Recently I bought a Xiaomi Xiao Yi (IP) camera (also known as Yi Home), Chinese version. The camera looks nice, the picture quality is ok, and worked fine on my local Wifi.
However, I was unfortunate enough to receive and test the camera when Xiaomi decided to deny access from the iOS app to the camera outside of China (error 5400). I was hoping a firmware upgrade would solve this issue so I have upgraded from 1.8.5.1L to 1.8.6.1B. Now my camera was useless. The camera would say “This camera can only be used in China” and would shut down.
This was the tipping point when I have decided I will investigate what’s happening with this camera and what can be done to make it functional again. At the time of writing the remote access (error 5400) has been solved by the provider so no additional action is required. (I tried to convert a CN camera to international one by changing the serial of the device, but couldn’t test from a European or US IP and probably I would have needed access to the system files of a functional international camera to compare)
So the remaining issue was the camera shut down with the latest firmware (tested with 1.8.6.1A and 1.8.6.1B).
If you do a search there are heaps of websites describing how you can gain access to the camera and ultimately enable remote access via telnet. I won’t get into those details, you can check some of the websites I listed below.
Xem thêm: Làm Mát Iphone Báo Nhiệt Độ Cần Làm Mát Thì Phải Làm Thế Nào?
Once you logged into the camera via telnet the fun part begins. The camera is running a Linux version.
# uname -aLinux (none) 3.0.8 #1 Wed Apr 30 16:56:49 CST 2014 armv5tejl GNU/LinuxThis is familiar territory, we can check what processes are running, log files, the /home directory and we can mess around with the system. I have to mention this is for educational purposes only and you can easily brick your camera.
Back to the “This camera can only be used in China” message. So if you look carefully in the log file “/tmp/log.txt” at some point you will see the forbidden.g726 sound being played and not long before that there is an API call to the mothership to check if your device is allowed to run on not. With this call, the camera sends your IP automatically so there is not much to be done about that.
Xem thêm: 9 Cách Rủ Gái Đi Chơi Mà Không Bị Từ Chối? &Mdash; Để Rủ Gái Đi Chơi
1. You set up a proxy to be used and the proxy will change the reply from “allow”: false to true. The certificate on the camera can be changed so you can set up a valid proxy for https request for a man in the middle attack. (/home/ca.crt). Possible but too complicated and you need a proxy running.
2. You can set up a fake response on the camera via the local HTTP server and redirect (see point 3