HiPad Pro LTE (Mediatek G95) Unlock / Development / GSIs

Android Tablets HiPad/HiPad LTE
1

Hey everyone,

Wanted to make a thread to hopefully consolidate a lot of information and get some help with this device.

Using mtkclient (personally used a linux machine) I was able to dump all the files (recovery, system, boot.img, fstab files) from my tablet on build HiPadPro-20211221-V8.0

It also let me unlock the tablet though the normal commands worked as well.
Note: I have the option allow OEM unlock in developer options enabled, but hopefully the exploit method works for others.

Mtkclient is much easier to set up on linux systems, but if you’re using windows just follow the github instructions.

CLI mode didn’t work for me, but launching mtk_gui and connecting the device in BROM mode

  • Turn off the device
  • Open mtk_gui
  • Hold the volume down key and connect

It should push the payload and let you read the partitions and unlock the device. It’s detected as a G90 but it worked fine for me.

Flashing GSI
GSI List
Note: Widevine L1 is lost. I had to delete the product partition in order to flash the GSI which is what I'm guessing lost the keys. Not sure if there's a way around it.

How to flash GSIs with super partition

I was already unlocked at this point, but ran the commands anyway

  1. Unlock
fastboot flashing unlock
fastboot flashing unlock_critical
  1. Wiped system
fastboot erase system
  1. Had to delete the product partition to make way for a normal system partition
fastboot delete-logical-partition product
  1. Then flashed an A/B gsi with:
fastboot flash system system.img
  1. Make sure you wipe your data/factory reset in recovery as well

I was unable to flash vbmeta normally, but it seemed to work through mtk_gui. Not sure if it’s necessary.

GSI roms seem to be working well. They don’t account for the holepunch front camera and I’m sure there’ll be other issues.

Hopefully this is enough to get work on a recovery started. If anyone needs the files or can help out DM me. Also if someone has the stock build prop, that would be helpful.

2 Likes
2

@dragnus Thank you for sharing.

My Hipad Pro LTE is Qualcomm device. And it was already unlocked without my effort. Might be unlocked straight out of the factory or by the seller who installed Global version ROM for me.

Your MTK version of Hipad Pro probably don’t have Widevine L1. From my knowledge, MTK devices don’t have Widevine L1 available. Hope there will be in the future. Neither do the MTK devices have quick charge. The MTK devices have their charging system at around 1500 to 2000 mA max. But one of my previous Qualcomm devices with 10,000 mAh could charge at 4,000 mA max with 33-35W.

You have dumped the stock ROM with mtkclient. Couldn’t you extract the stock build prop from the image file? There is a way to boot linux on Flash drive. So there is no need to fully install Linux system on PC for Windows users who occasionally use Linux for specific purpose. I had Unisoc devices and used Hovatek tool to unlock bootloader. This tool require Linux system to run as well. So I installed Linux Mint on Flash drive to use the tool.

You probably have deeper knowledge on Android system. Maybe you could create TWRP for Hipad Pro MTK device. Mine is Qualcomm and no tools that I found can do this.

Thank you for sharing useful technics. Although I am not having one, I may have MTK devices in the future.

3

@super, Your posts on the Qualcomm model were very helpful, Thanks :smile:

Surprisingly, it did have Winevine L1. I haven’t tried restoring the backup I’ve made yet to see if it fixes it though.

The stock image file is a super.img
After extracting and mounting the system image inside, I only had read access for some the files. The build.prop was not one of them. There’s probably a way to fix that I haven’t figured out yet.

This was very helpful though XDA: Editing System Image inside super.img.

4

@dragnus I wondered why Chuwi has not announced that Hipad Pro MTK has L1. And when you deleted product partition should not affect L1 of your device. Mine also has L1. And I deleted product partition everytime I flashed GSI ROMs.

Screenshot_20211002-040412985
Screenshot_20211002-0404129851212×1940 187 KB

Screenshot_20211002-040530008
Screenshot_20211002-0405300081212×1940 173 KB

Screenshot_20211002-040625860
Screenshot_20211002-0406258601212×1940 214 KB

You can try to flash your device with the dumped rom to see if the L1 can be recalled. Have you verified L1 of your device by any DRM app? I am curious about this since I have never seen L1 in MTK devices before.

I have tried to modify super.img but couldn’t do it successfully. I am not expert in Linux and couldn’t work around the errors that I got when I tried to do it.

5

@dragnus I’ve seen the L1 feature on Chuwi official website. So your Hipad Pro MTK model does have L1. But I wondered why you lost it when you flashed GSI ROM? My Qualcomm model still has L1 after flashing GSI ROMs.

Hope you could find the fix soon.

6

Can you please share your dumps?

1 Like