• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[HOWTO] Unlock TF700T in 2020

Search This thread

svarog_cs

New member
Sep 27, 2010
3
0
After haveing some troubles I managed to unlock the bootloader on my TF201. I am going to post the full procedure that worked for me in case anyone needs it.

You are going to need:
-DMClient.apk for TF201 (download from the original poster link)
-Unlocker_app_v7_update.apk for TF700T (download from original poster link)
-KingoRoot.apk 4.4.3 (can download here https://kingo-root.en.uptodown.com/android/download/1804910)
-EsExplorer.apk (this version is compatible with android 4 https://www.apkmirror.com/apk/es-gl...s-file-explorer-4-0-4-2-android-apk-download/)
-MitMproxy (I used the one for windows).

Prerequisite:
-Update the tablet to the latest availablle version V10.4.2.18 (Android 4.1)
-Uninstall any Unlock_app previously installed. (you may consider doing a factory reset just to be sure)

1) install kingoroot, open it and root the tablet.

2) install EsExplorer, open it, click on the 3 lines on the up-left, expand the "tools" section end enable "root explorer". When asked for root permission click "allow".

3) on EsExplorer:
  1. copy the DMClient.apk inside /system/app (click on replace when asked).
  2. copy the Unlocker_app_v7_update.apk inside /system/app as well.
  3. rename the file "DMClient.odex" in /system/app to "old_DMClient.odex".
  4. change permisson of DMClient.apk AND Unlocker_app_v7_update.apk. This is done by long pressing the apk -> click on "more" -> "properties" -> Permissions "Change" -> check "read" and "write" for owner. check "read" for group and other. uncheck the rest.
4) restart the tablet. (this willl automatically install the unlocker app).

5) setup mitmproxy as explained here https://forum.xda-developers.com/t/howto-unlock-tf700t-in-2020.4157143/post-85097463 . Mitmproxy can be setup the same way on windows (without using VB). Additionaly on the "Edit options" uncheck "block_global" option. Be sure to also check "ssl-insecure" as it is a critical option.
If done without VB remember to set the pc ip as the "hostname" (step 4 of "Setting up your tablet"). To get the pc ip run "ipconfig" on windows powershell.

6) open the unlocker app and unlock the device.
HI! I am trying to unlock bootloader on tf201, but I am stuck on the 4th step. I copied 2 files into /system/app, changed permission , and restart tab, but no new application is installed. What i am doing wrong?
Thanks
 

Attachments

  • IMG_20210830_231523.jpg
    IMG_20210830_231523.jpg
    5.4 MB · Views: 41

Nox17

New member
Nov 11, 2011
4
0
Kish
I just came to say I managed to unlock my device as well! Finally! Thank you a lot @d.l.iw and @gloglorious.

Model: TF700T
Android: 4.2.1
Build: JOP40D.US-epad-10.6.1.14.10-20130801

I used the files as provided by @d.l.i.w on the first post of this thread and then I followed the instructions as provided by @GloGlorius in this post. Only difference is that I did not use the VB image he provided I just ran mitmproxy web in my windows machine, then I connected my tablet to the same network and setup the proxy settings on the tablet manually.

Some advice I would give, after I made a couple of mistakes is:

Make sure the mitmproxy certificate is already part of the system certificates (not the user certificates) before you copy/install the DMclient and the unlock app. If you installed the certificate by going to the mitm.it site from your device then it will be installed in the user certificates folder (data/misc/keycerts). You can just go to that location and copy the certificate file to the system certificates folder (system/etc/security/cacerts). You need root to do this, and make sure you restart your device after copying the file.

Another tip make sure in mitmproxy the following settings are in place: block_global = false, showhost = true, ssl-insecure = true.

And that's it, copy the DMclient and unlocker app. Just follow the instructions others have posted in this thread.
 

yahoo_1999

New member
Apr 21, 2015
2
0
Apple iPhone 12
Hey guys!

I am trying to unlock my TF300TG, running android 4.2.1 build JOP40D.WW_epad-10.6.2.11-20131213. It's rooted with kingoroot, both DMEClient and unlock app moved to /system/app. I tried MITMweb proxy installed both on linux and Windows trying out multiple configuration yet it stills fails to unlock.

