username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity
Files
31724df63fe6f750ea66681a9bb2fcaa3abb6740
esp32-hacking/TODO.md
user 31724df63f docs: Add pentest results and update project docs 
Executed non-invasive pentest against amber-maple (v1.12-dev):
- Phase 1: mDNS, port scan, binary analysis, eFuse readout
- Phase 2: HMAC timing, command injection (27 tests), replay (6 tests)
- Phase 3: NVS analysis, CVE check (12 CVEs), binary structure
All network-facing tests PASS. Physical security gaps documented.
2026-02-14 21:55:47 +01:00

1.9 KiB
Raw Blame History

ESP32 Hacking TODO

Firmware

Security (from pentest findings)

  • Enable CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y (stack canaries)
  • Enable CONFIG_HEAP_POISONING_LIGHT=y (heap corruption detection)
  • Enable CONFIG_ESP_TASK_WDT_PANIC=y (WDT auto-recovery)
  • Remove unused #include "esp_now.h" from app_main.c
  • Remove hardcoded default IP 192.168.129.11 from binary
  • Flash encryption planning (irreversible eFuse burn)
  • Secure Boot V2 planning (irreversible eFuse burn)
  • DTLS for UDP command channel (stretch goal)
  • OTA certificate pinning / embedded CA cert
  • NVS encryption for auth_secret at rest

Features

  • Multi-target (send UDP data to 2+ destinations simultaneously)
  • Deep sleep mode with wake-on-CSI-motion
  • Battery-optimized duty cycling
  • AP+STA config portal (captive portal for initial setup)

Testing

  • Tune presence threshold per room with real-world testing
  • Power consumption measurements (per-mode: idle, CSI, BLE, probe)
  • Benchmark: CSI callback latency
  • Benchmark: UDP throughput at different rates

Documentation

  • Document esp-crab dual-antenna capabilities
  • Document esp-radar console features
  • Pin mapping for ESP32-DevKitC V1
  • Compare CSI quality: passive (router) vs active (ESP-NOW)
  • Multi-sensor deployment guide (placement, zones, triangulation)

Tools (esp-ctl)

  • Migrate OSINT database to Flask API (esp-ctl becomes thin client)
  • esp-ctl api subcommand (query Flask API)

Ideas

  • ESP-NOW mesh for direct ESP32-to-ESP32 CSI
  • External PIR sensor for CSI ground truth validation
  • RSSI triangulation with 3+ sensors (approximate device location)
  • Home Assistant MQTT discovery integration
  • Grafana dashboards for long-term analytics
  • ML-based device classification (phone vs laptop vs IoT)
  • Webhook callbacks for alerts (Slack, Discord, ntfy)
Reference in New Issue View Git Blame Copy Permalink