Xiaomi Smart 1080P WiFi IP Camera with RTSP Streaming Hack 272

Being someone who just love cameras, I’ve recently come across a great *cheap* 1080p mini cam to incorporate into my home monitoring system. Only downside though, the camera is intended for the Asian market and assumes you’ll use their “Mi Home” app to control all of its features. But more so, it lacks one key feature: no RTSP. Boo… But lucky for us, and thanks to some very smart people over at this GitHub page, there’s a way to get an RTSP stream working with this camera. Read on and I’ll show you how.


Xiaomi 1080p WiFi Camera

Xiaomi 1080p WiFi Camera

Update 2: (June, 2017)

Many have asked what would be the best approach to access the video stream via the internet. As luck would have it, I put together a guide for just that! Check out my post: Guide: VPN Server with the Rapsberry Pi.

Update 1: (May, 2017)

As of May, users are reporting difficulties in trying to hack this camera. However, according to the developer the hack will work fine regardless of the firmware version. Check this post over at github. But be aware that there are also reports that either a new model of the camera or new firmware is preventing the fang-hacks from working (apparently models with the QR code at the bottom and the MAC address starting with 34). Moreover for those having issues, I suggest using v4.0.11 of the MiHome app, as the most recent version v4.1.7, is apparently doing some sort of geo-blocking to prevent users outside China from using the Camera. Please go to the discord chat to get more info.


This camera can be procured at your favorite Asian online vendor, notable sites are (Banggood, TinyDeal, Fasttech and the list goes on…) The camera features a 2.7 inch CMOS sensor, 8X digital zoom, two-way audio and is capable of 1080p. It has a slot for an SD card and supports WiFi but unfortunately provides no Ethernet connection. As mentioned earlier, it is intended to use with the “Mi Home” app on the Apple Store or Google Play but to be honest, we don’t get care about this all that much…’cause we’ll hack it.

Real Time Streaming Protocol

The Real Time Streaming Protocol (RTSP) is a network control protocol that can be used with a myriad of different programs and was designed such that client-side applications can begin displaying the audio and video content before the complete file has arrived. It can be delivered through UDP or TCP, but most importantly, this protocol is supported by VLC, QuickTime Player, mplayer, RealPlayer (if that’s even a thing now) and most 3G/4G compatible mobile phones (mileage may vary though).

But by default this camera does not support RTSP and is cloud only (which is a tad bit worrisome if you ask me but I digress) Fortunate for us, there’s a project on GitHub to enable RTSP. One caveat is that you’ll lose some app-only features, like motion detection – a small price to pay for RTSP I guess. Hopefully this GitHub project, what I’ll refer to as “fang-hacks” in this post, will add more app-only features over time – one can hope!


Follow these instructions to get up and running but please do so on a full stomach to avoid errors…apply with caution and needless to say, I will not be held responsible for bricked cameras. Basic command line skills are almost essential for the “Going Further” section below.

Update the Firmware

We’ll need to first update the firmware. As of this writing, my camera came with version, latest version being But before we can update the firmware, we’ll have to install the Mi Home app. Besides upgrading the firmware, the app enables us to supply our WiFi password such that we can pair the camera to our network – a much needed step, if I do say so myself.

Install Mi Home

For some reason, I wasn’t able to install Mi Home through Google Play as it prompted me that none of my devices were compatible. OK then, whatevers… For this reason, I decided to sideload the app via ADB. I went to apkpure and downloaded the app manually, then installed it via ADB. I won’t get too much into detail about ADB, google if unfamiliar.

adb install MiHome_v4.0.11_apkpure.com.apk

Next, we shall set up the camera.

Open the app with whichever finger you’re most comfortable with and select Mainland China, if you select another region you may run into install problems later.

Power on the camera.

Use the included “paperclip poking device” to depress the setup pin on the bottom of the camera. The camera will make an audible sound and you’ll hear a voice speaking a foreign language that I don’t quite understand.

After a few seconds, a pop up will appear on your phone or tablet, click on OK to begin the pairing process, however, you’ll need to sign in first with a valid Xiaomi account. Create a Xiaomi account and sign in and click next.

Select your WiFi network and fill in your WiFi password.

You’ll see a QR Code on your screen, slowly point it in the vicinity of the camera’s field of view so it can read the code. If successful, you’ll hear some more audible words – probably telling you that you’re about to do something bad, really bad, so stop it, damn it!

Wait a little while to finish the setup. If you get a timeout while you see the percentage, hit “try again”.

Now click on the your camera, it should say “online”. In the top right corner you’ll see an ellipse icon, click it and go into “General Settings” and “Check for updates”.

Begin upgrade and wait some more.


After upgrading the firmware, go to the GitHub page of fang-hacks. Read the information carefully before you proceed – but don’t worry, the process isn’t too difficult.

Download Hack

Download the image file from the releases page, currently as of this writing it’s up to V0.2.0. After you unzip this file you’ll need to write the fang-hacks image to your SD card. Various options exist to accomplish this feat.


For Windows we can use a tool called Win32DiskImager. Download this small executable and proceed with these instructions while writing the file fanghacks_v0.2.0.img to the card.

Mac OS X

You’ll need to get to the command line and proceed as follows. To list the disks currently connected:

diskutil list

Next locate the target disk/card (assume disk2 for this example) and un-mount the disk.

diskutil unmountDisk /dev/disk2

Then write the image.

dd if=/path/to/fanghacks_v0.2.0.img of=/dev/rdisk2 bs=1m


On Linux, very similar to Mac OS X, get to the command line with Terminal App and proceed as follows (assuming your SD card is sdb.)

dd if=/path/to/fanghacks_v0.2.0.img of=/dev/sdb bs=1M

Apply the Hack

Power on the camera and wait until the status LED is solid blue – this indicates that the camera is connected to your WiFi network.

Now put the SD card in the slot at bottom and you’ll hear a “clanking” sound when the hack starts up.

Visit this webpage to enable the hack:


The IP address should be attainable by inspecting your router Device’s page). Now click on “Apply” to activate the hacks (this will survive reboots so don’t fret provided you keep the SD card in the camera).

A word of warning, do not activate “Disable cloud applications”, if you do and you can’t connect to your WiFi network for some reason, you will turn your nice new camera into a somewhat inadequate paperweight!

FangHacks: Status Page

FangHacks: Status Page

Click on “Manage scripts” to see if all the scripts have been started successfully.

FangHacks: Status Page

FangHacks: Status Page

You can also turn off IR (used for night vision) so that you can point this out a windows without the IR glare. The 21-ir-control service controls this.

Furthermore, the hack enables certain services that will aid in administrating the camera in the future. The following ports should now be open:

21 FTP
22 SSH
554 RTSP

The RTSP Stream URL

If all is successful, you are now presented with the fruit of your labor: TADA!!! The RTSP stream! Behold its greatness!!!

It can be accessed directly from:


You can use VLC and click “Open Network” with this URL, to view the stream. Congrats on a job well done!

Connecting to the Camera

At some point or another you’ll need to make modifications to certain files directly on the camera. Your options are SSH/Telnet:

ssh root@DEVICE_IP
telnet DEVICE_IP 2323

Or any FTP/SFTP program will do as well but I’ll let you mess with that…

BTW, these are the default credentials needed to log in into the camera.

username: root
password: ismart12

TinyCam Setup

TinyCam is a great Android app that I use to manage my cameras from mobile devices. It supports fang-hacks on this camera as of version 7.5. This is how I setup mine:

FangHacks: TinyCam Setup

FangHacks: TinyCam Setup

Going Further

The following sections are things I picked up along the way that I thought I’d share because I’m a swell guy. Be forewarned that this is all based on version 0.2.0 of fang-hacks, things will inevitably change in the future (maybe) rendering the below unneeded or obsolete. Also, a big warning, be weary of Windows text editors while making manual edits to files. They’re notorious for adding control characters to line endings rendering your scripts un-runable.

I recommend that the majority of work be done with the command line and with the built-in vi text editor to avoid screw-ups. If you feel uncomfortable with this, Google usage or simply stay away!

