FORUMS
Remove All Ads from XDA

How to root Epson Moverio BT-300 security update 5.0

298 posts
Thanks Meter: 45
 
By alecthenice, Senior Member on 30th November 2018, 03:18 AM
Post Reply Email Thread
I have found an easier to follow way to root the version 5.0 security update, it follows basic logic for rooting with twrp and magisk after the bootloader is unlocked with the boot.img I patched based off of the most recent security update with the help of @tarkus1000

Reboot to the fastboot interface "adb reboot bootloader" or see my youtube video for the keystroke on the unit itself (useful if you break somthing, it happens)

flash the patched boot.img **see link bellow** now you must reboot to system and select the option in settings "allow oem unlocking"

reboot to fastboot using whichever method suits you, just remember this is an old boot-loader so be patient with it as always
1) enter the command "fastboot oem unlock" sometimes it reboots and you know you have success sometimes it says failed... but it is usually unlocked (The more I study this the more I think its a problem with the android 5.1 dalvik heap its interpreter sometimes skips lines of code)

reboot from the fastboot state is required for unlocking so you have to enter the command "fastboot reboot" even if you get the failed command then wait for about 30 seconds for the device to respond if it does not respond reboot using the power button

2) check for the orange state of the bootloader enter command "fastboot getvar all" if you have orange continue to flash the hacked recovery

3)if boot state is green flash the new boot.img again and repeat step 1, remember to be patient and use commands like "fastboot devices"..ect we are working with android lollipop after all

The bootloader is unlocked and you can flash twrp with "fastboot flash recovery (drag and drop .img here)"

Now we enter the hacky recovery by either going to system and "adb reboot recovery" or with fastboot via "fastboot boot (drag and drop .img here)"
Its a little difficult to have the recovery recognize your mouse I had luck with the logitech M100 doing this;
after you hear the device disconnect from your computer (chirp or whatever) plug in the mouse so the device boots up getting input from the mouse

Twrp will tell you it needs a password (will never be able to decrypt your partition no matter what you tell it ) hit cancel and navigate to the backup tile make a backup and include the recovery.img in your nandroid backup

now to root
flash dissable dm-verity/force encrypt (find on xda)
flash magisk (find on xda)

reboot to system. you may have to download magisk manager app to detect magisk and finish the installation

When you have success remember to reboot back to recovery and make a backup before you make any changes to the system or were gonna have to work something out
how to boot into fastboot manually https://youtu.be/766TR5hFEqs
patched v5.0 boot.img https://drive.google.com/open?id=1KD...FOqEKCfs6B1RjV
check out the hacked recovery image (you must use mouse) https://drive.google.com/file/d/1fcL...ew?usp=sharing
The Following 4 Users Say Thank You to alecthenice For This Useful Post: [ View ] Gift alecthenice Ad-Free
 
 
30th November 2018, 06:49 PM |#2  
Junior Member
Thanks Meter: 4
 
More
awesome!
30th November 2018, 07:01 PM |#3  
Member
Flag Syracuse
Thanks Meter: 9
 
More
Quote:
Originally Posted by alecthenice

@amg314 pointed out to me that the most direct way to do this is through adb since any failure could be catastrophic... In the past we used a recovery that almost worked for Moverio Bt300s, I will link it bellow for academic purposes; anyways (fastboot under some situations requires something special...I really wanna know, I think I got it once by holding power and volume down as it booted and plugged into the computer, can't be replicated so idk what happened)
So start tutorial here
"adb devices"
"adb reboot-bootloader"
"fastboot devices"
"fastboot OEM unlock"
......
"fastboot reboot"
.......
"adb reboot-bootloader"
"fastboot devices"
"fastboot format user data" (all user data lost)
"Fastboot update /path_to_zip/DM-verity_force..." Drag and drop "payload" into cmd after space in update
"Fastboot update /path_to_magisk (same deal)
" fastboot reboot"
Like magic your rooted. Sometimes you have to download magisk manager from the aurora store in order to use all the features.
For this install you need a working adb environment
the latest Intel drivers
dm-verity dissable.zip
Magisk.zip

I believe this to be the cleanest safest way to achieve root (no zombie recovery.img) even though that recovery may be fine I'm cautious to use it more than I did. Anyways. I recommended this. I'll also advise on installing a google ecosystem without twrp if y'all would like. It would be great to grow this device's community
Now that we are rooted though we can combine our boot.img and stick recovery and make a twrp...I'll probably set that aside for another day since I don't have an immediate need for it (unless some genius makes a ROM)
check out the hacked recovery image (you must use mouse) https://drive.google.com/file/d/1fcL...ew?usp=sharing

Alec!!! You are a GOD in my eyes. I'll give this a go this weekend and report back.
30th November 2018, 07:46 PM |#4  
OP Senior Member
Flag San Francisco
Thanks Meter: 45
 
More
Quote:
Originally Posted by chuck1026

Alec!!! You are a GOD in my eyes. I'll give this a go this weekend and report back.

Not to shoot my own post in the foot here but we can install virtual xposed installer and then microg through an included module all without touching our computers. Have fun though guys hahaha I love finding work a-rounds.
https://forum.xda-developers.com/xpo...3760313/page39
^^^^This is pretty much cutting edge android software development so use this as a way to create the right environment on an app by app basis (no root or unlocked boot loader required) kids have been using this to cheat on mobile android games since they dont know how to root. this works for us because we want gapps and there is no hardware command for fastboot mode. be advised my root method still works if you are not intimidated by Epsons' annoying attempt to keep their hardware stock also if you mess up I was informed you are still covered under warranty for "damaged operating system" as if they know its buggy and annoying to work on
5th December 2018, 08:07 PM |#5  
OP Senior Member
Flag San Francisco
Thanks Meter: 45
 
More
google services independent google.map.apk
Use this apk for an easy way to use google maps without google services (less background precessing=more flying) https://drive.google.com/file/d/1GqT...w?usp=drivesdk
(No root required)
7th December 2018, 08:44 PM |#6  
OP Senior Member
Flag San Francisco
Thanks Meter: 45
 
More
bricked, thinking about warranty
So I downloaded the nanodroid MicroG installer from the magisk manager (I flashed gapps and google wouldn't whitelist the device ID so I went to microG) and it caused my device to boot loop. It seems my adb key was changed in my device as a result of the install. I don't think this device is worth having root access anymore since i only wanted google services. I do have a usable twrp but the device won't boot to it by default upon boot loop recognition. If I could find a way to tell the device to boot to twrp upon issues (some phones automatically go to recovery upon this situation) I could continue to find ways to make the device more useful. At this point the device responds to adb as (embt3c offline) thoes tricky guys locked me out of fastboot too. Upon boot loop it seems you can get to fastboot only once by repeating the same button inputs you would to get into recovery in the powered off state. Please offer any ideas you may have. Perhaps there is a way we can model the android environment the bt300s operate under with the SDK in order to test our mods? I want to continue but the lack of a button combination to get to recovery just kills me. I hope an engineer of some sort will offer me some guidance on how to proceed. I have seen references of a test plug in order to supply the correct voltage to the chip to trigger fastboot mode but at this point we might as well be hacking with JTAG? I have a small research budget... A spare unit may help development quite a bit. I believe I will use my warranty on this unit so i can continue to enjoy my drone but this is where I stand with this unit. I look forward to insight from the community.
7th December 2018, 11:48 PM |#7  
OP Senior Member
Flag San Francisco
Thanks Meter: 45
 
More
transitioning from script kiddie to developer
So I decided I'm going to learn how to build what we need on this device.
We need
-more test pin info for the hardware fastboot mode (I can build but I'm not good with theory I need help here)
-I'm working on building a virtual moverio bt300. Some guides would be useful. I'm using the android development studio so I can test modules before I brick my device. These babies are too cool for my to resist really. I also downloaded droid explorer in hopes of manually uninstalling the magisk module that bricked my all time favorite waste of time.


-update exactly 24hrs from last time I was able to get into fastboot I was able to get in by holding power and volume down for 10 seconds. I was not able to replicate. Will try again in 24hrs. The device responded to my commands but did not carry them out
8th December 2018, 02:36 AM |#8  
OP Senior Member
Flag San Francisco
Thanks Meter: 45
 
More
recovery mode
We need to find out how to manually put the device into recovery mode. I'm really frustrated this high end "developer" device is so hard to work on. Does anyone know how to do this with code? Idk where to even start my research
16th December 2018, 08:01 AM |#9  
OP Senior Member
Flag San Francisco
Thanks Meter: 45
 
More
Fastboot mode and recovery fix
Hold volume down and power

When green light comes on click volume down while holding power and hold

After first vibration click volume down

Fastboot mode

Repair
The Following User Says Thank You to alecthenice For This Useful Post: [ View ] Gift alecthenice Ad-Free
21st December 2018, 03:27 AM |#10  
OP Senior Member
Flag San Francisco
Thanks Meter: 45
 
More
My moverio Firmware (FULL ROM) v4.0
Here is a copy of the firmware I am running on my device right now https://drive.google.com/file/d/1xZx...ew?usp=sharing


This is the stock recovery

https://drive.google.com/file/d/1uOo...ew?usp=sharing

Stock system

https://drive.google.com/file/d/1f3X...ew?usp=sharing

Twrp prototype
(use a mouse that supports linux)
https://drive.google.com/file/d/1fcL...ew?usp=sharing
The Following User Says Thank You to alecthenice For This Useful Post: [ View ] Gift alecthenice Ad-Free
31st December 2018, 04:10 PM |#11  
Junior Member
Thanks Meter: 4
 
More
Quote:
Originally Posted by alecthenice

Here is a copy of the firmware I am running on my device right now https://drive.google.com/file/d/1xZx...ew?usp=sharing


This is the stock recovery

https://drive.google.com/file/d/1uOo...ew?usp=sharing

Stock system

https://drive.google.com/file/d/1f3X...ew?usp=sharing

Twrp prototype
(use a mouse that supports linux)
https://drive.google.com/file/d/1fcL...ew?usp=sharing

Alec, I have to commend you on what you have accomplished with the Bt-300's. Kudos Sir! Keep up the excellent work. We have posted this thread in our facebook group so that all can benefit. If you haven't checked us out, please feel free. You probably have rock star status by now. lol. https://www.facebook.com/groups/269299563510341/

Thanks and Happy New Year!
The Following User Says Thank You to dvegaman For This Useful Post: [ View ] Gift dvegaman Ad-Free
Post Reply Subscribe to Thread

Tags
a/r, bt-300, epson, root

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes