Security Cameras?

[omniparker]

I was wondering if the Tuya Security Camera's may be possible. They work within the same app and I am able to get id and key in the normal manner. I tried to get the signature but don't see it in my logs. I bought the Mercury Security Camera from Walmart. It adds to the Tuya App like everything else. Would it be possible? What can I provide to help if it would be possible.

[EvolvingParty]

When he got my air conditioner working I just followed his instructions exactly for getting the device Id and key and added it as a simple light. I was then able to turn it off and on and he quickly got the rest working within days. He did a fantastic job!!

On 2 Jan 2019, at 16:14, omniparker notifications@github.com<mailto:notifications@github.com> wrote:

I was wondering if the Tuya Security Camera's may be possible. They work within the same app and I am able to get id and key in the normal manner. I tried to get the signature but don't see it in my logs. I bought the Mercury Security Camera from Walmart. It adds to the Tuya App like everything else. Would it be possible? What can I provide to help if it would be possible.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/AMoo-Miki/homebridge-tuya-lan/issues/4, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AEa3PZr12bp2i9Tm5XQRsvYfk-qxyZ5-ks5u_E5EgaJpZM4ZmPlg.

[omniparker]

Where did you get the log?

[EvolvingParty]

I followed these instructions https://github.com/AMoo-Miki/homebridge-tuya-lan/wiki/Setup-Instructions It was a little complicated getting the Certificate installed on my Mac, scanning the QR code, setting up the proxy in the iPhone internet settings, trusting the certificate in the general settings, then Open the Tuya Smart app; if it was already open, pull the screen down to refresh. In a few seconds, you would be shown an error dialog about your network connection; that is exactly what we want. A bunch of id and key combinations will be shown on the terminal;, below the QR code you scanned earlier.

It is time consuming and I was using a Mac and an iPhone, If your on windows or something it won't be the same.

[EvolvingParty]

Check out my issue over here - https://github.com/AMoo-Miki/homebridge-tuya-lan/issues/2 Shows what I provided and how he made it work within a few days. He was great.

[AMoo-Miki]

Cameras would need some more tinkering than normal devices. The Walmart near me seems to have this in stock. I will try to get one and see what I can get from it.

Just to make sure, is it Merkury Innovations Smart WiFi 720P Camera for $25-ish?

[EvolvingParty]

A wifi security camera for about $25 Cool. I’m going to keep an eye on this to see how it goes.

Kurt.

On 2 Jan 2019, at 17:17, Miki notifications@github.com<mailto:notifications@github.com> wrote:

Cameras would need some more tinkering than normal devices. The Walmart near me seems to have this in stock. I will try to get one and see what I can get from it.

Just to make sure, is it Merkury Innovations Smart WiFi 720P Camera for $25-ish?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/AMoo-Miki/homebridge-tuya-lan/issues/4#issuecomment-450798939, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AEa3ParVJRpzEUaj8QdHegvWLCGHeujcks5u_Fz3gaJpZM4ZmPlg.

[omniparker]

Yeah that is the one. It’s a decent little one that works well in the main app. And I have a ton of other outlets and bulbs it’s getting the signature that I’m having trouble with.

[AMoo-Miki]

Just got back from Walmart with the camera :) I will fiddle with it tonight so don't worry about the signature.

PS. the camera is very unstable; I get encryption errors every other time I try to open it in the app. I will keep digging.

Update 1: This camera doesn't advertise itself; it might make sense for no Tuya cameras to advertise their existence as they all seem to use static passwords that are the same across the a brand or model. Because of this, it is necessary to identify the IP address of the camera manually. While I am able to communicate with the camera, I havn't been able to pull the stream with the credentials if admin/root with ad2c6d47 as it doesn't accept my credentials. I will need some time to figure this out.

Note to self Exposed params are: 101 LED Indicator (Boolean) 103 Flip (Boolean) 104 Watermark (Boolean) 106 Motion Sensitivity (Enum of 0, 1, 2) 109 SD Size Total|Used|Remaining 110 SD Status (Enum of 1: Normal, 2: Fault, 3: Low Space, 4: Formatting, 5: Missing) 111 SD Format command 115 Alert Image 117 SD Format Status (-2000: Busy Formatting, -2001: Formatting Error, -2002: No Card, -2003: Access Fault, any +ve number Busy) 134 Motion Detection (Boolean)

Open ports: 80, 6668, 8554 Common password: ad2c6d47 (doesn't work with usernames root or admin)

[omniparker]

I had a thought on your last message. I scanned the QR code that would be used when setting up the device. It read {“s”:”My SSID”,”p”:”My Tuya Username”,”t”:”AX6P6i85IMDHtp”}

I’m not sure if this will help but I hope it’s something.

[AMoo-Miki]

:) thanks. If only I find a way to break into my camera, all will be fine. I will keep you posted.

[omniparker]

I was just wondering if the QR code is giving the username and password to communicate with the camera. instead of being a preset user name and password it would be the account username and password or an auto generated username and password linked to the user account.

[AMoo-Miki]

The QR gives information from the phone to the camera for initialization and it is not the same as the one used for communicating with the camera. From what I have learned, it is probably going to take some time before I can find a way to pull the AV stream; I have reached out to the manufacturer but havn't heard back. As soon as I hear anything, I will implement it and post here to let you know.

[AMoo-Miki]

The support guys from the manufacturer replied to me, essentially saying they won't provide the access mechanism. I will leave this open till I find a way.

[mdm007oh]

Just an FYI I purchased a couple Geeni cameras from Walmart and tried to install them on the TuyaSmart app and I was able to view live footage but when I tried to view them thru playback they would not work. Although I have 15 Geeni lights that work flawlessly with the TuyaSmart app along with tuya light platform.

[omniparker]

Yes. It only does the recorded playback in the Geeni app. Which also does not use a QR code to pair it just locates the camera the same way as other devices. I was able to catch the traffic and add the ID and key from the geeni app and homebridge now recognizes them but can not connect to the device. It gives the same error as an unplugged outlet.

[AMoo-Miki]

I have been too lazy and occupied with a couple of other projects. Having a mac would help; a friend will be giving me one tomorrow, if they remember.

[THALLIVA]

Hello @AMoo-Miki, were you able to pull the stream from Tuya Camera ? I think this would help.. http://helpdesk.cctvdiscover.com/network/rtsp_stream.html

[Benni1982]

would love to hear you successed with it ;) keeping an eye on it.

[AMoo-Miki]

Bad news. The cameras that I got my hands on, don't even respond over LAN.

To see if yours do, on your phone, edit your WiFi settings by hitting the tiny blue i on the right side.

1. Tap on Configure DNS
2. Change to Manual
3. Delete all the entries under the DNS Servers
4. Add some fake IP like 10.0.0.253 This will prevent your phone from being able to talk to Tuya's Cloud network, forcing it to communicate with your devices over your LAN.
5. Now close the Tuya app if it was open and reopen it.
6. Open your camera.

If it works, please let me know the model so that I can buy it and see if I can make it work.

Don't forget to change your WiFi's DNS configuration back to Automatic after you are done testing.

[ankurp]

Let me know if I can help. I want to be able to stream the tuya camera and maybe also get motion detection so can make it work as motion detection device also in homekit. I have the following camera and can help debug as it prompt for username and password when trying to access the camera via IP address. https://www.walmart.com/ip/Merkury-Innovations-Smart-WiFi-720P-Camera-with-Voice-Control/835969619

[Axehole54]

Guys, I have searched for information on how to add my Geeni (Merkury offshoot) doorbell camera to my camera monitoring software (ISpy) exhaustively. My workaround was to use the Geeni app to setup the camera and connect it to my router. Once connected and working through their terrible app I was able to find the IP with Search tool and load it in the browser. User ID is "Admin" Password "admin". I suspect all of Merkury products would share similar characteristics.

[ankurp]

This does not work for Merkury indoor cameras. I see this webpage in a Merkury door bell I have as well and same username password works as you mentioned. But for other cameras you can’t even get past Basic Auth and see something without username password and admin/admin does not work.

