diff --git a/ROADMAP.md b/ROADMAP.md index 7b54d15..f55ab3a 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -167,8 +167,11 @@ Note: Promiscuous mode (probe/deauth capture) disabled on original ESP32 — bre - [x] Serial console AUTH management - [x] Auto-generated auth secret on first boot - [x] Pentest completed: 50+ tests, all network-facing tests PASS -- [ ] Enable stack canaries (`CONFIG_COMPILER_STACK_CHECK_MODE_NORM`) -- [ ] Enable heap poisoning (`CONFIG_HEAP_POISONING_LIGHT`) +- [x] Enable stack canaries (`CONFIG_COMPILER_STACK_CHECK_MODE_NORM`) +- [x] Enable heap poisoning (`CONFIG_HEAP_POISONING_LIGHT`) +- [x] Enable WDT panic (`CONFIG_ESP_TASK_WDT_PANIC`) +- [x] Remove unused `#include "esp_now.h"` (CVE-2025-52471 mitigation) +- [x] Remove hardcoded default IP from Kconfig (use TARGET command) - [ ] Multi-target (send data to 2+ UDP destinations) ## Web Backend (`~/git/esp32-web/`) diff --git a/TASKS.md b/TASKS.md index 4d3ec69..8a82bdd 100644 --- a/TASKS.md +++ b/TASKS.md @@ -51,8 +51,11 @@ Tracked separately in `~/git/esp32-web/TASKS.md`. Currently at v0.1.5. ### P1 - High - [x] Test OTA rollback — crasher firmware flashed to amber-maple, bootloader rolled back to v1.11.0 (2026-02-14) -- [ ] Enable stack canaries: `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` -- [ ] Enable heap poisoning: `CONFIG_HEAP_POISONING_LIGHT=y` +- [x] Enable stack canaries: `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` (2026-02-14) +- [x] Enable heap poisoning: `CONFIG_HEAP_POISONING_LIGHT=y` (2026-02-14) +- [x] Enable WDT panic: `CONFIG_ESP_TASK_WDT_PANIC=y` (2026-02-14) +- [x] Remove unused `#include "esp_now.h"` (2026-02-14) +- [x] Remove hardcoded default IP from Kconfig (2026-02-14) ### P2 - Normal - [ ] Tune presence threshold per room with real-world testing diff --git a/TODO.md b/TODO.md index c1470ae..83e2bdf 100644 --- a/TODO.md +++ b/TODO.md @@ -3,11 +3,11 @@ ## Firmware ### Security (from pentest findings) -- [ ] Enable `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` (stack canaries) -- [ ] Enable `CONFIG_HEAP_POISONING_LIGHT=y` (heap corruption detection) -- [ ] Enable `CONFIG_ESP_TASK_WDT_PANIC=y` (WDT auto-recovery) -- [ ] Remove unused `#include "esp_now.h"` from app_main.c -- [ ] Remove hardcoded default IP `192.168.129.11` from binary +- [x] Enable `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` (stack canaries) +- [x] Enable `CONFIG_HEAP_POISONING_LIGHT=y` (heap corruption detection) +- [x] Enable `CONFIG_ESP_TASK_WDT_PANIC=y` (WDT auto-recovery) +- [x] Remove unused `#include "esp_now.h"` from app_main.c +- [x] Remove hardcoded default IP `192.168.129.11` from binary - [ ] Flash encryption planning (irreversible eFuse burn) - [ ] Secure Boot V2 planning (irreversible eFuse burn) - [ ] DTLS for UDP command channel (stretch goal) diff --git a/get-started/csi_recv_router/main/Kconfig.projbuild b/get-started/csi_recv_router/main/Kconfig.projbuild index 6e7703c..e92ba78 100644 --- a/get-started/csi_recv_router/main/Kconfig.projbuild +++ b/get-started/csi_recv_router/main/Kconfig.projbuild @@ -2,9 +2,10 @@ menu "CSI UDP Configuration" config CSI_UDP_TARGET_IP string "UDP target IP address" - default "192.168.129.11" + default "0.0.0.0" help IP address of the host receiving CSI data (e.g., Raspberry Pi). + Set to 0.0.0.0 to disable sending until configured via TARGET command. config CSI_UDP_TARGET_PORT int "UDP target port" diff --git a/get-started/csi_recv_router/main/app_main.c b/get-started/csi_recv_router/main/app_main.c index 633bf08..f4e9840 100644 --- a/get-started/csi_recv_router/main/app_main.c +++ b/get-started/csi_recv_router/main/app_main.c @@ -28,7 +28,6 @@ #include "esp_log.h" #include "esp_wifi.h" #include "esp_netif.h" -#include "esp_now.h" #include "esp_timer.h" #include "esp_task_wdt.h" #include "esp_pm.h" @@ -819,8 +818,12 @@ static void udp_socket_init(void) s_dest_addr.sin_port = htons(s_target_port); inet_pton(AF_INET, s_target_ip, &s_dest_addr.sin_addr); - ESP_LOGI(TAG, "UDP socket initialized, sending to %s:%d", - s_target_ip, s_target_port); + if (strcmp(s_target_ip, "0.0.0.0") == 0) { + ESP_LOGW(TAG, "No UDP target configured — use TARGET command to set destination"); + } else { + ESP_LOGI(TAG, "UDP socket initialized, sending to %s:%d", + s_target_ip, s_target_port); + } } /* --- Ping --- */ diff --git a/get-started/csi_recv_router/sdkconfig.defaults b/get-started/csi_recv_router/sdkconfig.defaults index 587adf6..17e42c9 100644 --- a/get-started/csi_recv_router/sdkconfig.defaults +++ b/get-started/csi_recv_router/sdkconfig.defaults @@ -14,6 +14,7 @@ CONFIG_ESP_CONSOLE_UART_NUM=0 CONFIG_CONSOLE_UART_BAUDRATE=921600 CONFIG_ESP_TASK_WDT_TIMEOUT_S=30 +CONFIG_ESP_TASK_WDT_PANIC=y CONFIG_ESPTOOLPY_MONITOR_BAUD_921600B=y CONFIG_ESPTOOLPY_MONITOR_BAUD=921600 @@ -30,6 +31,8 @@ CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED= # Compiler options (size optimization saves ~75 KB) # CONFIG_COMPILER_OPTIMIZATION_SIZE=y +CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y +CONFIG_HEAP_POISONING_LIGHT=y # # FreeRTOS diff --git a/get-started/csi_recv_router/sdkconfig.sample b/get-started/csi_recv_router/sdkconfig.sample index c17bd0e..83d1ac6 100644 --- a/get-started/csi_recv_router/sdkconfig.sample +++ b/get-started/csi_recv_router/sdkconfig.sample @@ -435,7 +435,7 @@ CONFIG_PARTITION_TABLE_MD5=y # # CSI UDP Configuration # -CONFIG_CSI_UDP_TARGET_IP="192.168.129.11" +CONFIG_CSI_UDP_TARGET_IP="0.0.0.0" CONFIG_CSI_UDP_TARGET_PORT=5500 CONFIG_CSI_CMD_PORT=5501 CONFIG_CSI_HOSTNAME="your-hostname"