[SOLVED] Xiaomi Xiao Yi Ant HOME CN12 – This camera can only be used in China ( –

Xiaomi Xiao Yi Ant HOME – This camera can only be used in China

[UPDATE] added instruction for latest firmware ver.

Recently I bought a Xiaomi Xiao Yi (IP) camera (also known as Yi Home), Chinese version. The camera looks nice, the picture quality is ok, and worked fine on my local Wifi.

Xiaomi Xiao Yi Ant HOME

However, I was unfortunate enough to receive and test the camera when Xiaomi decided to deny access from the iOS app to the camera outside of China (error 5400). I was hoping a firmware upgrade would solve this issue so I have upgraded from to Now my camera was useless. The camera would say “This camera can only be used in China” and would shut down.

This was the tipping point when I have decided I will investigate what’s happening with this camera and what can be done to make it functional again. At the time of writing the remote access (error 5400) has been solved by the provider so no additional action is required. (I tried to convert a CN camera to international one by changing the serial of the device, but couldn’t test from a European or US IP and probably I would have needed access to the system files  of a functional international camera to compare)

So the remaining issue was the camera shut down with the latest firmware (tested with and

If you do a search there are heaps of websites describing how you can gain access to the camera and ultimately enable remote access via telnet. I won’t get into those details, you can check some of the websites I listed below.

Once you logged into the camera via telnet the fun part begins.  The camera is running a Linux version.

# uname -a
Linux (none) 3.0.8 #1 Wed Apr 30 16:56:49 CST 2014 armv5tejl GNU/Linux

This is familiar territory, we can check what processes are running, log files, the /home directory and we can mess around with the system. I have to mention this is for educational purposes only and you can easily brick your camera.

Back to the “This camera can only be used in China” message. So if you look carefully in the log file “/tmp/log.txt” at some point you will see the forbidden.g726 sound being played and not long before that there is an API call to the mothership to check if your device is allowed to run on not. With this call, the camera sends your IP automatically so there is not much to be done about that.

[/home/cloud][4/29/22:51:48:52]: req_info=https://api.xiaoyi.com/v4/ipc/check_did?hmac= danger danger danger danger danger%3D&seq=9
&uid= danger danger danger dangerXX&timestamp=4294938554

Now the nice thing about this is that we can fake the response from the server in many different ways.

1. You set up a proxy to be used and the proxy will change the reply from “allow”: false to true.  The certificate on the camera can be changed so you can set up a valid proxy for https request for a man in the middle attack. (/home/ca.crt). Possible but too complicated and you need a proxy running.

2. You can set up a fake response on the camera via the local HTTP server and redirect (see point 3 😉 ) the check_did call to this file. (/home/web/response.json -> {“allow”:true,”code”:”20000″}). Again possible but not really needed.

3. And finally, we got to the solution. In the log files, we saw that /home/cloud is responsible for checking the permission for our device. This is a binary file and we can check what calls are made from this file:

# strings /home/cloud | grep http
http://log.xiaoyi.com/info.gif?p=home_v1&sysVersion=%s&mac=(lots' of other details)
%s -c 311 -url https://api.xiaoyi.cox/v4/ipc/check_did -uid %s -keySec %s
%s -c 139 -keySec %s -url https://api.xiaoyi.com/v4/ipc/reset -uid %s -version %s -mac %s
%s -c 138 -key %s -keySec %s -url https://api.xiaoyi.com/v4/ipc/on_line -uid %s 
-version %s -mac %s -packetloss %d -p2pconnect %d -p2pconnect_success %d -tfstat %d
%s -c 136 -url http://api.xiaoyi.com/v2/ipc/sync_time
(yes, the camera logs and sends everything back to xiaomi)

Now if we change the call check_did to our local file mentioned above that would make /home/cloud happy and the camera will run. Luckily /home/cloud will lock your device just if the remote server replied with “allow”: false. Now, all we need to do is to block that call or break/invalidate that URL (ie. DNS error).


# ps | grep /home/watch_process | grep -v "grep" | awk '{print $1}' | xargs kill -9
# ps | grep /home/cloud | grep -v "grep" | awk '{print $1}' | xargs kill -9
# sed -i  's|api.xiaoyi.com/v4/ipc/check_did|api.xiaoyi.cox/v4/ipc/check_did|g' /home/cloud
# reboot

First commands will kill watch_process so it doesn’t restart other processes.
The second command will stop the cloud service, so we can change the file.
The third one will change the text in the binary file. It will change com to cox which will invalidate the URL and will not return the allow: false message anymore.

Once the camera reboots it will be functional just as before you upgraded to the latest firmware. In case anything goes wrong just install a fresh, unmodified firmware.

Drop me a line if this worked for you!

Update: Read the comments for CNxx160622 hardware with FW or

Serial port connection to the camera explained in this video (credit to fedeant): and problem solved by JonesChi:

I wrote a scrip to make the camera work again outside China. Download the file, and decompress it to root of SD card. http://diy.2pmc.net/wp-content/uploads/2016/10/hack_yi.tar.gz

If your device’s FW is, you just need to insert the SD card into your camera, and it will hack your device automatically, when it finished, the camera will reboot automatically, then your camera is free.

If your device’s FW is, you need to connect your camera via serial port to get console, then insert the SD card into your camera, when you see the command prompt, just type “/tmp/sd/hack_yi.sh”, then your camera is free.

If you are using the latest firmware, controsensi updated the script above to support this. The file name that needs to be uploaded to the SD card has changed to equip_test.sh and the location of the home directory in the script has changed as well. The rest seems to be functioning the same way.

Create this file on the SD card and reboot your camera. It should work without the annoying restriction message. controsensi’s full solution is described here.



# JonesChi's script.
# Modified by halnovemila (HalEx) to work on CN12 model

sdcarddir=`dirname $0 | sed -n 's/\/test//p'`

echo "Current dir= ${testdir}" >> $logfile
echo "SDcard dir= ${sdcarddir}" >> $logfile
cat /home/version >> $logfile
echo "========== LIST OF /home ============" >> $logfile
ls -l /home >> $logfile

if [ -f /home/cloudAPI_real ]
   echo "Already hacked ${timestamp}" >> $logfile
   echo "Start hacking ${timestamp}" >> $logfile
   cp /home/cloudAPI $sdcarddir/cloudAPI.bak
   mv /home/cloudAPI /home/cloudAPI_real
   cp $sdcarddir/cloudAPI /home/cloudAPI
   echo "Done hacking ${timestamp}" >> $logfile
   # fix bootcycle
   mv $testdir/equip_test.sh $testdir/equip_test.sh.moved

# Once the script is executed the boot process is halted,
# nothing else will be executed.
# Therefore if the hack has been already applied
# and this script executed,
# the camera will not complete the boot process
# and will seem like if it's not working.

Some websites to check to see how you can enable the remote access (telnet/nc):


– Peter

Csaba is passionate about Cyber Security, Pentesting and just making things work.

565 comments: On [SOLVED] Xiaomi Xiao Yi Ant HOME CN12 – This camera can only be used in China ( –

  • This works to get me to latest version.

    1. flash this first using microsd (
    2. While this is not the latest but will also give you telnet access.
    3. Then update firmware from Mi home to latest
    4. After reboot it will say not working in china but you still have telnet access.
    5. Telnet to it root / 1234qwer
    6. Then issue the following commands

    # ps | grep /home/watch_process | grep -v “grep” | awk ‘{print $1}’ | xargs kill -9
    # ps | grep /home/cloud | grep -v “grep” | awk ‘{print $1}’ | xargs kill -9
    # sed -i ‘s|api.xiaoyi.com/v4/ipc/check_did|api.xiaoyi.cox/v4/ipc/check_did|g’ /home/cloud
    # reboot

  • On Android I have just updated to the latest app and flashed the latest firmware and now my Chinese Yi Ant works without any modification required.

  • I’ve sucessfuly updated two new chinese Yi Ants with this and everything went fine, telnet was reachable and i could use the solution…

    Hope you guys can find it useful.

  • I’ve flashed with, but still can’t Pairing.

    After QR code scanning, the led indicator turning from flashing blue into steady blue (I thought the wifi connecting is successful). A minute later, a message appears: ” Failed to load. Reset the camera.”

    When I verify the camera, it says “the camera is correct. Try another setting”

    When I reset the camera, it failed to load again.

    Pls advise me.

  • I had previously updated my China region 720p Ants camera and got the dreaded message so had downgraded via an SD Card. I had been having problems with remote connection being a little unreliable so read your instructions. I updated to, got the “Not for use outside china” – Telnet’d in (Already had the files on the SD) – Copied and pasted the commands and its running like a dream. Now if only someone could work out how to hack the international firmware to run on these as the connection is a little slow and I assume its because I’m working via Chinese servers and I’m in New Zealand.

  • I keep getting the -5400 message plus some text in chinese when i try to run it on the mihome app. The phone i am using is the new samsung j7. My business partners are able to run the app and see the camera work on their phones. So the camera is working just not on my phone.
    Anyone who can help me it would be VERY much appreciated. The camera is overseas so i cant do anything with it physically.
    I am NOT a techi and dont really understand most of what is written in this thread.
    Like i said if someone has some simple guidance for me i will be grateful!
    Thanks in advance

  • Here is with RTSP moded from Gustavo

    If you already have china fix), just do the step 3.

    Method 1
    1. Extract and copy to the SD card. Reboot your ip cam
    2. After reboot, wait 5 mins or until it say “this product is for china use only”.
    3. Copy “test” folder to the SD card again(overwrite if prompt) and reboot

    Method 2
    If you want to do it remotely without touching the SD card. Make sure you have FTP to the device.

    1. Extract and ftp all the file to /home/hd1/ and reboot
    2. After reboot, wait 5 mins or until it say “this product is for china use only”.
    3. ftp “test” folder to the /home/hd1/ again(overwrite if prompt) and reboot.

    • Great, works perfectly!

      1) Is it possible to easily adjust the timezone?
      2) Is it possible to set a password to the RTSP stream?

      Thanks a million

      • I telnetted into the camera (username: root / password: 1234qwer)

        cd /home
        mv ntpdate ntpdate.orig
        touch ntpdate
        chmod 755 ntpdate
        date -s “2015-06-02 22:00”

        The commands above disable to program that tries to set the date from the internet, and then you can set the date manually to the current date/time. Hope this helps.

        Source: http://en.miui.com/thread-124292-1-1.html

    • This worked perfectly on my China cam!! Great instructions!!

  • Hi,

    I accessed via telnet and did the steps of the solution after the upgrade to, but after rebooting the camera it just stayed with a permanent orange led on indefinitely, even if I disconnect it. So finally, I was able to get out from that state, but now I can’t play none of previous recordings videos that are stored in the SD card with any of the firmwares available.

    Can someone know how to fix that?

  • my camera cannot connect to WIFI and said “WIFI PASSWORD WRONG”,also cannot reset..how to fix ??

  • i also have CN version Manufactured date on 16.04.2016 had try on russian 02 not work (rusian previous can used for 01. 11.2015-01.03-2016)

    the error problem is after wifi is connected blue light is blink and in app show message fail to load

    who have new lot for Yi smart cam and alos problem like us

  • How to make the commands execute on boot?

  • Hello ! How can i do telnet to the camera if camera refuses to connect to wifi ??? I have the CN version :/

  • Funciono!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  • I had some trouble with the camera, updated the firmware, and can’t connect to wifi since then, no matter what firmware I try. No matter what I do, it always throws a wifi password error for me (chinese message or english message depending on the firmware).
    Russian firmware or any else (L, M, N, etc) didn’t do the trick for me 🙁
    I’ve got another one working flawlessly, and I tried different routers.
    Its SN starts with 10CN… pretty old I guess?
    I even used the yi-hack firmware, which has a log that gave me this error:
    “fkill: Cannot open RFKILL control device Could not read interface ra0 flags: No such device WEXT: Could not set interface ‘ra0’ UP ra0: Failed to initialize driver interface”

    So… any ideas? Bricked wifi chip?
    If I could use the camera in “local mode”, recording and storing everything on the SD card, at least it would be something more than paperweight right now…

  • Hi Mr. Krikri..I have a question about xiaomi 720p. Im already use your firmware version of This firmware work for me, but i cannot playback my video recording. How to fix this problem?

    Thanks before.

    • Same with me. I also try to use FW. everything works fine except video playback.
      I have identical V.21 camera with original FW (, the playback works normally (with same app)

  • Did anybody have issues with the Motion Detection Warning playback? After upgrading to, everything works fine but motion detection warning could not be played. Clicking the warning will only results in Fail to load video .

  • I would also like to know how to fix playback of recorded video.

  • I buy yi Camera and it CN version Manufactured date on 20160622. Can not to update the firmware to and use RTSP script to telnet. Have any idea to update mod firmware?

  • hi all, i buy new yi ants 360 but cannot used, can help if someone have the firmware for this goods? thanks

  • Hi. I have a few important requests. Can we keep the best solution as a sticky on top and can anyone offer solutions for the series 2 and 360 models? Series 2 do not seem to allow/accept downgrading anymore and the 360 seems to be a ‘unicorn’ at the moment. I am ‘stuck with’ both. Chinese versions which I would very much like to see in Yi home. Together with my luckily old 720p’s.

