docs: Add pentest results and update project docs

Executed non-invasive pentest against amber-maple (v1.12-dev): - Phase 1: mDNS, port scan, binary analysis, eFuse readout - Phase 2: HMAC timing, command injection (27 tests), replay (6 tests) - Phase 3: NVS analysis, CVE check (12 CVEs), binary structure All network-facing tests PASS. Physical security gaps documented.
2026-02-14 21:55:47 +01:00
parent 8445fab1ce
commit 31724df63f
7 changed files with 2545 additions and 1 deletions
--- a/docs/CHEATSHEET.md
+++ b/docs/CHEATSHEET.md
@@ -404,3 +404,24 @@ ls /dev/ttyUSB* /dev/ttyACM*            # Find connected devices
 dmesg | tail                             # Check USB detection
 sudo usermod -aG dialout $USER           # Fix permissions (re-login)
 ```
+
+## Security Testing
+
+```bash
+# eFuse status (read-only, safe)
+source ~/esp/esp-idf/export.sh && espefuse.py -p /dev/ttyUSB0 summary
+
+# NVS dump (read-only)
+esptool.py -p /dev/ttyUSB0 -b 921600 read_flash 0x9000 0x4000 /tmp/nvs_dump.bin
+
+# Port scan
+sudo nmap -sU -p 5500,5501,5353 --open <sensor-ip>
+sudo nmap -sT -p 1-1000 <sensor-ip>
+
+# Firmware binary analysis
+binwalk build/csi_recv_router.bin
+strings -n 6 build/csi_recv_router.bin | grep -iE 'password|secret|key'
+```
+
+Full pentest guide: `docs/PENTEST.md`
+Pentest results: `docs/PENTEST-RESULTS.md`