Xiaomi Smart 1080P WiFi IP Camera with RTSP Streaming Hack 182



Being someone who just love cameras, I’ve recently come across a great *cheap* 1080p mini cam to incorporate into my home monitoring system. Only downside though, the camera is intended for the Asian market and assumes you’ll use their “Mi Home” app to control all of its features. But more so, it lacks one key feature: no RTSP. Boo… But lucky for us, and thanks to some very smart people over at this GitHub page, there’s a way to get an RTSP stream working with this camera. Read on and I’ll show you how.

Overview

Xiaomi 1080p WiFi Camera

Xiaomi 1080p WiFi Camera

Update 2: (June, 2017)

Many have asked what would be the best approach to access the video stream via the internet. As luck would have it, I put together a guide for just that! Check out my post: Guide: VPN Server with the Rapsberry Pi.

Update 1: (May, 2017)

As of May, users are reporting difficulties in trying to hack this camera. However, according to the developer the hack will work fine regardless of the firmware version. Check this post over at github. But be aware that there are also reports that either a new model of the camera or new firmware is preventing the fang-hacks from working (apparently models with the QR code at the bottom and the MAC address starting with 34). Moreover for those having issues, I suggest using v4.0.11 of the MiHome app, as the most recent version v4.1.7, is apparently doing some sort of geo-blocking to prevent users outside China from using the Camera. Please go to the discord chat to get more info.

Hardware

This camera can be procured at your favorite Asian online vendor, notable sites are (Banggood, TinyDeal, Fasttech and the list goes on…) The camera features a 2.7 inch CMOS sensor, 8X digital zoom, two-way audio and is capable of 1080p. It has a slot for an SD card and supports WiFi but unfortunately provides no Ethernet connection. As mentioned earlier, it is intended to use with the “Mi Home” app on the Apple Store or Google Play but to be honest, we don’t get care about this all that much…’cause we’ll hack it.

Real Time Streaming Protocol

The Real Time Streaming Protocol (RTSP) is a network control protocol that can be used with a myriad of different programs and was designed such that client-side applications can begin displaying the audio and video content before the complete file has arrived. It can be delivered through UDP or TCP, but most importantly, this protocol is supported by VLC, QuickTime Player, mplayer, RealPlayer (if that’s even a thing now) and most 3G/4G compatible mobile phones (mileage may vary though).

But by default this camera does not support RTSP and is cloud only (which is a tad bit worrisome if you ask me but I digress) Fortunate for us, there’s a project on GitHub to enable RTSP. One caveat is that you’ll lose some app-only features, like motion detection – a small price to pay for RTSP I guess. Hopefully this GitHub project, what I’ll refer to as “fang-hacks” in this post, will add more app-only features over time – one can hope!

Instructions

Follow these instructions to get up and running but please do so on a full stomach to avoid errors…apply with caution and needless to say, I will not be held responsible for bricked cameras. Basic command line skills are almost essential for the “Going Further” section below.

Update the Firmware

We’ll need to first update the firmware. As of this writing, my camera came with version 2.9.0.7, latest version being 3.0.3.56. But before we can update the firmware, we’ll have to install the Mi Home app. Besides upgrading the firmware, the app enables us to supply our WiFi password such that we can pair the camera to our network – a much needed step, if I do say so myself.

Install Mi Home

For some reason, I wasn’t able to install Mi Home through Google Play as it prompted me that none of my devices were compatible. OK then, whatevers… For this reason, I decided to sideload the app via ADB. I went to apkpure and downloaded the app manually, then installed it via ADB. I won’t get too much into detail about ADB, google if unfamiliar.

adb install MiHome_v4.0.11_apkpure.com.apk

Next, we shall set up the camera.

Open the app with whichever finger you’re most comfortable with and select Mainland China, if you select another region you may run into install problems later.

Power on the camera.

Use the included “paperclip poking device” to depress the setup pin on the bottom of the camera. The camera will make an audible sound and you’ll hear a voice speaking a foreign language that I don’t quite understand.

After a few seconds, a pop up will appear on your phone or tablet, click on OK to begin the pairing process, however, you’ll need to sign in first with a valid Xiaomi account. Create a Xiaomi account and sign in and click next.

Select your WiFi network and fill in your WiFi password.

You’ll see a QR Code on your screen, slowly point it in the vicinity of the camera’s field of view so it can read the code. If successful, you’ll hear some more audible words – probably telling you that you’re about to do something bad, really bad, so stop it, damn it!

Wait a little while to finish the setup. If you get a timeout while you see the percentage, hit “try again”.

Now click on the your camera, it should say “online”. In the top right corner you’ll see an ellipse icon, click it and go into “General Settings” and “Check for updates”.

Begin upgrade and wait some more.

Fang-Hacks

After upgrading the firmware, go to the GitHub page of fang-hacks. Read the information carefully before you proceed – but don’t worry, the process isn’t too difficult.

Download Hack

Download the image file from the releases page, currently as of this writing it’s up to V0.2.0. After you unzip this file you’ll need to write the fang-hacks image to your SD card. Various options exist to accomplish this feat.

Windows

For Windows we can use a tool called Win32DiskImager. Download this small executable and proceed with these instructions while writing the file fanghacks_v0.2.0.img to the card.

Mac OS X

You’ll need to get to the command line and proceed as follows. To list the disks currently connected:

diskutil list

Next locate the target disk/card (assume disk2 for this example) and un-mount the disk.

diskutil unmountDisk /dev/disk2

Then write the image.

dd if=/path/to/fanghacks_v0.2.0.img of=/dev/rdisk2 bs=1m

Linux

On Linux, very similar to Mac OS X, get to the command line with Terminal App and proceed as follows (assuming your SD card is sdb.)

dd if=/path/to/fanghacks_v0.2.0.img of=/dev/sdb bs=1M

Apply the Hack

Power on the camera and wait until the status LED is solid blue – this indicates that the camera is connected to your WiFi network.

Now put the SD card in the slot at bottom and you’ll hear a “clanking” sound when the hack starts up.

Visit this webpage to enable the hack:

http://DEVICE_IP/cgi-bin/status

The IP address should be attainable by inspecting your router Device’s page). Now click on “Apply” to activate the hacks (this will survive reboots so don’t fret provided you keep the SD card in the camera).

