Tablets
Previous messages
.jpg)
👍
❤
If anyone has any insight on how to do that, please LMK.
❤
16 November 2025
J
03:51
Jammer
Captured with Droid Screenshot - I love this app!
D
03:51
Don
that's hexaflash
03:51
not termux
03:51
applrs and oranges
J
03:51
Jammer
We flash securus tablets with this
R
J
03:52
Jammer
Hexaflash is built from mtk container I think
R
03:56
Roscoe
20251104_202800 l:184 +l:918 l:828 m:sendBRecByUSB sendbrecbyusb
20251104_202800 l:184 +l:832 l:1012 m:run CommCount: 6
20251104_202800 l:184 +l:212 l:65 m:setStatuss status: Firmware Upgrading... 0/6
20251104_202800 l:184 +l:837 l:1012 m:run Write Data: 0 6 DataLen: 2097152
20251104_202800 l:184 +l:840 l:1012 m:run firmware data: 2097152
20251104_202800 l:184 +l:212 l:65 m:setStatuss status: Firmware Upgrading... 0/6 1
D
03:57
Don
software written to use the api properly will work
03:57
but mtkcliwnt is not written that way
03:58
termux usb says software must be rewritten to work with it
R
03:58
Roscoe
That's what I've been telling you. It's been rewritten.
03:58
D
03:58
Don
it returns a file descriptor
03:59
but is it done correctly ? to work in non root environment
03:59
i dont know because i hsven seen the code
04:00
but if yiu arent able to see the device, i wojld say it is not done propwrly
R
04:00
Roscoe
I haven't even run the script yet because it can't see the device. Chicken and egg, cart before the horse.
04:02
Can't know for sure whether my version works until we get it connected to a tablet in BROM mode. Other people think they need mtkclient to get it into BROM mode. I say it doesn't matter if the device won't enumerate because you can't do anything with it until it does.
D
04:02
Don
ok to get into brom mode
04:02
a specific code os sent over usb
04:03
i am trying to find the tech article thst exai
04:03
explains this but haven't found it
R
D
04:04
Don
if you can't enumerate that's an environment problem that's what I am trying to say
04:04
termux usb I had same issue
TS
04:05
Tony Sparks
Catch me up, you get it into brom mode, what's your next step?
R
04:05
Roscoe
Well if you're right then we should focus our efforts on those with access to a rooted phone, and my termux-usb flavored mtkclient will be useless
04:06
In reply to this message
Get it to BROM mode at all and you win the prize. After that is easy. (Theoretically)
D
04:06
Don
I not trying to rain on your parade I am just telling you I spent weeks on this a couple years back and had no luck
04:06
with termux usb
TS
04:07
Tony Sparks
In reply to this message
But doesn't it prevent you from flashing with a custom os or something along those lines
04:07
I thought you needed a key
D
04:07
Don
there unfortunately are not a lot of android flash tools available at all
R
D
04:08
Don
Tony it appears that atg has the lineage of test keys allowed. probably because they use lineage as a base
04:08
lineage os goddammit autocorrect
04:08
so the reason you need mtkclient is to be able to write to the partition
04:09
the lineage image will boot because that key is alreadyallowed
TS
04:10
Tony Sparks
Oh ok, sorry if I sound like a noob, but when I get this stuff in I wanna contribute in some way
04:10
That way I can say I helped instead of piggy backing
D
04:10
Don
I don't gaf if you piggy back. luck the feds
TS
04:11
Tony Sparks
Word, chatgpt saying carbonara couldn't do it, but it's been known to be wrong at times
D
04:11
Don
chat get is hot garbage it doesn't know shit
👏
GA
R
04:11
Roscoe
It feels like those of us with know how don't have access to the right tools, and those with tools don't have the know how. Isn't it ironic? Dontcha think?
🤯
GA
D
04:12
Don
well I am dropping a security level I have team at eom
04:12
will be much easier for me to get tools in
04:13
but I have a computer now so if I get this drive Wednesday I will boot up and check itnout
R
D
04:14
Don
out got tons of tablets so if we have to short Emma t force bro or something I wkll figure that out ad pos detas
R
04:14
Roscoe
jk, congrats bro
TS
R
04:15
Roscoe
In reply to this message
A buddy here got designated for a camp and he's already got his people to set him up with a come -up bag so he can start day 1 with 20 weed vapes, cartons of smokes, phones, etc etc
D
04:16
Don
camps are so easy lol
04:17
we used to hit on drones but they got wise to that last year
04:17
medium security
04:18
i know how to code so if I get the drive i will write a flash tool that will work
04:20
assuming android api offers low level access to usb. but if etch Droid works should be possible
04:21
hopefully i can get everything done before i get shipped.
04:23
roscoe if you can add halfredo hernandez back his handle is tjfed2025
04:24
i added him to the 7c group only
04:24
he is thst dude from fort dix
R
04:26
Roscoe
In reply to this message
Etchdroid actually uses a very hacky way of writing. It's not true low level access.
Roscoe invited Deleted Account
04:33
Deleted Account
In reply to this message
Don and roscoe thanks a lot for the help. This is halfredo
04:33
Lost access to the old phone 😢
D
04:57
Don
I got to go to bed see you all to morrow
TT
06:09
Terry Thompson V 2.0
In reply to this message
He direct message me earlier I told him to contact Gino or rosco.
J
07:49
John
In reply to this message
This being the case....do we actually have to use lineage? If we have the keys, can't we use any image that is signed by these keys? Just thinking out loud
J
15:25
Jammer
What mtk chips in the 7t ?
R
17:52
Roscoe
MT8168
18:23
Deleted Account
Same as 7c and score 8.
17 November 2025
T
00:40
In reply to this message
In theory, yes. I did a check recently, and the image on the tablet is signed with another key besides the test keys. So ATG is also using their own key as well.
👍
J
00:45
The difficulty is writing to the drive. We need mtkclient to do that, and we need BROM to make mtkclient+Carbonara run arbitrary code on the tablet. With mtkclient+Carbonara, we could run TWRP, and TWRP can be used to run a GSI image or flash other images.
There's some disagreement in the group about whether mtkclient+Carbonara can force BROM mode. I don't have a device I can root or access anything else without taking unacceptable risks (halfway house is a whole other animal).
There's some disagreement in the group about whether mtkclient+Carbonara can force BROM mode. I don't have a device I can root or access anything else without taking unacceptable risks (halfway house is a whole other animal).
S
00:49
Synonymous
In reply to this message
Coincidentally that is what I am working on right now
https://g.co/gemini/share/adefb952fc02
https://g.co/gemini/share/adefb952fc02
T
00:55
Tony
Since you're using mtkclient in Slax, have you loaded the Shomykohai variant with Carbonara?
00:56
Carbonara is the payload you should be using, not the generic 8168 payloads.
00:56
The generics will not work on an e-fused device like ours.
S
01:07
Synonymous
I have the zip to extract that over my mtkclient build, but have not tried it yet
03:40
Deleted Account
Hey all this is halfredo new account. I have an idea i want to run by everyone. I notice on the broken scores that the bop apps are still there, and most things remain unchanged such as the lock screen. Is it possible that these tablets underwent a pseudo os "update" to the lineage build rather than a full format and flash?
03:40
Thereby keeping the bop apps and also unlocking the rest of the features?
03:44
Also maybe that explains how one broken tablet was not opened at all
03:47
This "update" hypothesis would also preserve the correct drivers and maybe resolve the problem of the lineage os image being too large for the partition
J
03:47
Jammer
Also we don't have kiosk like y'all are tablets are WiFi if the WiFi is down then the tablet won't let you log in not sure if y'all are getting this just info
T
04:44
Tony
Jammer, are your tablets the Score7t?
GA
05:05
Georgio Armani
No they have the jp6
JS
06:34
John Smith
Have we gotten anywhere with the isp bridge
TW
10:24
The Wwwizard
Is there any reason why a broken tablet wouldn't be recognized on a phone, when connected via otg cable? For data transfer purposes?
🤔
R
S
J
T
22:05
Tony
But you're in a state prison since you're exclusively on wifi. I believe the tablets still have the edgejas software. But yours can snitch on you if you're not careful since it's always on wifi when it's booted. Once you start messing with it, you want to boot into safe mode until you're absolutely sure it's ATG free.
😁
J
18 November 2025
J
01:51
I care less about snitching I have a dead zone at work in the maintenance shop
T
01:58
Tony
When you purchase a tablet from the commissary, it has to be initialized before it can get on the wifi. It's my understanding they have to program it at your commissary, and assign it to you. This requires an initial physical connection to an ATG computer program, and the program on the tablet that receives those commands is edgejas. On the BOP models, everything is done via edgejas and a physical connection. For now, we have no wifi.
I do not know which program accomplishes the same thing when the wifi is enabled inside a prison. I imagine it's not loaded on the BOP tablets, since I never found it when I went through all the APKs on the system.
I do not know which program accomplishes the same thing when the wifi is enabled inside a prison. I imagine it's not loaded on the BOP tablets, since I never found it when I went through all the APKs on the system.
03:15
Deleted Account
Hey guys I got all the info I could from a deinstitutionalized release score 7t
03:15
Not sure if the info is useful or not
03:48
Deleted Account
Custom build alps_mp_q0.mp3_v4.160
Build number
Sys_mssi_t_32_ago_user.2023011909 release_keys
Device 711
Android 10
Lcm info
Ek79007_7_boe_97_tn
Tp driver
P863_QCY_TP
Brand Alps
Device tb8168pl_bsp
Fingerprint
Alps/vnd_tb8168pl_bsp/tb8168pl_bsp:10/QP1A.190711.020/1674142101:user/release-keys
Build number
Sys_mssi_t_32_ago_user.2023011909 release_keys
Device 711
Android 10
Lcm info
Ek79007_7_boe_97_tn
Tp driver
P863_QCY_TP
Brand Alps
Device tb8168pl_bsp
Fingerprint
Alps/vnd_tb8168pl_bsp/tb8168pl_bsp:10/QP1A.190711.020/1674142101:user/release-keys
03:49
From an atg deinstitutionalized 7t.
03:52
I noticed qcy is a brand that makes touchscreens and other cheap electronics. Could this be the brand for the touchscreen driver?
