RTSP hack a $15 Xiaomi WiFi IP Camera

Written by tomac | Published 2017/11/10
Tech Story Tags: hacks | xiaomi | linux-tutorial | rtsp-hack | xiaomi-wifi-ip-camera

TLDRvia the TL;DR App

For Xiaomi, avoiding copycat accusations is hard and it is not called “Apple of China” for nothing. One example is its IoT camera for home automation, the Xiaomi XiaoFang WiFi Camera 1080p originally sold by iSmart as a $99 product now sold re-branded as Xiaomi at a much lower price, but with one major downside, is linked to its Xiaomi Home system and restricted to some markets

XiaoFang Camera

Unfortunately the product is not supported outside China, so it is only possible to control from the Chinese version of Xiaomi app.

But thanks to the work of some hackers have managed to turn this IoT camera into a non-IoT generic WiFi camera supporting the standard RTSP protocol.

In addition the hack allows to stop the services that connect to the Xiaomi infrastructure so you can be confident that video or any other data is not sent to the Chinese cloud.

Beware, there is a newer version of the Xiaomi Xiao Fang camera under the name Xiaomi Dafang. This is a bit larger, adds a motor function to remotely control the camera’s point of view. It has no country limitations in the Xiaomi cloud. However, there is still no hack to use as a RTSP camera, although there are people porting Dafang-Hacks and a telnet/ssh shell is working.

The camera $15 Xiao Fang can be bought in online stores that allow to acquire products from the Chinese market, such as DX.com.

Applying the Fang Hacks is very easy, it is only necessary to copy the project files to a micro SD card and insert it into the camera. After this execute the script from the web UI to free camera from the cloud.

Fang Hacks

samtap/fang-hacks_fang-hacks - Collection of modifications for the XiaoFang WiFi Camera_github.com

The installation:

- Proceed to the release page to download the latest SD-Card Image archive- Unzip the SD-Card Image file- Use a tool such as Win32 Disk Imager to perform a raw copy of the fanghacks_vx.x.x.img to a micro-SD card.- Power up the XiaoFang- Insert the micro-SD card. If you hear "ting-ting" shortly after, you can proceed to:

http://device-ip/cgi-bin/status

- Finally, click on "Apply" button to apply the hacks.

Again, proceed at your own risks!

Running fang-hacks

I applied it to my camera after updating it to the latest firmware currently available and now have a working VLC using RTSP:

rtsp://device-ip/unicast

1080p H264

VLC Playback

From here you can use any open source DVR product (ZoneMinder, Shinobi, iSpy, …). A clever trick is to feed power to this camera from a power bank to turn it into a portable remote spy-camera that you can watch from your android smartphone using VXG RTSP Player, RTSP Camera Viewer or Android VLC.

Summer 2018 UPDATE: Currently Xiaofang camera is not manufactured anymore and is sold out in most stores. I recommend reading about the Xiaomi Dafang successor IP camera that can also be rooted and hacked.

Published by HackerNoon on 2017/11/10
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy