Notes on unlocking/flashing/unbricking/rooting the Asus HD7 (ME173) tablet

Overview

For reasons that will not be expanded upon, I found myself in possession of an Asus Android tablet running an environment locked down by some horrible 3rd party software called SureLock MDM; it’s a hack that is supposed to stop you running non approved software. As it happens I did actually want to run the approved software, but the locked down environment was so obnoxious I couldn’t bear to use it without opening it up a little: they had even disabled the Android status bar and soft-buttons – ugh. Here are some rough notes that may prove helpful if you find yourself in the same position.

Useful Knowledge

Fortunately the tablet is based around a MediaTek chip (MT8125) which means you can use the widely available SP FlashTool to reflash your device without worrying about all those pesky things like operating systems and code signing getting in the way.
Unfortunately the procedure is a bit hairy and there appear to be many version of the software about that behave differently.
Fortunately, all you need to know is on the relevant forums of xda-developers.
Unfortunately this software only runs on Winblows and I refuse to allow MS software to run in my house unless it’s running in a nice safe VM.
Fortunately I can confirm it runs happily (well, as happily as it can) in VirtualBox on a Mac, and therefore presumably on Linux.

The bootloader menu will appear if you power-up while holding volume-up. It has a built in recovery mode that allows you to factory reset etc, but no upgrades. It also has a fastboot mode.
Unfortunately the bootloader is locked so that you cant install unsigned images.

When a fully charged tablet is switched off, you can plug it into a computer and then for a few seconds the USB interface will come alive, presenting itself with the VID/PID of 0x0e8d/0x2000. This will be picked-up by Windows (providing you installed the driver) as “PreLoader USB VCOM Port”. SP FlashTool will grab it as soon as it appears and can then begin reflashing.

To get the USB shenanigans done I had to add a USB filter to VirtualBox:all that was need was to set the filter’s Vendor ID to 0e8d – the device showed up immediately.

Everything, including the Bootloader can be flashed and this allowed me to unlock the bootloader.

The original bootloader had a fastboot mode, but my original firmware gave me a security error whenever I tried to flash anything.

Leave a Reply