[HOWTO] Unlock TF700T in 2020

Search This thread
By:
Advanced…
D

d.l.i.w

Member
Aug 24, 2020
35
21
UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.


I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with ;)

So here are the instructions:
  1. The device must be rooted. KingoRoot (the app) worked for me.

  2. Download the unlock bundle from the link below. I didn't find a way to directly attach files here.

  3. Copy both apks to /system/app, change the permission to 0644
    For this, a remount of the system partition may be needed:
    mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

    DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
    The modified unlock app cannot be installed like any other and must be installed that way

  4. Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.

  5. Use the unlock app. Google account does not matter.

Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.

I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.


In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:
android.stackexchange.com

Bricked my Asus TF300T? Manual JB update

First, my device failed to get the OTA Update because I deleted some system apps (see my original post). Then I found this post where another user restored original APKs in /system/apps and manage...
android.stackexchange.com android.stackexchange.com
(thanks @DieAbrissbirne)


Download links

Unlock app and DMClient for TF700T
https://leo.pfweb.eu/dl/OaKdx
  • WW_epad-10.6.1.14.10
  • JOP40D.US_epad-10.6.1.14.10-20130801

DMClient for TF300T
https://leo.pfweb.eu/dl/vUHnp

DMClient for TF300TG
https://leo.pfweb.eu/dl/xphHy


DMClient for TF201
https://leo.pfweb.eu/dl/pKvEA
  • WW_epad_10.4.2.17

---------------------------------------------------------------------

Unlock app and DMClient for TF701T
https://leo.pfweb.eu/dl/2AcpB

DMClient for ME301T (also seems to work for ME302KL)
https://leo.pfweb.eu/dl/uiJPN
 
Last edited:
  • Like
Reactions: Devastadorzx, djibe89, gzamaury and 9 others
2

2020tf700

Guest
Dealing with this same issue, but can't get your method to work... Do I need to already have the v7 unlock tool installed before this? And do I just remove the DMClient.odex file from /system/app since there is only the replacement file for DMClient.apk?

Any help is appreciated!
 
D

d.l.i.w

Member
Aug 24, 2020
35
21
You don't need the original unlock app. I recommend uninstalling it. DMClient.odex is not needed, you can rename or delete it. I don't know what happens if you keep it as is.

At which point does it fail?
Is the unlock app installed after restart? If not, check the permissions of both files. It must be 644 (-rw-r--r--).
If you can start the modified unlock app: Do you get an error message? Is there anything relevant in logcat (search for "unlock")? Is the internet connection ok?
 
2

2020tf700

Guest
Code: 
-rw-r--r-- root     root       442064 2020-09-02 22:19 UnLock_App_V7_update.apk

Removed both DMClient.apk and .odex and don't have any original unlock apps installed. But I don't have the modified unlock app installed after restart.
 
D

d.l.i.w

Member
Aug 24, 2020
35
21
Which firmware version do you have?

The permissions look good. Basically all apks in /system/app should have the same owner and permissions.
If I understand correctly, you have removed the original DMClient.apk and DMClient.odex and copied the modified one from the download. Is the permission correct?

If permissions are ok, it's hard to say, what is wrong. I would suggest to rename UnLock_App_V7_update.apk to something else (maybe unlock.apk) and reboot the device. This forces a reinstall. Best would be if you could watch logcat during startup. The log will tell you why the installation fails.

Edit: Are you sure, the app is not installed? Depending on the locale it may not be literally translated as "unlock app". The icon is a gear with a lock.
 
