Hacking a $30 IoT camera to do more than it’s worth.

Tomas C.
Tomas C.
Feb 28, 2018 · 4 min read

The Xiaomi Dafang IP camera is a indoor motorized WiFi camera capable of 1080P resolution and decent night-vision, its price is cheap but in exchange you are tied to the Xiaomi’s Mi Home App & Cloud.

The Xiaomi Dafang IP camera is the successor of the $15 Xiaomi Xiaofang Camera and continues the line of Xiaomi’s range of quality inexpensive IP cameras. The new model comes with a set of new features: better image quality, MicroSD Port, a rotating gimbal, on the back a USB port which can be used to charge other devices, and a variety of alarm sensors and more. In this post, we take a closer look at camera CFW alternative open source firmware install.

For the lowest price (shipped from China), check out the usual retailers like Gearbest Xiaomi Dafang or Dealextreme Xiaomi Dafang (extra 5% coupon code for a better price, DX coupon: APRBRAND).

Out-of-the-box Limitations

Xiaomi has imposed a few limitations on this camera out of the box as camera footage only viewable through the MiHome app and a MiHome account is required.

Fixing the Limitations

EliasKotlyar on GitHub has released a collection of modifications (CFW) for the camera: https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks

The CFW contains of two parts:

The Custom-Firmware, which alters the original firmware to boot from microsd. It needs to be flashed instead of the original firmware. This part does not contain any custom software, its just allows you to boot from microsd. You will have to do this only once.

The CFW-Files, which contains the custom-software. You will have to install them onto your microsd-card after you completed before. You can modify this part easily by changing the files on the microsd.

Can i revert the firmware back to the original one? Yes, you can. However there is no need to revert it back. If your SD-Card does not contain the CFW-Files, you will just boot the original software.

How to flash CFW?

Download CFW-Binary. https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/blob/master/hacks/cfw/cfw-1.3.bin

Ensure that the downloaded File-size is something about 11.1MB .

That’s it.

Which Features does the CFW contain?

  • Full working RTSP with H264/MJPEG. Based on https://github.com/mpromonet/v4l2rtspserver
  • SSH-Server(dropbear)
  • FTP-Server(bftpd)
  • Webserver(boa)
  • Image-Snap (Get Jpeg Image)
  • Horizontal/vertical motor rotation / move to center
  • Turn on/off blue/yellow/IR LEDs/IR-Cut
  • Local h264 recording possible
  • Remote Audio Playback & Recording
  • MQTT
  • Home-Assistant integration

Connecting to CFW

Once installed and setup as per the instructions open a web browser and enter the IP address of the camera in the address bar

Select services you want to run:

  • RTSP Stream(sample using MJPEG RTSP):
  • Local h264 recording possible:
  • Audio recording/playing is also possible:

In addition you can control some functions of the camera directly from, GPIOS like the blue/yellow LED, IR Filter and IR LED, X and y motor movements etc

I use TinyCam on an Android to view my RTSP stream locally. You can get the basic PTZ stuff to work in TinyCam. Check out the instructions from MasterPIC in this thread: https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/issues/41

I tested CFW with iSpy but over the Internet I view the stream from MotionEye running on my VIM2.

I would recommend this camera to everyone out there! You won’t find any other looking as great as this one with all those hacked extra features for such a small price!


how hackers start their afternoons.

Tomas C.

Written by

Tomas C.

Linux All The Things!!!


how hackers start their afternoons.