On Nov 18, 2019, at 2:15 PM, Axehole54 notifications@github.com wrote:

Guys, I have searched for information on how to add my Geeni (Merkury offshoot) doorbell camera to my camera monitoring software (ISpy) exhaustively. My workaround was to use the Geeni app to setup the camera and connect it to my router. Once connected and working through their terrible app I was able to find the IP with Search tool and load it in the browser. User ID is "Admin" Password "admin". I suspect all of Merkury products would share similar characteristics. https://user-images.githubusercontent.com/57917109/69082243-52e3da80-0a05-11ea-94a5-d726e523a04b.jpg — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/AMoo-Miki/homebridge-tuya-lan/issues/4?email_source=notifications&email_token=AADZX3MZVVXHK7WQ7NHIZK3QULSURA5CNFSM4GMY7FQKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEELSRWY#issuecomment-555165915, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADZX3OZ5HJK3WK7C3X3YLDQULSURANCNFSM4GMY7FQA.

[Jordan-Jarvis]

So on the back of the PCB there are four UART pads. You can see them directly above the sd-card slot, I connected to them with an arduino during boot using 115200 baud and got the following output:

U-Boot 2013.10.0-AK_V2.0.03 (Jul 31 2019 - 16:11:47)

DRAM:  64 MiB
8 MiB
ANYKA SDHC/MMC4.0: 0
PPS:Jul 31 2019 16:11:49   anyka_c2:  1  0 
magic err
magic err
 Booting kernel from Legacy Image at 81808000 ...
   Image Name:   Linux-3.4.35
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:    2076240 Bytes = 2 MiB
   Load Address: 81808000
   Entry Point:  81808040
   Verifying Checksum ... OK
   XIP Kernel Image ... OK

Starting kernel ...

Uncompressing Linux... done, booting the kernel.
Meari Linux Kernel Version: 2.5.02

Unfortunately, it was not the gold mine I was hoping for. I am unable to send commands as I think this interface is locked down. Then I looked up the FCC filing and found some useful information about the chips used as my camera had the markings smudged and I couldn't read it. Link to the listing here. I found that the storage was a 64byte wide 8 MB chip that I was able to dump using a ch341a USB to serial converter. Attached is the dump, I can open it with 7-zip and see a lot of files including init stuff and other Linux related things. The problem is I don't see a shadow or passwd file anywhere. If someone knows more about Linux than I do please let me know. I would love to make a custom bin file to flash to the chip to gain more access. If we can get in and enable something like telnet then we would be able to get the hashes and run it through John the Ripper. If anyone wants to look at the bin file for themselves you can download it here.

Another note, it looks like a user named fjb is the owner of the files. Maybe a lead on a username?

Last thing. The SOC used in this camera is actually used in a lot of cameras, modifying a firmware of another camera that has onvif may also be an option. Just a thought.

[Jordan-Jarvis]

Good news! I was able to find the hash in a jffs2 filesystem using binwalk. Luckily it is MD5 which is pretty weak. I don't have access to massive amounts of computing power to crack this password so let me know if you do and are willing to help out and hopefully we can get in to these things. I also found another hash for an Apache login. Probably the password we are looking for to enable an onvif stream. In any case. I will make the extracted bin available as soon as I can.

With this dump we can also dig around for other vulnerable areas like specific sites or ip's it gives extra access to or firmware update sites it may have. In any case. This thing shouldn't be too tough to crack wide open. For the now 19$ camera, I am hopeful it can act more like a 100$ camera with a little help from the community.

[cbytestech]

SO GLAD I FINALLY FOUND THIS THREAD! Only found after wireshark the geeni cam and finding port 8554 was open(hidden from nmap..)

[Jordan-Jarvis]

https://github.com/da-ha3ker/Merkury-Smart_cam-720p-work I uploaded the extracted bin. I am not super good at extracting data from these types of files and I am sure there is more that I have not found. I had to compress the folder named _7373C.extracted to upload it to GitHub, but if you use 7zip or WinRar you can extract it again. The hard part of aligning the partitions was already done so they are just the files. Please dig into these files. The hash is available in the _7373C.extracted/etc/passwd file. There is only one user, that being root. I think there are more jffs2 files we don't have access to though, including JSON files and web configuration information.