04:08
Deleted Account
Last note, I know that AI hallucinates, but it says that if I am successfully running a test keys build of lineage, then the bootloader must not be locked, and i can use a non rooted phone with bugjaeger mobile adb to force the tablet into fastboot. Does this make sense?
JS
05:41
John Smith
I've found a lot of interesting stuff on a Chinese search engine called Baidu lots of articles on focably unlocking bootloader for our chipset as well as chip exploits.vyou open it in Chrome and have to translate everything but it's a good place to look for information
S
18:01
Synonymous
In reply to this message
Need to make a backup of the partitions ASAP before you do any tweaking or installing or modifications
18:01
su -c dd if=/dev/block/by-name/seccfg of=/sdcard/Download/seccfg.img
su -c dd if=/dev/block/by-name/boot of=/sdcard/Download/boot.img
su -c dd if=/dev/block/by-name/recovery of=/sdcard/Download/recovery.img
su -c dd if=/dev/block/by-name/preloader of=/sdcard/Download/preloader.img
su -c dd if=/dev/block/by-name/boot of=/sdcard/Download/boot.img
su -c dd if=/dev/block/by-name/recovery of=/sdcard/Download/recovery.img
su -c dd if=/dev/block/by-name/preloader of=/sdcard/Download/preloader.img
19:26
Deleted Account
In reply to this message
I will try, but problem is it's not mine and he already made tons of changes and new apps
19:27
How necessary is this backup? Is this a huge deal?
S
19:50
Synonymous
In reply to this message
Absolutely essential.
The partitions I'm after are small, and may not have been edited yet.
A copy of everything except the user partition would be great
The partitions I'm after are small, and may not have been edited yet.
A copy of everything except the user partition would be great
19:52
Deleted Account
And these are Termux commands?
S
19:53
Synonymous
Yes
20:03
Deleted Account
Do you guys think it's possible to extract the "release keys" from the build?
S
20:06
Synonymous
Everything we need should come along with it (unless the wrong partitions have changed due to apps and edits)
https://g.co/gemini/share/519dd10aba63
https://g.co/gemini/share/519dd10aba63
20:09
Deleted Account
Ok ill see what I can do
20:10
Hopefully he lets me do this
S
20:15
Synonymous
To be clear, we are excluding things like Facebook, internet history, passwords, and other personal stuff by excluding that partition.
20:21
Deleted Account
Ok
S
20:27
Synonymous
Ignore the script, it wants to do extra stuff that won't work.
Just copy paste each DD command in the table.
I am most interested in
Boot
Preloader
Vbmeta (all three)
Seccfg
Recovery
System
Just copy paste each DD command in the table.
I am most interested in
Boot
Preloader
Vbmeta (all three)
Seccfg
Recovery
System
S
20:42
Synonymous
System is in super. grab super
19 November 2025
T
01:52
Tony
In reply to this message
The bootloader is absolutely locked. The AI correct in that 99% of the time, if the OS image is signed with AOSP test keys (that custom builds of Lineage use), then the bootloader is unlocked. That's because no sane OEM would sign their system image with them, or allow them for use. But ATG is stupid and lazy.
02:00
Here's a command to run a script to backup the partition table too. That's necessary to make a flasher.
02:00
wget -O get_gpt.sh https://hrethgir.org/get_gpt.sh && chmod +x get_gpt.sh && su -c ./get_gpt.sh
03:09
Deleted Account
Where is everyone anyway? I noticed a lot of people have been silent for days.
03:12
Anyway, before I ask about this tablet, can you guys give me a list of tasks to do where I can do it quickly with no problems. All the Termux scripts where I can go through one by one and just copy and paste them in, plus directions on what to do. I don't know if or for how long I can use the tablet. Also, everything MUST be 100% safe. I cannot afford to mess up his tablet
03:13
And finally, if I can get these backups, is this the end game or just a step forward? I'm not sure how important it is, especially if I have to pay him
S
12:40
Synonymous
Could be either, IF they are still signed or retain their signing, then we are golden. if
19:03
Deleted Account
I'm a little spooked about this group. No one is talking any more. Maybe there is a newer group i don't know about. Oh well 😔
S
19:04
Synonymous
They simply don't have anything to say, and people can't be on phones all day
19:32
Deleted Account
Yes I understand and I hope that is the case, but this group used to be very lively
GA
22:08
Georgio Armani
It just seems like unless we get a computer ( RPi ) we're stuck in limbo. Or possibly a rooted phone
JB
22:19
John Blaze
In reply to this message
I'm still here. Like the dude was saying.... I just don't have any new input and have been stuck as well... If you have any ideas lmk I have not seen any traction anywhere
R
22:58
Roscoe
Or get into BROM mode
.gif.mp4)
20 November 2025
J
01:07
Jammer
In reply to this message
I have rooted device phone just need to know what I need to try
JS
02:56
John Smith
We seem to have hit a wall with what we are able to try, my phone can't be rooted according to several sources and attempts. It's a AT&T Propel™ 2 5G U655AA, unless anyone knows something different. That's why I was asking about Windows phones or pocket laptop ideas a while back.
D
03:43
Don
I'm still here. hoping my usb drive came today. I will find out tomorrow
03:44
just had team and am being transferred to lower security so if the drive doesn't work out here i will get one at the next spot
GA
D
03:45
Don
In reply to this message
those cheap prepaid phones can't be rooted. they do that because otherwise it would be possible to remove the carrier restriction
03:46
be patient with me, I promise once I get the tools i need I will document everything necessary
GA
D
03:46
Don
I hope it happens here because I have no cameras in me where the computer is that I am using
03:47
In reply to this message
I don't know for sure. once I ascertain the exact procedure I can answer that better. high probability I can make a flash tool for regular phone.
GA
03:48
Georgio Armani
Sweet
D
03:48
Don
I don't have a usbc cable to test with just a computer a to c
03:49
but at this next spot getting stuff will be simpler
GA
03:49
Georgio Armani
I was going to say that.. I'm at Bastrop and it's pretty simple to get anything you want
D
03:50
Don
i put in for there but as you know no guarantee i will get it
GA
03:50
Georgio Armani
Yea it's pretty crowded but hopefully you get here.
GG
GA
03:53
Georgio Armani
Low
03:54
Your guy is who vouched for me I'm sure
GG
03:55
Gino Green
Oh ok nice my cousin is in crocket
GA
03:56
Georgio Armani
Ok cool
03:57
That's not who vouched but if he's needed something fixed and didn't get it in his unit then he probably came to me
GG
04:05
Gino Green
No this guy I'm talking about just got there not long ago
GA
04:12
Georgio Armani
Ok... Who does he ride with
GG
04:33
Deleted Account
In reply to this message
If you or anyone else can figure this out for an unrooted phone, I will donate to the cause.
GA
04:34
Georgio Armani
We will all donate I'm sure
04:35
Deleted Account
Also, hallucinations in mind, Gemini says it is improbable but possible to flash using termux mtkclient in a simulated sudo root Ubuntu on a non rooted phone
04:35
It has to catch the tablet in brom in a matter of milliseconds
GA
04:37
Georgio Armani
In reply to this message
I can't figure out how to successfully get mtkclient on termux
04:37
So you have the process
TT
04:54
Terry Thompson V 2.0
In reply to this message
Dude please don't go getting paranoid . as we launched the new group 2 weeks ago the people that are members of it are transitioning to it
R
19:13
Deleted Account
In reply to this message
Install Termux from fdroid site, pkg update && pkg upgrade
pkg install python git libusb clang make
Clone mtkclient:
git clone https://github.com/bkerler/mtkclient
cd mtkclient
pip install -r requirements.txt
Run the tool:
python mtk.py da seccfg unlock
pkg install python git libusb clang make
Clone mtkclient:
git clone https://github.com/bkerler/mtkclient
cd mtkclient
pip install -r requirements.txt
Run the tool:
python mtk.py da seccfg unlock
19:14
Plug in tablet via otg while the command is waiting
19:17
I haven't tested this
19:17
Roscoe probably knows best but the key is getting brom mode first
21 November 2025
R
03:18
Roscoe
In reply to this message
It's not that simple to install and run Termux if you're unrooted.
03:19
Is it possible to make a dedicated flasher app similar to the mp3?
R
03:19
Roscoe
In reply to this message
Correct. Right now my theory is that it won't communicate at all over USB unless it's in BROM mode first.
03:20
Deleted Account
I need to know what you guys need from the atg unlocked release keys score 7t. Assuming i could use it soon. Are these partition backups helpful in possibly making a flasher
S
03:21
Synonymous
Well, they need something to flash...
03:23
Deleted Account
In reply to this message
I thought the purpose of the carbonara exploit with mtkclient was to force brom
S
03:23
Synonymous
There is more than one way in
03:24
Deleted Account
I'm interested in the tablet that was not opened at all, software only jailbreak. Probably need a computer though
03:25
I was thinking they might be doing this using an already rooted tablet to root the others
03:25
Because more people figured it out here
S
03:31
Synonymous
Having one tablet to do other tablets is not the secret, termux would not do or offer anything from broken tablets that a phone could not do
R
03:35
Deleted Account
Lol I'm way off tonight
A
18:34
Alan
In reply to this message
Has anyone tested this?
I am currently using a rooted and jail broken tablet. How can I be of use to figure these out. Give me any steps to try and I'll do them and report back. I can usually be guaranteed back online daily at 12:45 for an hour and 9:00 pm for another hour (minus count time) and various other times. Lmk
I am currently using a rooted and jail broken tablet. How can I be of use to figure these out. Give me any steps to try and I'll do them and report back. I can usually be guaranteed back online daily at 12:45 for an hour and 9:00 pm for another hour (minus count time) and various other times. Lmk
S
18:45
Synonymous
A dd image of all partitions
A
TW
18:55
The Wwwizard
Is the case correct?
S
19:01
List at bottom. Just do each partition individually,
Start with recovery, boot, seccfg, super
Start with recovery, boot, seccfg, super
19:09
Deleted Account
In reply to this message
Is this 100% safe? I cannot afford to mess up his tablet
S
19:12
Synonymous
Yes, just don't alter the commands
19:14
Deleted Account
Ok i will try this with the atg tablet if he lets me soon
Terry Thompson V 2.0 invited June
Terry Thompson V 2.0 removed June
Terry Thompson V 2.0 invited Deleted Account
22 November 2025
TS
04:10
Tony Sparks
Where would one find a lineage os to flash
23 November 2025
TS
02:03
Tony Sparks
Anyone know if lineage will work despite the tablets using AVB with bundled vmeta
T
02:53
Tony
You cannot just flash the LineageOS system image into the super partition, if that's what you're asking. The whole boot chain is programmed to be secure by verifying the cryptographic signature of each important partition (system, vendor, product).