  • hi robert, i think series 2 already discussed and got solution. but 360 still new

  • Everything work as expected, well done.
    But I have a problem with my V.21 version of my camera, after accidentally updating firmware via app to version Q. I can’t playback my recorded video, anyone know how to fix it ?

    I also have another V.21 with FW default from factory, playback works fine. Problem only with timezone

  • At the end, I found the solution to the playback recording in this link http://en.miui.com/thread-193380-1-1.html, so basically I entered this command: echo “GMT+0” > /etc/TZ and then I reboot it and I was able to playback the recordings again using using even the newest firmware.

  • i have a new xiaoyi camera august buy from china several unit
    when i reset and insert card with home firmware …and power on ,the unit just say waiting for connection ,keep say waitting connection in chinese ,

    can any 1 tech how to flash?


  • I have tried all of the firmwares posted here but the camera continues to ignore it. After inserting the sd card with the firmware, it just initializes and continues to wait to be paired. Is there anyway to FORCE flash the firmware to the IP cam?

  • currently using version and cannot playback the motion detected videos. anyone doesnt have this problem? how to solve this?

  • if i understood. if you chenge the timezone you can´t playback the motion detected videos.

    any solutions?

  • Yesterday I made the Chinese version update since the camera does not work please help me I have a Chinese version and I am from Europe

  • Is anyone getting a very bad image quality (distorted) on night vision mode with the firmware?

  • bought it on 14 august 2016, for the first time it connected showed video, then i disconnected and moved to another room but it says “this product can only be used within China”
    tried all files given in this blog till date but no solution seems it is not detecting memory card

    seems stuck

  • Has anyone attempted upgrading to the latest firmware

    And how do you get Push Notifications to work on iOS. Currently I’ve set it on in the Settings for the camera but I don’t get any notification even when there’s activity on the camera.

    • I had the new camera with this firmware. Had not been able to get the telnet to work anymore and thus it just keep repeating “Camera can only work in China” and shut itself down. Anyone with solution for this ?

  • Is there anyone has the firmware? Pls share it if you have it.

  • Guys, i’ve got the new test file/folder from 4pda.ru with mod aio, zipped it with the latest Q version, if anyone want to try, i couldn’t yet…


    • I think AIO including modify the prompt message & timezone to Russian. Can you find the mod to activate outside China only?

    • Gustavo,

      I would like to try out this one:


      Solution 100% for those who updated to camera the V 2.1 (camera says that the type of work only in China)

      1) Turn on the camera (without SD card)
      2) Press the Reset button and hold for 10 seconds
      3) Releasing the Reset button
      4) Turn off the camera
      5) Format the SD card into the FAT32 (other file systems are not supported)
      6) Download the firmware (yes it is! Since the camera not be sewn directly to )
      7) Throws in the root of the archive SD card file home
      8) Turn on the camera for 3 seconds is lit orange after orange starts to blink for about 40 seconds (set by firmware!) and then wait until the camera speak
      9) Turn off the camera and remove the SD card
      10) Format the SD card to FAT32
      11) Download the firmware
      12) Throws the root of the SD card file from the archive home
      13) Turn on the camera for 3 seconds is lit orange after orange starts to blink about 40 seconds, (firmware installed!) and then wait until the camera to speak
      14) Turn off the camera and remove the SD card
      15) Turn on the camera (without SD card)
      16) Press the Reset button and hold for 10 seconds

    • Did not work on the new batch of camera that comes with firmware. Had not been able to flash it to anything other firmware. The equip_test.sh also not working.

      Any ideas ?

    • Gustavo, can you please help? Thanks.

  • How can i fix timestamp on mi home app, timezone on camera correct in my country (VietNam), but timestamp over 1h
    What app better ? Mi home or yi camera

  • Ok Guys, This is My version, no russian stuff in this, took latest firmware from here “www.xiaoyi.com/home/firmware/index.html?version=” (, added rtsp/telnet fix, and no Russian stuff in this, “THE SOLUTION” is already integrated into the “equip_test.sh” file, so just extract into a formatted micro SD card and flash it, thats all folks. There is a watermark saying “yi” bottom left hand corner, its so small that i don’t care for it.




    **For Playback issues/GMT Error follow this thread http://en.miui.com/thread-193380-1-1.html

  • Does anyone get push notification on iOS? I’m using the Mi Home app to access the camera but get no push notification despite there veing activity.

