Epson Moverio BT-300

Search This thread


New member
Apr 18, 2019
alecthenice;79369372 I dont know how to do it off the top of my head but I saw an article in english on this in the dji drone forums. Try googling this subject with the term "wide screen" and "screen dementions." [/QUOTE said:
Unfortunately I didn't find anything. If you remember where you found that article please send me a PM with the link


Senior Member
Apr 4, 2007
hi everyone,

1.6.0 is out for BT-300. I could not find the OTA file, sorry.
have you guys rooted 1.6.0 already? or you are using microG?

I moved from BT-200, the root was easy with Baidu root.. but as I read through the thread, its been trickier for BT-300.



Senior Member
May 29, 2007
For the latest firmware, R1.7.0, I used the latest magisk 22 to make a patched boot.img. The process to root is pretty straightforward now.

Reboot to fastboot after enabling OEM unlocking in the dev options and 'fastboot oem unlock' , press volume up and power to accept the unlock request. 'fastboot reboot' and let the unit wipe itself.

Reboot to fastboot and flash the attached boot.img, it's set to disable dm-verity, and you can download the img ending in 2DT60 to also disable force encryption or 0xEAe to keep it. 'fastboot flash boot <image name>' and, if you're leaving encryption on, just 'fastboot reboot' again and let the unit boot up.

If you're disabling decryption or planning to flash things in recovery, also flash rrecovery.img to recovery. For decryption, reboot to recovery (TWRP) with a USB keyboard/mouse connected, wipe/factory reset, and then reboot. (I tested this in a more convoluted way, someone else should chime in that this method works)

Grab/open the magisk apk and verify that you're set.

Many thanks to Alec. I thought my unit was bricked pretty bad but it turns out that his fastboot timing is incredibly precise (and be sure to do it from poweroff). It took many attempts and just by sheer luck after giving up, it worked. If you find yourself in the same situation, watch his video and max volume and match his button timings.


  • magisk_patched_OxEAe.img
    10.2 MB · Views: 1
  • magisk_patched_2DT60.img
    10.2 MB · Views: 1
Last edited:


Senior Member
May 29, 2007
I'm posting all my work here as I wont have a BT-300 anymore shortly. I had full nanodroid working and signature spoofing without issues.

The following link contains all my files: is the latest firmware.

boot.img came directly from R1.7.0. contains the R1.7.0 system.img converted from the OTA files.

recovery.img had to be build from boot.img and a patch but was checksum validated against the original recovery.

I put together the Sig Spoofing flashable zip from R1.7.0 files. Use this in place of Nanodroid patcher if you want signature spoofing for play store etc. You must enable spoofing at the bottom of Developer Options after flashing.

There are backups of the No Verity/ No Force Encrypt patch and Custom TWRP.

The two Magisk patched boots are the same as those in the post above. 2DT60 disables force encryption (don't forget to wipe your data parition to start over without encryption). OxEAe leaves force encrypt on.

Device hacking process summary is as follows:

Enable ADB and allow oem unlocking if the option is present.

Follow my instructions two posts before this one for bootloader unlock and Magisk Root / TWRP recovery flash.

Be sure to follow instructions to wipe data again in TWRP if disabling encryption.

Flash Nanodroid, then flash my sig spoofing zip.

Reboot and set up Nanodroid per its wiki instructions.


Use provided boot.img, recovery.img, and system.img (see note below) in fastboot if you want to go back to stock. Flashing the OTA zip through TWRP leaves system in a verity failing state it seems.

Special Notes​

Make sure to disable MTP in TWRP if you want to use ADB root in recovery.

If sig spoofing still isn't working, try the Nanodroid patcher first, then my spoofing zip.

Remember that the stock zip can replace your boot.img and wont work unless you re-encrypt your data.

If you want to flash system.img over fastboot, use '-S 200M' as your chunk size or it may fail.

More TBD.
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 4

    Just purchased one of these myself and interested in rooting it. Have rooted other android devices before but under the guidance of scripts from other XDA users. Have a reasonable IT/computer background but like others, I'm a bit reluctant and don't want to trash a very expensive toy. If any of you have rooting instructions would be most grateful.

    As an aside, if you just want your favorite app on the BT-300, don't know whether you have tried an app called "Apk Extractor" (search the Google play store). Basically, install the APK on any Google Play device and use this app to extract it then sideload it on the BT-300. Have tried it on a few apps and it seems to have worked successfully.

    Sorry be on other projects. I am not a regular user of xda to be honest so kind of just winged it on this thing. I will put a link for the original OTA and a copy of the hacked recovery image I used. If you use fastboot to flash the recovery image to the recovery partition, then boot to it your golden. As long as you don't touch the recovery or bootloader then you can always recover the other partitions using the OTA. One note though is that the lcd interface only works using the mouse so you have to use a OTG cable. I haven't gone so far to modify TWRP to use the touch pad or arrow controls but the mouse works if you use an OTG cable and so does root adb shell.

    As for rooting, honestly, the one big problem I have is that I cannot figure out how to get into the boot-loader without using adb. If I could figure that out it be safe. Right now I have been just switching between system/recovery works but not sure what to do if either partition fails to boot.

    OTA Link
    BT-300 hacked recovery image

    As a side note, 3D is kind of flaky on this unit. Cardboard works, kind of? I had to use some really weird settings to get it to work and even then its like apps don't read the cardboard settings, or switch it to portrait mode, etc.
    Not that the VR 3D would ever be good with a 23 degree viewing angle. However the 360 videos off YouTube work like a champ. I think VR services really need hacked to get this thing to work, at least with 5.1. I properly won't go much farther than this because I just wanted gapps to work and can't do much else without the kernel config.
    @chuck1026 @D0CTOR
    Sorry for I'm not showing my way for hacking this device. cause I'm doing that by hacking kernel. I won't show you code in case of script guy may use it to do bad things.
    I planed to release a hacked boot.img for you to root this device, but I can't do more experiment now .. Maybe later I will share my boot.img for you.
    I got the factory image

    Played around with the "SoftwareUpdate" apk and found the strings it uses to download the 1.4
    Ugh just signed up but because I don't have enough posts I had to put a bunch of spaces in the links for them to
    show up. Just remove the spaces and they should work? Either his or copy the SoftwareUpdate.apk and pull the strings from that.
    ht tps:// /dsc /du /04 /SecureUpdateInfo ?PRN=BT-300&CTI=80&OSC=ARD&SCD=H756EMBT3C&SID=012345

    You download a file called "SecureUpdateInfo" open it in a text editor and it will give you a link to the direct download for the zip. Its about 300megs. I have been playing with the boot options, but keep crashing it on boot and having to restore. I found 4 test pins that may be a serial port, but its 1.8 volt so I need to build something:(

    PS - It might com back without a link but "BUSY" on it. I have been testing it a bunch so thats what happened right now. The fille will look like below

    ; secure update information
    Location= ht tps:// dsc/check/ 01/ GetFile. php ?PATH=xxxxxxx/
    LALocation1=h ttp:// download.ebz.epso dsc /hmd_license /
    Yes, pm me the link. Thanks

    Sent from my Moto Z (2) using Tapatalk

    Ok sending now.

    I also managed to root my epson! I discovered the twrp.img here:

    If you get into bootloader mode and fastboot flash it into the recovery partition, you can adb root it and then install supersu from there. I just trashed my device though so be sure to do a full image backup first haha.
    I am both impressed with your progress and baffled why I after I download SecureUpdateInfo I can't get to the zip file. Grrrrrrr.

    Whew! I did it. First I took the instructions from here as a start:

    In fact, if you can "almost" follow the instructions verbatim. The problem is that the data drive is encrypted and the default android password didn't work so I had to modify the boot.img to not encrypt the data partition then do a wipe. supersu installed fine then.

    As for gapps, that was tricky. You have to manually install google webview apk as the built in one is garbage.

    Still working on the vr settings. Camera has issues with scaling as I think good believes it to be a widescreen when its a 4.3.

    Once I get it down, I will make a boot.img and recovery.img that should just work.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone