59b8001047
Check off sensor ID, deauth detection, chip temperature, BLE alerting, dwell time, timestamped logging. Advance TASKS sprint to v1.1. Clean completed items from TODO.
4.0 KiB
4.0 KiB
ESP32 Hacking Roadmap
v0.1 - Documentation & Setup [DONE]
- Copy firmware sources from esp-csi
- Document current firmware behavior
- Document CSI data format
- Document build & flash process
- List firmware modification ideas with priorities
- Verify build from repo (ESP-IDF v5.5.2, aarch64)
v0.2 - Remote Management [DONE]
- Add UDP command listener on ESP32 (port 5501)
- Implement REBOOT command
- Implement IDENTIFY command (LED solid 5s)
- Implement STATUS command (uptime, heap, RSSI, tx_power, rate, version)
- Implement RATE command (change ping Hz, NVS persist)
- Implement POWER command (TX power dBm, NVS persist)
- Add LED status indicator (off/slow blink/fast blink/solid)
- NVS persistence for rate and tx_power settings
- Pi-side
esp-cmdandesp-fleetCLI tools - mDNS hostname, watchdog, human-readable uptime
- Build and flash to device
- Update CHEATSHEET.md with new commands
v0.3 - OTA Updates [DONE]
- Dual OTA partition table (ota_0 + ota_1, 1920 KB each)
- 4MB flash config, custom partitions in sdkconfig.defaults
- OTA command handler + ota_task in firmware
- LED_OTA double-blink pattern during download
- Bootloader rollback on failed update (30s watchdog)
- Version field in STATUS reply
- Pi-side
esp-otatool (HTTP server + OTA orchestration) esp-fleet otasubcommand (sequential fleet update)- USB-flash first device (partition table change)
- End-to-end OTA test
v0.4 - Adaptive Sampling [DONE]
- On-device CSI wander calculation (coefficient of variation)
- Reduce to 10 pkt/s when idle (3s holdoff)
- Increase to 100 pkt/s on motion detection
- Rate change EVENT notification to Pi via UDP
- ADAPTIVE ON/OFF command (NVS persisted)
- THRESHOLD command for tuning sensitivity (NVS persisted)
- RATE command disables adaptive mode
- adaptive/motion fields in STATUS reply
v0.5 - BLE Scanning [DONE]
- Enable Bluetooth alongside WiFi (NimBLE, BLE ON/OFF command)
- Periodic BLE advertisement scanning
- Report device MAC, RSSI, name via UDP (
BLE_DATA,<mac>,<rssi>,<type>,<name>) - Pi-side BLE device tracking (
esp-ctl ble --track, dedup, summary table)
v1.0 - Production Firmware
- mDNS auto-discovery (done in v0.2)
- Watchdog + auto-recovery (done in v0.2)
- On-device CSI processing (send metrics, not raw)
- Configuration via UDP (
TARGET <ip> [port], NVS persisted) - Comprehensive error handling (watchdog, WiFi reconnect via example_connect)
esp-ctlunified CLI tool (cmd, status, listen, serial, ble, target, profile)
v1.1 - Passive Sensing & Multi-Sensor
- Sensor ID in data packets (hostname prefix on CSI_DATA, BLE_DATA, EVENT)
- WiFi probe request capture (
PROBE_DATA,<sensor>,<mac>,<rssi>,<ssid>) - Deauth/disassoc frame detection (
ALERT_DATA,<sensor>,<type>,<sender>,<target>,<rssi>) - Multi-sensor BLE correlation in esp-ctl (zone tracking by source sensor)
- BLE alerting (
esp-ctl ble --known, alert on unknown MACs) - BLE dwell time tracking (
esp-ctl ble --trackdwell column) - Timestamped event logging (
esp-ctl listen --timestamp)
v1.2 - Profiling & Power Management
- PROFILE command (heap, stack watermarks, CPU runtime stats)
- Chip temperature reporting in STATUS (
temp=field) - Power consumption measurements (per-mode baseline)
- Deep sleep mode with wake-on-CSI-motion
- Battery-optimized duty cycling
Future
- AP+STA config portal (WIFI_MODE_APSTA, captive portal for initial setup)
- ESP-NOW mesh (ESP32-to-ESP32 CSI)
- Multi-channel scanning (hop across WiFi channels)
- RSSI triangulation with 3 sensors (approximate device location)
- BLE device fingerprinting (identify phone models by advertisement patterns)
- Historical presence logging (who was here, when, how long)
- External sensor support (PIR, temp/humidity via GPIO)
- On-device CSI processing (send metrics, not raw)