# ESP32 Hacking TODO

## Firmware

### Security (from pentest findings)
- [ ] Enable `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` (stack canaries)
- [ ] Enable `CONFIG_HEAP_POISONING_LIGHT=y` (heap corruption detection)
- [ ] Enable `CONFIG_ESP_TASK_WDT_PANIC=y` (WDT auto-recovery)
- [ ] Remove unused `#include "esp_now.h"` from app_main.c
- [ ] Remove hardcoded default IP `192.168.129.11` from binary
- [ ] Flash encryption planning (irreversible eFuse burn)
- [ ] Secure Boot V2 planning (irreversible eFuse burn)
- [ ] DTLS for UDP command channel (stretch goal)
- [ ] OTA certificate pinning / embedded CA cert
- [ ] NVS encryption for auth_secret at rest

### Features
- [ ] Multi-target (send UDP data to 2+ destinations simultaneously)
- [ ] Deep sleep mode with wake-on-CSI-motion
- [ ] Battery-optimized duty cycling
- [ ] AP+STA config portal (captive portal for initial setup)

### Testing
- [ ] Tune presence threshold per room with real-world testing
- [ ] Power consumption measurements (per-mode: idle, CSI, BLE, probe)
- [ ] Benchmark: CSI callback latency
- [ ] Benchmark: UDP throughput at different rates

### Documentation
- [ ] Document esp-crab dual-antenna capabilities
- [ ] Document esp-radar console features
- [ ] Pin mapping for ESP32-DevKitC V1
- [ ] Compare CSI quality: passive (router) vs active (ESP-NOW)
- [ ] Multi-sensor deployment guide (placement, zones, triangulation)

## Tools (esp-ctl)

- [ ] Migrate OSINT database to Flask API (esp-ctl becomes thin client)
- [ ] `esp-ctl api` subcommand (query Flask API)

## Ideas

- ESP-NOW mesh for direct ESP32-to-ESP32 CSI
- External PIR sensor for CSI ground truth validation
- RSSI triangulation with 3+ sensors (approximate device location)
- Home Assistant MQTT discovery integration
- Grafana dashboards for long-term analytics
- ML-based device classification (phone vs laptop vs IoT)
- Webhook callbacks for alerts (Slack, Discord, ntfy)