[HOWTO] Unlock TF700T in 2020

Search This thread

dhumerez

New member
Oct 11, 2017
2
0
Everything works fine, but when trying to use the unlock tool it doesn't pewmrite it. and the network or connection eeror continues to come out ,,, It seems that we have no help
 

dhumerez

New member
Oct 11, 2017
2
0
do all the steps, and everything is fine, but when executing the unlock, a connection error appears, I don't know how to get out of that problem, I don't know how to unlock the bootloader of this TF700 tablet
 

d.l.i.w

Member
Aug 24, 2020
35
16
Apparently, Asus has updated the servers and older protocols are no longer supported. See

I think there are two possible solutions:
  1. Change the apps and the firmware to support at least TLS 1.2. This is not an easy task.
  2. Use a MITM setup to downgrade the connection to an older SSL version for the unlock. Something like this:

    The certificate won't cause problems as the verification is deactivated in the modified versions.
    This is probably the more realistic way to go.
 
  • Like
Reactions: Eliazeno

Nox17

New member
Nov 11, 2011
3
0
Kish
@d.l.i.w Thanks a lot for having a look.

I also thought of trying to run some MITM setup. Just did not have the time yet. I was also wondering if it could have been that ASUS updated their certificates, but good to know the modified version ignores that.

@Arsenick A bit of a late reply, but I did check on my tablet and indeed with the stock browser I can't access the asus page. Chrome works, and there TLS 1.2 is used. On my PC chrome uses TLS 1.3. So just like d.l.i.w pointed out Asus does not support older versions anymore.

On the weekend I will try to do a test for a MITM setup, see if that works. If anyone has any success, let me know!

Cheers.
 
@d.l.i.w Thanks a lot for having a look.

I also thought of trying to run some MITM setup. Just did not have the time yet. I was also wondering if it could have been that ASUS updated their certificates, but good to know the modified version ignores that.

@Arsenick A bit of a late reply, but I did check on my tablet and indeed with the stock browser I can't access the asus page. Chrome works, and there TLS 1.2 is used. On my PC chrome uses TLS 1.3. So just like d.l.i.w pointed out Asus does not support older versions anymore.

On the weekend I will try to do a test for a MITM setup, see if that works. If anyone has any success, let me know!

Cheers.
Let us know how it goes with the mitm, not to discourage you but I'm on my third day on this track using mitmproxy and so far I just confirmed Asus did certificate pinning in their stuff so wathever I tried, there's problem :p As far as I know, mitmproxy should be the right tool for this like described here. As you'll see in the next error, SNI is not set by our device, so I had to force insecure mode, which seems to fail because of the cert pinning..

mitmproxy config:
mode: transparent
showhost: true
ssl_insecure: false

Code:
192.168.8.197:57514: clientconnect
192.168.8.197:57514: Cannot establish TLS with 123.51.152.19:443 (sni: None): TlsException('Cannot validate certificate hostname without SNI')
192.168.8.197:57514: clientdisconnect
-----
mitmproxy config:
mode: transparent
showhost: true
ssl_insecure: true

Code:
:ffff:192.168.8.197:37327: Certificate verification error for None: ("hostname 'no-hostname' doesn't match either of '*.asus.com', 'asus.com'",)
::ffff:192.168.XXXXXX:37327: Ignoring server verification error, continuing with connection
192.168.XXXXXX:37327: Client Handshake failed. The client may not trust the proxy's certificate for ('123.51.152.19', 443).


@d.l.i.w the hack you did seems to workaround the original certificate pinning issue, how did you do that ? Any idea why it would not work right now with mitmproxy ?

So far I've tried:
- Restore latest tf201 ww firmware, no root no modification to dmclient, multiple mitmproxy setup, user trusted key, added key directly to the system cacert to no avail
- Tried the original hack + mitmproxy in regular and transparent mode, with and without ssl_insecure enabled, same result

Thei weirdest part is using the stock browser, I get the same error when I try to visit https://badssl.com so there's no certificate pinning on this... I'm a bit lost

they replied to my ticket today, saying how to enable TLS 1.2 on Android by installing Chrome and enabling in the option, so I tried to stay polite with my reply and started from scratch with the detail of the problem... It's not gonna be easy, I have to pass thru the 1st and probably second level of helpdesk to get an engineer who will understand what I'm saying but let's not forget those devices are almost 10years old so they'll probably throw the towel wayyy before... Let's have some hope. Maybe you guy's can open support issue too so they might see there's more people with this problem.

Just tried to bypass the pinning with Justtrustme, Android-SSL-TrustKiller and SSLUnpinning to no avail.

I've extracted the apk and looking at the smali code, I'm in unknown land!
 
Last edited:
  • Like
Reactions: Eliazeno

d.l.i.w

Member
Aug 24, 2020
35
16
@d.l.i.w the hack you did seems to workaround the original certificate pinning issue, how did you do that ? Any idea why it would not work right now with mitmproxy ?
See https://forum.xda-developers.com/t/howto-unlock-tf700t-in-2020.4157143/post-84819987
This is the minimal amount of changes you need to make.

As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.
 
See https://forum.xda-developers.com/t/howto-unlock-tf700t-in-2020.4157143/post-84819987
This is the minimal amount of changes you need to make.

As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.

Thanks a lot for taking time to help again! I already tried those step with mitmproxy. I cleared user data + reinstalled a fresh firmware from bootstrap and I realized in the dalvik cache there was this file "/data/dalvik-cache/[email protected]@[email protected]" which is your apk installed in my previous attempts...

So I'm a bit confused and I'm starting to question myself on the different tests I've done.. I've always though deleting user data+ firmware reinstall started with a fresh system but it doesn't look like that, which could explain all the problem I'm having with certificate in webview and the default browser...

I should be doing something wrong when I reinstall, I need to do this corectly before trying anything else, any suggestion anyone ? How can I restore my tf201 reinstalling firmware but be sure nothing I could have changed, files, folders, permissions etc.. has been left behind ?

For others you can try to follow this post: https://forum.xda-developers.com/t/...al-fix-mine-is-unlocked.1764917/post-71796522 The unlock tool in this repo is what have almost worked for me today, I'm stuck with ssl error but with this package it crashed later in the process so something's working in there, maybe I'm the only one with my exact issue, let me know if this work. Seems our problem can come not only from asus server but maybe rma/sn problems, therE's details in the thread about sdcard too, I'm just too tired and stubborn to let my tf201 die so close but I'm starting to loose faith!
 
  • Like
Reactions: erictmc

UK_Mike

New member
May 20, 2021
1
0
so the method from the original post didn't work for me - i couldn't remount `/system` as rw, the tablet kept crashing after that.
so i came up with a workaround that should work on all tablets (but if you **** up your tablet with this, don't blame me. it *shouldn't* **** anything up, but i'm not 100% sure about that. make backups of all the files you modify)

first you need root, even temporary root will work. i used https://github.com/timwr/CVE-2016-5195, because i don't trust kingoroot, but kingoroot would probably also work just fine

also, you need to have launched the v8 unlock app at least once.

copy over /data/app/[email protected] and /system/app/DMClient.odex to your pc - you'll need to patch both of those.
open them in a hex editor, and search for "https". depending on the file, you'll find one of those (the offsets might be different):
Code:
in classes.dex
00008220: 7000 0568 7474 7073 0014 6874 7470 733a  p..https..https:
00008230: 2f2f 6d64 6d2e 6173 7573 2e63 6f6d 002b  //mdm.asus.com.+

in DMClient.odex
00058cd0: 616d 7300 0568 7474 7073 0008 6874 7470  ams..https..http
00058ce0: 733a 2f2f 0002 6875 0006 6877 5f76 6572  s://..hu..hw_ver
replace the first "https" in both files with some other text.

if you're curious about what this does: the function which adds the asus' ssl certificates has a check if the url begins with "https". you are replacing the string it compares against with garbage, so it always fails and never adds the certs. it's the same one which d.l.i.w used for their DMCLients

now you need to make /system/app writeable. as i've said, i couldn't just remount /system as rw, so i came up with this workaround (enter those commands as root on the device):
Code:
mount -o remount,rw /
mkdir /tmp
mount -t tmpfs tmpfs /tmp
cp -v /system/app/* /tmp
mount -t tmpfs tmpfs /system/app
cp -v /tmp/* /system/app
umount /tmp

after that just put both of those files back. relaunch the unlock app, and hopefully it will work. it took me a few tries to get it to work, though
Hi dzwdz - I've read and tried just about everything on this forum to unlock the bootloder on my TF300T without success. I would like to try your method but I have no idea how to use the code you refer to on github to temporarily root the device. Would be great if you could provide guidance on this part of the process.
 
Hi dzwdz - I've read and tried just about everything on this forum to unlock the bootloder on my TF300T without success. I would like to try your method but I have no idea how to use the code you refer to on github to temporarily root the device. Would be great if you could provide guidance on this part of the process.
FYI I tried this method too and what it does is similar to the unlock tool provided by OP. Sadly It didn't work for me. I'm sure it worked before Asus disabled the support for <TLS1.2. From what I see for both method to work we need to have something like a mitmproxy to handle the connection with assus server using TLS1.2 ans talk with the asus tablet with <TLS1.1 or ssl. It should work but as far as I can say it didn't worked here...

