• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[HOWTO] Unlock TF700T in 2020

Search This thread

charlieboy999

Member
Dec 13, 2011
21
3
If anyone needs details on preparing a proxy server, I am ready to describe my experience
Thanks for sharing your experience! I'm not going to lie, this is all new territory for me. I don't think that I even have an old laptop to install Ubuntu on and, from what I understand, this was necessary as it wouldn't work on Windows? I could always dual boot it on my main Windows laptop, though.

Even with the showhost and ssl_insecure options enabled? I also read the instructions you shared for creating the certificate. I actually saw this a few days ago when I first discovered this thread when trying to learn about mitmproxy! However, I admit that I understood very little of it. Sometimes I feel like I'm biting off more than I can chew! :ROFLMAO:
 

d.l.i.w

Member
Aug 24, 2020
35
17
As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.

I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

Oh yes. Certificate pinning is disabled, but the certificate itself is still checked. I forgot that I indeed had to add the MITM certificate to the system certificates.

If I read (and reconstruct) my notes correctly, this is what I did (Linux):

1. Install mitmproxy in venv
Bash:
python3 -m venv mitmproxy
source mitmproxy-env/bin/activate

pip install --upgrade pip setuptools
pip install mitmproxy

2. Start WIFI-Hotspot
Bash:
nmcli dev wifi hotspot ifname wlan0 ssid test password "12345678"

3. Configure iptables for wlan0
Bash:
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.send_redirects=0

iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
See https://docs.mitmproxy.org/stable/howto-transparent/

4. Start mitmproxy
Bash:
mitmweb --mode transparent

This procedure does not require setting the proxy on the tablet. At the time, I did not change any mitmproxy settings. The changes to the server now probably require ssl_insecure as mentioned by @GloGlorius .
 
Last edited:

GloGlorius

Member
May 27, 2021
14
22
Oh yes. Certificate pinning is disabled, but the certificate itself is still checked. I forgot that I indeed had to add the MITM certificate to the system certificates.

If I read (and reconstruct) my notes correctly, this is what I did (Linux):

1. Install mitmproxy in venv
Bash:
python3 -m venv mitmproxy
source mitmproxy-env/bin/activate

pip install --upgrade pip setuptools
pip install mitmproxy

2. Start WIFI-Hotspot
Bash:
nmcli dev wifi hotspot ifname wlan0 ssid test password "12345678"

3. Configure iptables for wlan0
Bash:
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.send_redirects=0

iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
See https://docs.mitmproxy.org/stable/howto-transparent/

4. Start mitmproxy
Bash:
mitmweb --mode transparent

This procedure does not require setting the proxy on the tablet. At the time, I did not change any mitmproxy settings. The changes to the server now probably require ssl_insecure as mentioned by @GloGlorius .
I am new to this. 3 days ago I didn't even know about mitmproxy :) So I didn't go that far. All this was needed for this case, so I went the simplest way and did not allocate a separate address for the proxy.

WIFI-Hotspot cannot be enabled on all devices. On another forum, someone wrote that their device cannot work in WIFI-Hotspot mode.

Bash:
mitmweb --mode transparent
In my case, in transparent mode, I could not get the result. I left the default "regular" and it worked.
 

GloGlorius

Member
May 27, 2021
14
22
On my local forum, two guys unsubscribed that my method worked for them.

One of them went my way, the other installed Ubuntu on a virtual machine under Windows 7.
 

GloGlorius

Member
May 27, 2021
14
22
does it mean that TF300TG will also get unlock tool in near future?
I think that @GloGlorius said that they used the same unlocker tool originally shared by @d.l.i.w. If it's the DMClient for the TF300TG that you need, @d.l.i.w shared it in the original post.
@Levin) , i agree with @charlieboy999 . Use the correct unlock tool for your tablet.

In our case, mitmproxy acts as an intermediary between the unblocker and the ASUS servers in order to get the unlocked bootloader in the end.
 

d.l.i.w

Member
Aug 24, 2020
35
17
So I didn't go that far. All this was needed for this case, so I went the simplest way and did not allocate a separate address for the proxy.

WIFI-Hotspot cannot be enabled on all devices. On another forum, someone wrote that their device cannot work in WIFI-Hotspot mode.

In my case, in transparent mode, I could not get the result. I left the default "regular" and it worked.
Yes, these are two slightly different approaches.

Either you create a fully transparent proxy and then you don't have to do anything else on the target device other than connecting to the wifi hotspot. Or you just open a proxy port as you did. This also works if the wifi device or driver does not support hotspot mode. In this case you have to enable the proxy setting on the device.

Either way, it still seems possible to unlock the devices. Your approach is certainly a bit easier. Thanks for sharing @GloGlorius (y)
 

GloGlorius

Member
May 27, 2021
14
22
Hello everyone!
On our local forum, we came up with this option.
I think you already know how to install the unlocker and how to prepare the tablet.
I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
vb_Screenshot_10.png

vb_Screenshot_11.png

vb_Screenshot_12.png

vb_Screenshot_13.png
Screenshot_1.png

Screenshot_2.png

Screenshot_3.png

We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
Open a terminal and enter the mitmweb command, press enter:
Screenshot_4.png

Screenshot_5.png

Firefox will open and try to load the web terminal without success. Close your browser.
Open again and go to 127.0.0.1:8081:
Screenshot_7.png

The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
Screenshot_8.png

In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
Screenshot_9.png

Open any site in the browser - in the terminal you will see the logs.
1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
2. Go to the WiFi settings, clamp your network, select Change network.
3. In advanced settings Proxy server -> Manual.
4. Hostname - your recorded IP address of the virtual machine, port 8080.
5. Save.
6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
9. Launch the unblocker and try it.
P.S. The time is set to GMT on the proxy server, you may need to set it to local.
Superuser login: mitm
Password: mitmvb

UPD:
It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
 
Last edited:

Levin)

New member
May 27, 2021
3
2
Hello everyone!
On our local forum, we came up with this option.
I think you already know how to install the unlocker and how to prepare the tablet.
I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
View attachment 5323059
View attachment 5323061
View attachment 5323063
We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
Open a terminal and enter the mitmweb command, press enter:
View attachment 5323065
View attachment 5323067
Firefox will open and try to load the web terminal without success. Close your browser.
Open again and go to 127.0.0.1:8081:
View attachment 5323069
The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
View attachment 5323071
In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
View attachment 5323073
Open any site in the browser - in the terminal you will see the logs.
1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
2. Go to the WiFi settings, clamp your network, select Change network.
3. In advanced settings Proxy server -> Manual.
4. Hostname - your recorded IP address of the virtual machine, port 8080.
5. Save.
6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
9. Launch the unblocker and try it.
P.S. The time is set to GMT on the proxy server, you may need to set it to local.
Superuser login: mitm
Password: mitmvb

IT WORKED!! Successfully Unlocked !!

Thanks a lot for @d.l.i.w for the tool, @GloGlorius for the well-described new method to unlock and @charlieboy999.

My Device : Asus TF300TG - JOP40D.WW_epad-10.6.2.11-20131213
 
IT WORKED!! Successfully Unlocked !!

Thanks a lot for @d.l.i.w for the tool, @GloGlorius for the well-described new method to unlock and @charlieboy999.

My Device : Asus TF300TG - JOP40D.WW_epad-10.6.2.11-20131213
Anyone was successfull with a TF201 ? I'm still getting the exact same error no matter what I tried, mitmproxy transparent or not, modified unlocktool for tf201 shared in the OP, tried the method described few pages before with an hexadecimal editor with no luck too..
 

GloGlorius

Member
May 27, 2021
14
22
Anyone was successfull with a TF201 ? I'm still getting the exact same error no matter what I tried, mitmproxy transparent or not, modified unlocktool for tf201 shared in the OP, tried the method described few pages before with an hexadecimal editor with no luck too..
@Arsenick, your device is Asus TF201 JRO03C.WW_epad_-10.4.2.18-20121122?
Let's do it together, step by step?
 

Eliazeno

Member
Sep 1, 2017
13
0
Hello everyone!
On our local forum, we came up with this option.
I think you already know how to install the unlocker and how to prepare the tablet.
I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
View attachment 5323059
View attachment 5323061
View attachment 5323063
We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
Open a terminal and enter the mitmweb command, press enter:
View attachment 5323065
View attachment 5323067
Firefox will open and try to load the web terminal without success. Close your browser.
Open again and go to 127.0.0.1:8081:
View attachment 5323069
The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
View attachment 5323071
In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
View attachment 5323073
Open any site in the browser - in the terminal you will see the logs.
1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
2. Go to the WiFi settings, clamp your network, select Change network.
3. In advanced settings Proxy server -> Manual.
4. Hostname - your recorded IP address of the virtual machine, port 8080.
5. Save.
6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
9. Launch the unblocker and try it.
P.S. The time is set to GMT on the proxy server, you may need to set it to local.
Superuser login: mitm
Password: mitmvb

UPD:
It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
When I launch the unblocker app I get the usual network error, and in the terminal in Ubuntu i got this:

1622463280101.png
Do you know what am I missing?
 
When I launch the unblocker app I get the usual network error, and in the terminal in Ubuntu i got this:

View attachment 5325269Do you know what am I missing?
@GloGlorius Yes exactly it's a TF201 JRO03C.WW_epad_-10.4.2.18-20121122. We can do it together but honestly I'm sure there's something different with the tf201, I have the the exact same error as @Eliazeno showed here. I tried by installing the certificate by hand in the system folder as you did and I tried by installing in the user certificate and I get the same result.

It's really weird, it looks like the certificate never really get recognised but I can see it in the security/certificate list.. And just to be sure, I installed an old Chrome version and if I open chrome, go to wathever https website I want I see it passing thru mitmproxy and it works, so the certificate IS in place and recognised. But if I used the unlock tool OR the native web browser, it doesn't work... Just as if the browser is using webview and webview doesn't use the certificates in the keystore...

I'm running out of idea :( I tried every setup two or three times, reset the device, clear user config, reinstall with fastboot etc.. Nothing seems to help it...
 

Eliazeno

Member
Sep 1, 2017
13
0
@GloGlorius Yes exactly it's a TF201 JRO03C.WW_epad_-10.4.2.18-20121122. We can do it together but honestly I'm sure there's something different with the tf201, I have the the exact same error as @Eliazeno showed here. I tried by installing the certificate by hand in the system folder as you did and I tried by installing in the user certificate and I get the same result.

It's really weird, it looks like the certificate never really get recognised but I can see it in the security/certificate list.. And just to be sure, I installed an old Chrome version and if I open chrome, go to wathever https website I want I see it passing thru mitmproxy and it works, so the certificate IS in place and recognised. But if I used the unlock tool OR the native web browser, it doesn't work... Just as if the browser is using webview and webview doesn't use the certificates in the keystore...

I'm running out of idea :( I tried every setup two or three times, reset the device, clear user config, reinstall with fastboot etc.. Nothing seems to help it...
I confirm, exactly same situation., native web browser not working, chrome running good.
Mine is TF300T JOP40D.WW_epad-10.6.1.27.5-20130902
 

erictmc

Member
Dec 8, 2020
8
0
Google Nexus 5
OnePlus 3T
I confirm, exactly same situation., native web browser not working, chrome running good.
Mine is TF300T JOP40D.WW_epad-10.6.1.27.5-20130902
I'm in the same situation "network connection error" but native web browser is working, I can access https://www.asus.com
Mine is TF300T JOP40D.WW_epad-10.6.1.27.5-20130902
Running out of idea...waiting for some help...
 

charlieboy999

Member
Dec 13, 2011
21
3
@charlieboy999, you can try without Ubuntu. Mitmproxy for windows also works, two devices were unlocked. The order of actions is important.
Sorry, I didn't read the guide properly and realised that the pack you sent needed VB. Managed to get up to setting the proxy on the tablet. Unfortunately, I don't think that the certificate installs properly as others have said. I still can't access asus.com for example. I'm able to go to mitm.it and download the certificate (it doesn't even ask for the pin that I set and just asks me to name the file) and I get "*proxy name chosen* is installed" but the unlocker still shows the same error as before, sadly.
 

GloGlorius

Member
May 27, 2021
14
22
@Eliazeno, @erictmc

Let's try again)
Restore your tablets to factory settings. Make root if necessary.
There are 3 files in the attached archive: client and unlocker version 8 and TF701. Someone was able to unlock it with version 8, someone with version 701.
We start with version 8. Install the client and unlocker. Reboot your tablet. Write, when this is done, I will suggest another way to connect to mitmproxy.
If that doesn't work with version 8, we'll go back and try with 701.
P.S. There is information that if the tablet was being repaired in a service center, then it will no longer be possible to unlock it.
 

Attachments

  • TF300T.zip
    1.1 MB · Views: 161

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Holy barking turtles!!!! I don't know what I did but it FINALLY worked!!!!
    I AM UNLOCKED!
    Man you guys don't know my relief - @Ice_83 , @maisomenos , @GloGlorius @d.l.i.w (feel like I'm at the Oscars here ! :ROFLMAO:) - I'm jumping around the room with excitement. Thank all of you and everyone else who's contributed on here for all of your help and patience!

    For the record, I couldn't get the Ubuntu VB working for me, all I did was, playing around off @Ice_83 's above, went in and changed a couple of the settings on windows. I set tls_version_client_min and tls_version_server_min to Unbounded instead of TLS1_2 and hey presto! All sites were working on my tab!

    View attachment 5379997

    Now to go and see if I can totally brick it flashing a new ROM. :ROFLMAO:

    Thanks again everyone!
    DUDE!! I went on and made an account especially so that I could THANK YOU! Was stuck on the exact same issue like you and @Ice_83, was about to lose all hope. But DAYUM! Changin those tls versions did the trick. I used windows MTM with --ssl-insecure argument.

    You guys are frickin legends. Thanks again :)
  • 9
    UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.


    I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with ;)

    So here are the instructions:
    1. The device must be rooted. KingoRoot (the app) worked for me.

    2. Download the unlock bundle from the link below. I didn't find a way to directly attach files here.

    3. Copy both apks to /system/app, change the permission to 0644
      For this, a remount of the system partition may be needed:
      mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

      DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
      The modified unlock app cannot be installed like any other and must be installed that way

    4. Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.

    5. Use the unlock app. Google account does not matter.

    Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.

    I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
    The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.


    In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:

    (thanks @DieAbrissbirne)


    Download links

    Unlock app
    and DMClient for TF700T
    https://leo.pfweb.eu/dl/OaKdx
    • WW_epad-10.6.1.14.10
    • JOP40D.US_epad-10.6.1.14.10-20130801

    DMClient for TF300T
    https://leo.pfweb.eu/dl/vUHnp

    DMClient for TF300TG
    https://leo.pfweb.eu/dl/xphHy


    DMClient for TF201
    https://leo.pfweb.eu/dl/pKvEA
    • WW_epad_10.4.2.17

    ---------------------------------------------------------------------

    Unlock app and DMClient for TF701T
    https://leo.pfweb.eu/dl/2AcpB

    DMClient for ME301T (also seems to work for ME302KL)
    https://leo.pfweb.eu/dl/uiJPN
    8
    Hello everyone!
    On our local forum, we came up with this option.
    I think you already know how to install the unlocker and how to prepare the tablet.
    I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
    Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
    vb_Screenshot_10.png

    vb_Screenshot_11.png

    vb_Screenshot_12.png

    vb_Screenshot_13.png
    Screenshot_1.png

    Screenshot_2.png

    Screenshot_3.png

    We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
    Open a terminal and enter the mitmweb command, press enter:
    Screenshot_4.png

    Screenshot_5.png

    Firefox will open and try to load the web terminal without success. Close your browser.
    Open again and go to 127.0.0.1:8081:
    Screenshot_7.png

    The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
    Screenshot_8.png

    In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
    Screenshot_9.png

    Open any site in the browser - in the terminal you will see the logs.
    1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
    2. Go to the WiFi settings, clamp your network, select Change network.
    3. In advanced settings Proxy server -> Manual.
    4. Hostname - your recorded IP address of the virtual machine, port 8080.
    5. Save.
    6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
    7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
    8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
    9. Launch the unblocker and try it.
    P.S. The time is set to GMT on the proxy server, you may need to set it to local.
    Superuser login: mitm
    Password: mitmvb

    UPD:
    It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
    7
    Hey!
    I unlocked my Me302kl today via mitmproxy with standard settings. Later I will write how I did it.
    P.S. Sorry for my English :giggle:
    3
    Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
    My story.
    I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

    But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

    In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

    The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

    I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    I launched the unlocker and everything worked right away.

    If anyone needs details on preparing a proxy server, I am ready to describe my experience.
    3
    As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.

    I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    Oh yes. Certificate pinning is disabled, but the certificate itself is still checked. I forgot that I indeed had to add the MITM certificate to the system certificates.

    If I read (and reconstruct) my notes correctly, this is what I did (Linux):

    1. Install mitmproxy in venv
    Bash:
    python3 -m venv mitmproxy
    source mitmproxy-env/bin/activate
    
    pip install --upgrade pip setuptools
    pip install mitmproxy

    2. Start WIFI-Hotspot
    Bash:
    nmcli dev wifi hotspot ifname wlan0 ssid test password "12345678"

    3. Configure iptables for wlan0
    Bash:
    sysctl -w net.ipv4.ip_forward=1
    sysctl -w net.ipv6.conf.all.forwarding=1
    sysctl -w net.ipv4.conf.all.send_redirects=0
    
    iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    
    iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
    ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
    See https://docs.mitmproxy.org/stable/howto-transparent/

    4. Start mitmproxy
    Bash:
    mitmweb --mode transparent

    This procedure does not require setting the proxy on the tablet. At the time, I did not change any mitmproxy settings. The changes to the server now probably require ssl_insecure as mentioned by @GloGlorius .