[cbytestech]

ok so I dont know if I'm behind the curve or not but here's what I've found

• Running HiLinux -http://www.openipcam.com/forum/index.php?topic=1182.0 -https://www.use-ip.co.uk/forum/threads/hacking-china-ip-camera-need-help-for-rtsp-password-for-telnet.938/ Solely for http://download2.eye4.cn/download/application/app-find-vstarcam.zip

• List of ports.. extracted folder\cpio-root\etc -port 2121 via FTP is asking for creds, not timing out

• found in _302FA8.extracted\cpio-root\etc\init.d\rcS Meari Tech -Emailed the manufacturer to check this thread and maybe see about assisting

• Found a few password files -user root, password hashed -decrypting, (this will take a bit)

[Jordan-Jarvis]

Cbytestech, I did not know about the ftp port and I will check it today, thank you for the help and keep up the good work. So I have an idea that probably won't work but if anyone knows please tell me. Can I just replace the root hash and salt with my own if I generate it using Linux md5 settings? Like if I change it in the passed file then flash the bin back to the camera then try logging in with my own password? The partitions aren't encrypted and I am not super familiar with how Linux password management works.

Also, CBytesTech, if you want to have the hash cracking go faster than 300ish kilohashes per second, Hashcat may be a better option. It is one of the fastest windows hash crackers available, you can probably get around 1megahash per second on CPU alone. You can also enable GPU acceleration to get between 2 and 25ish megahashes per second per GPU. I only have a laptop for school and it overheats when I try to crack a pass for more than about 10 minutes so your help is greatly appreciated, and if you are more comfortable with what you are using then just stick with that. If you want the link to Hashcat it is https://hashcat.net/hashcat/ it is free as well. I know the software you are using has limitations unless you pay as I have tried using it a few times in the past due to its friendly interface. In any case, thank you for pitching in, it is greatly appreciated.

[scoobaspeaz]

Following this because im thinking about getting one of these cameras if someone can make it work.

[cbytestech]

Thanks man for the tip! its running right now! had to get rid of the intel OpenCL stuff but its up and running. found it to be a bit salty md5. hashcat64.exe -m500 -a3 -o cracked.txt hash.txt

its going through right now.

Honestly linux is pretty user friendly contrary to popular belief. I believe IF YOU CAN flash it back to the cam, a custom password would work, BUT if not it'll prob rewrite it back to default.. so no pain if you try it... let me know!

[Jordan-Jarvis]

Yeah, if you power the write enable pin you can flash using this programmer, it is called a ch341a programmer. That is how I got the dump file. The hard part is editing the hash and re-compiling the bin file to be the exact size and page size with the boot instructions put in the right place. I don't know how to do that due to aligning partitions and other things that can go wrong super easily. The flash chip is designed for multiple writes, but it wears out after about 30 full flashes so I want to do it sparingly. I will give it a whack though. Set the password to something like 123 and flash it back. It is probably similar to the ddwrt custom firmware stuff. I will check it out. Thanks for helping with the hash cracking by the way! Let us know if you make a breakthrough? Also, I am a bit busy this week, but I still plan on working on this. I want to be able to play with facial recognition from a WiFi camera as a senior project.

[cbytestech]

Session..........: hashcat Status...........: Running Hash.Type........: md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) Hash.Target......: $1$12345678$CTq8UQyYrE.vbbG7E8Mtj1 Time.Started.....: Mon Feb 10 14:09:22 2020 (1 day, 1 hour) Time.Estimated...: Tue Feb 11 23:01:04 2020 (6 hours, 8 mins) Guess.Mask.......: ?1?2?2?2?2?2 [6] Guess.Charset....: -1 ?l?d?u, -2 ?l?d, -3 ?l?d*!$@_, -4 Undefined Guess.Queue......: 6/15 (40.00%) Speed.#2.........: 31527 H/s (7.01ms) @ Accel:64 Loops:31 Thr:8 Vec:1 Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts Progress.........: 3051036672/3748902912 (81.38%) Rejected.........: 0/3051036672 (0.00%) Restore.Point....: 49209344/60466176 (81.38%) Restore.Sub.#2...: Salt:0 Amplifier:7-8 Iteration:744-775 Candidates.#2....: p28k2u -> pbg9a4

Still running..