I was trilled to make this work but, **** I've put way too many hours on that and I'm out of solution to try..
 

charlieboy999

Member
  • Dec 13, 2011
    21
    3
    FYI I tried this method too and what it does is similar to the unlock tool provided by OP. Sadly It didn't work for me. I'm sure it worked before Asus disabled the support for <TLS1.2. From what I see for both method to work we need to have something like a mitmproxy to handle the connection with assus server using TLS1.2 ans talk with the asus tablet with <TLS1.1 or ssl. It should work but as far as I can say it didn't worked here...

    I was trilled to make this work but, **** I've put way too many hours on that and I'm out of solution to try..
    First of all, thanks to @d.l.i.w for their hard work and for having managed this thread for the past 8 months.

    Today, I scored a TF300T for just 70€ - I thought it would be ideal for my needs after having heard that it could be updated to KitKat. However, I've spent the day pulling my remaining hair out on this step. I should have perhaps checked this thread a little more before making my purchase!

    I also followed the steps just as described and I'm confident that I did it right (rooted, deleted the old DMClient files, replaced with the one and the unlocker, provided 644 permissions, and rebooted). However, I'm running into the dreaded "... network connection issue. Please try again later" message.

    I think that the certificate is the problem as both you and @Nox17 are experiencing. Unfortunately, my technical skills are a little low and I wish I could contribute to finding a fix. Nevertheless, I'd love to help where I can. Not that I mind Jellybean but it doesn't seem to run Google Docs and since I got the thing just for writing, that's a bit of an issue!
     
    Last edited:

    GloGlorius

    Member
    May 27, 2021
    14
    19
    Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
    My story.
    I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

    But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

    In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

    The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

    I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    I launched the unlocker and everything worked right away.

    If anyone needs details on preparing a proxy server, I am ready to describe my experience.
     

    Attachments

    • UnLock_for_ME302KL.zip
      754.7 KB · Views: 19

    Levin)

    New member
    May 27, 2021
    3
    2
    My story.
    I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

    But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

    In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

    The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

    I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    I launched the unlocker and everything worked right away.

    If anyone needs details on preparing a proxy server, I am ready to describe my experience.
    does it mean that TF300TG will also get unlock tool in near future?
     

    Top Liked Posts

    • There are no posts matching your filters.
    • 7
      Hey!
      I unlocked my Me302kl today via mitmproxy with standard settings. Later I will write how I did it.
      P.S. Sorry for my English :giggle:
      5
      Hello everyone!
      On our local forum, we came up with this option.
      I think you already know how to install the unlocker and how to prepare the tablet.
      I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
      Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
      vb_Screenshot_10.png

      vb_Screenshot_11.png

      vb_Screenshot_12.png

      vb_Screenshot_13.png
      Screenshot_1.png

      Screenshot_2.png

      Screenshot_3.png

      We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
      Open a terminal and enter the mitmweb command, press enter:
      Screenshot_4.png

      Screenshot_5.png

      Firefox will open and try to load the web terminal without success. Close your browser.
      Open again and go to 127.0.0.1:8081:
      Screenshot_7.png

      The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
      Screenshot_8.png

      In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
      Screenshot_9.png

      Open any site in the browser - in the terminal you will see the logs.
      1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
      2. Go to the WiFi settings, clamp your network, select Change network.
      3. In advanced settings Proxy server -> Manual.
      4. Hostname - your recorded IP address of the virtual machine, port 8080.
      5. Save.
      6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
      7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
      8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
      9. Launch the unblocker and try it.
      P.S. The time is set to GMT on the proxy server, you may need to set it to local.
      Superuser login: mitm
      Password: mitmvb

      UPD:
      It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
      3
      Hey!
      I unlocked my Me302kl today via mitmproxy with standard settings. Later I will write how I did it.
      P.S. Sorry for my English :giggle:
      Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
      3
      Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
      My story.
      I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

      But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

      In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

      The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

      I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

      I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

      I launched the unlocker and everything worked right away.

      If anyone needs details on preparing a proxy server, I am ready to describe my experience.
      3
      As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.

      I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

      I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

      Oh yes. Certificate pinning is disabled, but the certificate itself is still checked. I forgot that I indeed had to add the MITM certificate to the system certificates.

      If I read (and reconstruct) my notes correctly, this is what I did (Linux):

      1. Install mitmproxy in venv
      Bash:
      python3 -m venv mitmproxy
      source mitmproxy-env/bin/activate
      
      pip install --upgrade pip setuptools
      pip install mitmproxy

      2. Start WIFI-Hotspot
      Bash:
      nmcli dev wifi hotspot ifname wlan0 ssid test password "12345678"

      3. Configure iptables for wlan0
      Bash:
      sysctl -w net.ipv4.ip_forward=1
      sysctl -w net.ipv6.conf.all.forwarding=1
      sysctl -w net.ipv4.conf.all.send_redirects=0
      
      iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
      iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
      iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
      
      iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
      iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
      ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
      ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
      See https://docs.mitmproxy.org/stable/howto-transparent/

      4. Start mitmproxy
      Bash:
      mitmweb --mode transparent

      This procedure does not require setting the proxy on the tablet. At the time, I did not change any mitmproxy settings. The changes to the server now probably require ssl_insecure as mentioned by @GloGlorius .
    • 8
      UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.


      I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with ;)

      So here are the instructions:
      1. The device must be rooted. KingoRoot (the app) worked for me.

      2. Download the unlock bundle from the link below. I didn't find a way to directly attach files here.

      3. Copy both apks to /system/app, change the permission to 0644
        For this, a remount of the system partition may be needed:
        mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

        DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
        The modified unlock app cannot be installed like any other and must be installed that way

      4. Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.

      5. Use the unlock app. Google account does not matter.

      Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.

      I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
      The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.


      In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:

      (thanks @DieAbrissbirne)


      Download links

      Unlock app
      and DMClient for TF700T
      https://leo.pfweb.eu/dl/OaKdx
      • WW_epad-10.6.1.14.10
      • JOP40D.US_epad-10.6.1.14.10-20130801

      DMClient for TF300T
      https://leo.pfweb.eu/dl/vUHnp

      DMClient for TF300TG
      https://leo.pfweb.eu/dl/xphHy


      DMClient for TF201
      https://leo.pfweb.eu/dl/pKvEA
      • WW_epad_10.4.2.17

      ---------------------------------------------------------------------

      Unlock app and DMClient for TF701T
      https://leo.pfweb.eu/dl/2AcpB

      DMClient for ME301T (also seems to work for ME302KL)
      https://leo.pfweb.eu/dl/uiJPN
      7
      Hey!
      I unlocked my Me302kl today via mitmproxy with standard settings. Later I will write how I did it.
      P.S. Sorry for my English :giggle:
      5
      Hello everyone!
      On our local forum, we came up with this option.
      I think you already know how to install the unlocker and how to prepare the tablet.
      I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
      Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
      vb_Screenshot_10.png

      vb_Screenshot_11.png

      vb_Screenshot_12.png

      vb_Screenshot_13.png
      Screenshot_1.png

      Screenshot_2.png

      Screenshot_3.png

      We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
      Open a terminal and enter the mitmweb command, press enter:
      Screenshot_4.png

      Screenshot_5.png

      Firefox will open and try to load the web terminal without success. Close your browser.
      Open again and go to 127.0.0.1:8081:
      Screenshot_7.png

      The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
      Screenshot_8.png

      In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
      Screenshot_9.png

      Open any site in the browser - in the terminal you will see the logs.
      1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
      2. Go to the WiFi settings, clamp your network, select Change network.
      3. In advanced settings Proxy server -> Manual.
      4. Hostname - your recorded IP address of the virtual machine, port 8080.
      5. Save.
      6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
      7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
      8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
      9. Launch the unblocker and try it.
      P.S. The time is set to GMT on the proxy server, you may need to set it to local.
      Superuser login: mitm
      Password: mitmvb

      UPD:
      It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
      3
      Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
      My story.
      I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

      But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

      In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

      The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

      I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

      I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

      I launched the unlocker and everything worked right away.

      If anyone needs details on preparing a proxy server, I am ready to describe my experience.
      3
      As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.

      I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

      I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

      Oh yes. Certificate pinning is disabled, but the certificate itself is still checked. I forgot that I indeed had to add the MITM certificate to the system certificates.

      If I read (and reconstruct) my notes correctly, this is what I did (Linux):

      1. Install mitmproxy in venv
      Bash:
      python3 -m venv mitmproxy
      source mitmproxy-env/bin/activate
      
      pip install --upgrade pip setuptools
      pip install mitmproxy

      2. Start WIFI-Hotspot
      Bash:
      nmcli dev wifi hotspot ifname wlan0 ssid test password "12345678"

      3. Configure iptables for wlan0
      Bash:
      sysctl -w net.ipv4.ip_forward=1
      sysctl -w net.ipv6.conf.all.forwarding=1
      sysctl -w net.ipv4.conf.all.send_redirects=0
      
      iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
      iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
      iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
      
      iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
      iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
      ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
      ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
      See https://docs.mitmproxy.org/stable/howto-transparent/

      4. Start mitmproxy
      Bash:
      mitmweb --mode transparent

      This procedure does not require setting the proxy on the tablet. At the time, I did not change any mitmproxy settings. The changes to the server now probably require ssl_insecure as mentioned by @GloGlorius .