/bin/rtspd -p 554 -u root -P "" & To make it permanent, add to /etc/init.d/rcS or create an init script. For the 139 build, I recommend installing or crosstool-ng built v4l2rtspserver (static compile for aarch64/mips64). Alternative: GStreamer RTSP (Advanced) If you have space on the SD card, copy a statically compiled gst-launch-1.0 :
mount -o remount,rw / mkdir /root/disabled_bins mv /bin/cloud_client /root/disabled_bins/ mv /bin/upgrade_daemon /root/disabled_bins/ mv /sbin/p2p_agent /root/disabled_bins/ Also check /usr/bin/ for iot_platform or mipns – these are heavy telemetry services. Step 4: Enabling Persistent RTSP The stock firmware often has a hidden RTSP server but disabled by default. Enable it: xf a2011 64bits 139
ps aux | grep -E "cloud|upgrade|log_collect|p2p" For a permanent solution, rename the offending binaries (mount root as rw first): /bin/rtspd -p 554 -u root -P "" &
In the XF/Xiaomi/Jiawen camera hacking community, 139 often refers to a specific memory address, a kernel offset for gaining root access via telnet , or a particular batch of firmware (1.3.9). This post assumes you are working with a T20/T31 chipset device running a 64-bit architecture (MIPS or ARM). Unlocking the XF A2011 64-bit (Firmware 1.3.9): Telnet, RTSP, and Debloating Guide The XF A2011 (often sold as Xiaofang or generic ONVIF cameras) is a surprisingly powerful piece of hardware when you look past its stock cloud software. The 64-bit architecture variant—often paired with firmware version 1.3.9 (the "139" build) —offers better memory handling and performance than its 32-bit siblings. However, the stock firmware locks you into a proprietary app, cloud relays, and questionable data collection. Step 4: Enabling Persistent RTSP The stock firmware