[cbytestech]

well idk about editing the hash, but maybe the log I've attached will help decipher how to hash it as far as encryption method. log.txt

I found that hashed password in _7373C.extracted_7373C.extracted_302FA8.extracted\cpio-root\etc Interestingly, from my understanding in linux, the user and pass are supposed to be in "group" file but that didnt have a password. passwd.zip

[Jordan-Jarvis]

well idk about editing the hash, but maybe the log I've attached will help decipher how to hash it as far as encryption method. log.txt

I found that hashed password in __7373C.extracted_7373C.extracted302FA8.extracted\cpio-root\etc Interestingly, from my understanding in linux, the user and pass are supposed to be in "group" file but that didnt have a password. passwd.zip

Thanks! This version of Linux is pretty old. It doesn't even have a shadow file. The shadow file was introduced in newer kernels of Linux. There is a large possibility there are some exploits. I have been swamped with school lately but I will do a metasploit vulnerability scan. I will also try a few things to see if there are major holes in security that have been exposed for meari Linux 2.5. I also haven't had a chance to try replacing the hash yet, but I still intend on doing so when I have a chance.

[cbytestech]

I look forward to hearing the results of the metasploit. not having much luck w the md5 decrypt process. no word yet from Meari here Geeni got back to me stating due to security(people hacking IOT devices belonging to others, they cannot give it out but they are still looking into a secure way of providing a stream. This tells me two things..

• They arent doing anything
• Since its a security issue giving out the password it means the password will be the same for all geeni cameras(maybe other geeni devices), as I assumed, but still nice to be sure.

[Jordan-Jarvis]

Thanks for the update. I haven't had a chance to look at this lately but I should have more time this week. Yeah, the issue of hacking IOT devices belonging to others is a super simple fix. Allow the user to change the password... These cameras are the exception when it comes to blocking users from changing the password, not the rule. I just don't want them to decide one day they don't want to support the cameras anymore and have it stop working. In any case, I still plan on trying to change it myself. I also will try the custom firmware update. We have the security certificates now so it shouldn't be difficult for someone with more web experience to spoof the update server on the local network. It looks like some IP spoofing might be in order as well. In any case, we may be able to spoof the update server now that we have the certificates, even if they are still encrypted. Does anyone want to correct me? I could be mistaken. If changing the firmware password works then only the people with access through a firmware flasher would be able to use this hack. while they are pretty cheap (mine was sub $10 USD) it does require a few hoops to jump through and would dissuade a lot of people.

[cbytestech]

any luck?

[aquaigni]

Very curious about the progress on this and being able to leverage these devices in the long run as a local backup security system.

[Jordan-Jarvis]

Still busy with school at the moment, but I am still planning on working on it. I am learning about pages and how the firmware is packaged and stored at the moment. Editing the bin file is a bit above my current knowledge level so I am doing a bunch of research on how to do it. Progress is happening, just very slowly as I hit the roof of my technical knowledge so I have to learn about the subjects from scratch and that takes a while. If anyone knows more about it than I do, please let me know and I can give you all that I have figured out.

[thi-baut]

If it helps, this is what I got as a result of an nmap scan on mine (bought from Kogan)

OS CPE: cpe:/o:linux:linux_kernel:2.4.37 cpe:/o:linux:linux_kernel:3.2 OS details: DD-WRT v24-sp2 (Linux 2.4.37), Linux 3.2

Only port 6668 is open like lots of Tuya devices: https://github.com/codetheweb/tuyapi/blob/HEAD/docs/SETUP.md

Identified as "Hangzhou" through Unify fingerprinting

[cbytestech]

@da-ha3ker uploaded a .bin extracted.. @thi-baut try and dl that, extract the password file, and crack the md5

[thi-baut]

Thanks, just had a look at the dump, it's a busybox setup so the root password may be one of these: https://github.com/vallejocc/Hacking-Busybox-Control/blob/master/routers_userpass.txt @cbytestech are you still running hashcat?

[Jordan-Jarvis]

Ooh! Good find @thi-baut that is awesome! Coronavirus has wreaked havoc lately, but I am still trying. I gave a few whacks at creating ddwrt firmware bins and I was able to make one for my router, I hope to be able to translate it into making firmware for this thing. Although not everyone would be able to use it unless we find a way to flash third party firmware without needing a hardware flasher. Next semester I have a few classes on buffer overflows, software and hardware exploit Discovery and hacking though. Hopefully something pays off. I am still loving this little thing. It went on sale for 14.99 USD recently so I picked up an extra one.

[thi-baut]

I tried to crack the hash with BEncyclopedia.txt, rockyou.txt, Top353Million-probable-v2.txt with no success. Bruteforcing on hashcat for 10h/7 characters max no success so far.

Otherwise I got a tuya dev account and API keys (it takes like 24h to get verified), and was able to register the camera using tuya-cli link, can communicate with the camera but can't decipher responses in "data" blocks (using tuyapi), it seems encrypted when I receive data on a status change.

[WipeOutHT]

Hi all, a bit late to the party perhaps but still: -just bought a geeni LOOK (GNC-CW007-101) at canadian tire https://www.canadiantire.ca/en/pdp/geeni-look-720p-smart-wi-fi-indoor-security-camera-0463244p.html which I think is similar enough -attached is the message I get when trying to log in to the webpage -http://www.ispyconnect.com/man.aspx?n=mercury# These guys claim "The settings for Mercury cameras are built right into our open source surveillance software iSpy and our Windows Service based platform, Agent - click "Add" then "IP camera with wizard" to automatically setup your Mercury cameras." I might try downloading their software on a windows machine and wiresharking the connection to see if there might be some open, non-encrypted communication going on that will tell us more, but I highly doubt there will be. Looking forward to getting this camera up and running without geeni/Tuya/chinese software and tying it into my own system..

[thi-baut]

We probably have different cameras, my reference is SC002-WA2 (V3) - displayed on the board when I opened it, and doesn't run a web server (port 80) like yours.

[cbytestech]

Are you sure it doesnt? I found mine on port 80 with these addresses even though wireshark didnt see the port

http://192.63.1.106/cgi-bin/videostream.cgi rtsp://192.63.1.106:8554 rtsp://192.63.1.106:554/cam/ http://192.63.1.106/main.htm

[thi-baut]

I can't browse to the http URLs (timeout) and tried with VLC to open the streams with no success. When capturing with Wireshark (on promiscuous mode, on the same VLAN) I can only see broadcast traffic from the camera IP to 255.255.255.255

[cbytestech]

these pertain to a merkury/genii camera though. it seems both of you guys are using something totally different. -Nicholas J. Hess

On Tue, Mar 31, 2020 at 2:31 AM Thibaut notifications@github.com wrote:

I can't browse to the http URLs (timeout) and tried with VLC to open the streams with no success. When capturing with Wireshark I can only see broadcast traffic from the camera IP to 255.255.255.255

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/AMoo-Miki/homebridge-tuya-lan/issues/4#issuecomment-606428340, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFZMEGSMSQ5JHXT2WQFV5LLRKGE43ANCNFSM4GMY7FQA .

[StuDaBaiker]

Hi all, a bit late to the party perhaps but still: -just bought a geeni LOOK (GNC-CW007-101) at canadian tire https://www.canadiantire.ca/en/pdp/geeni-look-720p-smart-wi-fi-indoor-security-camera-0463244p.html which I think is similar enough -attached is the message I get when trying to log in to the webpage -http://www.ispyconnect.com/man.aspx?n=mercury# These guys claim "The settings for Mercury cameras are built right into our open source surveillance software iSpy and our Windows Service based platform, Agent - click "Add" then "IP camera with wizard" to automatically setup your Mercury cameras." I might try downloading their software on a windows machine and wiresharking the connection to see if there might be some open, non-encrypted communication going on that will tell us more, but I highly doubt there will be. Looking forward to getting this camera up and running without geeni/Tuya/chinese software and tying it into my own system..

I just tried using the camera in ispy. The only geeni camera they have on there is the hawk series. They also have a generic template but that requires a username and password so I was unable to connect. Might have a go at the md5, my computer is fairly powerful.