A word of warning, do not activate “Disable cloud applications”, if you do and you can’t connect to your WiFi network for some reason, you will turn your nice new camera into a somewhat inadequate paperweight!

FangHacks: Status Page

FangHacks: Status Page

Click on “Manage scripts” to see if all the scripts have been started successfully.

FangHacks: Status Page

FangHacks: Status Page

You can also turn off IR (used for night vision) so that you can point this out a windows without the IR glare. The 21-ir-control service controls this.

Furthermore, the hack enables certain services that will aid in administrating the camera in the future. The following ports should now be open:

21 FTP
22 SSH
80 HTTP
554 RTSP

The RTSP Stream URL

If all is successful, you are now presented with the fruit of your labor: TADA!!! The RTSP stream! Behold its greatness!!!

It can be accessed directly from:

rtsp://DEVICE_IP/unicast

You can use VLC and click “Open Network” with this URL, to view the stream. Congrats on a job well done!

Connecting to the Camera

At some point or another you’ll need to make modifications to certain files directly on the camera. Your options are SSH/Telnet:

ssh root@DEVICE_IP
telnet DEVICE_IP 2323

Or any FTP/SFTP program will do as well but I’ll let you mess with that…

BTW, these are the default credentials needed to log in into the camera.

username: root
password: ismart12

TinyCam Setup

TinyCam is a great Android app that I use to manage my cameras from mobile devices. It supports fang-hacks on this camera as of version 7.5. This is how I setup mine:

FangHacks: TinyCam Setup

FangHacks: TinyCam Setup

Going Further

The following sections are things I picked up along the way that I thought I’d share because I’m a swell guy. Be forewarned that this is all based on version 0.2.0 of fang-hacks, things will inevitably change in the future (maybe) rendering the below unneeded or obsolete. Also, a big warning, be weary of Windows text editors while making manual edits to files. They’re notorious for adding control characters to line endings rendering your scripts un-runable.

I recommend that the majority of work be done with the command line and with the built-in vi text editor to avoid screw-ups. If you feel uncomfortable with this, Google usage or simply stay away!

Changing the Resolution

Depending on how robust your WiFi network is, you may want to reduce the resolution from 1080p to 720p. This is how it’s done. You’ll to need change the following file via any method you’re most comfortable with (you can either FTP/SFTP or SSH/Telnet – I suggest SSH/Telnet with something like putty if you’re on Windows)

File to modify:

/media/mmcblk0p2/data/etc/scripts/20-rtsp-server

Remove or comment out this line with a hash (#):

snx_rtsp_server -W 1920 -H 1080 -Q 10 -b 4096 -a >$LOG 2>&1 &

Then add in its place, this line:

snx_rtsp_server -W 1280 -H 720 -Q 10 -b 2048 -a >$LOG 2>&1 &

Heat Issue

After I installed the hack, I noticed that the camera got a little too hot to the touch for my liking. Searching the GitHub pages I came across a posted fix.

There appears to be a new version of the fang-ir-control.sh script that’s not in the V0.2.0 release that’s suppose to help with heat. You can go ahead and modify the file below if you want to attempt this yourself.

The file to change is:

/media/mmcblk0p2/data/usr/bin/fang-ir-control.sh

Update that file with this one.

Timestamp Overlay

To get a timestamp showing the current date/time on the top left corner of the image, follow these steps.

FangHacks: Timestamp Overlay

FangHacks: Timestamp Overlay

First Fix your TimeZone

This can be accomplished on the main status page (http://DEVICE_IP/cgi-bin/status), in the TZ field and by clicking “set”. You can look up your timezone by going here.

For example if you live in Chicago – not sure why you’d want to – (I kid, I kid – I hear it’s a great city) then the corresponding timezone would be: America/Chicago and I would copy this in the TZ field:

CST6CDT,M3.2.0,M11.1.0

Install snx_isp_ctl

Add the file snx_isp_ctl to the camera. You can find the file from here – in fact it should already be on your camera in this path:

/media/mmcblk0p2/data/test/

You’ll first need to copy this file to:

/media/mmcblk0p2/data/usr/bin

Once copied you’ll need to add the executable flag (+x) to it, you can either do that with your FTP client or from SSH/Telnet with:

chmod +x snx_isp_ctl

Run on Boot

Finally update the file 20-rtsp-server which gets executed on boot. Add the following line in this file (can be found in /media/mmcblk0p2/data/etc/scripts) right after the snx_rtsp_server line.

snx_isp_ctl --osdset-en 1 --osdset-datastr Date --osdset-ts 1 --osdset-template 1234567890./-:Date

Or with a black background:

snx_isp_ctl --osdset-en 1 --osdset-datastr Date --osdset-ts 1 --osdset-template 1234567890./-:Date --osdset-gain 1 --osdset-bgtransp 0x1 --osdset-bgcolor 0x000000

Then finally reboot.

Flip/Mirror Image

Because we copied over the snx_isp_ctl file, we can also do handy things like flipping or mirroring the image.

To flip the image upside down:

snx_isp_ctl --mfset-mode 1

To restore the image:

snx_isp_ctl --mfset-mode 0

To mirror the image:

snx_isp_ctl --mfset-mode 2
snx_isp_ctl --mfset-mode 3

Again, if you want this to survive reboots, add the appropriate line in 20-rtsp-server file after the snx_rtsp_server line.

Remote Recording with FFMPEG

If you’re like me, you’re probably interested in recording video from the camera. As the “Mi Home” app does provide a means for recording, it does so by uploading your video to the cloud. Now, I’d rather not get into the privacy concerns this raises but more to the point – who cares – ’cause we’re not using the app after all.

If on the other another hand, you’ve got a Linux server or some other box with ffmpeg installed, this is the command line to produce a fairly decent recording. Obviously substitute your DEVICE_IP and PATH_TO_RECORDING. The following produces multiple hour long recordings.

ffmpeg -stimeout 600 -rtsp_transport udp -i rtsp://<DEVICE_IP>/unicast -c copy -map 0 -f segment -segment_time 3600 -segment_wrap 100 -segment_format mov -reset_timestamps 1 "/<PATH_TO_RECORDING>/capture-%03d.mp4"

On-Device Recording with FFMPEG

Interestingly, there’s a way to record video directly to the SD card! I was able to fudge together something that accomplishes this (to a certain extent) while integrating it into the existing fang-hacks interface. I basically created a new button on the main “Status” page called “Recordings”, which in turn brings you to a new screen that allows you start ffmpeg to begin recording. From there you can click a recording and view it directly from Google Chrome.

