FORUMS
Remove All Ads from XDA

How to root Epson Moverio BT-300 security update 5.0

299 posts
Thanks Meter: 46
 
By alecthenice, Senior Member on 30th November 2018, 03:18 AM
Post Reply Email Thread
25th January 2019, 05:45 PM |#21  
OP Senior Member
Flag San Francisco
Thanks Meter: 46
 
More
Log from my latest twrp backup
You will find a log of my latest twrp recovery. please let me know if you are aware of how to compile the Moverios touch input SDK into the recovery.img or polish this in any way. Thank you for your inputhttps://drive.google.com/file/d/1rF_...ew?usp=sharing
 
 
26th January 2019, 02:06 AM |#22  
OP Senior Member
Flag San Francisco
Thanks Meter: 46
 
More
Right now I am in an Optomizing apps bootloop. There seems ro be many proposed causes in android 5.1 but I had no issues in until I loaded a youtube vanced apk(...maybe???...) that I had no trouble in my gapps free build. The optomizing loop seems to have begun randomly. I am going to sleep on what to do but am planning or reverting to my gapps free backup. Very confusing, anyone know how to trouble shoot the actual cause?

This is why I think microG is the only option

I was tempted by the ease of openGapps availability

--it looks like the only way to test my idea is to boot into recovery and start an adb shell to uninstall the apps i think are the problem. Probably also wipe the dalvik/ART cache. Thoughts?
26th January 2019, 05:07 PM |#23  
OP Senior Member
Flag San Francisco
Thanks Meter: 46
 
More
So it seems that the conflicting libraries of google play and youtube vanced caused continuing app optomization to boot looping. Perhaps I used the wrong version of youtube vanced? Anyways the good news is that the nandroid backup from the prototype recovery works.
26th January 2019, 08:53 PM |#24  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by alecthenice

Does anyone know where the ota updates are stored on this device? I will pull the updated boot.img and patch accordingly so the bootloader unlock is more simple if i can find the ota...OGs in the original hacking forum have fell silent on this, furthermore it seems that the epson file systems team only wants to utilize my input for their own development so I have stopped communications with the contact I had.

I can post a full nandroid backup on here if others would like to revert to software 4.0

I’ve got a zip of the OTA 1.4.0 if that’s any good to you? My moverio’s are at 1.5.0 and I can’t unlock the bootloader. I also tried to downgrade to 1.4.0 via recovery and sdcard / adb sideload but it won’t let me go back. Any pointers to unlock my bootloader and go from device-state green to amber would be greatly appreciated.
26th January 2019, 09:26 PM |#25  
OP Senior Member
Flag San Francisco
Thanks Meter: 46
 
More
You can flash this boot.img, check it out with image kitchen if you like. (boot it first and see if you can acomplish unlock with the boot command, then the rest of the unlock protocol. You may be able to boot to the image and follow the rest of my theory to acheive unlock without acually having to downgrade versions, if you follow my logic?) https://drive.google.com/file/d/1_2q...w?usp=drivesdk


Then unlock the bootloader

Next boot the prototype twrp and flash the update 4.0 zip

This is how I would proceed, given my experiencece with the device and android in general. If you have problems and can acheive flashing the prototype twrp I can share the nandroid backup that I used this morning to rescue myself from a boot loop.

Alternatively I believe you could derrive all relevant .img files from my backups/ I can capture more data if needed.

-- a closing note this boot.img I shared is the boot.img I had on my device when I originally unlocked the device for the first time on version 4.0
This should not cause you issues so long as you are working from fastboot for the unlock then boot the recovery then flash the 4.0 update zip. I doubt it will boot to system with the old boot.img but I am not adept enough to know what exactly to look for in order to know that so...It could boot despite my caution. Regardless it is best practice to carry out this operation without booting to system in my oppinion.
The Following User Says Thank You to alecthenice For This Useful Post: [ View ] Gift alecthenice Ad-Free
27th January 2019, 11:01 AM |#26  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by alecthenice

You can flash this boot.img, check it out with image kitchen if you like. (boot it first and see if you can acomplish unlock with the boot command, then the rest of the unlock protocol. You may be able to boot to the image and follow the rest of my theory to acheive unlock without acually having to downgrade versions, if you follow my logic?) https://drive.google.com/file/d/1_2q...w?usp=drivesdk


Then unlock the bootloader

Next boot the prototype twrp and flash the update 4.0 zip

This is how I would proceed, given my experiencece with the device and android in general. If you have problems and can acheive flashing the prototype twrp I can share the nandroid backup that I used this morning to rescue myself from a boot loop.

Alternatively I believe you could derrive all relevant .img files from my backups/ I can capture more data if needed.

-- a closing note this boot.img I shared is the boot.img I had on my device when I originally unlocked the device for the first time on version 4.0
This should not cause you issues so long as you are working from fastboot for the unlock then boot the recovery then flash the 4.0 update zip. I doubt it will boot to system with the old boot.img but I am not adept enough to know what exactly to look for in order to know that so...It could boot despite my caution. Regardless it is best practice to carry out this operation without booting to system in my oppinion.

