Wanted to make a thread to hopefully consolidate a lot of information and get some help with this device.
Using mtkclient (personally used a linux machine) I was able to dump all the files (recovery, system, boot.img, fstab files) from my tablet on build
It also let me unlock the tablet though the normal commands worked as well.
Note: I have the option allow OEM unlock in developer options enabled, but hopefully the exploit method works for others.
Mtkclient is much easier to set up on linux systems, but if you’re using windows just follow the github instructions.
CLI mode didn’t work for me, but launching mtk_gui and connecting the device in BROM mode
- Turn off the device
- Open mtk_gui
- Hold the volume down key and connect
It should push the payload and let you read the partitions and unlock the device. It’s detected as a G90 but it worked fine for me.
Note: Widevine L1 is lost. I had to delete the product partition in order to flash the GSI which is what I'm guessing lost the keys. Not sure if there's a way around it.
I was already unlocked at this point, but ran the commands anyway
fastboot flashing unlock fastboot flashing unlock_critical
- Wiped system
fastboot erase system
- Had to delete the product partition to make way for a normal system partition
fastboot delete-logical-partition product
- Then flashed an A/B gsi with:
fastboot flash system system.img
- Make sure you wipe your data/factory reset in recovery as well
I was unable to flash vbmeta normally, but it seemed to work through mtk_gui. Not sure if it’s necessary.
GSI roms seem to be working well. They don’t account for the holepunch front camera and I’m sure there’ll be other issues.
Hopefully this is enough to get work on a recovery started. If anyone needs the files or can help out DM me. Also if someone has the stock build prop, that would be helpful.