Changing the Resolution

Depending on how robust your WiFi network is, you may want to reduce the resolution from 1080p to 720p. This is how it’s done. You’ll to need change the following file via any method you’re most comfortable with (you can either FTP/SFTP or SSH/Telnet – I suggest SSH/Telnet with something like putty if you’re on Windows)

File to modify:


Remove or comment out this line with a hash (#):

snx_rtsp_server -W 1920 -H 1080 -Q 10 -b 4096 -a >$LOG 2>&1 &

Then add in its place, this line:

snx_rtsp_server -W 1280 -H 720 -Q 10 -b 2048 -a >$LOG 2>&1 &

Heat Issue

After I installed the hack, I noticed that the camera got a little too hot to the touch for my liking. Searching the GitHub pages I came across a posted fix.

There appears to be a new version of the fang-ir-control.sh script that’s not in the V0.2.0 release that’s suppose to help with heat. You can go ahead and modify the file below if you want to attempt this yourself.

The file to change is:


Update that file with this one.

Timestamp Overlay

To get a timestamp showing the current date/time on the top left corner of the image, follow these steps.

FangHacks: Timestamp Overlay

FangHacks: Timestamp Overlay

First Fix your TimeZone

This can be accomplished on the main status page (http://DEVICE_IP/cgi-bin/status), in the TZ field and by clicking “set”. You can look up your timezone by going here.

For example if you live in Chicago – not sure why you’d want to – (I kid, I kid – I hear it’s a great city) then the corresponding timezone would be: America/Chicago and I would copy this in the TZ field:


Install snx_isp_ctl

Add the file snx_isp_ctl to the camera. You can find the file from here – in fact it should already be on your camera in this path:


You’ll first need to copy this file to:


Once copied you’ll need to add the executable flag (+x) to it, you can either do that with your FTP client or from SSH/Telnet with:

chmod +x snx_isp_ctl

+1 Hour Offset Issue

If after adding the timestamp overlay you noticed that the time is +1 hour off, please see the following. It would appear that this is a common problem.

Run on Boot

Finally update the file 20-rtsp-server which gets executed on boot. Add the following line in this file (can be found in /media/mmcblk0p2/data/etc/scripts) right after the snx_rtsp_server line.

snx_isp_ctl --osdset-en 1 --osdset-datastr Date --osdset-ts 1 --osdset-template 1234567890./-:Date

Or with a black background:

snx_isp_ctl --osdset-en 1 --osdset-datastr Date --osdset-ts 1 --osdset-template 1234567890./-:Date --osdset-gain 1 --osdset-bgtransp 0x1 --osdset-bgcolor 0x000000

Then finally reboot.

Flip/Mirror Image

Because we copied over the snx_isp_ctl file, we can also do handy things like flipping or mirroring the image.

To flip the image upside down:

snx_isp_ctl --mfset-mode 1

To restore the image:

snx_isp_ctl --mfset-mode 0

To mirror the image:

snx_isp_ctl --mfset-mode 2
snx_isp_ctl --mfset-mode 3

Again, if you want this to survive reboots, add the appropriate line in 20-rtsp-server file after the snx_rtsp_server line.

Remote Recording with FFMPEG

If you’re like me, you’re probably interested in recording video from the camera. As the “Mi Home” app does provide a means for recording, it does so by uploading your video to the cloud. Now, I’d rather not get into the privacy concerns this raises but more to the point – who cares – ’cause we’re not using the app after all.

If on the other another hand, you’ve got a Linux server or some other box with ffmpeg installed, this is the command line to produce a fairly decent recording. Obviously substitute your DEVICE_IP and PATH_TO_RECORDING. The following produces multiple hour long recordings.

ffmpeg -stimeout 600 -rtsp_transport udp -i rtsp://<DEVICE_IP>/unicast -c copy -map 0 -f segment -segment_time 3600 -segment_wrap 100 -segment_format mov -reset_timestamps 1 "/<PATH_TO_RECORDING>/capture-%03d.mp4"

On-Device Recording with FFMPEG

Interestingly, there’s a way to record video directly to the SD card! I was able to fudge together something that accomplishes this (to a certain extent) while integrating it into the existing fang-hacks interface. I basically created a new button on the main “Status” page called “Recordings”, which in turn brings you to a new screen that allows you start ffmpeg to begin recording. From there you can click a recording and view it directly from Google Chrome.

Custom On-Device Recording with FFMPEG

Custom On-Device Recording with FFMPEG

Before attempting this, I suggest expanding your SD card via the interface. Be warned, this could take hours!

On with my “hack” of the hack – if that makes sense…

My custom code relies on ffmpeg being in the directory: “/media/mmcblk0p2/data/test/ffmpeg”, which should be the case with fang-hacks, so you don’t need to do anything about this.

However, three additional things need to be done after downloading my update.

Link for my code.

We’ll be working in the following directory, so all modified files will be placed there. Use a SFTP/FTP client to accomplish this.


Make the following changes

  • Overwrite action with the one contained in the zip file and add both files player and record.
  • Then add the highlighted line to the status file.
    <button title='Network' type='button' onClick="window.location.href='network'">Network</button>	 	 
    <button title='View /tmp/hacks.log' type='button' onClick="window.location.href='action?cmd=showlog'">View log</button>
    <button title='Manage scripts' type='button' onClick="window.location.href='record'">Recordings</button>
  • Now reboot.

Hopefully it works.

Note: when you hit “start” to begin a recording, give the camera some time before you see a clickable file.

After some experimentation, this method might not be the best for long recordings for multiple reasons. First, I’m noticing some corrupted segments while recording, probably due to the weak processor on the camera and second; scrubbing through long recordings may not work at that well due to the nature of how the file gets buffered chunks at a time. Also, this will “unsync” your code from the main developer when it comes time for updates, possibly breaking things. But you can try it if you like…

If you are adventurous, you can probably incorporate some sort of motion sensing (albeit through another device, like a Raspberry Pi with a motion sensor) and then kick off a recording on the camera with a single URL, like so:


Yes I know, an ugly and costly hack to get motion detection, but the possibility does exist to add this camera to your custom setup.

RTSP Check Service

I haven’t had this problem as of yet, but if you noticed your RTSP going down, crashing, or not responding you can implement these simple scripts to ensure it remains up.

In the following directory, create a file called: rtsp-check.sh

cd /media/mmcblk0p2/data/usr/bin
touch rtsp-check.sh

And put the contents that follows:


while true; do
if pgrep -x "snx_rtsp_server" > /dev/null
    /media/mmcblk0p2/data/etc/scripts/20-rtsp-server start
sleep 2

Then make the file executable.

chmod +x rtsp-check.sh

Next move to a different directory and create a file called: 99-rtsp-check

cd /media/mmcblk0p2/data/etc/scripts
touch 99-rtsp-check

Now put the below in that file.


  pid="$(cat "$PIDFILE" 2>/dev/null)"
  if [ "$pid" ]; then
    kill -0 "$pid" >/dev/null && echo "PID: $pid" || return 1

  echo "Starting rtsp-check script..."
  rtsp-check.sh </dev/null >/dev/null 2>&1 &
  echo "$!" > "$PIDFILE"

  pid="$(cat "$PIDFILE" 2>/dev/null)"
  if [ "$pid" ]; then
     kill $pid || rm "$PIDFILE"

if [ $# -eq 0 ]; then
  case $1 in start|stop|status)

Once done, you can administer this service the same way you do others, via the “Manage scripts” page.


RTSP Check Service

RTSP Check Service

Limiting FPS (Frames Per Second)

You may want to limiting the frame rate to reduce lag. Adding the -F switch to snx_rtsp_server command in the 20-rtsp-server file will accomplish this.

snx_rtsp_server -W 1280 -H 720 -Q 10 -F 15 -b 2048 -a >$LOG 2>&1 &

Desktop Shortcut

If you have VLC installed, you can create a file on your desktop as a shortcut with the following line in it.


I gave the file a .vlc extension and ensured the extension is associated with the VLC application. I tested this on MAC OS X.

VPN Server

If you’re interested on how access the camera stream via a secure connection, please check this post: Guide: VPN Server with the Rapsberry Pi.


So far the hacks have been stable and this cheap camera is proving to be more than a bargain. A big shout-out goes out to the smart individuals who put the fang-hacks project together. Oh, as of this writing (March 23rd, 2017) there’s also a discord chat going on, so if you have any burning questions, pop on over. Again, we all owe these dudes a debt of gratitude for their hard work and effort. Well done.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

272 thoughts on “Xiaomi Smart 1080P WiFi IP Camera with RTSP Streaming Hack

      • Yuriy

        Hi friend, I do not understand this well, but I would like to know how to change the FPS on the camera, please write step by step how to do this, do I need to do it over the network to the camera or from a sd card? (Limiting FPS (Frames Per Second)
        You may want to limiting the frame rate to reduce lag. Adding the -F switch to snx_rtsp_server command in the 20-rtsp-server file will accomplish this. snx_rtsp_server -W 1280 -H 720 -Q 10 -F 15 -b 2048 -a >$LOG 2>&1 &)

    • Andy

      Thank you so much for the write up bobby. I have the following problems – hope you can help out a noob.

      I cannot stream the RTSP stream URL on 3g or 4g network. It only works on Wifi.

      Also can you please help me understand how i can add the nx_isp_ctl file to /media/mmcblk0p2/data/usr/bin location? Do i add this on the microsd? – Sorry, im very newb.

      Thank you so much.

  • Matt

    Great write-up! Thank you for your work. I will definitely head over to GitHub to show my thanks too. Any idea if they are planning a new release with all of the updates/tweaks that you mention above? Most importantly the heat issue?

  • victor

    Hi, trying to apply “On-Device Recording with FFMPEG”

    Super noob since I don’t know command line well. I’ve successfully SSH’d into the camera and gone to the correct directory but how do I copy from my computer to the camera. I’ve tried “cp *location*/action” – no luck??


    • bobby Post author

      Hi Victor,
      I suggest then to use SFTP/FTP to accomplish this. You can download something like WinSCP and configure it with the IP address and credentials in this post, then navigate to the folder in question “/media/mmcblk0p1/bootstrap/www” and upload the files there. For the one edit that needs to be done, download the file again (with WinSCP). Then use a good text editor like notepad++, make the change and upload it back. Then reboot.
      I hope this helps!

  • bman24

    After changing resolution to 720, my RTSP server went down. Not sure what went wrong. I deleted the 1080 line and added the 720. Any advice would be helpful.


      • bman24

        Nope still nothing. All I’ve done is install the IR fix, add RTSP check, and change resolution. I tried changing back to 1080 and still nothing. Looks like I’ll have to wipe and reload.

        • bobby Post author

          Sounds to me more of an SD card problem. Unfortunately filesystem corruption tends to happen a little too frequently with these cards. If you don’t want to start over, I do suggest then (if you’ve got a Linux system handy) is to do a filesystem check on the second partition of the SD card with the command: sudo fsck.ext2 /dev/sdb2 (assuming your card is sdb as mounted by Linux). Last alternative is to start over with a new card.
          Good Luck.

  • Lambros Tropeas

    Great things! you saved us from a long way !
    We would like to try also except rtsp server also rtmp server through
    ffmpeg recode or just adding rtmpsrv and dependencies in camera linux and use through scripts from the web interface.
    Have you anything in mind as you came through here?
    I have opened also a Project in github in developers explain what it would be great for also to be done.

  • Jacky Cheung

    This is correct is Run Boot
    echo “Starting RTSP server…”
    snx_rtsp_server -W 1920 -H 1080 -Q 10 -b 4096 -a >$LOG 2>&1 &
    snx_isp_ctl –osdset-en 1 –osdset-datastr Date –osdset-ts 1 –osdset-template 0123456789./-:Date &
    echo “$!” > “$PIDFILE”

        • bobby Post author

          Depending on how you edited it, you undoubtedly erred or miscopied or inadvertently inserted control characters into the file (that you cannot see) forcing the script to exit abnormally – especially if done through FTP and a Windows text editor. Re-download the original 20-rtsp-server file from Github to get back to a clean state.

          • Dennis K

            I tried for hours to get the date and time overlay to work. No matter how I edit the 20-rtsp-server file, I just cannot get it to work. The service won’t start. Are you absolutely sure this code works?

          • bobby Post author

            If I were to guess, chances are you’ve edited the file in an editor that probably inserted control characters within the it, causing it to be un-runable – so to speak. I’d start over and edit the file in a editor like notepad++ on Windows or the vi editor from the command line.

      • Gary

        Hi bobby i have it all up and running and can view it on Tinycam via my wifi

        How would i set it up to use it on my cell phone?

        How do i find the public ip address of my camera?


        • bobby Post author

          By public address of your camera, I’m assuming you mean your modem’s public address? Presumably your camera has an internal IP behind your router. In which case, you’ll need to port forward the RTSP port (554) to the internal address of your camera. But I highly recommend that you DO NOT do this, as the camera (currently) has no form of user authentication for the video feed, unless of course you want to publicly broadcast your video feed – which I doubt. One solution is to set up a VPN server on your router and VPN into your local network. Another solution would be to tunnel into your local port via SSH and port forwarding.

          • Lifeisfun

            Another solution would be to tunnel into your local port via SSH and port forwarding.
            Any chance to give us idea how to do that?

            Thanks for all the work you put in to this to make it better!

          • bobby Post author

            Time permitting, I’ll see if I can post some instructions on tunneling. Glad you found this guide useful!

          • Lifeisfun

            That would be great if you find the time to post some instructions how to!
            Thanks again 🙂

    • Mario

      Just to clarify – after initial setup via Wi-Fi to keep recording, or capturing motion on SD card even there is not Wi-Fi in range (I will use portable/ solar power in remote location).

  • Pier

    For some reason, I can’t able to see the streaming by xiaomi app in 3g, but I can see only in Home Wifi. I use this camera In Europe(italy)
    Have you any idea?

  • pierre

    Thanks an congratulations
    everything is clear, detailed and almost exhaustive
    Just in case you have the info… Do you know how to unbrick it once the yellow light does not flick anymore after restarting the hacked device 🙁
    I wish I had read you page before 🙂

        • bobby Post author

          According to the developer the hack will work fine regardless of the firmware version. Check this post over at github. But be aware that there are also reports that a new model of the camera is preventing the fang-hacks from working (QR code at the bottom and the MAC address starting with 34). I also suggest connecting to the discord chat to get more info. Also, I suggest using v4.0.11 of the MiHome app, as recent versions are apparently doing some sort of geo-blocking to prevent users outside China from using the Camera. Good luck.

          • Leas1968

            I recently purchased two of these cameras with the QR code at the bottom and the MAC address starting with 34. I applied the fang-hacks and is working as you describe here! No problem so far except I can’t use MIHome app that is in Chinese anyway. I have installed the v4.0.11 of the MiHome app and I could see the camera but it updated to a newer version automatically and I can’t use it any more. I guess I have to uninstall and re-install it over and over again. Frustrating.

            I expect to see a way to authenticate the camera so I can access it from the Internet without the use of a VPN router and also use motion detection feature.

    • bobby Post author

      According to the developer the hack will work fine regardless of the firmware version. Check this post over at github. But be aware that there are also reports that a new model of the camera is preventing the fang-hacks from working (QR code at the bottom and the MAC address starting with 34). I also suggest connecting to the discord chat to get more info. Also, I suggest using v4.0.11 of the MiHome app, as recent versions are apparently doing some sort of geo-blocking to prevent users outside China from using the Camera. Good luck.

      • touchii

        Hello bobby,

        I just bought xiaomi with MAC address start with 34: , also has QR code add the bottom.
        I think it was already updated to latest fw version.

        I found your hack script is working for me , but not consistency depend on how quick your put the SD to camera.
        If i put SD to quick after LED wifi connected it will work looks like snx_rtsp_server can start but I wait for long time look like /etc/app/icamera will took /dev/video0 deive and will made snx_rtsp_server cannot start.

        Ps. Your script great!!


  • Eduardo Gonçalves


    I updated the firmware and now I can’t connect to the camera because it says that “the product can’t be used outside mainland China”.
    Does anyone know how to downgrade the firmware or do a hard reset? I tried the click and wait on the setup button and it didn’t work.
    Thank you.

    Best r.,

    • bobby Post author

      I suggest downloading v4.0.11 of the MiHome app and trying again. Version v4.1.7 (which is the latest) is apparently doing some sort of geo-blocking to prevent users outside China from using the Camera. Good luck.

    • Ben

      I’ve been using the hack for a few months, this page is a wonderful resource. From time to time I’ve had issues where a camera wouldn’t connect to Wifi, and right now I have a camera that will not connect to Wifi. Is there a way to edit a file on the sd Card to push Wifi or IP settings to the camera or do you have to use the MiHome app w/ the setup button. It would be great to hack that setup button and make it a WPS button!

