2020
35
17
UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.


I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with ;)

So here are the instructions:
  1. The device must be rooted. KingoRoot (the app) worked for me.

  2. Download the unlock bundle from the link below. I didn't find a way to directly attach files here.

  3. Copy both apks to /system/app, change the permission to 0644
    For this, a remount of the system partition may be needed:
    mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

    DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
    The modified unlock app cannot be installed like any other and must be installed that way

  4. Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.

  5. Use the unlock app. Google account does not matter.

Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.

I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.


In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:
android.stackexchange.com

Bricked my Asus TF300T? Manual JB update

First, my device failed to get the OTA Update because I deleted some system apps (see my original post). Then I found this post where another user restored original APKs in /system/apps and manage...
android.stackexchange.com android.stackexchange.com
(thanks @DieAbrissbirne)


Download links

Unlock app and DMClient for TF700T
https://leo.pfweb.eu/dl/OaKdx
  • WW_epad-10.6.1.14.10
  • JOP40D.US_epad-10.6.1.14.10-20130801

DMClient for TF300T
https://leo.pfweb.eu/dl/vUHnp

DMClient for TF300TG
https://leo.pfweb.eu/dl/xphHy


DMClient for TF201
https://leo.pfweb.eu/dl/pKvEA
  • WW_epad_10.4.2.17

---------------------------------------------------------------------

Unlock app and DMClient for TF701T
https://leo.pfweb.eu/dl/2AcpB

DMClient for ME301T (also seems to work for ME302KL)
https://leo.pfweb.eu/dl/uiJPN
 
Last edited:
  • Like
Reactions: Bonoboo, SSJ_28, charlieboy999 and 6 others
2

2020tf700

Guest
Dealing with this same issue, but can't get your method to work... Do I need to already have the v7 unlock tool installed before this? And do I just remove the DMClient.odex file from /system/app since there is only the replacement file for DMClient.apk?

Any help is appreciated!
 
D

d.l.i.w

Member
Aug 24, 2020
35
17
You don't need the original unlock app. I recommend uninstalling it. DMClient.odex is not needed, you can rename or delete it. I don't know what happens if you keep it as is.

At which point does it fail?
Is the unlock app installed after restart? If not, check the permissions of both files. It must be 644 (-rw-r--r--).
If you can start the modified unlock app: Do you get an error message? Is there anything relevant in logcat (search for "unlock")? Is the internet connection ok?
 
2

2020tf700

Guest
Code: 
-rw-r--r-- root     root       442064 2020-09-02 22:19 UnLock_App_V7_update.apk

Removed both DMClient.apk and .odex and don't have any original unlock apps installed. But I don't have the modified unlock app installed after restart.
 
D

d.l.i.w

Member
Aug 24, 2020
35
17
Which firmware version do you have?

The permissions look good. Basically all apks in /system/app should have the same owner and permissions.
If I understand correctly, you have removed the original DMClient.apk and DMClient.odex and copied the modified one from the download. Is the permission correct?

If permissions are ok, it's hard to say, what is wrong. I would suggest to rename UnLock_App_V7_update.apk to something else (maybe unlock.apk) and reboot the device. This forces a reinstall. Best would be if you could watch logcat during startup. The log will tell you why the installation fails.

Edit: Are you sure, the app is not installed? Depending on the locale it may not be literally translated as "unlock app". The icon is a gear with a lock.
 