Last edited:
2

2020tf700

Guest
JOP40D.US_epad-10.6.1.14.10-20130801

Code: 
W/ActivityManager(  524): No content provider found for permission revoke: file:///data/local/tmp/UnLock_App_V7_update.apk
W/ActivityManager(  524): No content provider found for permission revoke: file:///data/local/tmp/UnLock_App_V7_update.apk
I/PackageManager(  524): Copying native libraries to /data/app-lib/vmdl1192069982
W/PackageParser(  524): Exception reading classes.dex in /data/app/vmdl1192069982.tmp
W/PackageParser(  524): java.lang.SecurityException: META-INF/MANIFEST.MF has invalid digest for classes.dex in /data/app/vmdl1192069982.tmp
W/PackageParser(  524): 	at java.util.jar.JarVerifier.invalidDigest(JarVerifier.java:131)
W/PackageParser(  524): 	at java.util.jar.JarVerifier.access$100(JarVerifier.java:53)
W/PackageParser(  524): 	at java.util.jar.JarVerifier$VerifierEntry.verify(JarVerifier.java:123)
W/PackageParser(  524): 	at java.util.jar.JarFile$JarFileInputStream.read(JarFile.java:119)
W/PackageParser(  524): 	at java.io.BufferedInputStream.read(BufferedInputStream.java:304)
W/PackageParser(  524): 	at android.content.pm.PackageParser.loadCertificates(PackageParser.java:447)
W/PackageParser(  524): 	at android.content.pm.PackageParser.collectCertificates(PackageParser.java:634)
W/PackageParser(  524): 	at com.android.server.pm.PackageManagerService.installPackageLI(PackageManagerService.java:7959)
W/PackageParser(  524): 	at com.android.server.pm.PackageManagerService.access$1900(PackageManagerService.java:180)
W/PackageParser(  524): 	at com.android.server.pm.PackageManagerService$5.run(PackageManagerService.java:6108)
W/PackageParser(  524): 	at android.os.Handler.handleCallback(Handler.java:725)
W/PackageParser(  524): 	at android.os.Handler.dispatchMessage(Handler.java:92)
W/PackageParser(  524): 	at android.os.Looper.loop(Looper.java:137)
W/PackageParser(  524): 	at android.os.HandlerThread.run(HandlerThread.java:60)
E/PackageParser(  524): Package com.asus.unlock has no certificates at entry classes.dex; ignoring!

Does this SO post make sense as the issue? stackoverflow DOT com/questions/44386464/android-app-installation-failed-package-com-my-app-has-no-certificates-at-entry
 
D

d.l.i.w

Member
Aug 24, 2020
35
21
That's interesting. The app isn't signed at all, that's why "normal install" does not work. But as system app things worked for me and there was no error.
Besides rooting the device I had unlocked developer options and allowed install from unknown sources. But I wouldn't expect these to make any difference.

Is there anything about DMClient in the log? The same applies here. It would be strange if it works for one and not for the other.
 
Last edited:
2

2020tf700

Guest
Got it to work. After digging a bit deeper into the logs I think it was confused because I had already installed and uninstalled the original unlock tool. It was complaining about the unlock package already existing, etc.

So, I just went all the way back to a factory reset to remove everything and then did your original steps and it worked. I was watching logcat and it didn't say anything about the unlock package for the time it worked too btw. I guess uninstalling the original and restarting wasn't enough to truly get rid of it enough without a factory reset.

Thanks for your help and effort to put this together!
 
D

d.l.i.w

Member
Aug 24, 2020
35
21
Great! Do you mean, there was no output from the unlock app at all? There should have been some information starting with
Code: 
/****Unlock
. However, it does not persist reboot, so you have to watch live or redirect to a file.
 
2

2020tf700

Guest
I was watching it live and did a find on the output for 'unlock' once it restarted and didn't see anything but I suppose I could have missed it.
 
I

iserver

New member
Oct 3, 2008
0
0
d.l.i.w said:
It's only a couple of lines so indeed easy to miss. Thanks for the feedback :good:
Click to expand...
Click to collapse

Didn't work for me, unfotunatly :(. I still get message - "Failed to unlock your device, please try again later".
Device: TF300TG.
FW: WW_epad-10.4.3.9-20121106
Android: 4.1.1

Tried to reset to factory settings. Didn't help either.

Please, tell me - can I use V7 apk with Android 4.2 / 4.2.1 or i need patched version of Unlock_V8.apk ?

I/*** Unlock: request( 2000): h t t p s: //mdm.asus.com/DMServer/DeviceState?id=XXXXXXXXXXXX&AUTH=YYYYYYYYYYYYYYY&ACTION=get

D/dalvikvm( 2000): GC_CONCURRENT freed 269K, 5% free 6796K/7111K, paused 16ms+20ms, total 86ms

D/DMServerUnlock( 2000): index of line: 1

D/DMServerUnlock( 2000): DM Server Response: 0

W/GoogleVerify( 2000): no google account

I/UnLockActivity( 2000): no Google account and pin code
Click to expand...
Click to collapse

Of course, I changed variable values in request URL.
 
Last edited:
D

d.l.i.w

Member
Aug 24, 2020
35
21
iserver said:
Device: TF300TG
Click to expand...
Click to collapse

Obviously DMClient is specific to each device model. So, the modified DMClient is not compatible with devices other than TF700T.

Is the original firmware for the TF300TG available somewhere? If so, I might be able to create a modified DMClient also for this model, but I can't promise anything.
 
