# ESP32 Hacking Tasks **Last Updated:** 2026-02-04 ## Current Sprint: v1.1 - Passive Sensing & Multi-Sensor ### P1 - Important - [ ] Build + flash firmware (sensor ID, temp, deauth detection) - [ ] OTA update remaining fleet (muddy-storm, hollow-acorn) - [ ] WiFi probe request capture (PROBE_DATA via promiscuous mode) ### P2 - Normal - [ ] Multi-sensor BLE correlation in esp-ctl (zone tracking) - [ ] Test OTA rollback (flash bad firmware, verify auto-revert) ### P3 - Low - [ ] Document esp-crab dual-antenna capabilities - [ ] Document esp-radar console features - [ ] Pin mapping for ESP32-DevKitC V1 ## Completed: v1.1 (partial) - [x] Sensor ID in data packets (hostname prefix on CSI_DATA, BLE_DATA, EVENT) - [x] Deauth/disassoc frame detection (ALERT_DATA via promiscuous mode) - [x] Chip temperature reporting in STATUS reply - [x] BLE alerting (`esp-ctl ble --known`, alert on unknown MACs) - [x] BLE dwell time tracking (dwell column in `--track` summary) - [x] Timestamped event logging (`esp-ctl listen --timestamp`) - [x] Alert filter in esp-ctl (`listen -f alert`) ## Completed: v0.5 - BLE Scanning - [x] Enable Bluetooth alongside WiFi (NimBLE, BLE ON/OFF command) - [x] Periodic BLE advertisement scanning - [x] Report device MAC, RSSI, name via UDP - [x] Pi-side BLE device tracking (`esp-ctl ble --track`) - [x] PROFILE command (heap, stack watermarks, CPU runtime stats) - [x] TARGET command (runtime UDP destination config) ## Completed: v0.4 - Adaptive Sampling - [x] On-device CSI wander calculation (coefficient of variation) - [x] Adaptive rate: 10 pkt/s idle (3s holdoff) → 100 pkt/s on motion - [x] EVENT notification to Pi on rate change - [x] ADAPTIVE ON/OFF command (NVS persisted) - [x] THRESHOLD command for tuning sensitivity (NVS persisted) - [x] RATE command disables adaptive mode - [x] adaptive/motion fields in STATUS reply - [x] OTA deployed and verified on amber-maple ## Completed: v0.3 - OTA Updates - [x] Dual OTA partition table (`partitions.csv`) - [x] 4MB flash, custom partitions, rollback in sdkconfig.defaults - [x] Firmware: OTA command, ota_task, LED_OTA, rollback validation - [x] Firmware: version in STATUS reply - [x] Pi-side `esp-ota` tool (HTTP server + OTA orchestration) - [x] `esp-fleet ota` subcommand (sequential fleet update) - [x] Build and USB-flash amber-maple (partition table change) - [x] End-to-end OTA test verified - [x] Regenerate sdkconfig.sample - [x] Update CHEATSHEET.md, USAGE.md ## Completed: v0.2 - Remote Management - [x] Firmware: UDP command listener (port 5501) - [x] Firmware: LED status indicator (GPIO2) - [x] Firmware: NVS config persistence (rate, tx_power) - [x] Firmware: REBOOT, IDENTIFY, STATUS commands - [x] Firmware: RATE command (10-100 Hz, restarts ping) - [x] Firmware: POWER command (2-20 dBm) - [x] Pi-side: `esp-cmd` CLI tool - [x] Pi-side: `esp-fleet` fleet management tool - [x] mDNS hostname, watchdog, human-readable uptime ## Completed: v0.1 - Documentation - [x] Copy firmware sources to project - [x] Document current firmware and settings - [x] Document build & flash workflow - [x] Create .gitignore for build artifacts - [x] Test building firmware from this repo - [x] Document CSI config options ## Notes - Adaptive threshold varies by environment; 0.001-0.01 is a good starting range - NVS keys: `send_rate`, `tx_power`, `adaptive`, `threshold`, `ble_scan`, `target_ip`, `target_port` - EVENT packets now include sensor hostname: `EVENT,,motion=... rate=... wander=...` - ALERT_DATA format: `ALERT_DATA,,,,,` - STATUS now includes `temp=` field (chip temperature in Celsius)