Thanks for your help and assistance. Unfortunately I seem to be falling over at the 1st hurdle so any suggestions most appreciated. I have the following settings in the android (v5.1.1) Settings / Developer options:

OEM Unlocking -> On
USB Debugging -> On

The output of 'fastboot getvar all' settings for the following variables are:

device-state -> verified
boot-state -> green

The output of 'fastboot oem unlock' (after quite a long wait) is:

ERROR: usb_read failed with status e00002ed
FAILED (Status read failed (No such file or directory))
Finished. Total time: 140.740s

The output of 'fastboot boot boot.img' is:

Downloading 'boot.img' OKAY [ 0.371s]
booting FAILED (remote: 'command not allowed in verified state')
Finished. Total time: 0.382s

So can download image but not install/execute its content!!!

Things I have tried:

Change of USB lead
Change of USB port
Change of computer
Change of Operating System (macOS and Windows)
Change of ADB/Fastboot version (about 3 different versions)

My understanding of the problem I have is that I need to get the device-state to unlocked and boot-state to orange and to do that I need to use the command 'fastboot oem unlock'. However, in my case because I have v1.5.0 of bootloader I need to run command 'fastboot boot boot.img' to enable the previously stated command to be run successfully. As you can see from my output the boot.img command is failing, hence preventing me from issuing the unlock command!!! That was why I mentioned that I was trying to roll back to v1.4.0 of the bootloader in the previous post. Its looking like I've hit a brick wall!!!

As mentioned previously, any suggestions would be most welcome.
27th January 2019, 01:42 PM |#27  
OP Senior Member
Flag San Francisco
Thanks Meter: 46
 
More
Quote:
Originally Posted by tarkus1000

Thanks for your help and assistance. Unfortunately I seem to be falling over at the 1st hurdle so any suggestions most appreciated. I have the following settings in the android (v5.1.1) Settings / Developer options:

OEM Unlocking -> On
USB Debugging -> On

The output of 'fastboot getvar all' settings for the following variables are:

device-state -> verified
boot-state -> green

The output of 'fastboot oem unlock' (after quite a long wait) is:

ERROR: usb_read failed with status e00002ed
FAILED (Status read failed (No such file or directory))
Finished. Total time: 140.740s

The output of 'fastboot boot boot.img' is:

Downloading 'boot.img' OKAY [ 0.371s]
booting FAILED (remote: 'command not allowed in verified state')
Finished. Total time: 0.382s

So can download image but not install/execute its content!!!

Things I have tried:

Change of USB lead
Change of USB port
Change of computer
Change of Operating System (macOS and Windows)
Change of ADB/Fastboot version (about 3 different versions)

My understanding of the problem I have is that I need to get the device-state to unlocked and boot-state to orange and to do that I need to use the command 'fastboot oem unlock'. However, in my case because I have v1.5.0 of bootloader I need to run command 'fastboot boot boot.img' to enable the previously stated command to be run successfully. As you can see from my output the boot.img command is failing, hence preventing me from issuing the unlock command!!! That was why I mentioned that I was trying to roll back to v1.4.0 of the bootloader in the previous post. Its looking like I've hit a brick wall!!!

As mentioned previously, any suggestions would be most welcome.

interesting, okay it seems that we have eliminated the boot command as a possibility on this bootloader in the green state it was worth a try. I would now flash the boot.img I provided that's unlockable, unlock with that one and then revert to 4.0 with twrp img we have by flashing the 4.0 update zip and boot and recovery .img backups I have provided. The fastboot unlock failure issue is due to a change in the configuration of the fstab files.

I am looking for the directory the ota download link is sent. If I find that and patch the boot.img you all will no longer have to completely downgrade


In the boot.img in the link I have provided I disabled dm-verity and user data encryption so no one gets locked out of their file systems,
I also confirmed that the unlock boot loader code lines were present. One can check my work with img kitchen

I am sorry many are experiencing difficulty with the boot loader unlock. I would appreciate the help of the community in locating "where the ota update lives" so that I can capture it and provide a simply flashable v5.0 zip with unlockable boot loader. Until then I believe fastboot will obey the flash command (rather than boot) and that the downgrade through our prototype twrp is possible.
28th January 2019, 05:45 PM |#28  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by alecthenice

interesting, okay it seems that we have eliminated the boot command as a possibility on this bootloader in the green state it was worth a try. I would now flash the boot.img I provided that's unlockable, unlock with that one and then revert to 4.0 with twrp img we have by flashing the 4.0 update zip and boot and recovery .img backups I have provided. The fastboot unlock failure issue is due to a change in the configuration of the fstab files.

I am looking for the directory the ota download link is sent. If I find that and patch the boot.img you all will no longer have to completely downgrade


In the boot.img in the link I have provided I disabled dm-verity and user data encryption so no one gets locked out of their file systems,
I also confirmed that the unlock boot loader code lines were present. One can check my work with img kitchen

I am sorry many are experiencing difficulty with the boot loader unlock. I would appreciate the help of the community in locating "where the ota update lives" so that I can capture it and provide a simply flashable v5.0 zip with unlockable boot loader. Until then I believe fastboot will obey the flash command (rather than boot) and that the downgrade through our prototype twrp is possible.

Well the problem of not being able to unlock the bootloader has gone away.... Gone and got my BT-300 into a boot loop... Damn!!!! Just boots the EPSON logo screen now repeatedly, so if anyone has the key presses to get it to bootloader/recovery on switch on would be very grateful.

For those wondering how I managed to screw it up..... I thought I would have a go at flashing the boot.img file in fastboot mode. Tried it 1st with v1.5.0 boot.img and that seemed to upload and install etc without any failures and it booted up as per a normal android screen. Thought I would try a stock boot.img v1.4.0 with no modifications. Didn't like that, although it seemed to upload and install ok but when I rebooted, just got the dreaded boot loop screen. I suspect the modified boot.img file provided by alecthenice was based on v1.4.0 so if anyone is thinking of giving it a go, I would advise proceeding with caution... or with a lot more knowledge than I have . I'll just have to keep trying different keypress combinations until I can get it booting into the other mode.

Oh and on the 'looking for the location of the OTA', I was originally thinking about looking around in the android partition but was wondering if the OTA file might get sent to the recovery partition (as in the partition booted when in recovery mode) as that is the partition that has booted up when I have manually tried to update an OTA update (installing from the sdcard or via sideloading).
The Following User Says Thank You to tarkus1000 For This Useful Post: [ View ] Gift tarkus1000 Ad-Free
29th January 2019, 02:24 AM |#29  
OP Senior Member
Flag San Francisco
Thanks Meter: 46
 
More
Quote:
Originally Posted by tarkus1000

Well the problem of not being able to unlock the bootloader has gone away.... Gone and got my BT-300 into a boot loop... Damn!!!! Just boots the EPSON logo screen now repeatedly, so if anyone has the key presses to get it to bootloader/recovery on switch on would be very grateful.

For those wondering how I managed to screw it up..... I thought I would have a go at flashing the boot.img file in fastboot mode. Tried it 1st with v1.5.0 boot.img and that seemed to upload and install etc without any failures and it booted up as per a normal android screen. Thought I would try a stock boot.img v1.4.0 with no modifications. Didn't like that, although it seemed to upload and install ok but when I rebooted, just got the dreaded boot loop screen. I suspect the modified boot.img file provided by alecthenice was based on v1.4.0 so if anyone is thinking of giving it a go, I would advise proceeding with caution... or with a lot more knowledge than I have . I'll just have to keep trying different keypress combinations until I can get it booting into the other mode.

Oh and on the 'looking for the location of the OTA', I was originally thinking about looking around in the android partition but was wondering if the OTA file might get sent to the recovery partition (as in the partition booted when in recovery mode) as that is the partition that has booted up when I have manually tried to update an OTA update (installing from the sdcard or via sideloading).

You are correct on the firmware version one must not boot to android after the the unlockableboot.img is flashed, you must fully downgrade



DO NOT FEAR, you got this
Manual fastboot mode

Hold power + volume down while device is off

Epson screen will display console will vibrate (still holding)

Tap the volume down button while still holding power button

Now that is fastboot.

Flash the prototype recovery

Boot to it via fastboot command

Now that you are here you should flash the v4.0 update.zip, alternatively I linked a full image backup for firmware v4.0. As a last result I will gladly share a nandroid backup. Thank you for your contribution to the forum. Please keep me updated with your progress.



Last note. Will you please share the v5.0 boot.img? I believe I can patch that to make it unlockable so all this downgrading firmware will not be necessary. Maybe this "last note" is the cleanest fix for you?
29th January 2019, 11:57 AM |#30  
OP Senior Member
Flag San Francisco
Thanks Meter: 46
 
More
Thanks to tarkus1000 I now have the v5.0 boot.img. I will patch this to make it boot loader unlockable and share the link shortly!! This will likely spare you the headache he is experiencing. The key combonations for fastboot mode are trickey, it took me weeks to discover them. I will post a youtube video to provide a visual reference in the form of youtube of how to boot into fastboot mode to hopfully aleviate frustration.

The patch and youtube video will come after my work day is completed.
29th January 2019, 01:20 PM |#31  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by alecthenice

Thanks to tarkus1000 I now have the v5.0 boot.img. I will patch this to make it boot loader unlockable and share the link shortly!! This will likely spare you the headache he is experiencing. The key combonations for fastboot mode are trickey, it took me weeks to discover them. I will post a youtube video to provide a visual reference in the form of youtube of how to boot into fastboot mode to hopfully aleviate frustration.

The patch and youtube video will come after my work day is completed.

The video would be good thanks. I'm either pressing the wrong buttons or getting the timing wrong as I've tried many times what you have suggested but still not going into bootloader (or recovery) mode. The only other thing I can think of is my controller is faulty. What do you recon about the OTA location... In the system boot partition or the recovery like I suggested?
Post Reply Subscribe to Thread

Tags
a/r, bt-300, epson, root

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes