diff --git a/README.md b/README.md
new file mode 100644
index 0000000..bd947a3
--- /dev/null
+++ b/README.md
@@ -0,0 +1,72 @@
+# DIGOO DG-M1X hacks
+
+This is a log of simple hacks for the cheap m1x. For now, this is only about to bring wifi up without using the app, setting the correct time(-zone) and installing an ssh server in place for the shipped telnetd.
+
+
+## Setup
+
+First of all, make sure to disable internet access for the cam! (e.g. using your fritzbox parental controls or iptables of your router)
+
+To setup the wifi of your m1x, you may simply telnet to the cam as root (no password) and edit `/rom/wpa_supplicant0.conf`:
+
+```
+ctrl_interface=/etc/Wireless  
+ network={ 
+     ssid="$SSID"   
+     psk="$yourpw"
+  }
+```
+
+Reboot and the cam should be connected to your network.
+
+To replace telnet with ssh, copy all files of `npc` to `/npc` on your cam. You can do this e.g. using wget
+(the wget embedded in busybox is not capable of https/tls) or by inserting a sd card (not tested).
+Thx thomas (https://github.com/ant-thomas/zsgx1hacks) for pre-compiling dropbearmulti.
+
+Generate your own password hash with `openssl passwd -1` (follow the prompt) and add it to `do.sh`
+For a public key authentication to work, add your public key(s) in `npc/root-home/.ssh/authorized_keys`
+
+
+## Persistency
+
+```
+# cat /proc/mounts 
+
+rootfs / rootfs rw 0 0
+/dev/root / squashfs ro,relatime 0 0
+proc /proc proc rw,relatime 0 0
+tmpfs /dev tmpfs rw,relatime 0 0
+tmpfs /tmp tmpfs rw,relatime 0 0
+sysfs /sys sysfs rw,relatime 0 0
+devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=000 0 0
+/dev/ram0 /mnt/ramdisk tmpfs rw,relatime 0 0
+/dev/ram0 /etc tmpfs rw,relatime 0 0
+/dev/ram0 /tmp tmpfs rw,relatime 0 0
+/dev/mtdblock4 /rom jffs2 rw,relatime 0 0
+/dev/mtdblock5 /npc jffs2 rw,relatime 0 0
+
+```
+
+To store files persistently use `/rom` or `/npc`. Here, `/rom` is used for setting up wifi in `/rom/wpa_supplicant0.conf` and `/npc` is used for all other stuff. `/npc/boot.sh` can be used to trigger commands in the boot process, e.g. our own init script (`sh /npc/do.sh`).
+
+
+
+## Sync time
+
+The busybox in this cam does not ship any ntp binaries but uses `rdate` to let you sync time with remote servers (it also appears to not have a hardware clock)
+```
+# hwclock -r
+
+Thu Jan  1 00:00:00 1970  0.000000 seconds
+```
+
+As rdate is very uncommon these days, you have to find a sync server that supports rdate clients (e.g. `time.fu-berlin.de` or `time-a-g.nist.gov`).
+
+For the correct time to show up, add your corresponding timezone file inside a persistent folder (e.g. `/npc/zoneinfo`). You will find those files on most linux systems in `/usr/share/zoneinfo/`. It is important to not only copy the actual binary timezone file, but also to create the folder it is residing in and symlink that to `/etc/localtime`, for example for Berlin `ln -s /npc/zoneinfo/Europe/Berlin /etc/localtime`.
+
+
+## TODO 
+  - scp: link scp from dropbearmulti to $PATH?
+  - disable internet access using hosts file?
+  - remove telnetd
+
diff --git a/npc/Europe/Berlin b/npc/Europe/Berlin
new file mode 100644
index 0000000..b4f2a2a
Binary files /dev/null and b/npc/Europe/Berlin differ
diff --git a/boot.sh b/npc/boot.sh
similarity index 100%
rename from boot.sh
rename to npc/boot.sh
diff --git a/do.sh b/npc/do.sh
similarity index 58%
rename from do.sh
rename to npc/do.sh
index af9de07..fcc6b3c 100755
--- a/do.sh
+++ b/npc/do.sh
@@ -1,8 +1,12 @@
 #!/bin/sh
 
+rdate -s time.fu-berlin.de
+ln -s /npc/Europe/Berlin /etc/localtime
+
 cd /npc/
 # TODO add your $password-hash here
 sed -i -e 's/root::10933:0:99999:7:::/root:$password-hash:10933:0:99999:7:::/g' /etc/shadow
+sed -i -e 's/root:x:0:0:root:\/root:\/bin\/sh/root:x:0:0:root:\/npc\/root-home:\/bin\/sh/g' /etc/passwd
 mkdir -p /etc/dropbear
 cp /npc/dropbear_ecdsa_host_key /etc/dropbear/
 
diff --git a/npc/root-home/.ssh/authorized_keys b/npc/root-home/.ssh/authorized_keys
new file mode 100644
index 0000000..e69de29