how to flash custom firmware:

download: https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/raw/master/hacks/cfw/xiaofang/cfw-1.0.bin
1:Format your microSD to FAT32 (use a micro SD card smaller than 4GB) my 16GB kingston  cards where giving me trouble.
2:put the CFW-1.0.bin file on the MicroSD and rename CFW-1.0.bin to demo.bin
3: insert micro SD card into camera
4:hold reset buton & power on, keep pushing the reset button for 5 seconds. It should now enter flash mode. You can check via your FTDI/serial adapter.
5: follow this: https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/blob/master/hacks/install_cfw.md#installation-of-the-new-firmware

if you want to login using Serial:
Username: root
Password: ismart12

Do i trust this device on my network: hell no!
The camera runs u-boot with some sketchy firmware someone wrote. By default SSH is open with default password :/  I think it’s a matter of time before someone will add these camera’s to his/her/ botnet…

CHANGE THE PASSWORD ONCE YOU FLASHED CUSTOM FIRMWARE! Or the Chinese/Russian/NSA might be looking with you 😉 (disclaimer: they might always, I’m not responsible for anything)

the T20 is a quite capable processor though:

Basically there is a small linux PC running inside that camera, without a heat sink though…