Last edited:
2

2020tf700

Guest
JOP40D.US_epad-10.6.1.14.10-20130801

Code: 
W/ActivityManager(  524): No content provider found for permission revoke: file:///data/local/tmp/UnLock_App_V7_update.apk
W/ActivityManager(  524): No content provider found for permission revoke: file:///data/local/tmp/UnLock_App_V7_update.apk
I/PackageManager(  524): Copying native libraries to /data/app-lib/vmdl1192069982
W/PackageParser(  524): Exception reading classes.dex in /data/app/vmdl1192069982.tmp
W/PackageParser(  524): java.lang.SecurityException: META-INF/MANIFEST.MF has invalid digest for classes.dex in /data/app/vmdl1192069982.tmp
W/PackageParser(  524): 	at java.util.jar.JarVerifier.invalidDigest(JarVerifier.java:131)
W/PackageParser(  524): 	at java.util.jar.JarVerifier.access$100(JarVerifier.java:53)
W/PackageParser(  524): 	at java.util.jar.JarVerifier$VerifierEntry.verify(JarVerifier.java:123)
W/PackageParser(  524): 	at java.util.jar.JarFile$JarFileInputStream.read(JarFile.java:119)
W/PackageParser(  524): 	at java.io.BufferedInputStream.read(BufferedInputStream.java:304)
W/PackageParser(  524): 	at android.content.pm.PackageParser.loadCertificates(PackageParser.java:447)
W/PackageParser(  524): 	at android.content.pm.PackageParser.collectCertificates(PackageParser.java:634)
W/PackageParser(  524): 	at com.android.server.pm.PackageManagerService.installPackageLI(PackageManagerService.java:7959)
W/PackageParser(  524): 	at com.android.server.pm.PackageManagerService.access$1900(PackageManagerService.java:180)
W/PackageParser(  524): 	at com.android.server.pm.PackageManagerService$5.run(PackageManagerService.java:6108)
W/PackageParser(  524): 	at android.os.Handler.handleCallback(Handler.java:725)
W/PackageParser(  524): 	at android.os.Handler.dispatchMessage(Handler.java:92)
W/PackageParser(  524): 	at android.os.Looper.loop(Looper.java:137)
W/PackageParser(  524): 	at android.os.HandlerThread.run(HandlerThread.java:60)
E/PackageParser(  524): Package com.asus.unlock has no certificates at entry classes.dex; ignoring!

Does this SO post make sense as the issue? stackoverflow DOT com/questions/44386464/android-app-installation-failed-package-com-my-app-has-no-certificates-at-entry
 
D

d.l.i.w

Member
Aug 24, 2020
35
17
That's interesting. The app isn't signed at all, that's why "normal install" does not work. But as system app things worked for me and there was no error.
Besides rooting the device I had unlocked developer options and allowed install from unknown sources. But I wouldn't expect these to make any difference.

Is there anything about DMClient in the log? The same applies here. It would be strange if it works for one and not for the other.
 
Last edited:
2

2020tf700

Guest
Got it to work. After digging a bit deeper into the logs I think it was confused because I had already installed and uninstalled the original unlock tool. It was complaining about the unlock package already existing, etc.

So, I just went all the way back to a factory reset to remove everything and then did your original steps and it worked. I was watching logcat and it didn't say anything about the unlock package for the time it worked too btw. I guess uninstalling the original and restarting wasn't enough to truly get rid of it enough without a factory reset.

Thanks for your help and effort to put this together!
 
D

d.l.i.w

Member
Aug 24, 2020
35
17
Great! Do you mean, there was no output from the unlock app at all? There should have been some information starting with
Code: 
/****Unlock
. However, it does not persist reboot, so you have to watch live or redirect to a file.
 
2

2020tf700

Guest
I was watching it live and did a find on the output for 'unlock' once it restarted and didn't see anything but I suppose I could have missed it.
 
I

iserver

New member
Oct 3, 2008
0
0
d.l.i.w said:
It's only a couple of lines so indeed easy to miss. Thanks for the feedback :good:
Click to expand...
Click to collapse

Didn't work for me, unfotunatly :(. I still get message - "Failed to unlock your device, please try again later".
Device: TF300TG.
FW: WW_epad-10.4.3.9-20121106
Android: 4.1.1

Tried to reset to factory settings. Didn't help either.

Please, tell me - can I use V7 apk with Android 4.2 / 4.2.1 or i need patched version of Unlock_V8.apk ?

I/*** Unlock: request( 2000): h t t p s: //mdm.asus.com/DMServer/DeviceState?id=XXXXXXXXXXXX&AUTH=YYYYYYYYYYYYYYY&ACTION=get

D/dalvikvm( 2000): GC_CONCURRENT freed 269K, 5% free 6796K/7111K, paused 16ms+20ms, total 86ms

D/DMServerUnlock( 2000): index of line: 1

D/DMServerUnlock( 2000): DM Server Response: 0

W/GoogleVerify( 2000): no google account

I/UnLockActivity( 2000): no Google account and pin code
Click to expand...
Click to collapse

Of course, I changed variable values in request URL.
 
Last edited:
D

Down0038

New member
Sep 17, 2020
2
0
So I am fairly early into this root / unlock of my new tf700t.

I rooted / unlocked my old tf300t at least 8 years ago now.
I recently dusted it off and immediately after getting 7.1.2 installed on it and having it set up just right, stepped on it by accident.
So I bought a tf700t and have been trying to root it for a whole day with out success....

I have successfully upgraded the boot loader from 10.4.4.25 to WW 10.6.1.14.8 and gotten Motochopper to root.

Can you go over the tools and method you used to put the two files from the package into the system/apps folder with he new permissions?
When I try and move the files my go-to rooted file explorer (Ghost commander) refuses to change the permissions or move the files.

Is it possible that GhostCommander and TotalCommander simply don't work with the motochopper version of rooting? or am I missing something more fundamental?
I get that given the age of the tablet I will not be able to unlock with the normal v7 unlocker and b/c Asus are bastards.

What a Deus-ex it was to find a post from only a few weeks ago on the topic.
I love XDA.
 
Last edited:
D

d.l.i.w

Member
Aug 24, 2020
35
17
Down0038 said:
Can you go over the tools and method you used to put the two files from the package into the system/apps folder with he new permissions?
When I try and move the files my go-to rooted file explorer (Ghost commander) refuses to change the permissions or move the files.

Is it possible that GhostCommander and TotalCommander simply don't work with the motochopper version of rooting? or am I missing something more fundamental?
I get that given the age of the tablet I will not be able to unlock with the normal v7 unlocker and b/c Asus are bastards.
Click to expand...
Click to collapse

Total Commander worked for me just fine. It asked if the system partition should be mounted writable and then copied the files. The same with setting permissions.
I used KingoRoot, because Motochopper does not work on the latest firmware, but this shouldn't make any difference. You could try to copy the files via adb shell.

I was quite surprised that the Asus servers are still running and functional. The only issue is that the original unlock app does not trust the new server certificates.
 
M

mak8tack

Member
Mar 31, 2013
22
7
Thanks for this work! Dusted off an old TF700T, but I'm unable to unlock, with the following logs (grepped for unlock):
Code: 
I/ActivityManager(  520): START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.asus.unlock/.EulaActivity} from pid 835
I/ActivityManager(  520): Start proc com.asus.unlock for activity com.asus.unlock/.EulaActivity: pid=1715 uid=1000 gids={41000, 3003, 1015, 1028, 3002, 3001, 1006, 3007}
I/ActivityManager(  520): START u0 {cmp=com.asus.unlock/.UnLockActivity} from pid 1715
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
I/ActivityManager(  520): START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.asus.unlock/.EulaActivity} from pid 835
I/UnLockActivity( 1715): ============= UnLockActivity  onStart =======================
I/UnLockActivity( 1715): ============= UnLockActivity  onResume =======================
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105

I fear I have one of those TF700's that doesn't have a valid serial number, so it can't unlock?
 
D

d.l.i.w

Member
Aug 24, 2020
35
17
For me unlock worked, although the Asus website did not recognize the serial number when I tried to register my device.