      Thanks again

      • bobby Post author

        Thanks for the kinds the words.
        Concerning WiFi, it’s a bit delicate. I know you can modify settings via the following commands from the command line:
        echo -n “mypassword” > /etc/config/.wifipasswd
        echo -n “myssid” > /etc/config/.wifissid
        However, I’ve only ever entered my WiFi settings via the MiHome app and never attempted to change the settings via the command line.

        • John

          Thanks for all the wonderful info you provided on this page. When I used WinSCP to FTP to the camera IP, then Command | Opened Terminal, and entered the commands as you provided above, I received an error:

          “500 Unknown command”

          What had I done wrong? What program/utility would you suggest I use to connect to the camera to execute these commands?

  • Davis

    Xiaomi 1080p came to me today (MAC: Adr. 34 and QR code add the bottom). I’m from Central Europe. I installed Mi Home App (4.1.7) and then also recommended (4.0.11). I created an account, but there is no confirmation email to complete my account. The camera can not be used for this purpose. Please help to make the camera work. Thank you.

    • bobby Post author

      Maybe the geo-blocking restriction is preventing you from proceeding? Perhaps try masking your IP with a VPN?

      • Davis

        Hi, thank you for your reply. It was helped to register with the gmail and 4.0.11 APP versions.
        Is it a camera to connect using LTE and not just a home wifi?

        • bobby Post author

          You’ll have to port forward into from your router if you want to access it from LTE. I wouldn’t recommend it as there’s no authentication. I better solution would be if you can setup a VPN server on your router. There are many guides on the internet. Good luck.

  • toensi


    when i post the code an I make a restart, then the Code ist deleteted. on Devices Recording with FFMPEG”

    Nach dem neustart ist der Code gelöscht, irgenwie funktioniert das nicht, bitte um Hlfe.
    View log

    /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/action -> /tmp/www/cgi-bin/action
    Sat May 20 21:38:56 GMT 2017 – /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/func.cgi -> /tmp/www/cgi-bin/func.cgi
    Sat May 20 21:38:56 GMT 2017 – /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/network -> /tmp/www/cgi-bin/network
    Sat May 20 21:38:56 GMT 2017 – /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/scripts -> /tmp/www/cgi-bin/scripts
    Sat May 20 21:38:57 GMT 2017 – /etc/fang_hacks.sh: Linking /media/mmcblk0p1/bootstrap/www/status -> /tmp/www/cgi-bin/status

    es wird doch record garnicht gestartet ???

    Danke und Gruß aus Münster

    • bobby Post author

      That’s very weird. Perhaps there’s an issue with your microSD card? If you have a Linux box available you can do a filesystem check with a microSD card reader and correct any errors or better yet, try another microSD card.

  • Hammerhand

    Hi. I have set my XiaoFang network to access mode after using the hack, and now I don’t know how to see the rstp video from android. It connects to the wifi (evidently, without internet access), but I can’t configure tinycam to play video, neither access to the camera in to change configuration. Any help?

    • bobby Post author

      Is your camera connected to your WiFi network? Check your router’s “Device List” to find it’s IP and determine whether it’s connected or not? Trying pinging it’s IP address once you’ve found the correct IP. BTW, the IP address you specified is normally reserved for your router ( and not devices that are connected to it. It seems you don’t have the correct IP address of the camera.

      • Hammerhand

        Ok, solved. The problem was that I had mobile data on, so phone recieved another ip. I switch data off – recieve an ip – configure tinycam as you said – I can use my camera as an access point connected to a power bank even out of home.

        Thanks for your help 🙂

  • homerj81

    i’ve hacked the camera and everything works very well.
    i see images live with VLC, i’ve configured a DNS and with a RTSP player i see images laso out of my home.
    BUT i’ve some troubles to add the camera to my QNAP TS-212 suirvellance station server.
    IP address is correct, i can ping the camera via the app and it aswer correctly but it’s impossibile to set it.
    i’ve tried all the configuration possibile in my head but don’t works.
    parameters i think are correct

    general camera RTSP
    URL: rtsp://camera-ip/ch0_0.h264 or rtsp://camera-ip/unicast
    Rtsp port: 554
    UN: empty
    PASS: empty

    where i make the mistake?

    many thanks


      • homerj81

        i’ve found a solution, with next configuration everything works

        URL: /unicast
        IP: ipcamera
        Port: 80
        PORT RTSP: 554

        now the challenge is to activate the possibility to record when camera see moviment

        • Batman

          Did you manage to solve the motion detection on qnap? For me, no chance, I have ts-220.
          Also, what is bigger problem, I can’t manage audio to work due recording on surveillance station.
          Do you have any suggestions???
          Thank you for an reply…

    • barneyonion

      Hi homerj81 could you give me instructions on how to setup RTSP view outside the home on LTE? I tried using No_IP and have a host name but do not know what address to use then to connect to the camera. I have assigned a static IP to the camera on my router and setup port forwarding at 554 already. I appreciate its unsecured but I do not care for now as its an outside location with no privacy issues. If the DEVs could create a password secured login that would be a big help as I want to config the device for remote access without using raspberry pi.

      • Milan

        Hi barneyonion,
        how can I create login/password for RTSP streaming?
        If I setup port forwarding at 554 a I can connect from LTE via VLC without login/password. – It is probably not very secure.

  • Brandon

    Hey Bobby

    Do you know of a way I can reset the camera and start reapplying the hacks from scratch? I tried using a new card and still no luck. It looks like it runs the old scripts.

      • Brandon

        Hm I tried the factory reset via SD card. Wiped the SD card and reloaded the image.

        Status page shows: “Script is already installed!” – does this mean it never wiped?

        Also, this is log:

        Thu Jan 1 00:00:05 UTC 1970 – /etc/fang_hacks.sh: Executing script (enabled: 1)
        Thu Jan 1 00:00:05 UTC 1970 – /etc/fang_hacks.sh: Waiting for cloud apps…
        Thu Jan 1 00:00:09 UTC 1970 – /etc/fang_hacks.sh: iCamera is running!
        Mon Oct 10 16:00:31 UTC 2016 – /etc/fang_hacks.sh: Starting boa webserver…
        Mon Oct 10 16:00:31 UTC 2016 – /etc/fang_hacks.sh: CGI scripts not found in /media/mmcblk0p1/bootstrap/www!
        Mon Oct 10 16:00:31 UTC 2016 – /etc/fang_hacks.sh: Failed to find hacks in /media/mmcblk0p2/data!
        mount: mounting /dev/mmcblk0p2 on /media/mmcblk0p2 failed: No such file or directory
        Mon Oct 10 16:00:31 UTC 2016 – /etc/fang_hacks.sh: Failed to find /media/mmcblk0p2/data!
        Tue May 30 21:53:16 UTC 2017 – /media/mmcblk0p1/snx_autorun.sh: Running (device: mmcblk0p1

        I can see all these files and folders via WinSCP using FTP connection. Does this mean my SD card is just corrupted?

      • Sandy

        Hi there, is there a way to manually configure the IP address of this camera? I want to change to default gateway so the camera cannot talk out of the LAN and want to set my own IP.

        The hack worked a treat – it means it can be now used in iSpy (using the VLC URL connection).
        Used a basic FTP server with an explorer interface to copy files into the camera.
        Thanks for this amazing hack.

  • Robert

    Bobby !

    Thank you for your work.
    Your documentation is very good.
    I could set all except time stamp.
    I had a not-working camera(in Europe) and I’m watching my camera video via VLC player.

    Thank you very much.


  • Gabriele

    Hi, very nice post, thank you for sharing!
    I managed to hack the cam and it’s working ok, I’ve just one problem: I can’t execute command “chmod +x snx_isp_ctl”.
    It appears that I can’t cd into root folder, every command line tool I tried starts from directory etc_default and inside that I can’t find the folders I need. Also I tried to change file permission through filezilla ftp but it return “Unknown command” error and doesn’t do it.
    How to resolve this? Thanks

  • Armin

    Thank you for the fantastic guide! I’ve got it working the way I want. Is there a way to password protect the stream (I have seen this on other rtsp streams)? If not is there a way to setup a web server (with password protection) and make that available to the internet? Ideally I would like to offer it as a webrtc stream to be able to use any browser.

    Again, many thanks


    • bobby Post author

      Thanks for the kind words.
      Unfortunately, I’m not aware of a means of password protecting the stream at this time. A more convoluted approach would be to have a VPN server on your router.

  • Gary

    Hi Bobby thanks for updating the post 🙂

    Anyways i have taken your advice and installed a VPN server on my router and have my android phone connected (was previously using port forwarding to access my camera outside of my network)

    I now have my phone connected to my home network, what is the easiest way to configure Tinycam now?

    Its a little embarrassing but I am a bit confused with the settings now, not sure what goes where lol

    I have used PPTP, no scripts just a very simple exercise and now am connected via 4g

    • bobby Post author

      Hi Gary,

      The settings on the post should work, as it did for me. Remember to set the camera vendor to Xiaomi and Model to XiaoFang. RTSP over UDP works best. Port should be set to 554.

      • Seb

        Hallo Bobby, cool blog really helpful. So I have hacked the cam. All working well but I still don’t know how to view live stream outside omy WiFi. There are some VPN solutions but my router doesn’t support it. I also don’t want to see the feed afterwards so how do I manage to see the outside my WiFi? Thanks!

        • bobby Post author

          Hey Seb,
          Another solution would be to install OpenVPN on any other computer (better yet, a Raspberry Pi) on your network and simply port forward from your router.
          I’m working on a guide for this very thing.
          Stay tuned!

          • Seb

            OK cool, have another question: cam doesn’t focus properly in mid to long view. I have already tried to change Res and bitrate with no success is this a bug in the cam or the hack? Thanks rgds seb

  • Chris

    Thanks to your guide I’ve managed to run two cams without any problem. I’m able to use my Synology NAS for recordings and for simplicity I use Tinycam when on Wi-Fi at home and Tinycam when using OpenVPN. It works flawlessly until today: One of the cams looses it’s video feed although the audio feed still works in Tinycam. Currently I need to reboot the cam every hour to get the video feed back online.
    Any idea where I should look for a solution?

  • Chris

    I get a NOK when trying to start/stop the rtsp-check.
    1) followed guide, used telnet
    2) started; no error, just NOK
    3) stopped, error:
    Stop script ’99-rtsp-check’…
    /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 1: : not found /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 4: : not found /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 6: { : not found /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 33: syntax error: unexpected newline (expecting “)”) NOK

    Any idea how to solve?

    • Cheesethief

      I would definitely try redoing the script from scratch, from the readout it sounds like somethings were not copied over correctly. I made things easier for myself by sticking the SD card into my Linux PC and editing the files from the terminal that way since I am much more comfortable using nano than vi for text editing.

      • Chris

        Ok, I consider myself the n00b here…
        This is as far as I can see the same / hence the copy-paste structure as it’s supposed to be.
        I use notepad++ for editing and I hope somebody sees the error I made; because I’ve got no clue!
        Contents of script ’99-rtsp-check’:


        pid=”$(cat “$PIDFILE” 2>/dev/null)”
        if [ “$pid” ]; then
        kill -0 “$pid” >/dev/null && echo “PID: $pid” || return 1

        echo “Starting rtsp-check script…”
        rtsp-check.sh /dev/null 2>&1 &
        echo “$!” > “$PIDFILE”

        pid=”$(cat “$PIDFILE” 2>/dev/null)”
        if [ “$pid” ]; then
        kill $pid || rm “$PIDFILE”

        if [ $# -eq 0 ]; then
        case $1 in start|stop|status)

  • Cheesethief

    Bricking the original camera I got from Zapals from a sale, I ordered a new one on ebay.

    The new camera that I got is supposedly one of these new unhackable ones with a MAC starting with 34. This camera is a little different in terms of looks. Instead of having a “reset button” style hole in the bottom, it is now an actual button. Markings (like SD CARD) are molded into the plastic instead of printed on it too. The rear arrow/house vent has less open holes in it, more of them are solid plastic than on the old one too.

    That all said, this camera came with firmware I hacked it using the standard method from the fanghacks github and everything went just the same as on the older hardware. So I think Samtap is right, all of these cameras are hackable, you just have to be patient and make sure you do not mess up any of the steps.

    • Tim

      Hi all,

      Just thought I would add my 2 cents.
      I bought 4x of the new version with MAC starting with 34 and firmware I DID NOT update the firmware to the current latest Followed the setup steps with MiHome_v4.0.11 to setup wifi. All is good. Running iSpy freeware to monitor/record cams.

      Thank you all for the good write up and general support! 🙂

  • Dennis

    The iOS app has been upgraded to version 3.18 recently. Xioami has added something new where they ask you to verify your purchase of the camera but sending them the bar code of the camera and an order confirmation.

    See: http://imgur.com/pkdy0rL

    Has anybody tried it yet?

    • Seb

      I have sent them the barcode and eBay screenshot let’s see maybe they will unlock it?? My cam is not working great beyond 0.5m everything is blurry so cam a bit useless. Already tried changing resolution etc without success. I have now bought vstar cam from AliExpress. Works like a charm with no hacks and same price. 🙂

  • Pauper

    Folks, I am struggling a lot. Got two Xiaofangs from Gearbest. Opened one of them boxes, connected cam1 to Mi Home app (version 4.0.1, to avoid Mainland China trouble) and updated the firmware of cam1 from to I wrote the .img. Fang Hacks script to a 4gb microsd, went to the scriptpage of cam1 and clicked Apply. Nothing happens. The page just flashes one time, but that’s it. Hm, decided to try the second cam I bought. Opened the box, checked the firmware (it was also and decided NOT to upgrade this time. Wrote the .img script to a 4gb microsd, went to the scriptpage of the cam and clicked Apply. BAM. The Fang Hacks script runs and all is good.

    I concluded that updating the firmware on cam1 to might have been the issue in the fact that the script somehow does not seem to run. So I decided to downgrade cam1 to (since all went well with cam2 running that script). After some troubleshooting I managed to do it. Cam1 was back to the firmware that I originaly received it with. I connected it to my Wifi via Mi Home app succesfully, wrote the .img Fang Hacks script to the microsd again, ran it and went to the Fang Hacks script page on cam1. I clicked apply, expecting the sript to continue succesfully, but that is not the case.

    Can anyone please tell me what is going wrong here and what I should do? Does it have to do something with the fact that I already ran the scipt once on version of the firmware before I retried it on version after downgrading the firmware?

  • Zomanyard


    I just got new camera with QRcode and MAC that started with 34. it running the latest firmware.
    Installed on my phone the mi home from google app store and was not able to connect the camera. after some time, I try to change my locale to chine, and then I was able to connect the camera
    of course, when trying to view the camera I got the “not working outside of china”
    so I download the 0.20.0 script and put it on sd card and turn on the camera and see that mi home can see the camera, but the LED is not solid blue. it flashing blue. and i’m getting 404 when trying to http://DEVICE_IP/cgi-bin/status

  • Pauper

    Hi people, I have a question. I have the script up and running in Wireless Client mode. Once I click ‘Disable cloud applications’ on the Status page and I reboot the cam, the time on my cam screen is off by -2 hours, while on the Status page the time and timezone show correctly. Any ideas what might be going wrong here? Will I not be able to check the ‘Disable cloud applications’ box now?

    Kind regards, Pauper

    • bobby Post author

      Add the [-P RTSP port] switch on the line with snx_rtsp_server with the desired port in the file /media/mmcblk0p2/data/etc/scripts/20-rtsp-server, I’m assuming that should do it.

  • Warhawk

    When i try to login i via Putty or WinSCP, i get the following error: “Incoming Packet was garbled on decryption”

    Googled around and set SSH version to 2 and moved blowfish to top, but no resolution.

  • Cristian

    Not sure if anybody noticed, in fang-ir-control.sh script posted on GitHub (and linked in this article) that is supposed to help with heat issues, there are conflicting comments for the same command (“gpio_ms1 -n 2 -m 1 -v 1”). Once comment says “filter movement enabled” (on “if [ $IR_ON -eq 1 ]” branch), the other comment says the opposite “filter movement disabled” (on “if [ $IR_ON -eq 0 ]” branch).

    At the beginning of the script the same command (“-v 1”) is said to “this causes increased current flow”, it is commented out and replaced by “-v 0”. On “if [ $IR_ON -eq 0 ]” branch, “-v 1” is the last command. I’m wondering if the calls to “-v 0” and “-v 1” need to be switched around on “if [ $IR_ON -eq 0 ]” branch.

  • belice

    First of all thank you for helping so many people. my problem is the next:
    My camera does not work and I do not know if I can jacke it. The led of the camera is blue blinking and the camera is left with the message of “connecting”.
    I can try to jacke it?
    Thank you

  • Roman

    Hello, installed hack on the camera of the new sample with MAC 34, and then pressed the button Disable cloud aplication, button Hacks enable is not active, after restarting the yellow led is illuminated, the camera is not working, help solve the problem. Thank you

  • Drake

    For some reasons, i can’t get rtsp to work when I change the resolution to 720p.
    It shows status = NOK

    It’s fine at 1080p though.

    • Drake

      Actually, i tried changing it back to the original file (1080p) just for the sake of testing.

      Now it won’t work at all. It just says status = NOK.
      I tried rebooting through the web interface as well as physical reboot.

      • Drake

        Fixed problem. When i edit the file using FTP, it does not work.
        It only works if i put it on linux and edit the file there.

  • Drake

    hello bobby, had a question regarding rtsp check service

    1. what do you mean by the touch before rtsp-check.sh?

    cd /media/mmcblk0p2/data/usr/bin
    touch rtsp-check.sh

    2. How do you make the file executable? do you put that command somewhere?
    do you rename rtsp-check.sh to chmod +x rtsp-check.sh?

    Then make the file executable.
    chmod +x rtsp-check.sh


    • Drake

      Hello Bobby, even after applying the RTSP check scirpt, i still get disconnected randomly.
      Happens sometimes wihtin a few minutes, sometimes it takes hours before disconnect.
      It will reconnect anyway after like 20 seconds but still, it’s unreliable.

      Followng the violet-ish image when IR is on, i still haven’t fixed it.

  • Bob2

    Bobby! Great info but my needs are modest and I really never understood putty and which com and which USB port and how can I connect to a serial port on a modern pc with only USB ports dammit lol

    So all I want is to use the damn xiaofang with the mihome app in the USA. I managed to get it to cooperate with apk 4.0.11 and vers 3 firmware. I have some naive questions.

    1) I connect ok on my home wifi network but when connected to outside public WiFi I cannot view what is on my cam even though apk says device online. Is this a limitation of the cam/app?
    2) the led light always flashes blue. Never solid. Will this prevent me using the hack if I need to?
    3) I really want motion detection. Does the hack support this?
    Thank you

    • bobby Post author

      The hack does not incorporate motion detection unfortunately. Also, you won’t be able to access the camera from outside your home network. You’ll need to port forward or install a VPN server such that you can access your home network in a secured fashion across the internet. I’ve written a guide here about just that.

  • Ted

    Awesome hack Bobby, much appreciated.

    Just one issue: The time stamp on RTSP stream showing different time compared to the one on “http://device-ip/cgi-bin/status” page.
    Looking closely, the RTSP stream is actually showing the UTC+0 time, while the status screen is showing my correct time zone.

    Can you help? What could have I done wrong?

  • Peter

    Hey, thanks for this tutorial. Great job…

    I’d like to ask if somebody managed to link this IP cam via RTSP to a QNAP Surveillance Station? What are the correct parameters? I tried a lot but no success so far.

  • gabi

    hello, i have 2 question: first i have router with only dhcp, can i put ip static on XF? and second i put rtsp check service with enable + start, i limiting for 6fps, i start ir-control – and result only 2-3 minutes work with rtsp after only sound, 1-2 minutes after i have video, 2-3 minutes again only sound…. can i fixit ? I have 4 camera and same ( i believe it is hot)

  • Ervin

    Dear bobby,

    I have implemented so many things, I am amazed.
    What I can see, that while recording on the sdcard, viewing through vlc increases the lags and freezes the video.
    Should I decrease more the resolution, the frame rate or both?

    What I am more interested is that is there any possibility to set the recording so it records 15min files and when it reaches 1Gbyte of recording overwrites the first video, then the second and so on?

  • Schmurtz

    After many test with different softwares, I share a good way to make timelaps with rtsp on your computer (Windows but should be very similar on linux) :

    Little script to creates jpg images in a folder with date, VLC command line :

    :: Use WMIC to retrieve date and time
    FOR /F “skip=1 tokens=1-6” %%A IN (‘WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Month^,Second^,Year /Format:table’) DO (
    IF NOT “%%~F”==”” (
    SET /A SortDate = 10000 * %%F + 100 * %%D + %%A
    SET /A SortTime = 10000 * %%B + 100 * %%C
    SET SortTime=0000000!SortTime!
    SET SortTime=!SortTime:~-6!

    :: Display the results:
    set now=%SortDate%_%SortTime%
    set now=%now%
    echo %now%

    :: Proceed with RTSP capture
    mkdir TimeLapseoutput5Mpix%now%

    “C:\Program Files (x86)\VideoLAN\VLC\vlc.exe” https://www.youtube.com/watch?v=2e_EwPdXWFs –video-filter=scene –sout-x264-tune=stillimage –sout-x264-lookahead=10 –dummy-quiet –vout=dummy –scene-ratio=10 –scene-format=jpg –scene-prefix=img- –directx-3buffering –no-directx-use-sysmem –directx-hw-yuv –direct3d-hw-blending –scene-path=TimeLapseOutput5Mpix%now% vlc://quit

    To assemble images into a video :
    mencoder mf://*.jpg -mf fps=25:type=jpg -ovc x264 -x264encopts bitrate=1200:threads=2 -o outputfile.mkv

    mencoder binaries here :

    mencoder seems to make better results than avi demux, ffmpeg or mpv.

  • Ivo

    Hi, how can I move the camera to a different router (different IP)? If I move the camera away from the current router I cannot login to change its settings to the new router.

  • Matthew

    Hi there! Thanks for you great job!
    I have a question – how to have recording direct to remote FTP, NAS or just shared folder (without remote recording at Linux-box)?

  • Marcelo

    Hello i bought one xiaomi ip camera and she is exactly this “models with the QR code at the bottom and the MAC address starting with 34”, Do not have some new way of working?

  • Ahmed

    the hack isn’t working on the new oval shaped mija 1080p camera. when you insert the SD Card nothing happens. If you reboot with the card inserted same thing. any suggestions?

  • Nico

    I’ve got one question. Does the camera need card all the time? I would like to use the camera only some hours a day, but when i restart or boot it, i have to place the card in an exacly time slot so that it would work, is that normal?

  • Fotis

    thanks for the guide ….
    I have a question .
    It is not playing with 3-4G (in Windows PC is perfect)
    I know the security isues about sending the stream over the web but i am trying to do a test (without VPN) .

    In Tiny Cam in camera status the drop frames are nearly 100% and dont have any image …(always through 4G)
    Can you tell me what is wrong ?

  • Nuno Carvalho

    Hi! Bobby, guys, seems the firmware is not available for download anymore, can anyone share or post a new link?

    Best regards.

  • Zth

    Hello, I need your help.
    I wanted to install the rtsp check. I created both files. they are executable. yet the script is NOK.
    Do you have a solution?
    I tested on two cameras and it’s the same.
    Thank you for your help.

  • cipp

    Hi Bobby,

    You wrote instructions how to write the image on the SD card but before you mention that we should follow the Github where it is said to create two partitions on the SD and copy some files to some partition and others to the second partition. Which are the steps here? Should we create the two partitions? On which partition we write the .img file. Can you please clarify to me this part?

    Thank you!

      • cipp

        I wanted to repurpose the sd card used with the fang hack and I formatted the card to MS DOS FAT (disk utility in mac) and now it has ~100 MB. I think is because of the two partitions previously created on it. Do you know how to format it to have the entire size?


  • Pete

    Hi, does this hack (sd card image, etc) work on the new Xiaomi DaFang? I want to stream this like my foscam to Tinycam Pro rather than going through the Xiaomi servers. Thanks.

  • Jeong

    I am a Xiaofang user in Korea.
    It was not easy to find information about hacking.
    Your friendly explanation has helped me a lot.
    Thank you.
    With respect.

  • Paul


    I am running Zoneminder on Ubuntu and wondering if it possible to get video and audio streaming from this camera, ffmpeg is the only way I can get it working at the moment with (rtsp:// but is ffmpeg images only? or am I missing something?

    Tinycam works with audio and video RTSP over TCP (MPEG/H264/H265) port 554


  • Geoff

    Great post and tutorial! I really appreciate you putting it together. I have one question and one suggested addition/edit to your post.

    First, the question. Why do you recommend updating the firmware on the camera? I am unable to find any value added (to the hack) of updating the firmware. Yet, for some cameras, updating the firmware prevents the user from being able to install the hack. I did not update and (so far) seem to have no problems.

    Second, I added the timestamp according to your instructions. Worked fine EXCEPT the time is +1 hours off. Seems that this is a common problem. I found a solution that worked for me here: https://github.com/samtap/fang-hacks/issues/78#issuecomment-307811377. If you have the time, it might be worth adding this to your next edit.

    Thanks again for a great post!

    • bobby Post author

      At the time of writing, there wasn’t a problem updating the firmware and using the hack – it would just work. However, I did mention the dangers of updating the firmware in my May Update (at the very top of the post.)
      Also, thank you for the suggestion and link with respect to the +1 hour issue, I’ll be sure to update my post with this info.

  • Brett

    Awesome guide thanks so much. I have updated my time zone and other things as per your guide. One question… I find the time stamp to be very small and pix-elated with your code. Is there any way to make this time-stamp text bigger in the video image?

    snx_isp_ctl –osdset-en 1 –osdset-datastr Date –osdset-ts 1 –osdset-template 1234567890./-:Date –osdset-gain 1 –osdset-bgtransp 0x1 –osdset-bgcolor 0x000000

    Thanks again!!!!!!!

  • Joe

    Bobby thanks for the great tutorial. I have a doubt… If i install tinycam on my shield tv and my cellphone, configure my camera on my tinycam’s shield tv and enable the web server with autentication to see the stream on my phone thought 3G / 4G, its secure? I mean… The stream will be available for anyone? There’s a way with this setup to configure properly? Sorry for the dumb question…

        • bobby Post author

          Not unless you want to port forward from your router, which I do not suggest you do as the the RTSP stream does not support authentication – And even if it did, I still wouldn’t suggest it. I would check your router, some actually support running a VPN server out the box or through modified firmware like DD-WRT, OpenWRT, or Tomato. I’m not sure why you mention cost as being an issue, a Raspberry Pi is relatively cheap or invest in a router that supports VPN.

  • Alexey

    Hello. You can connect this camera to write to a memory card (USB) installed in the router. For example, MikroTik hAP (RB951Ui-2nD). Also, so that you can simultaneously view the network video stream. And all this without an Internet network – only in your local network or VPN network? Thank you.

  • fortnite hack

    Hello there I am so delighted I found your website, I really found you by mistake,
    while I was browsing on Digg for something else, Anyways I am here now and would
    just like to say kudos for a incredible post and a all round interesting blog (I also love the theme/design), I
    don’t have time to browse it all at the minute but I have book-marked it and also added your RSS feeds, so when I have time I will
    be back to read more, Please do keep up the awesome work.

  • victor

    Fantastic write up my man. It’s so clearly written. I’ve even invested in a Raspberry Pi and learned some basics in Raspbian. Thanks so much for this!! One question:
    I’m recording to my raspberry pi via ffmpeg command that you wrote, is there a way to max out the recordings and loop back without having to delete files? (i.e. say i have a 32gb Raspberry Pi and I want to max. out recordings to take up 20 gigs. and leave the remainder to other stuff on the microSD. Is there a command to do so?)

  • Sergey

    Hello! Is any way to record audio besides video with ffmpeg?

    I run it with the following parameters:

    “D:\camera\ffmpeg” -rtsp_transport tcp -i rtsp:// -map_metadata 0 -metadata:s:v rotate=”-90″ -vcodec copy -b 64k -acodec pcm_s16le -an -t 00:01:00 D:\camera\video\video-%sDateTime%.mp4

    The input receives 2 streams (video # 0: 0 and audio # 0: 1). But the output is only # 0: 0.

  • Epix

    Hello, i really like this hack and i will probably buy this camera, but i wanted to ask if its possible to use it with 30 fps. And if yes, is it stable? I want to use it for streaming to facebook, so more like webcam and >=30 fps is important to me.
    Thanks for replu

  • emersonvier

    Hi I need some help,

    1 – Power camera Led start on Yellow after few seconds Yellow and Blue after few seconds blinking Blue so I saw camera connect on my WiFi network(I check my Router and Ping the camera).
    2 – I Insert the Card with image ( I used the Win32ImageDisk and Etcher ) I cant listen any click
    3 – I can not get the pages:
    3.1 –
    3.2 –

    I change the Card to new one still the same problem.

  • Luis Miguel


    Is there any way to get individual .jpg images with this hack? I’m trying to integrate it with my Fibaro home system, but they don’t support rtsp. They are supporting just mjpeg and jpg images.

    Any tip?

    • Julian

      Yes via a round about way. Install tinycam on a spare Android phone and enable the web server. Look at the API help and you can find a link for JPG.

  • Dilan

    Best writeup ! More details even than the fang hacks readme !
    All steps worked with no issues (did not try adding the button).
    Thanks Mate.

  • Nick

    I’m encountering a strange behavior with Remote Recording with FFMPEG. In particular every time at capture_026 I get this error:
    “av_interleaved_write_frame(): File too large
    [segment @ 0x2f4fe10] Failure occurred when ending segment ‘/media/pi/NIKI/recordings/capture-026.mp4’
    Error writing trailer of /media/pi/NIKI/recordings/capture-%03d.mp4: File too large
    frame=670995 fps= 13 q=-1.0 Lsize=N/A time=13:49:28.97 bitrate=N/A speed= 1x
    video:52054138kB audio:388778kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
    Conversion failed!”

    In addition I noticed that file size changes: for example from capture-000 to capture-009 is around 500 MB, from capture-010 to capture-025 is 2.5 GB and capture-026 is 4 GB…

    What could it be?
    Thanks in advance

  • jamissr

    it is normal that you have to take out the SD card and re-insert after wifi connection even after the hack is successfully applied? i have 2 of these and both of them work fine except that if i reboot the cameras i have to do so with the SD card out, and then re-insert once its fully booted up. If i dont i get the following error:
    Error: Nothing is mounted on /media/mmcblk0p2!
    and a manual mount is unsuccessful.


  • K

    Great writeup Bobby. I am currently struggling to apply your methods when accessing telnet. Can you elaborate a little more on that topic? For example, I am trying to apply the “heat fix”, but when I get into telnet, I am not sure what to type.


  • Jan

    Great job dude,everything looks awesome,
    but sadly my cam is only showing “ERR_CONNECTION_REFUSED” when opening in chrome.

  • Andrei

    Got the patches applied, however stuck at ffmpeg remote recording. Can you please help me? that’s my first experience with ffmpeg. I’m running Lubuntu 16.04. I’m trying to capture the picture without a sound, looks it doesn’t take H264 stream. Thank you in advance!

    user@user-VirtualBox:~/cam$ sudo ffmpeg -stimeout 600 -rtsp_transport udp -i rtsp:// -c copy -an -map 0 -f segment -segment_time 3600 -segment_wrap 100 -segment_format mov ./capture-%03d.mp4
    ffmpeg version 2.8.14-0ubuntu0.16.04.1 Copyright (c) 2000-2018 the FFmpeg developers
    built with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.9) 20160609
    configuration: –prefix=/usr –extra-version=0ubuntu0.16.04.1 –build-suffix=-ffmpeg –toolchain=hardened –libdir=/usr/lib/i386-linux-gnu –incdir=/usr/include/i386-linux-gnu –cc=cc –cxx=g++ –enable-gpl –enable-shared –disable-stripping –disable-decoder=libopenjpeg –disable-decoder=libschroedinger –enable-avresample –enable-avisynth –enable-gnutls –enable-ladspa –enable-libass –enable-libbluray –enable-libbs2b –enable-libcaca –enable-libcdio –enable-libflite –enable-libfontconfig –enable-libfreetype –enable-libfribidi –enable-libgme –enable-libgsm –enable-libmodplug –enable-libmp3lame –enable-libopenjpeg –enable-libopus –enable-libpulse –enable-librtmp –enable-libschroedinger –enable-libshine –enable-libsnappy –enable-libsoxr –enable-libspeex –enable-libssh –enable-libtheora –enable-libtwolame –enable-libvorbis –enable-libvpx –enable-libwavpack –enable-libwebp –enable-libx265 –enable-libxvid –enable-libzvbi –enable-openal –enable-opengl –enable-x11grab –enable-libdc1394 –enable-libiec61883 –enable-libzmq –enable-frei0r –enable-libx264 –enable-libopencv –disable-i686
    libavutil 54. 31.100 / 54. 31.100
    libavcodec 56. 60.100 / 56. 60.100
    libavformat 56. 40.101 / 56. 40.101
    libavdevice 56. 4.100 / 56. 4.100
    libavfilter 5. 40.101 / 5. 40.101
    libavresample 2. 1. 0 / 2. 1. 0
    libswscale 3. 1.101 / 3. 1.101
    libswresample 1. 2.101 / 1. 2.101
    libpostproc 53. 3.100 / 53. 3.100
    [rtsp @ 0x91bc600] Could not find codec parameters for stream 0 (Video: h264, none): unspecified size
    Consider increasing the value for the ‘analyzeduration’ and ‘probesize’ options
    Guessed Channel Layout for Input Stream #0.1 : mono
    Input #0, rtsp, from ‘rtsp://’:
    title : LIVE555 Streaming Media v2014.07.04
    comment : LIVE555 Streaming Media v2014.07.04
    Duration: N/A, start: 0.000000, bitrate: 64 kb/s
    Stream #0:0: Video: h264, none, 90k tbr, 90k tbn, 180k tbc
    Stream #0:1: Audio: pcm_alaw, 8000 Hz, 1 channels, s16, 64 kb/s
    [segment @ 0x9201e80] dimensions not set
    Output #0, segment, to ‘./capture-%03d.mp4’:
    title : LIVE555 Streaming Media v2014.07.04
    comment : LIVE555 Streaming Media v2014.07.04
    Stream #0:0: Video: h264, none, q=2-31, 90k tbr, 90k tbn, 90k tbc
    Stream mapping:
    Stream #0:0 -> #0:0 (copy)
    Could not write header for output file #0 (incorrect codec parameters ?): Invalid argument

  • Tamas

    First of all, thank you for the guide – it is most helpful.
    I managed to set up 24/7 recording on the SD card, by recording 1 hour segments and concatenating them daily into a single file with ffmpeg and cron. I must note that I set the resolution 720p to lighted the strain, but happy to share the scripts if someone interested. This gives me about two weeks of footage on a 16GB card before the cleanup script kicks in and starts removing old recordings to make space for the new ones.

    On the other hand, I’d like to view these recordings more easily – I’ve been looking around, but couldn’t find a tangible way to set up DLNA on the device. While FTP is available, it isn’t the most convenient and I’m not the fan of playing them in a browser. If nothing else, I might settle for that though.

  • Stephen Thy Lawrence

    Thank you so much for sharing, mine is working fine. But there is a small problem with the m3u8 player, seems the player could not run the TS files. I think it is ok to save as mp4. Also I don’t know how to Chmod by Filezilla, its not working, SSH is working fine.

  • Warhawk

    Is it possible to disable the sound. I notice it when i play the stream in VLC. I suppose it will help reducing the network traffic a bit too.

  • Майкл

    Hello, my RTSP is crashing everyday: Status “NOK”. I tried your RTSP-Check-Service. But when i try enabling this service i get Status NOK for the Check-Service. When i click on Stop i get: “/tmp/www/cgi-bin/scripts: line 65: /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: not found NOK”. Im able to diable this service again. Enabling it give me same issue. Also rebooting camera didnt helped. Hope someone can help me. Thanks in advance.

  • Alz

    Thanks for this informative write up.
    I have tried to implement the RSTP check and would appreciate some assistance as I get the following error:
    /media/mmcblk0p2/data/etc/scripts/99-rtsp-check: line 33: can’t create : nonexistent directory

  • Ben

    I got audio recording working with the recording mods my changing the ffmpeg command slightly:
    $($FFMPEG_PATH/ffmpeg -nostdin -rtsp_transport udp -i rtsp://localhost/unicast -c:a ac3 -c:v copy -hls_time 60 -hls_list_size 0 $RECORDINGS/$filename 2>/dev/null 1>&2&)

  • Xiaomi Specification

    I have to thank you for the efforts you have put
    in writing this website. I am hoping to check out the same
    high-grade content by you later on as well. In truth, your creative writing abilities has inspired me to get my own, personal blog now 😉

  • Ivanov Yury

    Hi friend, I do not understand this well, but I would like to know how to change the FPS on the camera, please write step by step how to do this, do I need to do it over the network to the camera or from a sd card?

  • Al

    Hi Bobby

    Thanks for the great job with the hacks

    awesome camera, unfortunately wifi here in Spain is very congested

    I wonder if there are any chances to get:
    – ethernet wired connection with an ethernet USB dongle
    – openvpn client directly in the camera firmware
    – somehow tcpip over usb
    – pptp over tty ?
    camera feed over tty
    – usb camera mode

    Yes, I understand that I can connect vpn on the router but it’s not worth it economically especially with wifi cameras as i need to put a router 3-5 meters from each camera so they work more or less like wired, not disconnect all the time
    and for 35EUR I can get onvif rtsp openvpn cameras

    And also – will it work with smarthome cams ?

  • Dan

    Thanks for your code works great but the only problem i found is that i cant play or download the Video files.
    What can i do to download the files?

    • Alvin

      anyone able to flip the image by entering this snx_isp_ctl –mfset-mode 1? mine did nothing after putting this line in. can anyone help? i suppose it to be very direct just put in this line after the resolution setting.

    • Alvin


      pid=”$(cat “$PIDFILE” 2>/dev/null)”
      if [ “$pid” ]; then
      kill -0 “$pid” >/dev/null && echo “PID: $pid” || return 1

      echo “Starting RTSP server…”
      snx_rtsp_server -W 1280 -H 720 -Q 10 -b 2048 -a >$LOG 2>&1 &
      snx_isp_ctl –mfset-mode 1
      echo “$!” > “$PIDFILE”

      pid=”$(cat “$PIDFILE” 2>/dev/null)”
      if [ “$pid” ]; then
      kill $pid || rm “$PIDFILE”

      if [ $# -eq 0 ]; then
      case $1 in start|stop|status)

      flip not working. can anybody help? i added snx_isp_ctl –mfset-mode 1 but it does not do anything.

  • Alex Egas

    and so amidst the corona pandemic, i remember this thread! it worked then well probably but i went for the app without hacks. now i want to reinstall these old xiomi cams, does this still work? i have the chinese version and never updated the firmware as this was advised by the seller.
    used tostream in vlc without trouble in 2016…

    is it still working is there something else available. i am a word user on a mac with littleknowledge of the processes that run on my mac 10.14

    many many thanks in advance!! greetz alex from bali’

  • RomeraFan

    Hey Bobby,

    Do you happen to know how the Xiaomi/Mi mobile app streams the camera when you’re not in the internal network by default? Presumably when the phone and camera are connected to samfe wifi and are internal, it will act as two devices within a VPN.

    But how does the app stream from the cam when it is outside of the router? Assuming all is well, there should not be any open port in the router, how does the app communicate with the camera?

  • Cidi Rome

    Hi. There.

    Any chance that there is an hack like this (or even this one) for Xiaomi Mijia IMILAB Xiaobai H.265 1080P Smart Home IP Camera (appears at Mi Home as IMILAB Home Security Camera Basic) bought at https://www.banggood.com/International-Version-Xiaomi-Mijia-IMILAB-Xiaobai-H_265-1080P-Smart-Home-IP-Camera-360-PTZ-AI-Detection-WIFI-Security-Monitor-from-Xiaomi-Eco-system-p-1450083.html
    I bought it not knowing that this cameras don’t work as all the IP cameras I’ve used before, that I can’t connect directly to it using RTSP or something similar and I really don’t trust the web based APP they provide.


  • Alfa

    Thanks for your guide, everything worked great except I cannot get the infra red to stop. It only stops for a second then turns back on every night. I have tried disabling the 21-ir-control service, starting, stopping, even rebooting but it just keeps running. Could someone please help?

  • Tom

    Hi, I have Xiaomi MI 360 Camera and after I put prepared microSD card, I didn’t hear any sound. Also I can’t access to camera via provided IP address. Is there any solution for that?