However, it is possible that the guys who are flashing that hacked LineageOS image are also flashing a compatible boot image.
However, it is possible that the guys who are flashing that hacked LineageOS image are also flashing a compatible boot image.
02:53
We have never had access to the preloader image, so I can't tell what it verifies and how it does so.
02:54
In fact, if one of the guys with a hacked tablet (not a hardware swap) can take an image of the preloader and send it to me (it should be very small, a few megabytes), I can have it analyzed and understand why/how this LineageOS hack works.
R
TS
06:14
So basically I can't do really anything with this raspberry pi + uart setup
T
06:32
Tony
You can do things, just not the thing you were expecting to be able to do. The Pi is very powerful for our purposes. It's just a matter of figuring out which attack vector is possible.
TW
12:10
The Wwwizard
Where do I get a backup of the preloader image?
12:10
Where does it reside
JS
15:42
John Smith
Time sensitive
I'm posting this in a couple places
We currently have a small window where it is easier to get stuff in so please respond within 48 hours so we have time to line this up.
We need to know what equipment ( windows phone or pocket PC or what) to have sent in that has the best chance of breaking these damn tablets. The smaller (e.g. hideable) the better but please provide specific devices you think will work best. Raspberry Pi is probably too much of a hassle, ready to go devices are better. Thx!
I'm posting this in a couple places
We currently have a small window where it is easier to get stuff in so please respond within 48 hours so we have time to line this up.
We need to know what equipment ( windows phone or pocket PC or what) to have sent in that has the best chance of breaking these damn tablets. The smaller (e.g. hideable) the better but please provide specific devices you think will work best. Raspberry Pi is probably too much of a hassle, ready to go devices are better. Thx!
24 November 2025
TS
02:05
Tony Sparks
Any thoughts on using a kitchen tool, to remove prison related protocols and repackage it into a ready to flash OS
TS
04:00
Tony Sparks
?
04:29
He used assayyed kitchen tool on a score 7 tablet but it was an old mt8167 version
04:30
I wonder if we should ask his input. He was very knowledgeable and successful in breaking the older score tablets
R
B
S
21:02
Synonymous
Is this from the
7c, 7m, or 7t?
Jailbroke or sent in and unlocked?
7c, 7m, or 7t?
Jailbroke or sent in and unlocked?
25 November 2025
T
01:08
Tony
In reply to this message
Please provide info about this preloader image. Score7c or 7t? Jailbroke inside or deinstitutionalized? LineageOS image or ATG?
❤
JS
TS
03:42
Tony Sparks
In reply to this message
I'm familiar with him, spoke to him briefly last year. His was the first score 7 tablet though, but if I can use mtkclient to dump a tablet, I could use a kitchen to take out all the prison related nonsense, repack it, then flash the img. It should still hold all of the components that need to match up to boot
26 November 2025
J
02:26
John
We can use the publicly known lineage test keys to sign any OS and flash it, right? Someone did post the entire dump from a 7t already. The question is what exactly has to be removed, and what has to be enabled? For example, are the wifi drivers even in the dump, etc?
C
B
19:15
Bill
In reply to this message
Score 7t jailbroken inside. LineageOS 17.1 treble_a64_bvS-userdebug 10 QQ3A.200805.001 eng.crossg.20210808.162341 test-keys
S
19:17
Synonymous
The files are the same file twice. One is incorrect
19:22
Can you run a dd backup of all partitions?
su
dd if=/dev/block/platform/bootdevice/by-name/boot of=/data/data/com.termux/files/home/storage/downloads/boot.img000
dd if=/dev/block/platform/bootdevice/by-name/boot_para of=/data/data/com.termux/files/home/storage/downloads/boot_para.img000
dd if=/dev/block/platform/bootdevice/by-name/cache of=/data/data/com.termux/files/home/storage/downloads/cache.img000
dd if=/dev/block/platform/bootdevice/by-name/cam_vpu1 of=/data/data/com.termux/files/home/storage/downloads/cam_vpu1.img000
dd if=/dev/block/platform/bootdevice/by-name/cam_vpu2 of=/data/data/com.termux/files/home/storage/downloads/cam_vpu2.img000
dd if=/dev/block/platform/bootdevice/by-name/cam_vpu3 of=/data/data/com.termux/files/home/storage/downloads/cam_vpu3.img000
dd if=/dev/block/platform/bootdevice/by-name/dkb of=/data/data/com.termux/files/home/storage/downloads/dkb.img000
dd if=/dev/block/platform/bootdevice/by-name/dtbo of=/data/data/com.termux/files/home/storage/downloads/dtbo.img000
dd if=/dev/block/platform/bootdevice/by-name/expdb of=/data/data/com.termux/files/home/storage/downloads/expdb.img000
dd if=/dev/block/platform/bootdevice/by-name/frp of=/data/data/com.termux/files/home/storage/downloads/frp.img000
dd if=/dev/block/platform/bootdevice/by-name/items of=/data/data/com.termux/files/home/storage/downloads/items.img000
dd if=/dev/block/platform/bootdevice/by-name/kb of=/data/data/com.termux/files/home/storage/downloads/kb.img000
dd if=/dev/block/platform/bootdevice/by-name/lk of=/data/data/com.termux/files/home/storage/downloads/lk.img000
dd if=/dev/block/platform/bootdevice/by-name/lk2 of=/data/data/com.termux/files/home/storage/downloads/lk2.img000
dd if=/dev/block/platform/bootdevice/by-name/logo of=/data/data/com.termux/files/home/storage/downloads/logo.img000
dd if=/dev/block/platform/bootdevice/by-name/md_udc of=/data/data/com.termux/files/home/storage/downloads/md_udc.img000
dd if=/dev/block/platform/bootdevice/by-name/metadata of=/data/data/com.termux/files/home/storage/downloads/metadata.img000
dd if=/dev/block/platform/bootdevice/by-name/nvcfg of=/data/data/com.termux/files/home/storage/downloads/nvcfg.img000
dd if=/dev/block/platform/bootdevice/by-name/nvdata of=/data/data/com.termux/files/home/storage/downloads/nvdata.img000
dd if=/dev/block/platform/bootdevice/by-name/nvram of=/data/data/com.termux/files/home/storage/downloads/nvram.img000
dd if=/dev/block/platform/bootdevice/by-name/para of=/data/data/com.termux/files/home/storage/downloads/para.img000
dd if=/dev/block/platform/bootdevice/by-name/persist of=/data/data/com.termux/files/home/storage/downloads/persist.img000
dd if=/dev/block/platform/bootdevice/by-name/preloader of=/data/data/com.termux/files/home/storage/downloads/preloader.img000
dd if=/dev/block/platform/bootdevice/by-name/proinfo of=/data/data/com.termux/files/home/storage/downloads/proinfo.img000
dd if=/dev/block/platform/bootdevice/by-name/protect1 of=/data/data/com.termux/files/home/storage/downloads/protect1.img000
dd if=/dev/block/platform/bootdevice/by-name/protect2 of=/data/data/com.termux/files/home/storage/downloads/protect2.img000
dd if=/dev/block/platform/bootdevice/by-name/recovery of=/data/data/com.termux/files/home/storage/downloads/recovery.img000
dd if=/dev/block/platform/bootdevice/by-name/seccfg of=/data/data/com.termux/files/home/storage/downloads/seccfg.img000
dd if=/dev/block/platform/bootdevice/by-name/tee1 of=/data/data/com.termux/files/home/storage/downloads/tee1.img000
dd if=/dev/block/platform/bootdevice/by-name/vbmeta of=/data/data/com.termux/files/home/storage/downloads/vbmeta.img000
dd if=/dev/block/platform/bootdevice/by-name/vbmeta_system of=/data/data/com.termux/files/home/storage/downloads/vbmeta_system.img000
dd if=/dev/block/platform/bootdevice/by-name/vbmeta_vendor of=/data/data/com.termux/files/home/storage/downloads/vbmeta_vendor.img000
dd if=/dev/block/platform/bootdevice/by-name/super of=/data/data/com.termux/files/home/storage/downloads/super.img000
su
dd if=/dev/block/platform/bootdevice/by-name/boot of=/data/data/com.termux/files/home/storage/downloads/boot.img000
dd if=/dev/block/platform/bootdevice/by-name/boot_para of=/data/data/com.termux/files/home/storage/downloads/boot_para.img000
dd if=/dev/block/platform/bootdevice/by-name/cache of=/data/data/com.termux/files/home/storage/downloads/cache.img000
dd if=/dev/block/platform/bootdevice/by-name/cam_vpu1 of=/data/data/com.termux/files/home/storage/downloads/cam_vpu1.img000
dd if=/dev/block/platform/bootdevice/by-name/cam_vpu2 of=/data/data/com.termux/files/home/storage/downloads/cam_vpu2.img000
dd if=/dev/block/platform/bootdevice/by-name/cam_vpu3 of=/data/data/com.termux/files/home/storage/downloads/cam_vpu3.img000
dd if=/dev/block/platform/bootdevice/by-name/dkb of=/data/data/com.termux/files/home/storage/downloads/dkb.img000
dd if=/dev/block/platform/bootdevice/by-name/dtbo of=/data/data/com.termux/files/home/storage/downloads/dtbo.img000
dd if=/dev/block/platform/bootdevice/by-name/expdb of=/data/data/com.termux/files/home/storage/downloads/expdb.img000
dd if=/dev/block/platform/bootdevice/by-name/frp of=/data/data/com.termux/files/home/storage/downloads/frp.img000
dd if=/dev/block/platform/bootdevice/by-name/items of=/data/data/com.termux/files/home/storage/downloads/items.img000
dd if=/dev/block/platform/bootdevice/by-name/kb of=/data/data/com.termux/files/home/storage/downloads/kb.img000
dd if=/dev/block/platform/bootdevice/by-name/lk of=/data/data/com.termux/files/home/storage/downloads/lk.img000
dd if=/dev/block/platform/bootdevice/by-name/lk2 of=/data/data/com.termux/files/home/storage/downloads/lk2.img000
dd if=/dev/block/platform/bootdevice/by-name/logo of=/data/data/com.termux/files/home/storage/downloads/logo.img000
dd if=/dev/block/platform/bootdevice/by-name/md_udc of=/data/data/com.termux/files/home/storage/downloads/md_udc.img000
dd if=/dev/block/platform/bootdevice/by-name/metadata of=/data/data/com.termux/files/home/storage/downloads/metadata.img000