I don't know what the response 105 means, but this does not necessarily mean an error. It could be that the modified DMClient was not installed correctly.
Which firmware version do you have? Did you do a factory reset before?
 
M

mak8tack

Member
Mar 31, 2013
22
7
d.l.i.w said:
For me unlock worked, although the Asus website did not recognize the serial number when I tried to register my device.

I don't know what the response 105 means, but this does not necessarily mean an error. It could be that the modified DMClient was not installed correctly.
Which firmware version do you have? Did you do a factory reset before?
Click to expand...
Click to collapse

Yes, I factory reset before installing. I had rooted with Kingo Root / Superuser, but had to root via ADB, because I couldn't download and run the apk directly on the tablet after the factory reset. I did allow it to install all the associated root utilities/apps. I used a console/terminal app called "Material Terminal" (by Yaroslav Shevchuk) installed by the play store to su, mv the DMClient and Unlock_App_v7 apk files to /system/app and chmod 0644 them... every reboot shows it "Optimizing the app".

I have Android v 4.2.1 Kernel version 3.1.10-gb1a9af5 dated Aug 1 2013

I'll probably try doing another factory reset, root, and install again just to be sure.
 
S

solo786

Member
May 10, 2010
9
1
Réunion
Does someone have a correct version of Kingoroot apk that does work for ICS tf700t please :fingers-crossed:? I tried all i've found it doesnt work
EDIT: Found it

The tutorials works!!! Thank you very much :)))
TF700T 4.2.1 - 10.6.1.14.10-20130801
 
Last edited:
You must log in or register to reply here.

Similar threads

fatboyinlycra
TF700T Unlock apk
Replies
5
Views
1K
sbdags
sbdags
S
[Q] Unable to Unlock (TF700T)
Replies
12
Views
10K
flhthemi
flhthemi
S
Impossible to unlock bootloader (TF700T)
Replies
33
Views
3K
S
SpMorpion
ostar2
Asus tf700t bootloader unlock app source
Replies
62
Views
27K
A
atamig
rickymh19
ASUS TF700T unlock and root JB 4.2.1 stock
Replies
598
Views
315K
A
amcferrin90

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 1
    P
    Pabos
    Stealth75 said:
    Holy barking turtles!!!! I don't know what I did but it FINALLY worked!!!!
    I AM UNLOCKED!
    Man you guys don't know my relief - @Ice_83 , @maisomenos , @GloGlorius @d.l.i.w (feel like I'm at the Oscars here ! :ROFLMAO:) - I'm jumping around the room with excitement. Thank all of you and everyone else who's contributed on here for all of your help and patience!

    For the record, I couldn't get the Ubuntu VB working for me, all I did was, playing around off @Ice_83 's above, went in and changed a couple of the settings on windows. I set tls_version_client_min and tls_version_server_min to Unbounded instead of TLS1_2 and hey presto! All sites were working on my tab!

    View attachment 5379997

    Now to go and see if I can totally brick it flashing a new ROM. :ROFLMAO:

    Thanks again everyone!
    Click to expand...
    Click to collapse
    DUDE!! I went on and made an account especially so that I could THANK YOU! Was stuck on the exact same issue like you and @Ice_83, was about to lose all hope. But DAYUM! Changin those tls versions did the trick. I used windows MTM with --ssl-insecure argument.

    You guys are frickin legends. Thanks again :)
    View
  • 9
    D
    d.l.i.w
    UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.


    I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with ;)

    So here are the instructions:
    1. The device must be rooted. KingoRoot (the app) worked for me.

    2. Download the unlock bundle from the link below. I didn't find a way to directly attach files here.

    3. Copy both apks to /system/app, change the permission to 0644
      For this, a remount of the system partition may be needed:
      mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

      DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
      The modified unlock app cannot be installed like any other and must be installed that way

    4. Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.

    5. Use the unlock app. Google account does not matter.

    Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.

    I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
    The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.


    In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:

    Bricked my Asus TF300T? Manual JB update

    First, my device failed to get the OTA Update...
    android.stackexchange.com android.stackexchange.com
    (thanks @DieAbrissbirne)


    Download links

    Unlock app     and DMClient for TF700T
    https://leo.pfweb.eu/dl/OaKdx
    • WW_epad-10.6.1.14.10
    • JOP40D.US_epad-10.6.1.14.10-20130801

    DMClient for TF300T
    https://leo.pfweb.eu/dl/vUHnp

    DMClient for TF300TG
    https://leo.pfweb.eu/dl/xphHy


    DMClient for TF201
    https://leo.pfweb.eu/dl/pKvEA
    • WW_epad_10.4.2.17

    ---------------------------------------------------------------------

    Unlock app and DMClient for TF701T
    https://leo.pfweb.eu/dl/2AcpB

    DMClient for ME301T (also seems to work for ME302KL)
    https://leo.pfweb.eu/dl/uiJPN
    View
    8
    G
    GloGlorius
    Hello everyone!
    On our local forum, we came up with this option.
    I think you already know how to install the unlocker and how to prepare the tablet.
    I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
    Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
    vb_Screenshot_10.png

    vb_Screenshot_11.png

    vb_Screenshot_12.png

    vb_Screenshot_13.png
    Screenshot_1.png

    Screenshot_2.png

    Screenshot_3.png

    We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
    Open a terminal and enter the mitmweb command, press enter:
    Screenshot_4.png

    Screenshot_5.png

    Firefox will open and try to load the web terminal without success. Close your browser.
    Open again and go to 127.0.0.1:8081:
    Screenshot_7.png

    The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
    Screenshot_8.png

    In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
    Screenshot_9.png

    Open any site in the browser - in the terminal you will see the logs.
    1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
    2. Go to the WiFi settings, clamp your network, select Change network.
    3. In advanced settings Proxy server -> Manual.
    4. Hostname - your recorded IP address of the virtual machine, port 8080.
    5. Save.
    6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
    7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
    8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
    9. Launch the unblocker and try it.
    P.S. The time is set to GMT on the proxy server, you may need to set it to local.
    Superuser login: mitm
    Password: mitmvb

    UPD:     It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
    View
    7
    G
    GloGlorius
    Hey!
    I unlocked my Me302kl today via mitmproxy with standard settings. Later I will write how I did it.
    P.S. Sorry for my English :giggle:
    View
    3
    G
    GloGlorius
    Arsenick said:
    Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
    Click to expand...
    Click to collapse
    My story.
    I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

    But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

    In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

    The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

    I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    I launched the unlocker and everything worked right away.

    If anyone needs details on preparing a proxy server, I am ready to describe my experience.
    View
    3
    D
    d.l.i.w
    d.l.i.w said:
    As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.
    Click to expand...
    Click to collapse

    GloGlorius said:
    I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)
    Click to expand...
    Click to collapse

    Oh yes. Certificate pinning is disabled, but the certificate itself is still checked. I forgot that I indeed had to add the MITM certificate to the system certificates.

    If I read (and reconstruct) my notes correctly, this is what I did (Linux):

    1. Install mitmproxy in venv
    Bash: 
    python3 -m venv mitmproxy
source mitmproxy-env/bin/activate

pip install --upgrade pip setuptools
pip install mitmproxy

    2. Start WIFI-Hotspot
    Bash: 
    nmcli dev wifi hotspot ifname wlan0 ssid test password "12345678"

    3. Configure iptables for wlan0
    Bash: 
    sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.send_redirects=0

iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
    See https://docs.mitmproxy.org/stable/howto-transparent/

    4. Start mitmproxy
    Bash: 
    mitmweb --mode transparent

    This procedure does not require setting the proxy on the tablet. At the time, I did not change any mitmproxy settings. The changes to the server now probably require ssl_insecure as mentioned by @GloGlorius .
    View

New posts