# ESP32 Hacking TODO

## Firmware Features
- [x] UDP command listener (reboot, identify, status, rate, power)
- [x] LED status indicator
- [x] OTA firmware updates
- [x] Adaptive sampling rate
- [x] BLE scanning
- [x] mDNS auto-discovery
- [x] On-device wander calculation
- [x] Configurable target IP/port via command (TARGET)
- [x] PROFILE command (heap, stack, CPU stats)
- [ ] Chip temperature reporting
- [ ] Sensor ID in data packets (hostname prefix on CSI_DATA/BLE_DATA)
- [ ] WiFi probe request capture (PROBE_DATA via promiscuous mode)
- [ ] Deauth/disassoc frame detection (alert on WiFi attacks)
- [ ] On-device CSI processing (send metrics, not raw)

## Tools
- [x] `esp-cmd` CLI tool to send commands to sensors
- [x] `esp-fleet` parallel fleet management
- [x] `esp-ota` OTA firmware update orchestration
- [x] `esp-ctl` unified CLI (cmd, status, listen, serial, ble, target, profile)
- [ ] Multi-sensor BLE correlation (tag by source sensor, zone tracking)
- [ ] BLE alerting (known device list, alert on unknown MACs)
- [ ] BLE dwell time tracking (loitering detection)
- [ ] Event logging (timestamped CSV from all streams)
- [ ] Sensor discovery script (find all ESP32s on network via mDNS)

## Testing
- [ ] Benchmark: CSI callback latency
- [ ] Benchmark: UDP throughput at different rates
- [x] Test: BLE + WiFi coexistence impact on CSI
- [ ] Power consumption measurements (per-mode: idle, CSI, BLE, probe)

## Documentation
- [ ] Pin mapping for ESP32-DevKitC V1
- [x] Memory usage analysis (PROFILE command)
- [ ] Compare CSI quality: passive (router) vs active (ESP-NOW)
- [ ] Multi-sensor deployment guide (placement, zones, triangulation)

## Ideas
- ESP-NOW mesh for direct ESP32-to-ESP32 CSI
- External PIR sensor for CSI ground truth validation
- Battery + deep sleep mode for portable deployment
- AP+STA config portal (captive portal for initial setup)
- Multi-channel scanning (hop across WiFi channels)
- RSSI triangulation with 3 sensors (approximate device location)
- BLE device fingerprinting (identify phone models by advertisement patterns)
- Historical presence logging (who was here, when, how long)