dd if=/dev/block/platform/bootdevice/by-name/nvcfg of=/data/data/com.termux/files/home/storage/downloads/nvcfg.img000
dd if=/dev/block/platform/bootdevice/by-name/nvdata of=/data/data/com.termux/files/home/storage/downloads/nvdata.img000
dd if=/dev/block/platform/bootdevice/by-name/nvram of=/data/data/com.termux/files/home/storage/downloads/nvram.img000
dd if=/dev/block/platform/bootdevice/by-name/para of=/data/data/com.termux/files/home/storage/downloads/para.img000
dd if=/dev/block/platform/bootdevice/by-name/persist of=/data/data/com.termux/files/home/storage/downloads/persist.img000
dd if=/dev/block/platform/bootdevice/by-name/preloader of=/data/data/com.termux/files/home/storage/downloads/preloader.img000
dd if=/dev/block/platform/bootdevice/by-name/proinfo of=/data/data/com.termux/files/home/storage/downloads/proinfo.img000
dd if=/dev/block/platform/bootdevice/by-name/protect1 of=/data/data/com.termux/files/home/storage/downloads/protect1.img000
dd if=/dev/block/platform/bootdevice/by-name/protect2 of=/data/data/com.termux/files/home/storage/downloads/protect2.img000
dd if=/dev/block/platform/bootdevice/by-name/recovery of=/data/data/com.termux/files/home/storage/downloads/recovery.img000
dd if=/dev/block/platform/bootdevice/by-name/seccfg of=/data/data/com.termux/files/home/storage/downloads/seccfg.img000
dd if=/dev/block/platform/bootdevice/by-name/tee1 of=/data/data/com.termux/files/home/storage/downloads/tee1.img000
dd if=/dev/block/platform/bootdevice/by-name/vbmeta of=/data/data/com.termux/files/home/storage/downloads/vbmeta.img000
dd if=/dev/block/platform/bootdevice/by-name/vbmeta_system of=/data/data/com.termux/files/home/storage/downloads/vbmeta_system.img000
dd if=/dev/block/platform/bootdevice/by-name/vbmeta_vendor of=/data/data/com.termux/files/home/storage/downloads/vbmeta_vendor.img000
dd if=/dev/block/platform/bootdevice/by-name/super of=/data/data/com.termux/files/home/storage/downloads/super.img000
19:23
Deleted Account
Synonymous, I haven't forgotten your request for the partition backups on the atg deinstitutionalized tablet. Just the owner acting funny 😞
28 November 2025
Roscoe invited Georgio
3 December 2025
Roscoe invited Tj Henderson
4 December 2025
J
R
J
02:52
Jammer
In reply to this message
@Uchinan2 invited me he will vouch for me the biggest issue is we have M.A.S here so the signal sucks some times it works a few min some times for hours so let me know what you need don't have a phone just a tablet and hot spot stick and my name I'm known in all securus groups
Roscoe invited Tj Henderson
8 December 2025
J
23:03
John
wait...there is yet another group? if so, invite please?
13 December 2025
J
04:00
John
Are we just dead in here now?
TH
04:11
Tj Henderson
Seems so
R
05:07
Roscoe
The old group is apparently poppin. But nobody's sharing.
05:07
05:07
TT
05:13
Terry Thompson V 2.0
With the likes of unfazed waffle. In the old group . How did he get in anyway
Terry Thompson V 2.0 removed Deleted Account
14 December 2025
J
02:24
John
Would getting a deinstitutionalized tablet help at all with the rooting? This seems fairly straightforward. you can actually order them directly from Keefe if you know the name and reg number of someone who has been released from BOP custody in the last year and had a tablet.
02:25
02:25
But I'm not sure how much this would help. I have read that you still can't install new apps etc. but it may make rooting easier. Thoughts (if anyone is still here)?
R
03:54
Roscoe
You can't just order it. You have to send yours in.
03:54
And it's not been all that helpful
TH
04:01
Tj Henderson
In reply to this message
No I see what he means, you can order a replacement device on the form. There is a deinstitutionalized tablet in the room I'm in. I agree with Roscoe I don't think it is much of a help. The Russian told me the release key build is useless
04:02
From the Russian
"I don't know what on that system partition
Key - useless"
"I don't know what on that system partition
Key - useless"
TH
04:21
Tj Henderson
Guys forget termux, as the Russian said. Look up anotherterm. It has its own functional libusb built in. Should work on a rooted phone or tablet with <= Android 13. Newer android versions have stricter USB control
17:04
Deleted Account
In reply to this message
Is it just a random advice? Another term is not used for unlocking as far as i know
21 December 2025
J
04:30
John
They recently plugged the workaround to extend movies for free. Anyone found a workaround yet?
23 December 2025
Terry Thompson V 2.0 invited 318Jay Bug
24 December 2025
3B
23:12
318Jay Bug
So this don't work. The video looks good . What's the deal ? Pleas advise
JS
23:13
John Smith
I have a 7c that the workaround still works on, but people with 7t tablets are sol it seems.
25 December 2025
3B
00:29
318Jay Bug
Yes 7cis what I've been working with
27 December 2025
S
18:47
Specz
Hey guys we have access to a laptop now if I were to download magisik and try to run the 7t thru it , will it root it?
R
19:08
Roscoe
No. Best bet is BROM mode > mtkclient with Carbonara OR penumbra
3 January 2026
Terry Thompson V 2.0 invited TouCant IAmNot
TI
07:26
TouCant IAmNot
Am back! So I was here months ago. Well the old group.
TT
08:10
Terry Thompson V 2.0
Welcome what happened to you
TI
16:53
TouCant IAmNot
Rabbit hole. Lol 😂
16:54
It be like that. Moved to the other side of the prison. I guess they don't like too many guys getting checked in... Well just have good papers damn crackers 😂
16:54
Crackers Crumble, White Boys Rumble 🤌
14 January 2026
3B
03:37
318Jay Bug
16 January 2026
B
01:49
Billi
We all are locked up in feds
❤
B
3B
19 January 2026
R
05:14
Roscoe
R
Roscoe 19.01.2026 05:12:45
If you're there, I need your help!
05:14
Just plugged in this book re-validating tablet in to use as a charger and without me doing anything to it this is what happened
05:14
05:14
No idea what caused it or if I could ever do it again
G
08:52
Georgio
Interesting
R
17:23
Roscoe
I reset it. Now it's on the "Please plug in to kiosk" screen like it comes to commissary before they assign it to your number.
17:23
Anyone know if I can do anything with it in initial setup mode?
25 January 2026
J
04:30
John
So I'm assuming that a few of the people in here figured out how to do what we are all here to do, and then just stopped talking to us?
3B
04:37
318Jay Bug
Prolly so
TI
05:08
TouCant IAmNot
That's not nice
JS
05:23
John Smith
Yeah, it would be nice if people didn't do that. Just a squirrel trying to get a nut here. Or BROM...
✨
R
18:18
Roscoe
In reply to this message
Yep. Had no choice but to factory reset and now it's on the white screen that says Please connect to kiosk.
✨
18:20
✨✨ Vejeeter✨✨
And when you connect to the kiosk?
R
18:22
Roscoe
In reply to this message
Nothing. The USB port could be damaged, but it still charges. Can't tell by plugging it to the phone because I need a OTG cable instead of just c to c
✨
18:25
✨✨ Vejeeter✨✨
In reply to this message
If it charges then the port is ok... You will need to make a cord though
R
19:03
Roscoe
Yeah that's what I'm working on. Doesn't explain why it wouldn't connect to the kiosk though.
✨
19:44
✨✨ Vejeeter✨✨
In reply to this message
Honestly the simplest answer is that whatever apps that they installed on the tablet to validate has been removed by the factory reset
👍
S
R
19:45
Roscoe
In reply to this message
I don't think so. Because the state it's in now is how it comes from commissary IIRC
👎
S
✨
19:46
✨✨ Vejeeter✨✨
With credentials on it?
R
19:49
Roscoe
Just a serial number right now. So I guess it's how it was right before checkout.
✨
19:49
✨✨ Vejeeter✨✨
In reply to this message
Meaning that no creds.... It doesn't have the info stored to validate
👍
S
26 January 2026
T
00:17
Tony
It has been deprovisioned and can only be reprovisioned by staff. If you're BOP, that's Trust Fund. They have to set something in their computer that puts your credentials on it again, if they'll do that without asking too many questions.
👎
S
29 January 2026
J
02:31
John
Is there any way to reset a tablet that has been locked due to an unauthorized device connection, or is it just useless at that point?
JS
02:54
John Smith
In reply to this message
Is it still associated to someone who can sync it to the kiosk? If it is, I have been successful in restoring it by starting to sync it and immediately hitting the cancel button so it doesn't go through the whole process. It still removes that unauthorized lockout but supposedly doesn't send the info to rat you out to trust fund. Done it multiple times myself.
👍
J
J
03:12
John
Hmmm...seems risky. Yes it's associated with someone, but like what happens if you don't hit it fast enough, how much time is fast enough, etc
03:13
What details can you give me?
JS
03:15
John Smith
In reply to this message
I can only vouch for what I have done to my own tablet, and as soon as you click sync and the red screen comes up, hit cancel and the screen will turn yellow and finish what it was doing without actually syncing it. It is a risk you will have to decide for yourself I guess.
J
03:17
John
That's good to know. thank you for the advice! I may risk it. So when I connect it to the kiosk, it won't just immediately snitch me out? I just have to hit sync, and then cancel?
03:17
About how long do you have to do it? Also let's say it fails. Anyone know if that's like an immediate write up or something?
TI
03:18
TouCant IAmNot
In reply to this message
Let it run out of time and need verification through the koisk
03:18
Then verify it. You will not get a write up
👍
J
03:18
I have done it.
