- Prerequisites
- Step 1: Download the stock ROM for Xiaomi TV Box S 2nd Gen
- Step 2: Extract boot image from the OTA archive
- Step 3: Update the system with downloaded OTA archive
- Step 4: Patch boot image with Magisk
- Step 5: Unlock bootloader with
fastboot
- Step 6: Reboot to system and complete setup
- Step 7: Redo preparation listed in prerequisites above again (e.g. enabling OEM unlock, USB debugging...)
- Step 8: Disable AVB (Android Verified Boot) and install the patched boot image
Important
Before you go, please acknowledge that rooting might void the warranty of your Mi Box, and I am not responsible to any unexpected result such as hard-bricking or bootlooping.
- (Recommanded) Basic knowledge to command line utilities like
cd
andls
adb
andfastboot
available on your computer (download it here)- Android OTA payload extractor (download the executable archive in the
Release
section and extract it usingtar
or File Explorer depending on your OS) - An USB-A male to male cable for connecting the Mi Box and your computer (can be easily be made with two charging cables by soldering/twisting the wires inside with same color together)
- A USB keyboard
- Developer option activited and
OEM unlocking
is switched on - USB debugging enabled
- Magisk Manager and a file picker UI (e.g FX File Explorer) installed
- Backup all data in the Mi Box as factory reset will be proceed later
We need to get the boot image of the device for rooting, this can be done by extracting the boot image from OTA update archive.
Download the latest OTA zip for Xiaomi TV Box S 2nd Gen from 4pda.to (Google Translate might necessary), locate the Firmware
section and download the latest OTA there.
- Extract
payload.bin
from the archive using File Explorer orunzip
command - Extract all partition images from
payload.bin
:
/path/to/android-ota-extractor payload.bin
- (Optional) delete all images except
boot.img
andvbmeta.img
as we don't need them.
In order to make sure the boot image extracted above matches the system, updating the Mi Box with the downloaded OTA archive first is recommanded.
- Reboot to recovery with
adb
:
/path/to/adb reboot recovery
- Use a USB keyboard to select
Apply update from ADB
with arrow keys - Reconnect with the USB-A male to male cable
- Apply the OTA with
adb
:
/path/to/adb sideload <REPLACE ME WITH THE PATH TO THE OTA ZIP>
- Reboot to Google TV after update completed
- Send the extracted boot image to the Mi Box with
adb
:
/path/to/adb push boot.img /sdcard/boot.img
- The boot image should be available in
Internal Storage/boot.img
now - Open Magisk, click
Install
and select the boot image
Note
If the file picker does not show up, install a file manager with file picker UI first (e.g FX File Explorer)
-
The patched boot image should be available in
/sdcard/Download
(the path will be shown in the Magisk app if patched successfully) -
Use
adb
to upload the patched image back to computer:
/path/to/adb pull <PATH SHOWN IN MAGISK> patch-boot.img
- Now a new file called
patch-boot.img
should be appeared in the current directory
- Reboot to
fastboot
mode:
/path/to/adb reboot bootloader
- Unlock the bootloader with the following command:
/path/to/fastboot flashing unlock
/path/to/fastboot flashing unlock_critical
Caution
Using fastboot
incorrectly might result in unrecoverable damage to your box (i.e. bricked). Proceed with caution!
Important
Unlocking the bootloader will trigger factory reset after reboot, so please remember to backup your data first!
Note
Run the following to check if the bootloader is unlocked successfully (look for unlocked
in output):
/path/to/fastboot getvar all
Step 7: Redo preparation listed in prerequisites above again (e.g. enabling OEM unlock, USB debugging...)
Tip
AVB (Android Verified Boot) is a security feature introduced in Android 8, which prevents the system booting with modified boot image.
Disabling AVB might necessary in order to boot the patched boot image above.
- Reboot to
fastboot
mode:
/path/to/adb reboot bootloader
- Flash the
vbmeta
image with verification option disabled:
/path/to/fastboot --disable-verity --disable-verification flash vbmeta vbmeta.img
- Flash the patched boot image:
/path/to/fastboot flash boot patched-boot.img
- Reboot to system:
/path/to/fastboot reboot
- Feel free to provide suggestions on this tutorial to make it more noob friendly :)
selam
Bu işlemleri resimli anlatmanız mümkün mü? dosyaları indirdim ama yükleme işlerini yapamadım.
teşekkür ederim.