  • why my YIHOME always show “your account password is changed, please re-login in!

  • Thank you very much for your last MOD firmware AK, working like a charm on my CN Yi Cam 🙂

    • @AK: Thanks for the Firmware, now i have latest Firmware on my CN Cam in Germany, RTSP etc.,all works.
      Thank you very much.
      When there is a new Firmware an the App show me this, can i then Update the Firmware in the App?
      Or what must i do?
      Best regards

      • 2 options :

        i) You can update the firmware in the app, but the camera would say “This camera can only be used in China” and would shut down. So you need to use the “THE SOLUTION” mod to fix it. Which can be found in this thread. This involves telnet to the camera.

        ii) If I am free i will make a mod for every new firmware, so just flash it into a formatted micro SD card, i will post the new firmware’s here.

    • how do you do it? can show the steps?

  • For those has CN edition after April 2016. Please be careful not to perform any upgrade unless you are pretty sure. I tried in my Yi Smart Camera V2.1 manufactured on June 22, 2016. It is completely dead. It boot up with amber light. I have to return it for replacement.

  • Lately, I’ve been getting disconnection, I’m using both the 720p and 1080p (xiaomi ants 2) versions of the camera. I’ve contacted the support, no luck so far. It works after I unplugged the 1080p camera off the power, works for a while, then it doesn’t work again. I think I’m getting forced log-off by the server every hour. The 720p version works fine.

  • Hi All,

    I am a Chinese from Hong Kong. I just bought a Yi Cam 720p CN version two weeks ago. I am also having “This camera can only be used in China ” issue as most of you all. According to other Chinese website, the Cam was added hardware lock to ensure CN version doesn’t work in other region, so all the fixes provided earlier shouldn’t be work on the this latest hardware version (20160622). If you want to know what hardware version of your cam, you just need to use QR code program to scan the QR code at the back of the Cam.

    Gustavo is saying that using firmware should work, so I want to give it a try.

    Can someone please share this http://4pda.ru/forum/dl/post/5866261/ ? I was not able to register a new ID in Russian website as it needs to find out the answer from the picture in Russian when creating an account.


  • When my camera came initially, it gave “This camera can only be used within China error”, I downloaded the firmware file as given in the post and it started to work fine. Today I accidentally pressed the update button and the camera upgraded to No matter how many times I downgrade, it just wouldn’t work. no firmware is working. please give a solution

    • Last night I updated to and got the “This camera can only be used within China error” on one of my camera.
      I checked telnet and it was still enabled with the update, so I just redid the check_did website from .com to .cox as explained in the solution above. I then rebooted the camera through telnet and it came back online.

      I did not have to downgrade firmware.

      • Bubuski,

        Is your hardware old version? Is it purchased before Nov, 2015?

        • I just scanned both QR codes

          151021 – always works

          160105 – I upgraded to the firmware to unmodified from the MiHome app and got the message “This camera can only be used in China”. I checked telnet and it was still enabled so I modified the check_did website.

  • I have a CN 20160622 version with firmware as well. Apparently the device refuses to downgrade firmware or execute the equip_test.sh script. Currently I pair it with its app via a Chinese VPN. It’s possible that it’s hardwired to only allow upgrades, but I haven’t attempted to upgrade to yet. The key is to obtain telnet access, with which all other modifications come easily. What I’ll try is to edit the firmware to add the telnetd init script, and see if the device would take it.

  • hi i ‘ve a european version of yi camera 720 and i would register in mi home app.
    the error message is qr is invalid… and i cannot use in mihome app while i use it in Yi home app.
    how can i use this kind of camera in mihome app? in this camera is installed last firmware.

  • I use the Chinese App today i cant no longer Login to Mi Acount in the App. I became Error: Error occurred while Logging in, Please restart
    Has here anybody the same Problem, yesterday all ok and Login to Mi Account

  • how to solve CN 20160622 firmware? How to downgrade ?

  • Why my YIHOME always show “your account password is changed, please re-login in!
    It cannot retain the password. Any other experience on this?
    Is this related to that I have refused to update the FW to the latest one?

  • All the Xiaoyi camera 720 with CN 20160622 and above already set hardware lock by Xiaoyi. No more upgrade/ downgrade firmware available from SD card. Any other solution push the new firmware into a camera?

  • Seems like with its not reading the .sh script at all, and not reading any firmwares.

  • the sh file can’t even flash into the cctv. how to telnet?

Leave a reply:

Your email address will not be published.


Site Footer

Sliding Sidebar