GG
03:18
Gino Green
Here its a hit or miss they dont really catch as many
3B
03:19
318Jay Bug
In reply to this message
Wjats if the tablet isn't not in your name, and only you for charger.
JS
03:19
John Smith
In reply to this message
It does not rat you out until you let it sync fully. It won't matter if you wait, and it also matters what prison you are at and the policy for it there. You can always say some asshole stole it and you got it back like that.
J
03:19
John
Yes, very true. But hopefully your method just works
JS
03:20
John Smith
In reply to this message
Then I guess it doesn't matter since you can't revalidate it anyway.
3B
03:20
318Jay Bug
I've reset mine 30 times in the last 6 mo, and I let it go all the way. I haven't nothing about it at zooo. I would just say idk it was on charger .
J
03:20
John
I had been using safe mode to charge flawlessly for the last several months...then I just accidentally connected it out of safe mode
03:20
And here we are lol
3B
03:21
318Jay Bug
Well to me it charges slower it seems anyway. I have 3 only one in my name . It charges faster when it's clear
JS
03:21
John Smith
In reply to this message
Yep, that's the only issue with safe mode is if you have to restart it and forget to put it back into safe mode before connecting back up.
3B
03:21
318Jay Bug
Yeah, the battery dies and you hold down the button and it comes on for a sec and back dead. That's all it takes. That what happen to me
J
03:21
John
Yep lol
03:22
In reply to this message
Oh ok so I drain the battery, then hold the button down after, and that should reset it?
3B
03:22
318Jay Bug
I wanted to jump up the cpory to make it a fast charger on the other two , that the guys have went home
03:22
But no one gives me clear instructions. Lol
JS
03:24
John Smith
In reply to this message
If you try that can you let us know if that works? I had not had any luck with that method. Good luck!
J
03:25
John
Yes, I will!
03:25
In reply to this message
Haha. I read something about this a while ago...supposedly you can turn it into a fast charger
03:34
In reply to this message
So is that actually what you were saying? Suck down the battery, then hold down the button, and then when you charge and power back up, it's reset?
GG
03:37
Gino Green
In reply to this message
I think he saying that when it dies and you turn it on for a short second it turns back off and locks you out
3B
03:43
318Jay Bug
Yeah exactly. On one of these f
Groups , someone showed pics how they up the amps at the closet to 5amps. And was charging there phone. But I can't tell where they tied in at to make the court 5amps. Fast charger..
Groups , someone showed pics how they up the amps at the closet to 5amps. And was charging there phone. But I can't tell where they tied in at to make the court 5amps. Fast charger..
03:43
Thanks
J
03:48
John
Ok, so I just did the plug in, sync, then cancel thing. The screen did turn yellow. But it also said "synching" and finishing synch, while the screen was yellow.
03:50
John do you think that I will get fucked, or was that also your experience when you were resetting?
3B
03:54
318Jay Bug
In reply to this message
I just tried it with my table I bought from a guy going home, and it would not even see the tablet, but the table seen the kissk
J
03:55
John
Interesting
TT
04:01
Terry Thompson V 2.0
In reply to this message
I think you got a typo. And u never asked ?
❤
JS
04:06
In reply to this message
@jbug it was me doing it and you read it wrong nobody getting 5 amps out of a tablet period u get much over 2 amps and screen won't come on and shuts down
JS
04:06
John Smith
In reply to this message
That is what mine does when I do that. If you were trying to rent a movie or download music it would not have completed that. It's like an abandon ship but slower!
TT
04:10
Terry Thompson V 2.0
In reply to this message
And you must be getting volts and amps mixed up. All USB charging is 5 volts except for a few rapid chargers that go for a short while to 9volt I think.then back down to 5 . And maybe certain things for Arduino and raspberry pi.
3B
04:29
318Jay Bug
😳
R
04:33
Roscoe
JC
Johny Cash 26.11.2025 09:19:27
For anyone that would like to build a charging cord and say bye bye to wall charging boxes. I build and tested one in last two days and it's pushing Around 1800 to 2100 milliamps of current from the tablet. All you need is two type C ends, solid copper wire and 5.1kiloohms resistor. All you do you just solder positive and negative terminals between the type C ends (length of the wire matters - the shorter the wire the higher amperage, but in my test runs about 6 inch solid copper wire was optimal). Than put the 5.1kiloohms resistor on the one that will be plugged to the tablet (like you were about to make otg wire). That resistor goes between leg number 5 and ground. On the phone plug end, just solder (short-jump) Data+ and Data- together. And that's all. You just got yourself fast charging wire. A lot depends also on the age of tablet and battery in it, what I mean is the older tablets got battery in it that has less than original 4000mAh capacity and it want charge your phone more than 30-45%. Please also remember that that info I just shared it's for our group and don't share it with the rest of the web😄
R
04:34
Roscoe
JC
Johny Cash 26.11.2025 09:20:17
Phone end
04:34
Tablet end
04:34
04:34
04:34
The whole thing
04:34
04:34
If you don't have a hot glue to finish any of your electronics work ask kitchen workers for "yellow plastic bag that pasta comes in". You just cut it into desired width strips, wrap around your wire (type C, headphones wires,etc.) and heat it up. It shrinks perfect like professional electric shrink wrap and while it's still hot you can mold it. Once it's cools down it's hard an sturdy.
04:34
Remember that wire will only work when you plugged it proper way which is resistor side to tablet. If you made a mistake you'll start charging tablet from your phone.
J
05:07
John
In reply to this message
Ok cool. Hopefully I don't get called in the morning for a writeup haha. If it's worked for you multiple times, I guess it should be ok. Now if we could just get the movie renewal trick working again...lol.
Let's say I didn't hit cancel. Would the lock still come off, or would it have made me go to a staff member to clear it? Anyone know? Just trying to look for confirmation that I'm in the clear I suppose lol
Let's say I didn't hit cancel. Would the lock still come off, or would it have made me go to a staff member to clear it? Anyone know? Just trying to look for confirmation that I'm in the clear I suppose lol
JS
05:20
John Smith
In reply to this message
I've done both, they have not done anything, but again it depends on the prison I guess. Unless you have heard of someone else getting called in for a writeup or trip to the shu I think you'll be fine.
J
05:49
John
We'll see...someone else just told me they got a shot here by just revalidating after a phone was connected (they didn't do the cancel thing). But he was also smoked out and I couldn't really get the whole story from him.
When you did it without hitting cancel, did it also take the lock off?
When you did it without hitting cancel, did it also take the lock off?
JS
J
05:52
John
Shit. Yeah hopefully the cancel thing worked. I was hoping the fact that the lock came off meant something, but I guess not haha. Oh well, nothing I can do about it now.
05:52
Should know by the end of the day tomorrow
30 January 2026
JS
C
03:13
C
If you search law library you'll see people have gotten shots for that and saying it was someone else didn't work, they can also see the exact model of the phone that was connected to it
👍
S
T
03:25
Tony
When two Android devices connect via true USB-C, they negotiate which is host and which is the accessory. The tablet FORCES itself as host, and collects USB Vendor/Product information from the accessory (the phone you hook up). That information is stored in a database on the tablet and uploaded to SIS immediately upon hooking the tablet to a kiosk. The only way to avoid this security measure is to boot the tablet in Android Safe Mode. In safe mode, only system apps run, and the security suite is not a system app on ATG tablets!
❤
TS
S
03:25
Use the power button and volume buttons
With your device turned off, hold down the power key until the logo of your phone manufacturer appears.
As soon as the animation commences, press and hold the volume down key for several seconds until your device boots up and Safe mode appears in the bottom-left corner.
This method should work on older Android devices and specific manufacturers like Samsung, HTC, and Google.
With your device turned off, hold down the power key until the logo of your phone manufacturer appears.
As soon as the animation commences, press and hold the volume down key for several seconds until your device boots up and Safe mode appears in the bottom-left corner.
This method should work on older Android devices and specific manufacturers like Samsung, HTC, and Google.
03:27
I have tested this, and it works. This also allows you to charge your phone from the tablet, though it is painfully slow. If you're patient and have a place to store the phone and tablet, you can avoid having to keep/hide a USB wall charger.
3B
03:59
318Jay Bug
Yes . I buy used tablets only in the name from the person trying to sell it. And I never do nothing but charge them up and charge my jack. Phone In airplane mode, take 3 hrs , I never let fall below 80%, and if I keep it plugged in like now and talk texted , scroll and. Bid my time on my back. I have 3 tablets , I charge them once a day rotating them out , at night I is have 2 full and one less than half. , and I may scroll all day are using phone all day. , it works . Fine. I also have a spot in light I can use, for my phone . But I haven't never plug it up there. This is a new A16, 256 ram battery is bigger than my last one , it was apple , and it charged fast from. Tablet, but I would. Duck it off in light early morning and leave most the day , depending on action on yrd .. now I rent my charging light out and have 4 phones I charge there for other guys .
31 January 2026
J
07:59
John
In reply to this message
So far so good. But who knows, they have several days to do writeups. People say they only have 24 hours, but the warden just has to sign something and they have as long as they want.
08:04
Maybe the cancel thing worked, maybe it didn't. Who knows.
1 February 2026
TH
03:19
Tj Henderson
TH
Tj Henderson 01.02.2026 03:13:43
Some updates on the BOP major technology overhaul:
1) vendors required to submit their proposals for the new tablets and kiosks on Feb 5
2) BOP expected to award a contract in spring this year
3) First phase of roll out of new tablets and kiosks expected in summer to certain pilot locations including USPs
4) BOP's stated goal is to have all tablets and kiosks in all institutions to every inmate by December of this year
1) vendors required to submit their proposals for the new tablets and kiosks on Feb 5
2) BOP expected to award a contract in spring this year
3) First phase of roll out of new tablets and kiosks expected in summer to certain pilot locations including USPs
4) BOP's stated goal is to have all tablets and kiosks in all institutions to every inmate by December of this year
03:19
Unfortunately that means score tablet (which is described as the "interim" device) will be phased out. All cables will be phased out, including charging cables. Data will either be wifi or securus private cellular (LTE) network that acts like a cell tower for prison devices only
6 February 2026
D
R
03:09
Roscoe
It does! Now you just need to find 999 friends.
😁
G
TH
S
GG
3B
R
03:42
Roscoe
1000?
3B
05:13
318Jay Bug
Soni emailed the distributor, there reply is we don't sell mother boards, and I don't think the ribbon for screen is 30 pin on this one
D
05:30
D
There is motherboard manufactures on Alibaba should be 8-20 per board and can possible do a 100-200 order
3B
05:31
318Jay Bug
It don't look like to pins match screen ribbon
D
05:32
D
Well you probably need to have them make modifications
J
07:45
John
To make any board connect to a screen it wasn't specifically designed for, it's a very serious technical project. You need to modify things at the kernel level of the OS to even make it recognize the screen, you need to make a custom ribbon cable, etc. it's a nightmare
07:46
That's the reason people did board swaps with a really old 4g tablet (indigi) - someone happened upon a board that would simply plug into the screen and it happened to work with it
07:46
The problem with that board is that it's very old and slow
D
15:09
D
Well after speaking directly with the manufacture they want the components sent to them. Screen, digitizer and the PCB board so they can design something that works with the components and has the exact same layout for buttons and charging port
24 February 2026
R
TT
06:14
Terry Thompson V 2.0
?
R
06:15
Roscoe
I need their help 😅
T
10:30
Tony
Sorry. I have just had a million other things to do lately. What does @theroscoefilburn need?
G
11:57
Georgio
Wassup Roscoe
11:58
Tony we thought you were in the shu
J
18:23
Jammer
Sup yall
✨
21:47
✨✨ Vejeeter✨✨
I'll peep in here and there
21:54
I'm currently installing AnotherTerm with Debian Bookworm on a Moto E6 to make sure that a proper environment can be ran on unrooted phone for guys who don't want to root...I previously had a similar setup on a rooted tablet so I pretty much know what will install on that
J
21:56
John
it appears that there is someone in the BOP that has actually cracked the official 7t (not a board swap). I would assume that they got 90% of the way there with the stuff in this group, and found one or two things on their own that pushed it over the top. since it seems this group has died, maybe we should go through all the old posts and try to pick up where things got left off
✨
21:57
✨✨ Vejeeter✨✨
I'm almost certain that there are two different methods being used
👍
S
D
R
22:54
Roscoe
I've got BROM to work. mtkclient can halfway unlock the bootloader but not completely. But enough to run any of the other commands with mtkclient. Including dumping and flashing.
22:55
As has been pointed out before, lineage image is too big to replace 1:1 with system and repack in super. It's basically the size of the whole stock super partition.
22:55
So I used mtkclient to resize the GPT then flashed a repacked super with lineage anyway.
22:56
Backing up a step before I did that I actually patched the VB meta trio partitions to add flags to ignore verification without changing anything else. When I did that I got a red state warning and a boot loop.
22:57
22:58
I flashed the stock Vbmeta partitions back and then I did the resize GPT and flashed the modified super.
23:00
So with the stock partition stock recovery stock product and vendor in stock VB meta, but I modified super, I still get a bootloop but no red state warning.
23:01
The bootloader is not completely unlocked. But I can get it into a DA session by attempting to unlock it. I know it's not completely unlocked though because I have to redo it every time.
23:02
J
23:42
John
but you're tuck in a boot loop, so you can't use it?
25 February 2026
R
01:34
Roscoe
Using it isn't the problem. I reversed the red state but still need to make it work
R
02:07
Roscoe
Stock vbmeta trio (to avoid red state)
Lineage system inside super
Stock boot
Lineage system inside super
Stock boot
02:08
"=> FASTBOOT mode"
TH
04:00
Tj Henderson
In reply to this message
Run: fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
Wipe user data (fastboot -w) to avoid boot loops
Wipe user data (fastboot -w) to avoid boot loops
R
04:02
Roscoe
Done that. Disabling verification = Red State. And I wiped userdata metadata and cache each time.
TH
04:03
Tj Henderson
Can you do adb
R
04:04
Roscoe
Doubtful but I haven't tried yet. Nor have I determined whether it's actually accessible in fastboot. Didn't have fastboot on the build I was using and ran out of time for the day.
TH
04:05
Tj Henderson
Ok
04:05
Most progress I've seen nice job man
04:06
I'll ask hovatek for some help
G
04:08
Georgio
Agreed 👍. I'm definitely going to need you in a couple weeks to help me understand more about what your doing. I'm more hands on so once I get my computer then if you don't mind I'll need you to walk me through a lot of shit @theroscoefilburn
R
04:11
Roscoe
Hopefully I'll have a complete walkthrough by then 🤞
👍
G
TH
G
04:11
Georgio
🤞🤞
TH
04:12
Tj Henderson
Sharing your findings means a lot too. Thank you
R
04:12
04:12
04:13
Some fresh logs and data for y'all to digest
04:13
The 02-24 file is the most recent. The loop is printgpt when it was in boot loop.
G
04:14
Georgio
The problem is I don't even understand how to chew those logs let alone digest them
R
TH
04:15
Tj Henderson
Me either but I'm going to ask hovatek for help. That's my plan to contribute
G
04:16
Georgio
Are you using a phone to connect to the tablet or a computer
R
04:16
Roscoe
Computer. Got nowhere with the phone.
04:17
And BROM is exactly what we thought it was all this time.
G
04:17
Georgio
Ok. I was confused because in the logs it's saying to power off the phone. It must be talking about the tablet
R
04:19
CLK and DAT0
TH
04:21
Tj Henderson
Was there specific timing
R
04:22
Roscoe
Bridge it with battery out, connect USB, wait a beat, let go
04:22
Easy after you do it a few times
TH
04:25
Tj Henderson
Nice
G
04:28
Georgio
So really ai knew what it was saying
04:28
Well her is what chat gpt says about your log.
04:28
You actually got almost all the way through successfully — the failure is happening at the very last stage when mtkclient tries to process seccfg.
Let’s break down what happened.
---
✅ What Worked
From your log:
Device detected in BROM mode
Chip identified: MT8168
DA stage 1 uploaded ✅
DRAM setup passed ✅
Stage 2 uploaded ✅
eMMC detected correctly ✅
DA SLA disabled ✅
So communication, loader, and memory setup are fine.
---
❌ Where It Broke
The crash happens here:
XFlashExt - Detected V4 Lockstate
...
Unsupported ctrl code
...
TypeError: 'bytes' object cannot be interpreted as an integer
The exact failure:
TypeError: 'bytes' object cannot be interpreted as an integer
Inside:
hwcrypto_sej.py → hw_aes128_cbc_encrypt → SEJ_V3_Init
---
🔎 What Went Wrong
1️⃣ You're dealing with V4 seccfg
XFlashExt - Detected V4 Lockstate
This is important.
Your device is using a newer SECCFG format (V4), but:
The loader (DA_MT8168.bin) likely doesn't fully support that format
Or your mtkclient version doesn’t properly handle V4 crypto calls
---
2️⃣ Unsupported Control Codes
XFlashExt - [LIB]: Unsupported ctrl code
This means:
The DA you supplied does not support the command mtkclient is sending for V4 seccfg handling.
---
3️⃣ The Python Error
The crash:
TypeError: 'bytes' object cannot be interpreted as an integer
This is a bug in mtkclient, not your wiring or connection.
It happens because:
The SEJ crypto engine returned unexpected data
mtkclient tried to treat raw bytes as a 32-bit register value
The function expected an integer but received a bytes object
So it’s a software mismatch issue.
---
🎯 Why This Happens
Common causes:
✔ Using an incompatible DA loader
Not all MT8168 DAs work with all firmware versions.
✔ Device has newer security patch
Some MT8168 devices ship with:
New V4 seccfg format
Different crypto handling
Additional protections
✔ Outdated mtkclient version
Older versions do not fully support V4 seccfg decryption.
---
🔥 Important Clue
SBC enabled: True
Mem read auth: True
Mem write auth: True
Cmd 0xC8 blocked: True
This device has:
Secure Boot enabled
Memory authentication required
Some commands blocked
So this is a properly secured device.
---
💡 What You Should Try
1️⃣ Update mtkclient to latest version
git pull
pip install -r requirements.txt --upgrade
Some newer commits fix V4 parsing issues.
---
2️⃣ Try without --stock
Instead of:
python3 mtk.py da seccfg unlock --stock ...
Try:
python3 mtk.py da seccfg unlock --loader DA_MT8168.bin --preloader preloader.bin
Sometimes stock flag interferes with V4 handling.
---
3️⃣ Try a different DA for MT8168
Some MT8168 devices require:
Vendor DA
Matching firmware DA
Factory DA
Generic DA doesn’t always work with V4.
---
4️⃣ Try using --bypass first
Some devices need:
python3 mtk.py payload
Then run seccfg unlock.
---
🧠 Bottom Line
Nothing is wrong with:
Your cable
Your BROM entry
Your handshake
Your DRAM
Your DA upload
The failure is:
> ❗ A crypto / seccfg V4 parsing incompatibility between your device and mtkclient.
---
If you want, tell me:
Exact tablet/phone model
Android version
Security patch level
And I can tell you whether this MT8168 is currently unlockable via mtkclient or not.
Let’s break down what happened.
---
✅ What Worked
From your log:
Device detected in BROM mode
Chip identified: MT8168
DA stage 1 uploaded ✅
DRAM setup passed ✅
Stage 2 uploaded ✅
eMMC detected correctly ✅
DA SLA disabled ✅
So communication, loader, and memory setup are fine.
---
❌ Where It Broke
The crash happens here:
XFlashExt - Detected V4 Lockstate
...
Unsupported ctrl code
...
TypeError: 'bytes' object cannot be interpreted as an integer
The exact failure:
TypeError: 'bytes' object cannot be interpreted as an integer
Inside:
hwcrypto_sej.py → hw_aes128_cbc_encrypt → SEJ_V3_Init
---
🔎 What Went Wrong
1️⃣ You're dealing with V4 seccfg
XFlashExt - Detected V4 Lockstate
This is important.
Your device is using a newer SECCFG format (V4), but:
The loader (DA_MT8168.bin) likely doesn't fully support that format
Or your mtkclient version doesn’t properly handle V4 crypto calls
---
2️⃣ Unsupported Control Codes
XFlashExt - [LIB]: Unsupported ctrl code
This means:
The DA you supplied does not support the command mtkclient is sending for V4 seccfg handling.