D

Down0038

New member
Sep 17, 2020
2
0
So I am fairly early into this root / unlock of my new tf700t.

I rooted / unlocked my old tf300t at least 8 years ago now.
I recently dusted it off and immediately after getting 7.1.2 installed on it and having it set up just right, stepped on it by accident.
So I bought a tf700t and have been trying to root it for a whole day with out success....

I have successfully upgraded the boot loader from 10.4.4.25 to WW 10.6.1.14.8 and gotten Motochopper to root.

Can you go over the tools and method you used to put the two files from the package into the system/apps folder with he new permissions?
When I try and move the files my go-to rooted file explorer (Ghost commander) refuses to change the permissions or move the files.

Is it possible that GhostCommander and TotalCommander simply don't work with the motochopper version of rooting? or am I missing something more fundamental?
I get that given the age of the tablet I will not be able to unlock with the normal v7 unlocker and b/c Asus are bastards.

What a Deus-ex it was to find a post from only a few weeks ago on the topic.
I love XDA.
 
Last edited:
D

d.l.i.w

Member
Aug 24, 2020
35
21
Down0038 said:
Can you go over the tools and method you used to put the two files from the package into the system/apps folder with he new permissions?
When I try and move the files my go-to rooted file explorer (Ghost commander) refuses to change the permissions or move the files.

Is it possible that GhostCommander and TotalCommander simply don't work with the motochopper version of rooting? or am I missing something more fundamental?
I get that given the age of the tablet I will not be able to unlock with the normal v7 unlocker and b/c Asus are bastards.
Click to expand...
Click to collapse

Total Commander worked for me just fine. It asked if the system partition should be mounted writable and then copied the files. The same with setting permissions.
I used KingoRoot, because Motochopper does not work on the latest firmware, but this shouldn't make any difference. You could try to copy the files via adb shell.

I was quite surprised that the Asus servers are still running and functional. The only issue is that the original unlock app does not trust the new server certificates.
 
M

mak8tack

Member
Mar 31, 2013
22
7
Thanks for this work! Dusted off an old TF700T, but I'm unable to unlock, with the following logs (grepped for unlock):
Code: 
I/ActivityManager(  520): START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.asus.unlock/.EulaActivity} from pid 835
I/ActivityManager(  520): Start proc com.asus.unlock for activity com.asus.unlock/.EulaActivity: pid=1715 uid=1000 gids={41000, 3003, 1015, 1028, 3002, 3001, 1006, 3007}
I/ActivityManager(  520): START u0 {cmp=com.asus.unlock/.UnLockActivity} from pid 1715
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
I/ActivityManager(  520): START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.asus.unlock/.EulaActivity} from pid 835
I/UnLockActivity( 1715): ============= UnLockActivity  onStart =======================
I/UnLockActivity( 1715): ============= UnLockActivity  onResume =======================
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105

I fear I have one of those TF700's that doesn't have a valid serial number, so it can't unlock?
 
D

d.l.i.w

Member
Aug 24, 2020
35
21
For me unlock worked, although the Asus website did not recognize the serial number when I tried to register my device.

I don't know what the response 105 means, but this does not necessarily mean an error. It could be that the modified DMClient was not installed correctly.
Which firmware version do you have? Did you do a factory reset before?
 
M

mak8tack

Member
Mar 31, 2013
22
7
d.l.i.w said:
For me unlock worked, although the Asus website did not recognize the serial number when I tried to register my device.

I don't know what the response 105 means, but this does not necessarily mean an error. It could be that the modified DMClient was not installed correctly.
Which firmware version do you have? Did you do a factory reset before?
Click to expand...
Click to collapse

Yes, I factory reset before installing. I had rooted with Kingo Root / Superuser, but had to root via ADB, because I couldn't download and run the apk directly on the tablet after the factory reset. I did allow it to install all the associated root utilities/apps. I used a console/terminal app called "Material Terminal" (by Yaroslav Shevchuk) installed by the play store to su, mv the DMClient and Unlock_App_v7 apk files to /system/app and chmod 0644 them... every reboot shows it "Optimizing the app".

I have Android v 4.2.1 Kernel version 3.1.10-gb1a9af5 dated Aug 1 2013

I'll probably try doing another factory reset, root, and install again just to be sure.
 
S

solo786

Member
May 10, 2010
21
3
Réunion
Does someone have a correct version of Kingoroot apk that does work for ICS tf700t please :fingers-crossed:? I tried all i've found it doesnt work
EDIT: Found it

The tutorials works!!! Thank you very much :)))
TF700T 4.2.1 - 10.6.1.14.10-20130801
 
Last edited:
You must log in or register to reply here.

Similar threads

rickymh19
ASUS TF700T unlock and root JB 4.2.1 stock
Replies
598
Views
321K
A
amcferrin90
workdowg
Kexecboot on the TF700t(TF700t-AKBI v2.6.8)
Replies
1K
Views
300K
gardiol
gardiol
dasunsrule32
[ROM][4.4.4][OFFICIAL] CyanogenMod 11.0 Nightlies
Replies
3K
Views
682K
oF2pks
oF2pks
Dees_Troy
[RECOVERY][TF700T] TWRP 3.1.1-0 touch recovery [2017-05-19]
Replies
680
Views
261K
R
RADiuMOz
Pretoriano80
[How-To] All-In-One Guide For Asus Infinity (TF700) [25/03/2013]
Replies
480
Views
334K
berndblb
berndblb

Top Liked Posts

24 Hours 30 Days All time
  • There are no posts matching your filters.
  • 1
    resetLetki
    resetLetki
    I finally managed to unlock my TF300TG.
    The issue was I was following this guide and installed the version suggested, which is the latest version for TF300T. Apart from other issues, the Unlock App did not go through correctly and I just received the '105' responses from ASUS servers.
    What I did to fix the issue was this:
    1. I have created an account for ASUS support and registered the device using the serial number. Just make sure that it is registered, it does not matter which account it is registered to. If you can successfully register it, that's great. If it says something like 'device already registered', this should also be okay. Key here is that ASUS is "familiar" with the device serial.
    2. I updated the tablet to the latest official firmware corresponding to my SKU (WW). I downloaded this from the ASUS support page (10.6.2.10 WW)
    3. Downloaded the modified DMClient for TF300TG, as well as the UnlockApp for TF700T and TF701T from this thread (I tried both, can't remember which one worked in the end but I think it was the 700 one.
    4. Followed the guide like usual (root, install ESFileExplorer)
    5. Moved DMClient and UnlockApp .apks to the system apps folder, adjusted permissions to rw-r--r--.
    6. Deleted/Renamed the DMClient.odex file
    7. Restarted the device
    8. configure Proxy / mitmproxy (v. 7.0.0), installed mitmproxy Android cert
    Now.,after being on the correct firmware for the device, I got a different response code from the server after the initial GET request (response='0') following a POST request from the device (response had device details and "error" in it somewhere), but this time a new error appeared on the device (see post from @Mitrich.skype on p.16) "Failed to unlock device, please try again later.".
    I tried installing three different UnlockApp apks as system apps, the ones from this thread, as well as from the TF300T guide.

    I finally got to unlock it after this sequence of actions:
    1. delete DMClient.apk (and DMClient.odex) from system apps folder
    2. restart Device
    3. moved the same DMClient.apk to system apps and adjusted permissions to rw-r--r--
    4. restarted Device
    5. Opened Unlock App, clicked the button, Device is restarting -> Device is now unlocked!!!
    So in my case, the biggest issue was that I was being on a wrong firmware alltogether, making the request to ASUS servers fail. I realized this only when I was moving and trying out different modified DMClient.apks (for TF300T and TG and 700T...) in ESFileExplorer, and the version number for the TF300TG did not match the one on my device. If you click on the .apk in ESFileExplorer, it will show the version number of the app below the name I believe (for TF300TF it was the same as the latest firmware, excluding the SKU: 10.6.2.10). So make sure you have the latest firmware installed, as well as use the correct modified DMClient.apk.
    View
  • 12
    D
    d.l.i.w
    UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.


    I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with ;)

    So here are the instructions:
    1. The device must be rooted. KingoRoot (the app) worked for me.

    2. Download the unlock bundle from the link below. I didn't find a way to directly attach files here.

    3. Copy both apks to /system/app, change the permission to 0644
      For this, a remount of the system partition may be needed:
      mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

      DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
      The modified unlock app cannot be installed like any other and must be installed that way

    4. Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.

    5. Use the unlock app. Google account does not matter.

    Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.

    I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
    The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.