Looking at mitmweb log I assume everything is working fine:

Code:
192.168.1.16:55901: server connect mdm.asus.com:443 (123.51.152.19:443)
192.168.1.16:55901: client disconnect
192.168.1.16:55901: server disconnect mdm.asus.com:443 (123.51.152.19:443)
192.168.1.16:41998: client connect
192.168.1.16:41998: server connect mdm.asus.com:443 (123.51.152.19:443)
192.168.1.16:41998: client disconnect
192.168.1.16:41998: server disconnect mdm.asus.com:443 (123.51.152.19:443)
192.168.1.16:37671: client connect
192.168.1.16:37671: server connect mdm.asus.com:443 (123.51.152.19:443)
192.168.1.16:37671: client disconnect
192.168.1.16:37671: server disconnect mdm.asus.com:443 (123.51.152.19:443)

Connections are going through with no errors. Is this the moment where I should try reaching out to Asus to check if there's something wrong in their database or am I doing something wrong? I got this tablet from my father but I'm 99,99% positive it is not a refurbished one and has never been serviced. What should be my next steps trying to unlock it?
 

rmcq

Member
Sep 13, 2021
12
2
Hi. I'm trying to unlock an old TF201, and got as far as downloading (and apparently installing) the certificate for Android.
However, upon downloading the certificate, all it does is request a new name, but does not shows a window for entering a pin code, contrary to the instructions is page 8.

The tablet has version V10.4.2.18 (Android 4.1), but the certificate in mitm.it mentioned Android +10, and I can't seem to find any other version of the certificate.

Any help would be greatly appreciated.
 

rmcq

Member
Sep 13, 2021
12
2
From what I have noticed in my few tries of doing it, the code is cached so if you entered it recently you won't be asked for it again until some time passes and it installs just fine.

Thanks for the reply.
Apparently the certificate is installed under Security | Trusted Credentials | User.
However, trying the unlocker, the same error message of network error appear.
Now that I'm familiar with the procedure, I'll try it again from the beginning.
 

rmcq

Member
Sep 13, 2021
12
2
I've retried twice the process, but i'm still unable to unlock my TF201.
I'vw followed all the steps, with the only difference is that I used VB for Windows.
The certificate shows in the Security | Trusted Credentials | User.
But I always get a Client TLS handshake fail.
Not sure what else I can try :-(

1631724077500.png
 

rmcq

Member
Sep 13, 2021
12
2
Finally got my TF201 unlocked, due to @Stealth75 suggestion from page 11, to use 'Unbounded' in both the TLS_version_clien_min and and tls_version_server_min while using mitmproxy for windows.
Thank you to all who provided inputs and suggestions in this topic.
 
  • Like
Reactions: Stealth75

Stealth75

Member
Feb 22, 2021
32
4
Finally got my TF201 unlocked, due to @Stealth75 suggestion from page 11, to use 'Unbounded' in both the TLS_version_clien_min and and tls_version_server_min while using mitmproxy for windows.
Thank you to all who provided inputs and suggestions in this topic.
Glad to hear! If it wasn't for the super helpful members of this forum my tablet would be back up in the top shelf gathering dust.
 

satfrx

New member
Jul 12, 2014
4
0
Tried to get it going on my tf201 am able to install all apps, remove the odex file, set permissions, run the VM with mitm or mitm in windows, set various options but sill do not get anywhere. I can reach https://asus.com after setting up mitm so I think mitm is working fine. Running the unlock app v7 (update) I still get unknown error.

Mitmweb proxy shows the tf201 reaches out to mdm.asus.com but I keep betting the same error.

Should this still be working?
 

rmcq

Member
Sep 13, 2021
12
2
Tried to get it going on my tf201 am able to install all apps, remove the odex file, set permissions, run the VM with mitm or mitm in windows, set various options but sill do not get anywhere. I can reach https://asus.com after setting up mitm so I think mitm is working fine. Running the unlock app v7 (update) I still get unknown error.

Mitmweb proxy shows the tf201 reaches out to mdm.asus.com but I keep betting the same error.

Should this still be working?

Had the same problem with the unlocker just last week, but setting 'Unbounded' in both the TLS_version_clien_min and and tls_version_server_min while using mitmproxy for windows solved the problem.
 

satfrx

New member
Jul 12, 2014
4
0
Had the same problem with the unlocker just last week, but setting 'Unbounded' in both the TLS_version_clien_min and and tls_version_server_min while using mitmproxy for windows solved the problem.
I'll try the windows version again, I did not even have the chance to open asus.com with the windows version. how did yoy start it? there are a 3 options from the start menu, or did you even add any switches in the commandline.
 

satfrx

New member
Jul 12, 2014
4
0
I'll try the windows version again, I did not even have the chance to open asus.com with the windows version. how did yoy start it? there are a 3 options from the start menu, or did you even add any switches in the commandline.
I have the feeling both VM /linux and windows versions of mitmproxy are runnig fine....
Lools like memeber yahoo-1999 has a similar problem.
I get these lines in eventlog
192.168.1.93:51906: client connect
192.168.1.93:51906: server connect mdm.asus.com:443 (123.51.152.19:443)
192.168.1.93:51906: client disconnect
192.168.1.93:51906: server disconnect mdm.asus.com:443 (123.51.152.19:443)
Also asus.com brings me to https://asus.com pages where they failed to load before. I have the feeling this one just won't work.
 

KI-Shodan

New member
Apr 27, 2013
2
0
Yesterday I was able to unlock my ME302KL (ASUS MeMO Pad FHD 10) after hours of trying and only thanks to this thread.

So I want to say huge thanks to @d.l.i.w , @GloGlorius & @Nox17 .

I used the
  • Unlock app for TF701T & DMClient for ME301T
  • Kingo Root 4.5.4
  • ES File Explorer 4.2.6.2.1
  • VirtualBox mitmproxy Ubuntu image

Problems I ran into (some are really laughable):
  • most current Kingo Root version couldn't be installed with the stock firmware (had to use an older one)
  • installed a different app named ES Explorer from the Play Store (instead of the correct app)
  • wasn't able to copy anything to the /system/app folder despite having granted root access to ES Explorer (had to enable root explorer in the ES Explorer settings)
  • after installing the mitmproxy certificate (as user and system certificate - it was shown in the android settings for both categories) I got the log message "Client TLS handshake failed. The client may not trust the proxy's certificate..." using the Windows version of mitmproxy - no matter what I selected at TLS_version_clien_min and tls_version_server_min (I switched to the VirtualBox mitmproxy Ubuntu image and still don't know why it didn't work with the Windows version)
  • VirtualBox mitmproxy Ubuntu image didn't want to start because of a not working host network adapter and I couldn't save the changed adapter setting because the OK button was grayed out (the reason was an additional message about virtualisation activated for the VM but not available, deactivating virtualisation in the VM settings wasn't possible (OK button still grayed out), I had to activate Virtualisation in the BIOS and I didn't expect the option at the "Security" section of the BIOS)
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Holy barking turtles!!!! I don't know what I did but it FINALLY worked!!!!
    I AM UNLOCKED!
    Man you guys don't know my relief - @Ice_83 , @maisomenos , @GloGlorius @d.l.i.w (feel like I'm at the Oscars here ! :ROFLMAO:) - I'm jumping around the room with excitement. Thank all of you and everyone else who's contributed on here for all of your help and patience!

    For the record, I couldn't get the Ubuntu VB working for me, all I did was, playing around off @Ice_83 's above, went in and changed a couple of the settings on windows. I set tls_version_client_min and tls_version_server_min to Unbounded instead of TLS1_2 and hey presto! All sites were working on my tab!

    View attachment 5379997

    Now to go and see if I can totally brick it flashing a new ROM. :ROFLMAO:

    Thanks again everyone!
    DUDE!! I went on and made an account especially so that I could THANK YOU! Was stuck on the exact same issue like you and @Ice_83, was about to lose all hope. But DAYUM! Changin those tls versions did the trick. I used windows MTM with --ssl-insecure argument.

    You guys are frickin legends. Thanks again :)
  • 9
    UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.


    I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with ;)

    So here are the instructions:
    1. The device must be rooted. KingoRoot (the app) worked for me.

    2. Download the unlock bundle from the link below. I didn't find a way to directly attach files here.

    3. Copy both apks to /system/app, change the permission to 0644
      For this, a remount of the system partition may be needed:
      mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

      DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
      The modified unlock app cannot be installed like any other and must be installed that way

    4. Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.

    5. Use the unlock app. Google account does not matter.

    Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.

    I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
    The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.


    In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:

    (thanks @DieAbrissbirne)


    Download links

    Unlock app
    and DMClient for TF700T
    https://leo.pfweb.eu/dl/OaKdx
    • WW_epad-10.6.1.14.10
    • JOP40D.US_epad-10.6.1.14.10-20130801

    DMClient for TF300T
    https://leo.pfweb.eu/dl/vUHnp

    DMClient for TF300TG
    https://leo.pfweb.eu/dl/xphHy


    DMClient for TF201
    https://leo.pfweb.eu/dl/pKvEA
    • WW_epad_10.4.2.17

    ---------------------------------------------------------------------

    Unlock app and DMClient for TF701T
    https://leo.pfweb.eu/dl/2AcpB

    DMClient for ME301T (also seems to work for ME302KL)
    https://leo.pfweb.eu/dl/uiJPN
    8
    Hello everyone!
    On our local forum, we came up with this option.
    I think you already know how to install the unlocker and how to prepare the tablet.
    I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
    Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
    vb_Screenshot_10.png

    vb_Screenshot_11.png

    vb_Screenshot_12.png

    vb_Screenshot_13.png
    Screenshot_1.png

    Screenshot_2.png

    Screenshot_3.png

    We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
    Open a terminal and enter the mitmweb command, press enter:
    Screenshot_4.png

    Screenshot_5.png

    Firefox will open and try to load the web terminal without success. Close your browser.
    Open again and go to 127.0.0.1:8081:
    Screenshot_7.png

    The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
    Screenshot_8.png

    In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
    Screenshot_9.png

    Open any site in the browser - in the terminal you will see the logs.
    1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
    2. Go to the WiFi settings, clamp your network, select Change network.
    3. In advanced settings Proxy server -> Manual.
    4. Hostname - your recorded IP address of the virtual machine, port 8080.
    5. Save.
    6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
    7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
    8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
    9. Launch the unblocker and try it.
    P.S. The time is set to GMT on the proxy server, you may need to set it to local.
    Superuser login: mitm
    Password: mitmvb

    UPD:
    It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
    7
    Hey!
    I unlocked my Me302kl today via mitmproxy with standard settings. Later I will write how I did it.
    P.S. Sorry for my English :giggle:
    3
    Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
    My story.
    I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

    But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

    In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

    The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

    I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    I launched the unlocker and everything worked right away.

    If anyone needs details on preparing a proxy server, I am ready to describe my experience.
    3
    As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.

    I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    Oh yes. Certificate pinning is disabled, but the certificate itself is still checked. I forgot that I indeed had to add the MITM certificate to the system certificates.

    If I read (and reconstruct) my notes correctly, this is what I did (Linux):

    1. Install mitmproxy in venv
    Bash:
    python3 -m venv mitmproxy
    source mitmproxy-env/bin/activate
    
    pip install --upgrade pip setuptools
    pip install mitmproxy

    2. Start WIFI-Hotspot
    Bash:
    nmcli dev wifi hotspot ifname wlan0 ssid test password "12345678"

    3. Configure iptables for wlan0
    Bash:
    sysctl -w net.ipv4.ip_forward=1
    sysctl -w net.ipv6.conf.all.forwarding=1
    sysctl -w net.ipv4.conf.all.send_redirects=0
    
    iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    
    iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
    ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
    See https://docs.mitmproxy.org/stable/howto-transparent/

    4. Start mitmproxy
    Bash:
    mitmweb --mode transparent

    This procedure does not require setting the proxy on the tablet. At the time, I did not change any mitmproxy settings. The changes to the server now probably require ssl_insecure as mentioned by @GloGlorius .