---
3️⃣ The Python Error
The crash:
TypeError: 'bytes' object cannot be interpreted as an integer
This is a bug in mtkclient, not your wiring or connection.
It happens because:
The SEJ crypto engine returned unexpected data
mtkclient tried to treat raw bytes as a 32-bit register value
The function expected an integer but received a bytes object
So it’s a software mismatch issue.
---
🎯 Why This Happens
Common causes:
✔ Using an incompatible DA loader
Not all MT8168 DAs work with all firmware versions.
✔ Device has newer security patch
Some MT8168 devices ship with:
New V4 seccfg format
Different crypto handling
Additional protections
✔ Outdated mtkclient version
Older versions do not fully support V4 seccfg decryption.
---
🔥 Important Clue
SBC enabled: True
Mem read auth: True
Mem write auth: True
Cmd 0xC8 blocked: True
This device has:
Secure Boot enabled
Memory authentication required
Some commands blocked
So this is a properly secured device.
---
💡 What You Should Try
1️⃣ Update mtkclient to latest version
git pull
pip install -r requirements.txt --upgrade
Some newer commits fix V4 parsing issues.
---
2️⃣ Try without --stock
Instead of:
python3 mtk.py da seccfg unlock --stock ...
Try:
python3 mtk.py da seccfg unlock --loader DA_MT8168.bin --preloader preloader.bin
Sometimes stock flag interferes with V4 handling.
---
3️⃣ Try a different DA for MT8168
Some MT8168 devices require:
Vendor DA
Matching firmware DA
Factory DA
Generic DA doesn’t always work with V4.
---
4️⃣ Try using --bypass first
Some devices need:
python3 mtk.py payload
Then run seccfg unlock.
---
🧠 Bottom Line
Nothing is wrong with:
Your cable
Your BROM entry
Your handshake
Your DRAM
Your DA upload
The failure is:
> ❗ A crypto / seccfg V4 parsing incompatibility between your device and mtkclient.
---
If you want, tell me:
Exact tablet/phone model
Android version
Security patch level
And I can tell you whether this MT8168 is currently unlockable via mtkclient or not.
04:29
We're almost there @theroscoefilburn
R
04:41
Roscoe
From vbmeta_system:
That means:
• vbmeta_system contains a dm-verity hashtree for system
• The root digest must match the exact contents of system
• I replaced system
• The root digest no longer matches
• Bootloader refuses to boot → drops to FASTBOOT
This is not a signature mismatch. This is a verified partition hash mismatch.
Signing keys matching is irrelevant here.
The key verifies vbmeta. The hash verifies system. Two separate layers.
Hashtree descriptor:
Partition Name: system
Root Digest: 6f349b3b3ac6827ba97ad66893a1cc14083fd9635fc72d0aaf2a5f017716d5a1
Flags: 0
That means:
• vbmeta_system contains a dm-verity hashtree for system
• The root digest must match the exact contents of system
• I replaced system
• The root digest no longer matches
• Bootloader refuses to boot → drops to FASTBOOT
This is not a signature mismatch. This is a verified partition hash mismatch.
Signing keys matching is irrelevant here.
The key verifies vbmeta. The hash verifies system. Two separate layers.
04:42
Signature is valid.
Chain is valid.
Hash check fails.
Bootloader aborts boot and falls back to fastboot mode.
Chain is valid.
Hash check fails.
Bootloader aborts boot and falls back to fastboot mode.
04:43
That's because:
You cannot regenerate vbmeta_system with a new system hash (signature would break).
You cannot disable verity flags (signature would break).
You cannot modify system contents (hash mismatch).
Therefore you cannot replace system inside super....
Unless you unlock the bootloader.
You cannot regenerate vbmeta_system with a new system hash (signature would break).
You cannot disable verity flags (signature would break).
You cannot modify system contents (hash mismatch).
Therefore you cannot replace system inside super....
Unless you unlock the bootloader.
04:47
Some devices need:
python3 mtk.py payload
Then run seccfg unlock.
If anyone has any insight on how to do that, please LMK.
T
G
12:02
Georgio
That's what I said but I guess someone must have had you confused with someone else. Are you still in the halfway house? What do you think about the progress Roscoe has made?
T
12:06
Tony
I went to home confinement, but I have had a ridiculous amount of shit to handle once I got home. My brother and father caused all sorts of trouble and neither seem able to accomplish simple home repairs.
G
12:08
Georgio
Sorry to hear that. Well just remember to stay focused and not much is worth coming back to prison for.
T
12:09
Tony
As for Roscoe's progress, getting BROM (with my diagram) is a great step in the right direction. I think there are some kinks to work out that have to do it bootloader unlocking though. I suggest a dive into mtkclient's code. Make some better logging mods, maybe make some low-level changes in how it operates on the tablets. I bet ATG saw this coming and made some minor tweaks to make this a little less easy without really breaking anything too big. They're lazy fuckers that want to keep shit as generic as possible.
G
12:11
Georgio
Are you able to to try what your suggesting.
R
20:07
Roscoe
There's something I'm missing. It's probably simple. Need the right payload or DA or something to unlock the bootloader. Once that's done I think everything else is good.
20:13
@hrethgir What do you mean by "use the Carbonara payload"?
R
20:13
Roscoe
T
Tony 17.11.2025 00:56:18
Carbonara is the payload you should be using, not the generic 8168 payloads.
20:13
The generics will not work on an e-fused device like ours.
S
22:27
Synonymous
In reply to this message
Orry to hrere ab6the trouble, I hope things work out.
How does the factory atg unlock work?
I hope you are able to get an unlocked image
I'd be interested to know if they add the SD card slot back in
I am also interested in the paper about them scrubbing music from the bop system
How does the factory atg unlock work?
I hope you are able to get an unlocked image
I'd be interested to know if they add the SD card slot back in
I am also interested in the paper about them scrubbing music from the bop system
JS
22:28
John Smith
In reply to this message
Did you take a look at the payloads at https://github.com/shomykohai/mtk-payloads
R
22:34
Roscoe
Yes.
T
22:56
Tony
In reply to this message
When you deinstitutionalize a player or tablet (or both), ATG removes all purchase history from your account. If you are reincarnated, you must buy all new games, music, etc.
22:58
In reply to this message
I have not attempted to wire an SD card to the empty interior slot. I apologize, but that's not really on my todo list. It will read a USB-C SD card reader after deinstitutionalization. So if someone wants to try wiring one internally after we get this done, they're welcome to try.
26 February 2026
JS
00:07
John Smith
This is activity on the old xda forum thread that started back in 2024 but basically comes down to "not sure how but they are getting lineageOS on them at ft Dix"https://xdaforums.com/t/custom-rom-for-score-7-keefe-group-mt8167-tablet.4662278/page-2
R
00:58
Roscoe
I need any DA file candidate you can send
G
15:37
Georgio
In reply to this message
The error you're encountering:
TypeError: 'bytes' object cannot be interpreted as an integer
is happening because the code is trying to interpret a bytes object as an integer, which is not allowed in Python. This is likely due to a mismatch in how memory is being read or interpreted during the SECCFG (Secure Configuration) unlock process.
Here's what's going on:
The script is using the mtk.py tool to unlock the SECCFG (Secure Configuration) on your MediaTek (MTK) device (likely an MT8168-based tablet).
The error happens in the hwcrypto_sej.py file, specifically in the SEJ_V3_Init method.
It appears that the read32(addr) function is returning a bytes object instead of an integer, and the code is trying to use it as an integer, which causes the TypeError.
✅ Solution:
To fix this issue, you can modify the readmem function in the xflash.py file (specifically the read32(addr) part) to ensure it returns an integer instead of a bytes object.
✅ Step-by-step Fix:
Locate the xflash.py file:
/home/demo/Desktop/mtkclient/mtkclient/Library/DA/xflash/extension/xflash.py
Find the readmem function:
Look for this part of the code:
def readmem(self, addr, size=4):
res = self.read(addr, size)
self.debug(f"RX: {hex(addr)} -> {hex(res)}")
return res
Modify it to return an integer:
Change it to:
def readmem(self, addr, size=4):
res = self.read(addr, size)
self.debug(f"RX: {hex(addr)} -> {hex(res)}")
return int.from_bytes(res, byteorder='little')
This will convert the bytes object to an integer using little-endian byte order, which is common in MTK devices.
✅ Optional: Debugging Tips
If the error persists, double-check that the read(addr, size) function is returning a bytes object (which it likely is).
You can add a debug print statement like:
print(f"res: {res}, type: {type(res)}")
to confirm what is being returned.
✅ Summary
The error is due to the readmem function returning a bytes object instead of an integer. Fixing this by converting the result to an integer using int.from_bytes() should resolve the issue.
Let me know if you want help with the full script or further debugging!
@theroscoefilburn let me know if this helps. I got this off dig ai. Let me know other prompts to ask it that will help.
TypeError: 'bytes' object cannot be interpreted as an integer
is happening because the code is trying to interpret a bytes object as an integer, which is not allowed in Python. This is likely due to a mismatch in how memory is being read or interpreted during the SECCFG (Secure Configuration) unlock process.
Here's what's going on:
The script is using the mtk.py tool to unlock the SECCFG (Secure Configuration) on your MediaTek (MTK) device (likely an MT8168-based tablet).
The error happens in the hwcrypto_sej.py file, specifically in the SEJ_V3_Init method.
It appears that the read32(addr) function is returning a bytes object instead of an integer, and the code is trying to use it as an integer, which causes the TypeError.
✅ Solution:
To fix this issue, you can modify the readmem function in the xflash.py file (specifically the read32(addr) part) to ensure it returns an integer instead of a bytes object.
✅ Step-by-step Fix:
Locate the xflash.py file:
/home/demo/Desktop/mtkclient/mtkclient/Library/DA/xflash/extension/xflash.py
Find the readmem function:
Look for this part of the code:
def readmem(self, addr, size=4):
res = self.read(addr, size)
self.debug(f"RX: {hex(addr)} -> {hex(res)}")
return res
Modify it to return an integer:
Change it to:
def readmem(self, addr, size=4):
res = self.read(addr, size)
self.debug(f"RX: {hex(addr)} -> {hex(res)}")
return int.from_bytes(res, byteorder='little')
This will convert the bytes object to an integer using little-endian byte order, which is common in MTK devices.