Custom On-Device Recording with FFMPEG

Custom On-Device Recording with FFMPEG

Before attempting this, I suggest expanding your SD card via the interface. Be warned, this could take hours!

On with my “hack” of the hack – if that makes sense…

My custom code relies on ffmpeg being in the directory: “/media/mmcblk0p2/data/test/ffmpeg”, which should be the case with fang-hacks, so you don’t need to do anything about this.

However, three additional things need to be done after downloading my update.

Link for my code.

We’ll be working in the following directory, so all modified files will be placed there. Use a SFTP/FTP client to accomplish this.

	 	 
/media/mmcblk0p1/bootstrap/www	 	 

Make the following changes

  • Overwrite action with the one contained in the zip file and add both files player and record.
  • Then add the highlighted line to the status file.
    <button title='Network' type='button' onClick="window.location.href='network'">Network</button>	 	 
    <button title='View /tmp/hacks.log' type='button' onClick="window.location.href='action?cmd=showlog'">View log</button>
    <button title='Manage scripts' type='button' onClick="window.location.href='record'">Recordings</button>
    <hr/>	 	 
    
  • Now reboot.

Hopefully it works.

Note: when you hit “start” to begin a recording, give the camera some time before you see a clickable file.

After some experimentation, this method might not be the best for long recordings for multiple reasons. First, I’m noticing some corrupted segments while recording, probably due to the weak processor on the camera and second; scrubbing through long recordings may not work at that well due to the nature of how the file gets buffered chunks at a time. Also, this will “unsync” your code from the main developer when it comes time for updates, possibly breaking things. But you can try it if you like…

If you are adventurous, you can probably incorporate some sort of motion sensing (albeit through another device, like a Raspberry Pi with a motion sensor) and then kick off a recording on the camera with a single URL, like so:

http://DEVICE_IP/cgi-bin/action?cmd=record&submit=Start&filename=test

Yes I know, an ugly and costly hack to get motion detection, but the possibility does exist to add this camera to your custom setup.

RTSP Check Service

I haven’t had this problem as of yet, but if you noticed your RTSP going down, crashing, or not responding you can implement these simple scripts to ensure it remains up.

In the following directory, create a file called: rtsp-check.sh

cd /media/mmcblk0p2/data/usr/bin
touch rtsp-check.sh

And put the contents that follows:

#!/bin/sh

while true; do
if pgrep -x "snx_rtsp_server" > /dev/null
then
    :
else
    /media/mmcblk0p2/data/etc/scripts/20-rtsp-server start
fi
sleep 2
done

Then make the file executable.

chmod +x rtsp-check.sh

Next move to a different directory and create a file called: 99-rtsp-check

cd /media/mmcblk0p2/data/etc/scripts
touch 99-rtsp-check

Now put the below in that file.

#!/bin/sh
PIDFILE="/var/run/rtsp-check.pid"

status()
{
  pid="$(cat "$PIDFILE" 2>/dev/null)"
  if [ "$pid" ]; then
    kill -0 "$pid" >/dev/null && echo "PID: $pid" || return 1
  fi
}

start()
{
  echo "Starting rtsp-check script..."
  rtsp-check.sh </dev/null >/dev/null 2>&1 &
  echo "$!" > "$PIDFILE"
}

stop()
{
  pid="$(cat "$PIDFILE" 2>/dev/null)"
  if [ "$pid" ]; then
     kill $pid || rm "$PIDFILE"
  fi
}

if [ $# -eq 0 ]; then
  start
else
  case $1 in start|stop|status)
    $1
    ;;
  esac
fi

Once done, you can administer this service the same way you do others, via the “Manage scripts” page.

http://DEVICE_IP/cgi-bin/scripts

RTSP Check Service

RTSP Check Service

Limiting FPS (Frames Per Second)

You may want to limiting the frame rate to reduce lag. Adding the -F switch to snx_rtsp_server command in the 20-rtsp-server file will accomplish this.

snx_rtsp_server -W 1280 -H 720 -Q 10 -F 15 -b 2048 -a >$LOG 2>&1 &

Desktop Shortcut

If you have VLC installed, you can create a file on your desktop as a shortcut with the following line in it.

rtsp://DEVICE_IP/unicast

I gave the file a .vlc extension and ensured the extension is associated with the VLC application. I tested this on MAC OS X.

VPN Server

If you’re interested on how access the camera stream via a secure connection, please check this post: Guide: VPN Server with the Rapsberry Pi.

Conclusion

So far the hacks have been stable and this cheap camera is proving to be more than a bargain. A big shout-out goes out to the smart individuals who put the fang-hacks project together. Oh, as of this writing (March 23rd, 2017) there’s also a discord chat going on, so if you have any burning questions, pop on over. Again, we all owe these dudes a debt of gratitude for their hard work and effort. Well done.


Leave a comment

Your email address will not be published. Required fields are marked *

182 thoughts on “Xiaomi Smart 1080P WiFi IP Camera with RTSP Streaming Hack

    • Andy

      Thank you so much for the write up bobby. I have the following problems – hope you can help out a noob.

      I cannot stream the RTSP stream URL on 3g or 4g network. It only works on Wifi.

      Also can you please help me understand how i can add the nx_isp_ctl file to /media/mmcblk0p2/data/usr/bin location? Do i add this on the microsd? – Sorry, im very newb.

      Thank you so much.

  • Matt

    Great write-up! Thank you for your work. I will definitely head over to GitHub to show my thanks too. Any idea if they are planning a new release with all of the updates/tweaks that you mention above? Most importantly the heat issue?

  • victor

    Hi, trying to apply “On-Device Recording with FFMPEG”

    Super noob since I don’t know command line well. I’ve successfully SSH’d into the camera and gone to the correct directory but how do I copy from my computer to the camera. I’ve tried “cp *location*/action” – no luck??

    Thanks

    • bobby Post author

      Hi Victor,
      I suggest then to use SFTP/FTP to accomplish this. You can download something like WinSCP and configure it with the IP address and credentials in this post, then navigate to the folder in question “/media/mmcblk0p1/bootstrap/www” and upload the files there. For the one edit that needs to be done, download the file again (with WinSCP). Then use a good text editor like notepad++, make the change and upload it back. Then reboot.
      I hope this helps!

  • bman24

    After changing resolution to 720, my RTSP server went down. Not sure what went wrong. I deleted the 1080 line and added the 720. Any advice would be helpful.

    Thanks!

      • bman24

        Nope still nothing. All I’ve done is install the IR fix, add RTSP check, and change resolution. I tried changing back to 1080 and still nothing. Looks like I’ll have to wipe and reload.

        • bobby Post author

          Sounds to me more of an SD card problem. Unfortunately filesystem corruption tends to happen a little too frequently with these cards. If you don’t want to start over, I do suggest then (if you’ve got a Linux system handy) is to do a filesystem check on the second partition of the SD card with the command: sudo fsck.ext2 /dev/sdb2 (assuming your card is sdb as mounted by Linux). Last alternative is to start over with a new card.
          Good Luck.

  • Lambros Tropeas

    Great things! you saved us from a long way !
    We would like to try also except rtsp server also rtmp server through
    ffmpeg recode or just adding rtmpsrv and dependencies in camera linux and use through scripts from the web interface.
    Have you anything in mind as you came through here?
    I have opened also a Project in github in developers explain what it would be great for also to be done.

  • Jacky Cheung

    This is correct is Run Boot
    start()
    {
    LOG=/dev/null
    echo “Starting RTSP server…”
    snx_rtsp_server -W 1920 -H 1080 -Q 10 -b 4096 -a >$LOG 2>&1 &
    snx_isp_ctl –osdset-en 1 –osdset-datastr Date –osdset-ts 1 –osdset-template 0123456789./-:Date &
    echo “$!” > “$PIDFILE”
    }

        • bobby Post author

          Depending on how you edited it, you undoubtedly erred or miscopied or inadvertently inserted control characters into the file (that you cannot see) forcing the script to exit abnormally – especially if done through FTP and a Windows text editor. Re-download the original 20-rtsp-server file from Github to get back to a clean state.

          • Dennis K

            I tried for hours to get the date and time overlay to work. No matter how I edit the 20-rtsp-server file, I just cannot get it to work. The service won’t start. Are you absolutely sure this code works?

          • bobby Post author

            If I were to guess, chances are you’ve edited the file in an editor that probably inserted control characters within the it, causing it to be un-runable – so to speak. I’d start over and edit the file in a editor like notepad++ on Windows or the vi editor from the command line.

      • Gary

        Hi bobby i have it all up and running and can view it on Tinycam via my wifi

        How would i set it up to use it on my cell phone?

        How do i find the public ip address of my camera?

        Thanks

        • bobby Post author

          By public address of your camera, I’m assuming you mean your modem’s public address? Presumably your camera has an internal IP behind your router. In which case, you’ll need to port forward the RTSP port (554) to the internal address of your camera. But I highly recommend that you DO NOT do this, as the camera (currently) has no form of user authentication for the video feed, unless of course you want to publicly broadcast your video feed – which I doubt. One solution is to set up a VPN server on your router and VPN into your local network. Another solution would be to tunnel into your local port via SSH and port forwarding.

          • Lifeisfun

            Another solution would be to tunnel into your local port via SSH and port forwarding.
            Any chance to give us idea how to do that?

            Thanks for all the work you put in to this to make it better!

          • bobby Post author

            Time permitting, I’ll see if I can post some instructions on tunneling. Glad you found this guide useful!

          • Lifeisfun

            That would be great if you find the time to post some instructions how to!
            Thanks again 🙂

    • Mario

      Just to clarify – after initial setup via Wi-Fi to keep recording, or capturing motion on SD card even there is not Wi-Fi in range (I will use portable/ solar power in remote location).

  • Pier

    For some reason, I can’t able to see the streaming by xiaomi app in 3g, but I can see only in Home Wifi. I use this camera In Europe(italy)
    Have you any idea?
    THX

  • pierre

    Thanks an congratulations
    everything is clear, detailed and almost exhaustive
    Just in case you have the info… Do you know how to unbrick it once the yellow light does not flick anymore after restarting the hacked device 🙁
    I wish I had read you page before 🙂
    Pierre

        • bobby Post author

          According to the developer the hack will work fine regardless of the firmware version. Check this post over at github. But be aware that there are also reports that a new model of the camera is preventing the fang-hacks from working (QR code at the bottom and the MAC address starting with 34). I also suggest connecting to the discord chat to get more info. Also, I suggest using v4.0.11 of the MiHome app, as recent versions are apparently doing some sort of geo-blocking to prevent users outside China from using the Camera. Good luck.

          • Leas1968

            I recently purchased two of these cameras with the QR code at the bottom and the MAC address starting with 34. I applied the fang-hacks and is working as you describe here! No problem so far except I can’t use MIHome app that is in Chinese anyway. I have installed the v4.0.11 of the MiHome app and I could see the camera but it updated to a newer version automatically and I can’t use it any more. I guess I have to uninstall and re-install it over and over again. Frustrating.

            I expect to see a way to authenticate the camera so I can access it from the Internet without the use of a VPN router and also use motion detection feature.

    • bobby Post author

      According to the developer the hack will work fine regardless of the firmware version. Check this post over at github. But be aware that there are also reports that a new model of the camera is preventing the fang-hacks from working (QR code at the bottom and the MAC address starting with 34). I also suggest connecting to the discord chat to get more info. Also, I suggest using v4.0.11 of the MiHome app, as recent versions are apparently doing some sort of geo-blocking to prevent users outside China from using the Camera. Good luck.

      • touchii

        Hello bobby,

        I just bought xiaomi with MAC address start with 34: , also has QR code add the bottom.
        I think it was already updated to latest fw version.

        I found your hack script is working for me , but not consistency depend on how quick your put the SD to camera.
        If i put SD to quick after LED wifi connected it will work looks like snx_rtsp_server can start but I wait for long time look like /etc/app/icamera will took /dev/video0 deive and will made snx_rtsp_server cannot start.

        Ps. Your script great!!

        Regards,

  • Eduardo Gonçalves

    Hello,

    I updated the firmware and now I can’t connect to the camera because it says that “the product can’t be used outside mainland China”.
    Does anyone know how to downgrade the firmware or do a hard reset? I tried the click and wait on the setup button and it didn’t work.
    Thank you.

    Best r.,
    Eduardo

    • bobby Post author

      I suggest downloading v4.0.11 of the MiHome app and trying again. Version v4.1.7 (which is the latest) is apparently doing some sort of geo-blocking to prevent users outside China from using the Camera. Good luck.

    • Ben

      I’ve been using the hack for a few months, this page is a wonderful resource. From time to time I’ve had issues where a camera wouldn’t connect to Wifi, and right now I have a camera that will not connect to Wifi. Is there a way to edit a file on the sd Card to push Wifi or IP settings to the camera or do you have to use the MiHome app w/ the setup button. It would be great to hack that setup button and make it a WPS button!

      Thanks again

      • bobby Post author

        Thanks for the kinds the words.
        Concerning WiFi, it’s a bit delicate. I know you can modify settings via the following commands from the command line:
        echo -n “mypassword” > /etc/config/.wifipasswd
        echo -n “myssid” > /etc/config/.wifissid
        However, I’ve only ever entered my WiFi settings via the MiHome app and never attempted to change the settings via the command line.

  • Davis

    Hello,
    Xiaomi 1080p came to me today (MAC: Adr. 34 and QR code add the bottom). I’m from Central Europe. I installed Mi Home App (4.1.7) and then also recommended (4.0.11). I created an account, but there is no confirmation email to complete my account. The camera can not be used for this purpose. Please help to make the camera work. Thank you.

    • bobby Post author

      Maybe the geo-blocking restriction is preventing you from proceeding? Perhaps try masking your IP with a VPN?

      • Davis

        Hi, thank you for your reply. It was helped to register with the gmail and 4.0.11 APP versions.
        Is it a camera to connect using LTE and not just a home wifi?

        • bobby Post author

          You’ll have to port forward into from your router if you want to access it from LTE. I wouldn’t recommend it as there’s no authentication. I better solution would be if you can setup a VPN server on your router. There are many guides on the internet. Good luck.

  • toensi

    Hi,

    when i post the code an I make a restart, then the Code ist deleteted. on Devices Recording with FFMPEG”

    Nach dem neustart ist der Code gelöscht, irgenwie funktioniert das nicht, bitte um Hlfe.
    Network
    View log
    Recordings

    /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/action -> /tmp/www/cgi-bin/action
    Sat May 20 21:38:56 GMT 2017 – /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/func.cgi -> /tmp/www/cgi-bin/func.cgi
    Sat May 20 21:38:56 GMT 2017 – /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/network -> /tmp/www/cgi-bin/network
    Sat May 20 21:38:56 GMT 2017 – /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/scripts -> /tmp/www/cgi-bin/scripts
    Sat May 20 21:38:57 GMT 2017 – /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/status -> /tmp/www/cgi-bin/status

    es wird doch record garnicht gestartet ???

    Danke und Gruß aus Münster

    • bobby Post author

      That’s very weird. Perhaps there’s an issue with your microSD card? If you have a Linux box available you can do a filesystem check with a microSD card reader and correct any errors or better yet, try another microSD card.

  • Hammerhand

    Hi. I have set my XiaoFang network to access mode after using the hack, and now I don’t know how to see the rstp video from android. It connects to the wifi (evidently, without internet access), but I can’t configure tinycam to play video, neither access to the camera in 192.168.0.1/cgi-bin/network to change configuration. Any help?

    • bobby Post author

      Is your camera connected to your WiFi network? Check your router’s “Device List” to find it’s IP and determine whether it’s connected or not? Trying pinging it’s IP address once you’ve found the correct IP. BTW, the IP address you specified is normally reserved for your router (192.168.0.1) and not devices that are connected to it. It seems you don’t have the correct IP address of the camera.

      • Hammerhand

        Ok, solved. The problem was that I had mobile data on, so phone recieved another ip. I switch data off – recieve an ip – configure tinycam as you said – I can use my camera as an access point connected to a power bank even out of home.

        Thanks for your help 🙂

  • homerj81

    hi
    i’ve hacked the camera and everything works very well.
    i see images live with VLC, i’ve configured a DNS and with a RTSP player i see images laso out of my home.
    BUT i’ve some troubles to add the camera to my QNAP TS-212 suirvellance station server.
    IP address is correct, i can ping the camera via the app and it aswer correctly but it’s impossibile to set it.
    i’ve tried all the configuration possibile in my head but don’t works.
    parameters i think are correct

    general camera RTSP
    URL: rtsp://camera-ip/ch0_0.h264 or rtsp://camera-ip/unicast
    Rtsp port: 554
    UN: empty
    PASS: empty

    where i make the mistake?

    many thanks

    homerj81

      • homerj81

        hi
        i’ve found a solution, with next configuration everything works

        URL: /unicast
        IP: ipcamera
        Port: 80
        PORT RTSP: 554

        now the challenge is to activate the possibility to record when camera see moviment

        • Batman

          homerj81
          Did you manage to solve the motion detection on qnap? For me, no chance, I have ts-220.
          Also, what is bigger problem, I can’t manage audio to work due recording on surveillance station.
          Do you have any suggestions???
          Thank you for an reply…

    • barneyonion

      Hi homerj81 could you give me instructions on how to setup RTSP view outside the home on LTE? I tried using No_IP and have a host name but do not know what address to use then to connect to the camera. I have assigned a static IP to the camera on my router and setup port forwarding at 554 already. I appreciate its unsecured but I do not care for now as its an outside location with no privacy issues. If the DEVs could create a password secured login that would be a big help as I want to config the device for remote access without using raspberry pi.

  • Brandon

    Hey Bobby

    Do you know of a way I can reset the camera and start reapplying the hacks from scratch? I tried using a new card and still no luck. It looks like it runs the old scripts.

      • Brandon

        Hm I tried the factory reset via SD card. Wiped the SD card and reloaded the image.

        Status page shows: “Script is already installed!” – does this mean it never wiped?

