• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[HOWTO] Unlock TF700T in 2020

Search This thread

GloGlorius

Member
May 27, 2021
14
22
Sorry, I didn't read the guide properly and realised that the pack you sent needed VB. Managed to get up to setting the proxy on the tablet. Unfortunately, I don't think that the certificate installs properly as others have said. I still can't access asus.com for example. I'm able to go to mitm.it and download the certificate (it doesn't even ask for the pin that I set and just asks me to name the file) and I get "*proxy name chosen* is installed" but the unlocker still shows the same error as before, sadly.
@charlieboy999, i had a similar situation. At the same time, I did not see the certificate in the list of user certificates.
Make a system certificate in Ubuntu according to this instruction and copy it to /system/etc/security/cacerts/
Reboot your tablet and try again.
 
  • Like
Reactions: charlieboy999

GloGlorius

Member
May 27, 2021
14
22
ME302KL owner's note:
“I myself brought the tablet into a clean form as follows, installed the service firmware ME302KL-OPEN_epad-eng-900M-hdpi-H00_0.16.F_0521-10.10.0.52.4.8-20130731-1422-Rawdata, then installed deodex WW_epad-user-10.10.3.39. I did this because I inherited a lot from the tablet, spent a lot of excrement on my own unlock attempts, fixed the dex and odex files, replacing https with something else, but it did not give any results. The tablet is very littered with my intervention and got confused what to remove and where to return the originals, so I did a reinstallation with two firmwares. "
 

Stephenie.McKay

New member
Jun 1, 2021
1
0
Hi,
I am recommending KingRoot apk is the best android root one-touch app that I have ever found. I have been using kingroot app to root my fourth Samsung phone continuously. I do not afraid to root my device Samsung devices. According to my experience, it has a 0% root fail rate (I do not know the other's experience). But I would like to give one suggestion for you all, please use the official website to download the original application. Otherwise, they do not responsible for their downloadable file.
Thank you!
Stephenie McKay
 

charlieboy999

Member
Dec 13, 2011
21
3
@charlieboy999, i had a similar situation. At the same time, I did not see the certificate in the list of user certificates.
Make a system certificate in Ubuntu according to this instruction and copy it to /system/etc/security/cacerts/
Reboot your tablet and try again.
Hi GloGlorious. I know that you've already helped us a lot but I was wondering if I could bother you some more? I've tried following the instruction to make the system certificate directly in Android and get this message when I try to hash the user certificate:

/system/bin/sh: openssl: not found
/system/bin/sh: head: not found

I admit that I'm a beginner here. You mentioned that you need to do it in Ubuntu - is that the problem? Would I use the Ubuntu terminal on the VB while the tablet is connected via USB?
 

GloGlorius

Member
May 27, 2021
14
22
Hi GloGlorious. I know that you've already helped us a lot but I was wondering if I could bother you some more? I've tried following the instruction to make the system certificate directly in Android and get this message when I try to hash the user certificate:

/system/bin/sh: openssl: not found
/system/bin/sh: head: not found

I admit that I'm a beginner here. You mentioned that you need to do it in Ubuntu - is that the problem? Would I use the Ubuntu terminal on the VB while the tablet is connected via USB?
@charlieboy999, the hash needs to be calculated on the server, other methods do not work, we checked.
The connected USB tablet should not interfere. You can disconnect it from your PC after transferring the certificate.
 
  • Like
Reactions: charlieboy999

charlieboy999

Member
Dec 13, 2011
21
3
@charlieboy999, the hash needs to be calculated on the server, other methods do not work, we checked.
The connected USB tablet should not interfere. You can disconnect it from your PC after transferring the certificate.
Thanks again. However, I've hit another roadblock! I downloaded a certificate on the Ubuntu VB and hashed it using:
openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1

I then converted it with cp mitmproxy-ca-cert.cer *hash-received*.0 and transferred it via USB to my tablet where I used Total Commander to drop it into the system certificate folder and changed permissions to 644.

I can see the certificate in settings - trusted credentials as "mitmproxy" now under "system" rather than "user". To be sure, I deleted the old user one, too.

On the browser end, I still can't access asus.com through the tablet nor do the v8 and modified unlockers work for me. I still get the same message as before.

Similarly, like @Eliazeno and @erictmc I can access asus.com via Chrome but not on the default browser.

In the logs, it says:

certificate verification error for non: cannot validate hostname, SNI missing.
ignoring server verification error, continuing with connection
clientdisconnect


I've tried with and without "block_global" which doesn't make any difference. I don't know if it changes anything, but since my last attempt, the "showhost" and "ssl_insecure" set themselves back to false. I switched them back to true but that was after creating and hashing the certificate. However, I imagine that wouldn't have anything to do with it?

Any ideas where or if I could be going wrong? I'm really starting to lose hope here as I was looking forward to finally getting this paperweight unlocked! Thanks again for your support.
 
Last edited:
  • Like
Reactions: Arsenick

charlieboy999

Member
Dec 13, 2011
21
3
Ok, well. I'm not quite sure what happened but I persisted later this evening and it has finally worked! In the end, what I think did it was that I removed and reinstalled the DMClient and Unlocker V7 modified by @d.l.i.w in the original post.

Thank you to both @d.l.i.w and @GloGlorius for their help and support to all of us here. I had almost given up hope but I'm glad to be one step closer to updating this thing!

For info, it's a TF300T build JOP40D.WW_epad-10.6.1.27.5-20130902
 
  • Like
Reactions: Arsenick

Eliazeno

Member
Sep 1, 2017
13
0
Ok, well. I'm not quite sure what happened but I persisted later this evening and it has finally worked! In the end, what I think did it was that I removed and reinstalled the DMClient and Unlocker V7 modified by @d.l.i.w in the original post.

Thank you to both @d.l.i.w and @GloGlorius for their help and support to all of us here. I had almost given up hope but I'm glad to be one step closer to updating this thing!

For info, it's a TF300T build JOP40D.WW_epad-10.6.1.27.5-20130902
I made too the system certificate in ubuntu, copied in the tablet, and i see it in the system certificate list. Tried also the unlock tools from @GloGlorius but I always get the same "certificate verification error". Do you have any other advice @charlieboy999 ?
 

charlieboy999

Member
Dec 13, 2011
21
3
I made too the system certificate in ubuntu, copied in the tablet, and i see it in the system certificate list. Tried also the unlock tools from @GloGlorius but I always get the same "certificate verification error". Do you have any other advice @charlieboy999 ?
Honestly, I wish I could explain because I don't quite understand what happened! I was just getting the same connection-related error. What I did was remove the DMClient file and unlocker (v7 for the 701 provided in the first post) and then added them again. Miraculously, it worked! Have you tried that again after installing the certificate? I don't know why but it seems like that was what did the trick.
 
Last edited:

vbenkovskyy

Senior Member
Feb 12, 2011
206
61
Hello everyone!
On our local forum, we came up with this option.
I think you already know how to install the unlocker and how to prepare the tablet.
I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
View attachment 5323059
View attachment 5323061
View attachment 5323063
We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
Open a terminal and enter the mitmweb command, press enter:
View attachment 5323065
View attachment 5323067
Firefox will open and try to load the web terminal without success. Close your browser.
Open again and go to 127.0.0.1:8081:
View attachment 5323069
The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
View attachment 5323071
In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
View attachment 5323073
Open any site in the browser - in the terminal you will see the logs.
1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
2. Go to the WiFi settings, clamp your network, select Change network.
3. In advanced settings Proxy server -> Manual.
4. Hostname - your recorded IP address of the virtual machine, port 8080.
5. Save.
6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
9. Launch the unblocker and try it.
P.S. The time is set to GMT on the proxy server, you may need to set it to local.
Superuser login: mitm
Password: mitmvb

UPD:
It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
Works smoothly! If you have errors on start up VM and in setting you see Hardware acselleration error - go to BIOS and enable Intel virtualisation support! Good luck! :)
 

maisomenos

Member
Jan 20, 2021
11
5
After haveing some troubles I managed to unlock the bootloader on my TF201. I am going to post the full procedure that worked for me in case anyone needs it.

You are going to need:
-DMClient.apk for TF201 (download from the original poster link)
-Unlocker_app_v7_update.apk for TF700T (download from original poster link)
-KingoRoot.apk 4.4.3 (can download here https://kingo-root.en.uptodown.com/android/download/1804910)
-EsExplorer.apk (this version is compatible with android 4 https://www.apkmirror.com/apk/es-gl...s-file-explorer-4-0-4-2-android-apk-download/)
-MitMproxy (I used the one for windows).

Prerequisite:
-Update the tablet to the latest availablle version V10.4.2.18 (Android 4.1)
-Uninstall any Unlock_app previously installed. (you may consider doing a factory reset just to be sure)

1) install kingoroot, open it and root the tablet.

2) install EsExplorer, open it, click on the 3 lines on the up-left, expand the "tools" section end enable "root explorer". When asked for root permission click "allow".

3) on EsExplorer:
  1. copy the DMClient.apk inside /system/app (click on replace when asked).
  2. copy the Unlocker_app_v7_update.apk inside /system/app as well.
  3. rename the file "DMClient.odex" in /system/app to "old_DMClient.odex".
  4. change permisson of DMClient.apk AND Unlocker_app_v7_update.apk. This is done by long pressing the apk -> click on "more" -> "properties" -> Permissions "Change" -> check "read" and "write" for owner. check "read" for group and other. uncheck the rest.
4) restart the tablet. (this willl automatically install the unlocker app).

5) setup mitmproxy as explained here https://forum.xda-developers.com/t/howto-unlock-tf700t-in-2020.4157143/post-85097463 . Mitmproxy can be setup the same way on windows (without using VB). Additionaly on the "Edit options" uncheck "block_global" option. Be sure to also check "ssl-insecure" as it is a critical option.
If done without VB remember to set the pc ip as the "hostname" (step 4 of "Setting up your tablet"). To get the pc ip run "ipconfig" on windows powershell.

6) open the unlocker app and unlock the device.
 
Last edited:
  • Like
Reactions: Beeble1983

alarra

New member
Jun 30, 2021
3
0
Hello, I have a problem when performing the unlock and I followed the steps for the tf300t and I have not managed to get it to work I attach images of mitm proxy and the unlock message
 

Attachments

  • Screen Shot 2021-06-30 at 18.44.15.png
    Screen Shot 2021-06-30 at 18.44.15.png
    18.8 KB · Views: 95
  • message.jpg
    message.jpg
    427.7 KB · Views: 95

maisomenos

Member
Jan 20, 2021
11
5

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Holy barking turtles!!!! I don't know what I did but it FINALLY worked!!!!
    I AM UNLOCKED!
    Man you guys don't know my relief - @Ice_83 , @maisomenos , @GloGlorius @d.l.i.w (feel like I'm at the Oscars here ! :ROFLMAO:) - I'm jumping around the room with excitement. Thank all of you and everyone else who's contributed on here for all of your help and patience!

    For the record, I couldn't get the Ubuntu VB working for me, all I did was, playing around off @Ice_83 's above, went in and changed a couple of the settings on windows. I set tls_version_client_min and tls_version_server_min to Unbounded instead of TLS1_2 and hey presto! All sites were working on my tab!

    View attachment 5379997

    Now to go and see if I can totally brick it flashing a new ROM. :ROFLMAO:

    Thanks again everyone!
    DUDE!! I went on and made an account especially so that I could THANK YOU! Was stuck on the exact same issue like you and @Ice_83, was about to lose all hope. But DAYUM! Changin those tls versions did the trick. I used windows MTM with --ssl-insecure argument.

    You guys are frickin legends. Thanks again :)
  • 9
    UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.


    I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with ;)

    So here are the instructions:
    1. The device must be rooted. KingoRoot (the app) worked for me.

    2. Download the unlock bundle from the link below. I didn't find a way to directly attach files here.

    3. Copy both apks to /system/app, change the permission to 0644
      For this, a remount of the system partition may be needed:
      mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system

      DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
      The modified unlock app cannot be installed like any other and must be installed that way

    4. Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.

    5. Use the unlock app. Google account does not matter.

    Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.

    I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
    The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.


    In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:

    (thanks @DieAbrissbirne)


    Download links

    Unlock app
    and DMClient for TF700T
    https://leo.pfweb.eu/dl/OaKdx
    • WW_epad-10.6.1.14.10
    • JOP40D.US_epad-10.6.1.14.10-20130801

    DMClient for TF300T
    https://leo.pfweb.eu/dl/vUHnp

    DMClient for TF300TG
    https://leo.pfweb.eu/dl/xphHy


    DMClient for TF201
    https://leo.pfweb.eu/dl/pKvEA
    • WW_epad_10.4.2.17

    ---------------------------------------------------------------------

    Unlock app and DMClient for TF701T
    https://leo.pfweb.eu/dl/2AcpB

    DMClient for ME301T (also seems to work for ME302KL)
    https://leo.pfweb.eu/dl/uiJPN
    8
    Hello everyone!
    On our local forum, we came up with this option.
    I think you already know how to install the unlocker and how to prepare the tablet.
    I prepared an image for VirtualBox with Ubuntu and mitmproxy installed and configured.
    Install VirtualBox, download the image (size 3.88 GB) and import it into VB:
    vb_Screenshot_10.png

    vb_Screenshot_11.png

    vb_Screenshot_12.png

    vb_Screenshot_13.png
    Screenshot_1.png

    Screenshot_2.png

    Screenshot_3.png

    We write down the IP address from the last screen, you will have your own. This will be the IP address of your proxy server.
    Open a terminal and enter the mitmweb command, press enter:
    Screenshot_4.png

    Screenshot_5.png

    Firefox will open and try to load the web terminal without success. Close your browser.
    Open again and go to 127.0.0.1:8081:
    Screenshot_7.png

    The web terminal will open. Here we go to the Options tab, check the Display Event Log checkbox and click on Edit Options
    Screenshot_8.png

    In the window that opens, put the checkboxes on showhost and ssl_insecure. Close the options window.
    Screenshot_9.png

    Open any site in the browser - in the terminal you will see the logs.
    1. Set the pin code in advance to access the tablet Security -> Screen lock -> PIN
    2. Go to the WiFi settings, clamp your network, select Change network.
    3. In advanced settings Proxy server -> Manual.
    4. Hostname - your recorded IP address of the virtual machine, port 8080.
    5. Save.
    6. Open the browser on the tablet, go to mitm.it, download the certificate for Android.
    7. After downloading, a window for entering a pin code will open, followed by a certificate installation wizard. Enter the name of the certificate, for example mitmproxy and click OK.
    8. After installing the certificate, open any site in a browser on the tablet, you will see the connection of your device in the logs of the web terminal.
    9. Launch the unblocker and try it.
    P.S. The time is set to GMT on the proxy server, you may need to set it to local.
    Superuser login: mitm
    Password: mitmvb

    UPD:
    It turned out that this image does not start on all systems due to Ubuntu version 20. In order for everyone to have this working, version 16 is needed. I will reload the image today with Ubuntu 16.
    7
    Hey!
    I unlocked my Me302kl today via mitmproxy with standard settings. Later I will write how I did it.
    P.S. Sorry for my English :giggle:
    3
    Oh boy.. Can't wait to see where I ****ed up in my tests... Thanks! Don't forget us :p
    My story.
    I installed mitmproxy on Windows 10, tried it via WSL (Windows Subsystem for Linux), but it didn't work for me. In the terminal, I see that there is a connection and exchange, but in the tablet logs I see the answer 502.

    But when connecting via mitmproxy, the unlocker began to respond for a long time, from which I concluded that I was moving in the right direction.

    In the end, I took a very old laptop and installed the latest Ubuntu and mitmproxy on it. I installed the certificate into the system and made a proxy server out of the laptop.

    The tablet was reset to factory settings. Google account did not connect after reboot. I got a root with KingoRoot. The first time did not work, the tablet rebooted, but the rights did not appear. The second time everything went well.

    I used the unblocker that I attached to the post. The original DMClient has been renamed. I have set permission 0644 for copied files. I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    I launched the unlocker and everything worked right away.

    If anyone needs details on preparing a proxy server, I am ready to describe my experience.
    3
    As far as I remember, mitmproxy (mitmweb) worked in transparent mode with default settings back then when I tested the unlock for my device. I simply created a wifi hotspot and routed all traffic through mitmproxy.

    I prepared a certificate for Android according to this instruction. I copied it to /system/etc/security of the tablet, set the rights to 0644 (in our case, the user certificate does not suit us, we need a system one). I turned on the proxy in the WiFi settings of the tablet, specifying the IP address of the laptop and port 8080. I rebooted the tablet.

    I used mitmweb on a proxy server, it seemed more convenient to me. In the settings, I enabled the showhost and ssl_insecure options (sorry, in the previous post I said that the settings were by default, I was mistaken due to insomnia ☺️)

    Oh yes. Certificate pinning is disabled, but the certificate itself is still checked. I forgot that I indeed had to add the MITM certificate to the system certificates.

    If I read (and reconstruct) my notes correctly, this is what I did (Linux):

    1. Install mitmproxy in venv
    Bash:
    python3 -m venv mitmproxy
    source mitmproxy-env/bin/activate
    
    pip install --upgrade pip setuptools
    pip install mitmproxy

    2. Start WIFI-Hotspot
    Bash:
    nmcli dev wifi hotspot ifname wlan0 ssid test password "12345678"

    3. Configure iptables for wlan0
    Bash:
    sysctl -w net.ipv4.ip_forward=1
    sysctl -w net.ipv6.conf.all.forwarding=1
    sysctl -w net.ipv4.conf.all.send_redirects=0
    
    iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    
    iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
    ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    ip6tables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
    See https://docs.mitmproxy.org/stable/howto-transparent/

    4. Start mitmproxy
    Bash:
    mitmweb --mode transparent

    This procedure does not require setting the proxy on the tablet. At the time, I did not change any mitmproxy settings. The changes to the server now probably require ssl_insecure as mentioned by @GloGlorius .