✅ Optional: Debugging Tips
If the error persists, double-check that the read(addr, size) function is returning a bytes object (which it likely is).
You can add a debug print statement like:
print(f"res: {res}, type: {type(res)}")
to confirm what is being returned.
✅ Summary
The error is due to the readmem function returning a bytes object instead of an integer. Fixing this by converting the result to an integer using int.from_bytes() should resolve the issue.
Let me know if you want help with the full script or further debugging!
@theroscoefilburn let me know if this helps. I got this off dig ai. Let me know other prompts to ask it that will help.
15:38
@theroscoefilburn that's what it said when I feed it your mtklogs2.txt
R
20:43
Roscoe
Thanks. I tried a similar patch and it just stalled.
G
R
22:02
Roscoe
In reply to this message
No. I have ChatGPT and Gemini and both of their respective CLI tools.
G
22:03
Georgio
dig ai is uncensored and will explain how to bypass security shit.
22:04
I just found it today so I'm still messing with it but it seems ligit. I can't wait to get my computer so I can contribute more
22:05
It has to be something small like changing the bytes object to an integer
27 February 2026
3B
03:54
318Jay Bug
Anyone at cumberland
03:54
Looking for Justin Murphy, his SOS
03:54
Are no someone who is
R
05:11
Roscoe
I can confirm that with what we have right now, neither mtkclient nor penumbra can unlock the bootloader. Error with SEJ, v4 lockstate, unsupported control code, can't parse seccfg.
05:12
Need either a different DA or preloader or exploit or something.
05:13
Either that or a patched preloader/LK/boot chain that skips AVB checks
TS
06:42
Tim Smith
@Georgiothegreat1312 where does one find dig AI. Been looking for it on tor but been unable to find it yet
G
14:11
Copy and paste that into the tor browser
14:13
In reply to this message
Give me something to copy and paste into dig AI to see what it comes up with
TS
18:58
Tim Smith
In reply to this message
I tried using it it seems to always hang up and never respond
R
G
G
22:20
Georgio
In reply to this message
Just questions but if you have a text file I can copy and paste to it and it reads it fine
28 February 2026
JS
01:28
John Smith
Uncensored AI just stopped being uncensored. I asked it about custom payloads for mtkclient for mt8168 last night and got a "content blocked" message
JS
02:29
John Smith
In reply to this message
DigAI loads in Tor but just thinks forever when I ask it a question.
02:32
In reply to this message
Has anyone tried to contact anyone who puts together exploits for similar hardware? Like the guys at https://github.com/chaosmaster/amonet
G
JS
04:25
Garbage.
G
04:31
Georgio
Yea those are not going to be completely uncensored
3 March 2026
T
8 March 2026
JS
02:21
John Smith
Huggingface has a lot of models, but qwen 3 looks promising. Designed for coding and doesn't seem to censor exploit info
TT
19:01
Terry Thompson V 2.0
In reply to this message
3 hours to charge tablet? With a c to c cord unmodified u get about 12 % a hour. But with modifications they are far from slow. I had (until cops got them) 3 cords various lengths the longest one probably 18 inches long would charge a phone up from a tablet from 0% to 100% no problem but you only get probably 30% before tablet dead . My shortest cord probably 6 inches long with the modifications from oakcliffs finest @Oakcliffamerica469 will charge very fast but I can't run it down below 65% or it pulls to much and won't charge there are different things at play here,besides resistor the gauge and length of wire changes resistance and a couple of trucks that may or may not be @Oakcliffamerica469 Gino's proprietary knowledge so with that being said this shots simple or you can alter power rail on tablet by mimicking a pulldown resistor on the tablet to turn 5 volts on by way of a flyback converter on most devices or If I remember right I think buck boost converter is same thing.then u can run a single positive wire from vcc to headphone jack and have 5 volts there also to power or charge whatever .you don't have to run a ground because it's already grounded but if u plan on using the headphone jack to solder or use as a lighter well u best to just run wires from battery and stick with 3.7v
3B
TT
19:07
Terry Thompson V 2.0
19:07
19:07
3B
3B
9 March 2026
TT
04:10
Terry Thompson V 2.0
04:11
04:11
Terry Thompson V 2.0 invited Hanson
24 March 2026
JS
02:06
John Smith
If anyone is still trying different things here, We need the preloader.bin from a 7T or 7C tablet. It is from the BOOT1 partition. If anyone has access to a jailbroken tablet and a computer or rooted phone, please dump your partitions and send the BOOT1 partition. You can use MTKCLIENT to do this. Use this command:
python mtk.py r boot1 boot1_raw.bin --parttype=boot1 --debugmode
Thank for your help.
python mtk.py r boot1 boot1_raw.bin --parttype=boot1 --debugmode
Thank for your help.
28 March 2026
Terry Thompson V 2.0 invited Roscoe
R
20:09
Roscoe
In reply to this message
I have it. Will get it to you later when I have my SD card out.
G
R
20:20
Roscoe
Thanks! First time they did a shakedown on a Friday in the 3years I've been here. 🙄
20:20
What's the world coming to?
G
20:23
Georgio
In reply to this message
That's their normal day to hit around here but it's such a weak shakedown. Everyone knows they're hitting a unit so we're already ready and then they run everything normal and send everyone out at 8am and they're done by recall
20:24
So everything is good with you? They didn't get the important shit did they?
R
20:32
Roscoe
It would have been nice if my SD card hadn't cracked inside my sock when I was in the SHU... But nothing I can't come back from.
❤
G
JS
22:02
John Smith
Holy crap man what happened
29 March 2026
R
TT
05:03
Terry Thompson V 2.0
Hell we been locked down. They hit us the first day then hit us again a few days later. Caught us slipping
GG
05:27
Gino Green
In reply to this message
I seen that, it was crazy we were supposed to be that day and they went yalls way
TT
18:31
Terry Thompson V 2.0
In reply to this message
I hated losing my power bank and cords. Then my partner next door to u lost my last cord
18:31
Gonna have to get some resistors
GG
20:08
Gino Green
You need me to bring a cord to work ?
30 March 2026
TT
01:48
Terry Thompson V 2.0
Nah I am borrowing one but I have the means to make a few at work.
01:48
Maybe I can get you some tools if ur boss is not there
10 April 2026
Terry Thompson V 2.0 invited paracelcus
14 April 2026
Deleted joined group by link from Group
1 May 2026
J
02:53
John
It appears that the latest update to the firmware disabled safe mode (at least by holding volume down). Anybody have an alternative way to boot into safe mode on these?
3B
JS
22:34
John Smith
In reply to this message
Did your tablet just get the serial number added to the lock screen? The latest firmware seems to have pushed mostly to tablets that didn't already have the serial number displayed on the lock screen
J
23:10
John
In reply to this message
Yes. My own tablet can still go into safe mode, and yes I already had the serial number on the screen. But everyone else here that I'm aware of can no longer go into safe mode, and only recently got the serial number update. Also, oddly, everyone else's serial number appears in a larger font than mine does.
It's odd that they're doing a split update. I was mainly asking to help everyone else here. According to Chatgpt, safe mode can't actually be disabled by a vendor, they can only change the procedure to get into it. I'm curious if anyone had stumbled across the new procedure. I tried a few combinations on my friend's tablet, but nothing has worked yet.
It's odd that they're doing a split update. I was mainly asking to help everyone else here. According to Chatgpt, safe mode can't actually be disabled by a vendor, they can only change the procedure to get into it. I'm curious if anyone had stumbled across the new procedure. I tried a few combinations on my friend's tablet, but nothing has worked yet.
JS
23:14
John Smith
In reply to this message
Yeah, what's really weird is it took them a year to implement a firmware update that puts the serial number on the screen. You are holding the volume down about 1/2 second into the score splash screen? The timing seems important, if you do it to early (like at the Keefe splash) it won't work
3B
23:20
318Jay Bug
Yeah I'm going thru it also, I haven't had any luck.. I think I've tried all I know and deep seek , chat box isn't anyhelp
3 May 2026
J
00:11
John
In reply to this message
Yes, it always worked before. Doesn't work now. They've changed the procedure, I'm just not sure what they changed it to
3B
14:28
318Jay Bug
Yeah me need to figure it out..
S
18:24
Synonymous
New updates are changing "phone muted" to "device muted"
5 May 2026
JS
21:02
John Smith
In reply to this message
Yeah we had a couple cops here think they had a bust, started taking everyone's tablet that had that message. I hope they felt stupid when they found out it means nothing
21:03
Anyone get a firmware update that didn't need the serial number added? If safe mode is such a security issue, why would they stagger the firmware pushes so much?
6 May 2026
3B
19:22
318Jay Bug
Fir what it's worth, I was in a hurry and I grab a tablet plug up my phone to charge , while I went to have a conversation in another unit, gone for 1 hours phone was on 82% just came inside and grab phone and tablet, I plug into my tablet that I can't get into safe mode, and after changing to 100%
19:23
19:23
No fault code anywhere
JS
21:07
John Smith
In reply to this message
Were you using a charging cable with no data lines connected or a regular data cable?
3B
JS
21:21
John Smith
In reply to this message
If it's just a charging cable that doesn't have the data lines connected you don't have to worry about being in safe mode, the device has to see another device on data line to trigger the message. If you cut the data wires on a USB data cable you can use it to charge without worrying about it.
7 May 2026
TT
02:00
Terry Thompson V 2.0
I never use safe mode anyway, don't have data wires hooked up in any of mine except otg cable
3B
02:20
318Jay Bug
Hey anyone at beckly , need to get in touch with someone , I think he went to the camp there .. I. Not sure ,
8 May 2026
J
06:05
John
In reply to this message
That wouldn't be an otg cable. Are you sure it was the one that came with it? You're saying that it just doesn't snitch on you? Can anyone else confirm?
9 May 2026
TT
01:26
Terry Thompson V 2.0
If it don't have data connected . It don't flag anything. It just charges. I was just saying the only cord I have that has data hooked up is my otg if your charging a phone from a tablet there is no reason to have data wires hooked up anyway
3B
01:27
318Jay Bug
In reply to this message
So don't hook the other to it, it will tell on ya .. the other cord charged phone no issues ,
Terry Thompson V 2.0 invited Roscoe
11 May 2026
J
05:48
John
Correct, I just don't have an otg cable