username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity
Files
36815682389ae8a040c230f83bd005eb96be4a27
esp32-hacking/ROADMAP.md

3.3 KiB
Raw Blame History

ESP32 Hacking Roadmap

v0.1 - Documentation & Setup [DONE]

  • Copy firmware sources from esp-csi
  • Document current firmware behavior
  • Document CSI data format
  • Document build & flash process
  • List firmware modification ideas with priorities
  • Verify build from repo (ESP-IDF v5.5.2, aarch64)

v0.2 - Remote Management [DONE]

  • Add UDP command listener on ESP32 (port 5501)
  • Implement REBOOT command
  • Implement IDENTIFY command (LED solid 5s)
  • Implement STATUS command (uptime, heap, RSSI, tx_power, rate, version)
  • Implement RATE command (change ping Hz, NVS persist)
  • Implement POWER command (TX power dBm, NVS persist)
  • Add LED status indicator (off/slow blink/fast blink/solid)
  • NVS persistence for rate and tx_power settings
  • Pi-side esp-cmd and esp-fleet CLI tools
  • mDNS hostname, watchdog, human-readable uptime
  • Build and flash to device
  • Update CHEATSHEET.md with new commands

v0.3 - OTA Updates [DONE]

  • Dual OTA partition table (ota_0 + ota_1, 1920 KB each)
  • 4MB flash config, custom partitions in sdkconfig.defaults
  • OTA command handler + ota_task in firmware
  • LED_OTA double-blink pattern during download
  • Bootloader rollback on failed update (30s watchdog)
  • Version field in STATUS reply
  • Pi-side esp-ota tool (HTTP server + OTA orchestration)
  • esp-fleet ota subcommand (sequential fleet update)
  • USB-flash first device (partition table change)
  • End-to-end OTA test

v0.4 - Adaptive Sampling [DONE]

  • On-device CSI wander calculation (coefficient of variation)
  • Reduce to 10 pkt/s when idle (3s holdoff)
  • Increase to 100 pkt/s on motion detection
  • Rate change EVENT notification to Pi via UDP
  • ADAPTIVE ON/OFF command (NVS persisted)
  • THRESHOLD command for tuning sensitivity (NVS persisted)
  • RATE command disables adaptive mode
  • adaptive/motion fields in STATUS reply

v0.5 - BLE Scanning

  • Enable Bluetooth alongside WiFi (NimBLE, BLE ON/OFF command)
  • Periodic BLE advertisement scanning
  • Report device MAC, RSSI, name via UDP (BLE_DATA,<mac>,<rssi>,<type>,<name>)
  • Pi-side BLE device tracking (esp-ctl ble --track, dedup, summary table)

v1.0 - Production Firmware

  • mDNS auto-discovery (done in v0.2)
  • Watchdog + auto-recovery (done in v0.2)
  • On-device CSI processing (send metrics, not raw)
  • Configuration via UDP (TARGET <ip> [port], NVS persisted)
  • Comprehensive error handling (watchdog, WiFi reconnect via example_connect)
  • esp-ctl unified CLI tool (cmd, status, listen, serial, ble, target)

Future

  • WiFi probe request capture (promiscuous mode, WIFI_PKT_MGMT)
    • Capture client SSID searches → PROBE_DATA,<mac>,<rssi>,<ssid> via UDP
    • Uses esp_wifi_set_promiscuous with management frame filter
    • Can coexist with CSI (both use promiscuous callbacks)
  • AP+STA config portal (WIFI_MODE_APSTA, same channel as STA)
    • Soft-AP for initial setup: WiFi credentials, UDP target IP, hostname
    • Captive portal or minimal HTTP server on AP interface
    • Eliminates need for hardcoded config in sdkconfig
  • ESP-NOW mesh (ESP32-to-ESP32 CSI)
  • Multi-channel scanning
  • External sensor support (PIR, temp/humidity via GPIO)
  • Power management for battery operation
Reference in New Issue View Git Blame Copy Permalink