# ESP32 Hacking TODO

## Firmware
- [ ] Chip temperature reporting
- [ ] Sensor ID in data packets (hostname prefix on CSI_DATA/BLE_DATA)
- [ ] WiFi probe request capture (PROBE_DATA via promiscuous mode)
- [ ] Deauth/disassoc frame detection (alert on WiFi attacks)
- [ ] On-device CSI processing (send metrics, not raw)

## Tools
- [ ] Multi-sensor BLE correlation (tag by source sensor, zone tracking)
- [ ] BLE alerting (known device list, alert on unknown MACs)
- [ ] BLE dwell time tracking (loitering detection)
- [ ] Event logging (timestamped CSV from all streams)
- [ ] Sensor discovery script (find all ESP32s on network via mDNS)

## Testing
- [ ] Benchmark: CSI callback latency
- [ ] Benchmark: UDP throughput at different rates
- [ ] Power consumption measurements (per-mode: idle, CSI, BLE, probe)

## Documentation
- [ ] Pin mapping for ESP32-DevKitC V1
- [ ] Compare CSI quality: passive (router) vs active (ESP-NOW)
- [ ] Multi-sensor deployment guide (placement, zones, triangulation)

## Ideas
- ESP-NOW mesh for direct ESP32-to-ESP32 CSI
- External PIR sensor for CSI ground truth validation
- Battery + deep sleep mode for portable deployment
- AP+STA config portal (captive portal for initial setup)
- Multi-channel scanning (hop across WiFi channels)
- RSSI triangulation with 3 sensors (approximate device location)
- BLE device fingerprinting (identify phone models by advertisement patterns)
- Historical presence logging (who was here, when, how long)