    In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:

    Bricked my Asus TF300T? Manual JB update

    First, my device failed to get the OTA Update...
    android.stackexchange.com android.stackexchange.com
    (thanks @DieAbrissbirne)


    Download links

    Unlock app     and DMClient for TF700T
    https://leo.pfweb.eu/dl/OaKdx
    • WW_epad-10.6.1.14.10
    • JOP40D.US_epad-10.6.1.14.10-20130801

    DMClient for TF300T
    https://leo.pfweb.eu/dl/vUHnp

    DMClient for TF300TG
    https://leo.pfweb.eu/dl/xphHy


    DMClient for TF201
    https://leo.pfweb.eu/dl/pKvEA
    • WW_epad_10.4.2.17

    ---------------------------------------------------------------------

    Unlock app and DMClient for TF701T
    https://leo.pfweb.eu/dl/2AcpB

    DMClient for ME301T (also seems to work for ME302KL)
    https://leo.pfweb.eu/dl/uiJPN
    View
    9
    G
    GloGlorius
    Hello everyone!
    On our local forum, we came up with this option.
    I think you already know how to install the unlocker and how to prepare the tablet.
    I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
    Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
    vb_Screenshot_10.png

    vb_Screenshot_11.png

    vb_Screenshot_12.png

    vb_Screenshot_13.png
    Screenshot_1.png

    Screenshot_2.png

    Screenshot_3.png

    We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
    Open a terminal and enter the mitmweb command, press enter:
    Screenshot_4.png

    Screenshot_5.png

    Firefox will open and try to load the web terminal without success. Close your browser.
    Open again and go to 127.0.0.1:8081:
    Screenshot_7.png

    The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
    Screenshot_8.png

    In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
    Screenshot_9.png

    Open any site in the browser - in the terminal you will see the logs.
    1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
    2. Go to the WiFi settings, clamp your network, select Change network.
    3. In advanced settings Proxy server -> Manual.
    4. Hostname - your recorded IP address of the virtual machine, port 8080.
    5. Save.
    6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
    7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
    8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
    9. Launch the unblocker and try it.
    P.S. The time is set to GMT on the proxy server, you may need to set it to local.
    Superuser login: mitm
    Password: mitmvb

    UPD:     It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
    View
    7
    G
    GloGlorius
    Hey!
    I unlocked my Me302kl today via mitmproxy with standard settings. Later I will write how I did it.
    P.S. Sorry for my English :giggle:
    View
    5
    maisomenos
    maisomenos
    After haveing some troubles I managed to unlock the bootloader on my TF201. I am going to post the full procedure that worked for me in case anyone needs it.

    You are going to need:
    -DMClient.apk for TF201 (download from the original poster link)
    -Unlocker_app_v7_update.apk for TF700T (download from original poster link)
    -KingoRoot.apk 4.4.3 (can download here https://kingo-root.en.uptodown.com/android/download/1804910)
    -EsExplorer.apk (this version is compatible with android 4 https://www.apkmirror.com/apk/es-gl...s-file-explorer-4-0-4-2-android-apk-download/)
    -MitMproxy (I used the one for windows).

    Prerequisite:
    -Update the tablet to the latest availablle version V10.4.2.18 (Android 4.1)
    -Uninstall any Unlock_app previously installed. (you may consider doing a factory reset just to be sure)

    1) install kingoroot, open it and root the tablet.

    2) install EsExplorer, open it, click on the 3 lines on the up-left, expand the "tools" section end enable "root explorer". When asked for root permission click "allow".

    3) on EsExplorer:
    1. copy the DMClient.apk inside /system/app (click on replace when asked).
    2. copy the Unlocker_app_v7_update.apk inside /system/app as well.
    3. rename the file "DMClient.odex" in /system/app to "old_DMClient.odex".
    4. change permisson of DMClient.apk AND Unlocker_app_v7_update.apk. This is done by long pressing the apk -> click on "more" -> "properties" -> Permissions "Change" -> check "read" and "write" for owner. check "read" for group and other. uncheck the rest.
    4) restart the tablet. (this willl automatically install the unlocker app).

    5) setup mitmproxy as explained here https://forum.xda-developers.com/t/howto-unlock-tf700t-in-2020.4157143/post-85097463 . Mitmproxy can be setup the same way on windows (without using VB). Additionaly on the "Edit options" uncheck "block_global" option. Be sure to also check "ssl-insecure" as it is a critical option.
    If done without VB remember to set the pc ip as the "hostname" (step 4 of "Setting up your tablet"). To get the pc ip run "ipconfig" on windows powershell.

    6) open the unlocker app and unlock the device.
    View
    3
    G
    GloGlorius
    Arsenick said:
    Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
    Click to expand...
    Click to collapse
    My story.
    I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

    But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

    In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

    The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

    I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    I launched the unlocker and everything worked right away.

    If anyone needs details on preparing a proxy server, I am ready to describe my experience.
    View

New posts