I finished part 2! I managed to write an “anti-client” with Crystal that can pry the user/pass out of a client that is on the same LAN! Tried to write a fake update for the camera using Crystal but ended up bricking my device. Anyways, read all about it. 
Part 1: http://blog.0x42424242.in/2019/03/vstarcam-investigational-security.html
Part 2: http://blog.0x42424242.in/2019/03/vstarcam-investigational-security_22.html