Setting up the XiaoMi XiaoFang Security Camera

Tuesday, July 11, 2017

The XiaoMi XiaoFang is an excellent budget indoors security camera. The only catch is that XiaoMi has attempted to make it harder to use outside of China. This post will help you get around the georestriction and customize the XiaoFang.

Changelog:

  • Wednesday, August 24, 2022: added more steps on setting up time, timestamp overlay, RTSP check
  • Friday, July 14, 2017: added link to IP Cam Soft Lite (iOS app)
  • Thursday, July 13, 2017
  • : made v3.0.3.56 firmware copy to microSD clearer + a screenshot.
  • Wednesday, July 12, 2017
  • : added app configuration details, added recommendation to disable cloud applications (after changing mode to Wireless Client) since the official MiHome app doesn’t allow you to access the camera from outside your network until XiaoMi decides to fix this.

The last good firmware version of the XiaoFang Camera is v3.0.3.56. The last good MiHome app version is v4.0.11. If you’re already on these versions, do not upgrade.

Anything newer than the above versions will result in the risk of the camera not being accessible via the MiHome app outside of China.

From hereon in, the XiaoFang camera will be referred to as “XF”.

Prerequisites for this guide:

  • microSD card (I’d say at least a 4GB card, go with a larger one just to be safe and to double as storage media for the XF)
  • A computer running Windows/Mac/Linux
  • WiFi access
  • A XF security camera
  • An Android device

Getting Started

Download: MiHome v4.0.11 APK

  1. Plug in your XF
  2. Install MiHome v4.0.11 on your Android device
  3. Open Play Store, search MiHome, press options and disable auto-update
  4. Open MiHome
  5. Select Mainland China
  6. Create a new account
  7. On the “My Devices” tab, press the + icon in the top-right corner
  8. Tap “Add device”
  9. Tap “Add camera products”
  10. Tap 小方智能摄像机 (not iSmartAlarm Spot HD Video Camera, even though they have the same thumbnail image)
  11. On your XF, press the button as indicated in the app
  12. Tick the checkbox near the bottom of the screen
  13. Tap Next
  14. Connect to your WiFi
  15. Hold your phone up to the XF to let it scan the barcode, hold until the XF makes a different announcement and tap Next
  16. Wait for the progress bar to go to ~75%, where it should go up rapidly to 100%. If you see a “Timeout” message please try again. If it’s repeatedly timing out, try unplugging your XF and plugging it in again and start from #7.
    1. If no luck, you will perhaps need to downgrade to v3.0.3.56. Skip to the next section.

At this point, you can optionally log into your router and assign your XF a static DHCP address so that its IP address remains constant.

Flash Fang Hacks onto microSD

Download: XiaoFang v3.0.3.56

Download: Fang Hacks (as of the time of this writing the latest version is v0.2.0)

  1. Put Fang Hacks on a microSD card (below steps credited to Bobby Romeo; while the link is a good read, contrary to what it states, DO NOT upgrade your firmware):
    1. Windows
      For Windows we can use a tool called Win32DiskImager. Download this small executable and proceed with these instructions while writing the file fanghacks_v0.2.0.img to the card.
    2. Mac OS X
      You’ll need to get to the command line and proceed as follows. To list the disks currently connected:

      diskutil list

      Next locate the target disk/card (assume disk2 for this example) and un-mount the disk.

      diskutil unmountDisk /dev/disk2

      Then write the image.

      dd if=/path/to/fanghacks_v0.2.0.img of=/dev/rdisk2 bs=1m
    3. Linux
      On Linux, very similar to Mac OS X, get to the command line with Terminal App and proceed as follows (assuming your SD card is sdb.)

      dd if=/path/to/fanghacks_v0.2.0.img of=/dev/sdb bs=1M
  2. Note: If you’re wondering why we’re flashing Fang Hacks even if you might not necessarily use it: it nicely partitions the microSD card for us in order to properly load the v3.0.3.56 in the event we need to downgrade our camera to bypass the georestriction.
  3. Once the microSD is flashed with Fang Hacks, extract the XiaoFang v3.0.3.56 firmware to the “mmcblk0p1” folder on the microSD card. You’ll know if you did it correctly if the “cramfs-root” folder is in the same folder as the “bootstrap” folder as shown in the screenshot below.

Downgrading the XF to v3.0.3.56

Skip this section if you were able to successfully set up the XF in the Getting Started section and are able to stream from your XF.

If not:

  1. Unplug the XF
  2. Using the microSD card we prepared in the section above, insert it into the slot in the XF (it will lock in place, if you want to take out the card just gently push it in and it should pop back out)
  3. Hold down the Reset button on the XF while plugging it in
  4. Continue to hold down the Reset button. Don’t let go when you hear the voice prompts! Only let go when the orange LED light stops blinking.
  5. Follow the steps in the Getting Started section to hopefully pair your phone with the XF
  6. If it still fails (i.e. times out), unplug the XF, plug it back in again, then attempt again.
    1. IMPORTANT: only unplug the XF after the orange LED light stops blinking AND you’ve attempted the pairing process at least once. If you unplug it while it is downgrading the firmware, you’ll end up bricking the XF.

By now you should be able to view your XF camera via the MiHome app. Feel free to explore the settings in the app to further customize your XF (e.g. motion detection, night vision, etc). You can also confirm whether or not the downgrade was successful by going to your camera and “checking for updates” (but do not upgrade).

Note: if your camera is pointing out a window, you will probably want to disable night vision (MiHome => Camera Settings => disable Night Vision).

Exploring Fang Hacks

Fang Hacks is a collection of different hacks for the XF, and adds customization and privacy while sacrificing some native features provided by the MiHome app.

It’s extremely handy because if you do not want to use the XF with Fang Hacks, simply take out the microSD card and reboot your XF. It will then be accessible via the MiHome app. Otherwise to use Fang Hacks the microSD card will need to be in the slot at all times.

The below steps will:

  • implement all fixes/updates to Fang Hacks since the release of v0.2.0. If there is a newer version released you can probably safely skip steps 6 through to 16 below.
  • change the video resolution from 1080 to 720, and lower frame rate to 15 fps, for increased responsiveness
  1. Plug your XF into a power source
  2. Insert the microSD card
  3. Once you hear two chimes go off, go to http://**yourXFipaddress**/cgi-bin/status, where yourXFipaddress can be found via your router (connected clients)
    1. Occasionally the two chimes won’t go off. In this case, 10 seconds after inserting the microSD, go to http://**yourXFipaddress**/cgi-bin/status to see if you can access it.
  4. Click on the “Apply” button to enable Fang Hacks
  5. The page will refresh. NEVER tick “Disable cloud applications” unless you have set the XF to Wireless Client or Hotspot mode.
  6. Go to https://github.com/samtap/fang-hacks
  7. Click on “Clone or download” and click on “Download ZIP”
  8. In your favourite FTP client (mine is FileZilla), connect to **yourXFipaddress**, port 22, username: root, password: ismart12
    1. Alternatively you can also SSH or Telnet into the XF:
      1. ssh root@**yourXFipaddress**
      2. telnet **yourXFipaddress** 2323
        1. username: root, password: ismart12
  9. In the ZIP file, navigate to the “bootstrap” folder
  10. In your FTP client, navigate to /media/mmcblk0p1
  11. Upload the contents of the ZIP file’s “bootstrap” folder into the mmcblk0p1 folder, overwriting existing files
  12. In your FTP client, navigate to /media/mmcblk0p2/usr/bin
  13. Overwrite fang-ir-control.sh with the ZIP file’s fang-ir-control.sh file located in \fang-hacks-master\data\usr\bin
  14. In your FTP client, navigate to /media/mmcblk0p2/etc/scripts
  15. In 01-network, add source /media/mmcblk0p2/data/etc/profile on a new line after source /etc/fang_hacks.cfg
  16. To change the video resolution from 1080 to 720 (skip this step if you don’t want to):
    1. In 20-rtsp-server, add a # before snx_rtsp_server -W 1920 -H 1080 -Q 10 -b 4096 -a >$LOG 2>&1 & so that it appears as: #snx_rtsp_server -W 1920 -H 1080 -Q 10 -b 4096 -a >$LOG 2>&1 &
      1. Immediately below this line, add a new line with: snx_rtsp_server -W 1280 -H 720 -Q 10 -b 2048 -F 15 -a >$LOG 2>&1 &
  17. Go to http://**yourXFipaddress**/cgi-bin/network
  18. Tick “Wireless Client
  19. Select your WiFi network and enter your network password
  20. Click on Connect
  21. Click on Apply
    1. As mentioned earlier above, I recommend you log into your router and assign your XF a static DHCP address so that its IP address remains constant
  22. Go to http://yourXFipaddress/cgi-bin/scripts
    1. If your camera is pointing out a window, click on Disable for the 21-ir-control service, which will disable infrared
    2. I recommend disabling the 10-telnet, 11-dropbear, 12-ftpd services if you do not use Telnet, SSH and/or FTP, respectively. Doing so will also free up some extra CPU/memory. You can always re-enable them if you need these services.

In addition to the above steps, since the MiHome app does not (yet) function properly in that it does not allow you to access the XF outside of your network, I have disabled cloud applications for added privacy by going to http://**yourXFipaddress**/cgi-bin/status, ticking “Disable cloud applications” and clicking on “Apply“. I am able to do this because in the above steps (#17-21), we have set the XF to be a Wireless Client. You cannot do this if on the Network page it is set to “Cloud” (which it is by default).

There is some risk to disabling cloud applications (i.e. if your router dies). An alternative to this is to set your router firewall to block WAN (Internet) access for the XF.

If you ever need to move your XF to a different WiFi network, remember to go to http://**yourXFipaddress**/cgi-bin/status and untickDisable cloud applications“, then go to http://**yourXFipaddress**/cgi-bin/network and tick “Cloud” and click on apply. Once set up on the new WiFi network and the XF is set to Wireless Client or Hotspot mode, you can disable cloud services again.

If you run into any issues, please read this FAQ entry, the important part copied here for posterity:

Therefore it’s required to first configure the wifi: “Wireless client” or “Access-point” mode on the network page (NETWORK_MODE=1|2). Note that you will be locked out of the device if the wifi connection fails after a reboot. In case of wireless-client mode, you must first connect to the network (and re-open the network page in case the device changes IP address) before the settings can be applied. Once applied, the “Disable Cloud” checkbox on the status page will become available. But, please make sure your wifi settings work by rebooting a couple of times! If you run into issues you can simply remove the sdcard and reboot: the cloud apps are still enabled and without sdcard the network script is not present so will not override wifi configuration. Once you’re happy, you can check the “Disable cloud” checkbox to prevent cloud apps from starting (DISABLE_CLOUD=1).

If for some reason things don’t work out for you, there’s a simply recovery method: in the bootstrap folder rename fang_hacks_rescue.cfg.tmpl to fang_hacks_rescue.cfg. This file is copied on boot and restores the default settings. So you need to reboot twice: first to copy the file, then a fresh reboot to use the restored settings. Note that in both “Wireless Client” and “Access-point” modes, the config files reside on the sdcard (wpa_supplicant.conf, hostapd.conf, udhcpd.conf in etc folder of data partition) so they can be edited offline. In case you’re not able to access ext2 partitions, there’re tmpl files for these configs in the bootstrap folder as well: modify as required and remove the tmpl suffix to have them copied when the device boots.

Timezone

For Toronto: EST5EDT,M3.2.0,M11.1.0

To fix timestamp display:
vi /media/mmcblk0p2/data/etc/scripts/02-ntpd

Below line “echo “Starting ntpd…”” add:
ntpd -q -n $NTPD_OPTS && hwclock -t

Add Timestamp to RTSP Stream

SSH into the XF and run the following commands:
cp /media/mmcblk0p2/data/test/snx_isp_ctl /media/mmcblk0p2/data/usr/bin/
chmod +x /media/mmcblk0p2/data/usr/bin/snx_isp_ctl
cd /media/mmcblk0p2/data/etc/scripts
vi 20-rtsp-server

Insert the following after the snx_rtsp_server line:
snx_isp_ctl –osdset-en 1 –osdset-ts 1 –osdset-template 1234567890./-:Date –osdset-gain 2 –osdset-bgtransp 0x1 –osdset-bgcolor 0x000000

Restart RTSP Server via scripts page

Apply RTSP Check Script

In the following directory, create a file called: rtsp-check.sh
cd /media/mmcblk0p2/data/usr/bin
touch rtsp-check.sh

And put the contents that follows:
#!/bin/sh

while true; do
if pgrep -x “snx_rtsp_server” > /dev/null
then
:
else
/media/mmcblk0p2/data/etc/scripts/20-rtsp-server start
fi
sleep 2
done

Then make the file executable.
chmod 755 rtsp-check.sh

Next move to a different directory and create a file called: 99-rtsp-check
cd /media/mmcblk0p2/data/etc/scripts
touch 99-rtsp-check

Now put the below in that file.
#!/bin/sh
PIDFILE=”/var/run/rtsp-check.pid”

status()
{
pid=”$(cat “$PIDFILE” 2>/dev/null)”
if [ “$pid” ]; then
kill -0 “$pid” >/dev/null && echo “PID: $pid” || return 1
fi
}

start()
{
echo “Starting rtsp-check script…”
rtsp-check.sh </dev/null >/dev/null 2>&1 &
echo “$!” > “$PIDFILE”
}

stop()
{
pid=”$(cat “$PIDFILE” 2>/dev/null)”
if [ “$pid” ]; then
kill $pid || rm “$PIDFILE”
fi
}

if [ $# -eq 0 ]; then
start
else
case $1 in start|stop|status)
$1
;;
esac
fi

Fang Hack Apps

With your XF using Fang Hack, you can connect to it over RTSP. You can look for any apps/programs that support this protocol, such as Tinycam or Contacam. You can also look into setting up VPN on your network so you can access your XF when you’re not at home.

Links:

Out of the above list, I am using tinyCam on my Android device and iSpy on my laptop.

Setting up tinyCam

  1. Install tinyCam
  2. Add a camera
    1. Camera name: *anything you like*
    2. Camera vendor: Xiaomi
    3. Camera model: XiaoFang
    4. Hostname/IP address: your XF IP address
    5. Protocol: RTSP over UDP (MPEG/H264/H265)
    6. (optional) Advanced settings => Image rotation: Rotate 90 degrees clockwise
  3. Go to hamburger menu => Settings =>Video settings => change the H.264/H.265 decoder to “Hardware (Android 4.3+)
    1. If the camera stream is worse or doesn’t work, change it back to “Software

Setting up iSpy

  1. Download and install
  2. Run iSpy
  3. Click on Add
  4. Click on the FFMPEG (H264) tab
  5. In the URL field, paste in: rtsp://**yourXFipaddress**/unicast
  6. For RTSP Mode, select UDP
  7. Click OK
  8. You’ll be brought to a new dialog window where you can further customize the camera (e.g. name, timestamp, motion detection, etc)