        Also, this is log:

        Thu Jan 1 00:00:05 UTC 1970 – /etc/fang_hacks.sh: Executing script (enabled: 1)
        Thu Jan 1 00:00:05 UTC 1970 – /etc/fang_hacks.sh: Waiting for cloud apps…
        Thu Jan 1 00:00:09 UTC 1970 – /etc/fang_hacks.sh: iCamera is running!
        Mon Oct 10 16:00:31 UTC 2016 – /etc/fang_hacks.sh: Starting boa webserver…
        Mon Oct 10 16:00:31 UTC 2016 – /etc/fang_hacks.sh: CGI scripts not found in /media/mmcblk0p1/bootstrap/www!
        Mon Oct 10 16:00:31 UTC 2016 – /etc/fang_hacks.sh: Failed to find hacks in /media/mmcblk0p2/data!
        mount: mounting /dev/mmcblk0p2 on /media/mmcblk0p2 failed: No such file or directory
        Mon Oct 10 16:00:31 UTC 2016 – /etc/fang_hacks.sh: Failed to find /media/mmcblk0p2/data!
        Tue May 30 21:53:16 UTC 2017 – /media/mmcblk0p1/snx_autorun.sh: Running (device: mmcblk0p1

        I can see all these files and folders via WinSCP using FTP connection. Does this mean my SD card is just corrupted?

      • Sandy

        Hi there, is there a way to manually configure the IP address of this camera? I want to change to default gateway so the camera cannot talk out of the LAN and want to set my own IP.

        The hack worked a treat – it means it can be now used in iSpy (using the VLC URL connection).
        Used a basic FTP server with an explorer interface to copy files into the camera.
        Thanks for this amazing hack.

  • Robert

    Bobby !

    Thank you for your work.
    Your documentation is very good.
    I could set all except time stamp.
    I had a not-working camera(in Europe) and I’m watching my camera video via VLC player.

    Thank you very much.

    br,
    Robert
    Hungary

  • Gabriele

    Hi, very nice post, thank you for sharing!
    I managed to hack the cam and it’s working ok, I’ve just one problem: I can’t execute command “chmod +x snx_isp_ctl”.
    It appears that I can’t cd into root folder, every command line tool I tried starts from directory etc_default and inside that I can’t find the folders I need. Also I tried to change file permission through filezilla ftp but it return “Unknown command” error and doesn’t do it.
    How to resolve this? Thanks

  • Armin

    Thank you for the fantastic guide! I’ve got it working the way I want. Is there a way to password protect the stream (I have seen this on other rtsp streams)? If not is there a way to setup a web server (with password protection) and make that available to the internet? Ideally I would like to offer it as a webrtc stream to be able to use any browser.

    Again, many thanks

    Armin

    • bobby Post author

      Thanks for the kind words.
      Unfortunately, I’m not aware of a means of password protecting the stream at this time. A more convoluted approach would be to have a VPN server on your router.

  • Gary

    Hi Bobby thanks for updating the post 🙂

    Anyways i have taken your advice and installed a VPN server on my router and have my android phone connected (was previously using port forwarding to access my camera outside of my network)

    I now have my phone connected to my home network, what is the easiest way to configure Tinycam now?

    Its a little embarrassing but I am a bit confused with the settings now, not sure what goes where lol

    I have used PPTP, no scripts just a very simple exercise and now am connected via 4g

    • bobby Post author

      Hi Gary,

      The settings on the post should work, as it did for me. Remember to set the camera vendor to Xiaomi and Model to XiaoFang. RTSP over UDP works best. Port should be set to 554.

      • Seb

        Hallo Bobby, cool blog really helpful. So I have hacked the cam. All working well but I still don’t know how to view live stream outside omy WiFi. There are some VPN solutions but my router doesn’t support it. I also don’t want to see the feed afterwards so how do I manage to see the outside my WiFi? Thanks!

        • bobby Post author

          Hey Seb,
          Another solution would be to install OpenVPN on any other computer (better yet, a Raspberry Pi) on your network and simply port forward from your router.
          I’m working on a guide for this very thing.
          Stay tuned!

          • Seb

            OK cool, have another question: cam doesn’t focus properly in mid to long view. I have already tried to change Res and bitrate with no success is this a bug in the cam or the hack? Thanks rgds seb

  • Chris

    Thanks to your guide I’ve managed to run two cams without any problem. I’m able to use my Synology NAS for recordings and for simplicity I use Tinycam when on Wi-Fi at home and Tinycam when using OpenVPN. It works flawlessly until today: One of the cams looses it’s video feed although the audio feed still works in Tinycam. Currently I need to reboot the cam every hour to get the video feed back online.
    Any idea where I should look for a solution?

  • Chris

    Hmmm….
    I get a NOK when trying to start/stop the rtsp-check.
    1) followed guide, used telnet
    2) started; no error, just NOK
    3) stopped, error:
    Stop script ’99-rtsp-check’…
    /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 1: : not found /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 4: : not found /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 6: { : not found /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 33: syntax error: unexpected newline (expecting “)”) NOK

    Any idea how to solve?

    • Cheesethief

      I would definitely try redoing the script from scratch, from the readout it sounds like somethings were not copied over correctly. I made things easier for myself by sticking the SD card into my Linux PC and editing the files from the terminal that way since I am much more comfortable using nano than vi for text editing.

      • Chris

        Ok, I consider myself the n00b here…
        This is as far as I can see the same / hence the copy-paste structure as it’s supposed to be.
        I use notepad++ for editing and I hope somebody sees the error I made; because I’ve got no clue!
        Contents of script ’99-rtsp-check’:

        #!/bin/sh
        PIDFILE=”/var/run/rtsp-check.pid”

        status()
        {
        pid=”$(cat “$PIDFILE” 2>/dev/null)”
        if [ “$pid” ]; then
        kill -0 “$pid” >/dev/null && echo “PID: $pid” || return 1
        fi
        }

        start()
        {
        echo “Starting rtsp-check script…”
        rtsp-check.sh /dev/null 2>&1 &
        echo “$!” > “$PIDFILE”
        }

        stop()
        {
        pid=”$(cat “$PIDFILE” 2>/dev/null)”
        if [ “$pid” ]; then
        kill $pid || rm “$PIDFILE”
        fi
        }

        if [ $# -eq 0 ]; then
        start
        else
        case $1 in start|stop|status)
        $1
        ;;
        esac
        fi

  • Cheesethief

    Bricking the original camera I got from Zapals from a sale, I ordered a new one on ebay.

    The new camera that I got is supposedly one of these new unhackable ones with a MAC starting with 34. This camera is a little different in terms of looks. Instead of having a “reset button” style hole in the bottom, it is now an actual button. Markings (like SD CARD) are molded into the plastic instead of printed on it too. The rear arrow/house vent has less open holes in it, more of them are solid plastic than on the old one too.

    That all said, this camera came with firmware 3.0.3.56. I hacked it using the standard method from the fanghacks github and everything went just the same as on the older hardware. So I think Samtap is right, all of these cameras are hackable, you just have to be patient and make sure you do not mess up any of the steps.

    • Tim

      Hi all,

      Just thought I would add my 2 cents.
      I bought 4x of the new version with MAC starting with 34 and firmware 3.0.3.56. I DID NOT update the firmware to the current latest 3.0.4.20. Followed the setup steps with MiHome_v4.0.11 to setup wifi. All is good. Running iSpy freeware to monitor/record cams.

      Thank you all for the good write up and general support! 🙂

  • Dennis

    The iOS app has been upgraded to version 3.18 recently. Xioami has added something new where they ask you to verify your purchase of the camera but sending them the bar code of the camera and an order confirmation.

    See: http://imgur.com/pkdy0rL

    Has anybody tried it yet?

    • Seb

      I have sent them the barcode and eBay screenshot let’s see maybe they will unlock it?? My cam is not working great beyond 0.5m everything is blurry so cam a bit useless. Already tried changing resolution etc without success. I have now bought vstar cam from AliExpress. Works like a charm with no hacks and same price. 🙂

  • Pauper

    Folks, I am struggling a lot. Got two Xiaofangs from Gearbest. Opened one of them boxes, connected cam1 to Mi Home app (version 4.0.1, to avoid Mainland China trouble) and updated the firmware of cam1 from 3.0.3.56 to 3.0.4.20. I wrote the .img. Fang Hacks script to a 4gb microsd, went to the scriptpage of cam1 and clicked Apply. Nothing happens. The page just flashes one time, but that’s it. Hm, decided to try the second cam I bought. Opened the box, checked the firmware (it was also 3.0.3.56) and decided NOT to upgrade this time. Wrote the .img script to a 4gb microsd, went to the scriptpage of the cam and clicked Apply. BAM. The Fang Hacks script runs and all is good.

    I concluded that updating the firmware on cam1 to 3.0.4.20 might have been the issue in the fact that the script somehow does not seem to run. So I decided to downgrade cam1 to 3.0.3.56 (since all went well with cam2 running that script). After some troubleshooting I managed to do it. Cam1 was back to the firmware that I originaly received it with. I connected it to my Wifi via Mi Home app succesfully, wrote the .img Fang Hacks script to the microsd again, ran it and went to the Fang Hacks script page on cam1. I clicked apply, expecting the sript to continue succesfully, but that is not the case.

    Can anyone please tell me what is going wrong here and what I should do? Does it have to do something with the fact that I already ran the scipt once on version 3.0.4.20 of the firmware before I retried it on version 3.0.3.56 after downgrading the firmware?

  • Zomanyard

    Hi,

    I just got new camera with QRcode and MAC that started with 34. it running the latest firmware.
    Installed on my phone the mi home from google app store and was not able to connect the camera. after some time, I try to change my locale to chine, and then I was able to connect the camera
    of course, when trying to view the camera I got the “not working outside of china”
    so I download the 0.20.0 script and put it on sd card and turn on the camera and see that mi home can see the camera, but the LED is not solid blue. it flashing blue. and i’m getting 404 when trying to http://DEVICE_IP/cgi-bin/status

  • Pauper

    Hi people, I have a question. I have the script up and running in Wireless Client mode. Once I click ‘Disable cloud applications’ on the Status page and I reboot the cam, the time on my cam screen is off by -2 hours, while on the Status page the time and timezone show correctly. Any ideas what might be going wrong here? Will I not be able to check the ‘Disable cloud applications’ box now?

    Kind regards, Pauper

    • bobby Post author

      Add the [-P RTSP port] switch on the line with snx_rtsp_server with the desired port in the file /media/mmcblk0p2/data/etc/scripts/20-rtsp-server, I’m assuming that should do it.

  • Warhawk

    When i try to login i via Putty or WinSCP, i get the following error: “Incoming Packet was garbled on decryption”

    Googled around and set SSH version to 2 and moved blowfish to top, but no resolution.

  • Cristian

    Not sure if anybody noticed, in fang-ir-control.sh script posted on GitHub (and linked in this article) that is supposed to help with heat issues, there are conflicting comments for the same command (“gpio_ms1 -n 2 -m 1 -v 1”). Once comment says “filter movement enabled” (on “if [ $IR_ON -eq 1 ]” branch), the other comment says the opposite “filter movement disabled” (on “if [ $IR_ON -eq 0 ]” branch).

    At the beginning of the script the same command (“-v 1”) is said to “this causes increased current flow”, it is commented out and replaced by “-v 0”. On “if [ $IR_ON -eq 0 ]” branch, “-v 1” is the last command. I’m wondering if the calls to “-v 0” and “-v 1” need to be switched around on “if [ $IR_ON -eq 0 ]” branch.

  • belice

    Hello,
    First of all thank you for helping so many people. my problem is the next:
    My camera does not work and I do not know if I can jacke it. The led of the camera is blue blinking and the camera is left with the message of “connecting”.
    I can try to jacke it?
    Thank you

  • Roman

    Hello, installed hack on the camera of the new sample with MAC 34, and then pressed the button Disable cloud aplication, button Hacks enable is not active, after restarting the yellow led is illuminated, the camera is not working, help solve the problem. Thank you

  • Drake

    For some reasons, i can’t get rtsp to work when I change the resolution to 720p.
    It shows status = NOK

    It’s fine at 1080p though.

    • Drake

      Actually, i tried changing it back to the original file (1080p) just for the sake of testing.

      Now it won’t work at all. It just says status = NOK.
      I tried rebooting through the web interface as well as physical reboot.

      • Drake

        Fixed problem. When i edit the file using FTP, it does not work.
        It only works if i put it on linux and edit the file there.

  • Drake

    hello bobby, had a question regarding rtsp check service

    1. what do you mean by the touch before rtsp-check.sh?

    cd /media/mmcblk0p2/data/usr/bin
    touch rtsp-check.sh

    2. How do you make the file executable? do you put that command somewhere?
    do you rename rtsp-check.sh to chmod +x rtsp-check.sh?

    Then make the file executable.
    chmod +x rtsp-check.sh

    thanks

    • Drake

      Hello Bobby, even after applying the RTSP check scirpt, i still get disconnected randomly.
      Happens sometimes wihtin a few minutes, sometimes it takes hours before disconnect.
      It will reconnect anyway after like 20 seconds but still, it’s unreliable.

      Followng the violet-ish image when IR is on, i still haven’t fixed it.

  • Bob2

    Bobby! Great info but my needs are modest and I really never understood putty and which com and which USB port and how can I connect to a serial port on a modern pc with only USB ports dammit lol

    So all I want is to use the damn xiaofang with the mihome app in the USA. I managed to get it to cooperate with apk 4.0.11 and vers 3 firmware. I have some naive questions.

    1) I connect ok on my home wifi network but when connected to outside public WiFi I cannot view what is on my cam even though apk says device online. Is this a limitation of the cam/app?
    2) the led light always flashes blue. Never solid. Will this prevent me using the hack if I need to?
    3) I really want motion detection. Does the hack support this?
    Thank you

    • bobby Post author

      The hack does not incorporate motion detection unfortunately. Also, you won’t be able to access the camera from outside your home network. You’ll need to port forward or install a VPN server such that you can access your home network in a secured fashion across the internet. I’ve written a guide here about just that.

  • Ted

    Awesome hack Bobby, much appreciated.

    Just one issue: The time stamp on RTSP stream showing different time compared to the one on “http://device-ip/cgi-bin/status” page.
    Looking closely, the RTSP stream is actually showing the UTC+0 time, while the status screen is showing my correct time zone.

    Can you help? What could have I done wrong?

  • Peter

    Hey, thanks for this tutorial. Great job…

    I’d like to ask if somebody managed to link this IP cam via RTSP to a QNAP Surveillance Station? What are the correct parameters? I tried a lot but no success so far.

  • gabi

    hello, i have 2 question: first i have router with only dhcp, can i put ip static on XF? and second i put rtsp check service with enable + start, i limiting for 6fps, i start ir-control – and result only 2-3 minutes work with rtsp after only sound, 1-2 minutes after i have video, 2-3 minutes again only sound…. can i fixit ? I have 4 camera and same ( i believe it is hot)

  • Ervin

    Dear bobby,

    I have implemented so many things, I am amazed.
    What I can see, that while recording on the sdcard, viewing through vlc increases the lags and freezes the video.
    Should I decrease more the resolution, the frame rate or both?

    What I am more interested is that is there any possibility to set the recording so it records 15min files and when it reaches 1Gbyte of recording overwrites the first video, then the second and so on?

  • Schmurtz

    After many test with different softwares, I share a good way to make timelaps with rtsp on your computer (Windows but should be very similar on linux) :

    Little script to creates jpg images in a folder with date, VLC command line :
    ———————————————————————————————–
    SETLOCAL ENABLEDELAYEDEXPANSION

    :: Use WMIC to retrieve date and time
    FOR /F “skip=1 tokens=1-6” %%A IN (‘WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Month^,Second^,Year /Format:table’) DO (
    IF NOT “%%~F”==”” (
    SET /A SortDate = 10000 * %%F + 100 * %%D + %%A
    SET /A SortTime = 10000 * %%B + 100 * %%C
    SET SortTime=0000000!SortTime!
    SET SortTime=!SortTime:~-6!
    )
    )

    :: Display the results:
    set now=%SortDate%_%SortTime%
    set now=%now%
    echo %now%

    :: Proceed with RTSP capture
    mkdir TimeLapseoutput5Mpix%now%

    “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” https://www.youtube.com/watch?v=2e_EwPdXWFs –video-filter=scene –sout-x264-tune=stillimage –sout-x264-lookahead=10 –dummy-quiet –vout=dummy –scene-ratio=10 –scene-format=jpg –scene-prefix=img- –directx-3buffering –no-directx-use-sysmem –directx-hw-yuv –direct3d-hw-blending –scene-path=TimeLapseOutput5Mpix%now% vlc://quit

    To assemble images into a video :
    ——————————————
    mencoder mf://*.jpg -mf fps=25:type=jpg -ovc x264 -x264encopts bitrate=1200:threads=2 -o outputfile.mkv

    mencoder binaries here :
    ——————————————
    http://mplayerwin.sourceforge.net/downloads.html

    mencoder seems to make better results than avi demux, ffmpeg or mpv.

  • Ivo

    Hi, how can I move the camera to a different router (different IP)? If I move the camera away from the current router I cannot login to change its settings to the new router.

  • Matthew

    Hi there! Thanks for you great job!
    I have a question – how to have recording direct to remote FTP, NAS or just shared folder (without remote recording at Linux-box)?

  • Marcelo

    Hello i bought one xiaomi ip camera and she is exactly this “models with the QR code at the bottom and the MAC address starting with 34”, Do not have some new way of working?

  • Ahmed

    the hack isn’t working on the new oval shaped mija 1080p camera. when you insert the SD Card nothing happens. If you reboot with the card inserted same thing. any suggestions?

  • Nico

    I’ve got one question. Does the camera need card all the time? I would like to use the camera only some hours a day, but when i restart or boot it, i have to place the card in an exacly time slot so that it would work, is that normal?

  • Fotis

    thanks for the guide ….
    I have a question .
    It is not playing with 3-4G (in Windows PC is perfect)
    I know the security isues about sending the stream over the web but i am trying to do a test (without VPN) .

    In Tiny Cam in camera status the drop frames are nearly 100% and dont have any image …(always through 4G)
    Can you tell me what is wrong ?

  • Nuno Carvalho

    Hi! Bobby, guys, seems the firmware is not available for download anymore, can anyone share or post a new link?

    Best regards.