username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity
Files
ba6a2a13ee77e80be7d7beee76f8c73c70c9d675
esp32-hacking/TODO.md
user c76c1ee61b
Some checks failed
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Details
Lint & Build / Secret Scanning (push) Successful in 5s
Details
Lint & Build / C/C++ Static Analysis (push) Failing after 34s
Details
Lint & Build / Build Firmware (push) Has been skipped
Details
feat: OTA TLS cert verification + CI release pipeline 
Wire ESP-IDF's built-in 150-CA root bundle to the OTA HTTP client
so HTTPS OTA verifies server certificates. Pin bundle config in
sdkconfig.defaults. Replace dead artifact-copy step with Gitea
release creation on tag push. Bump CI container to IDF v5.5.
2026-02-14 22:38:41 +01:00

50 lines
1.9 KiB
Markdown
Raw Blame History

# ESP32 Hacking TODO
## Firmware
### Security (from pentest findings)
- [x] Enable `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y` (stack canaries)
- [x] Enable `CONFIG_HEAP_POISONING_LIGHT=y` (heap corruption detection)
- [x] Enable `CONFIG_ESP_TASK_WDT_PANIC=y` (WDT auto-recovery)
- [x] Remove unused `#include "esp_now.h"` from app_main.c
- [x] Remove hardcoded default IP `192.168.129.11` from binary
- [ ] Flash encryption planning (irreversible eFuse burn)
- [ ] Secure Boot V2 planning (irreversible eFuse burn)
- [ ] DTLS for UDP command channel (stretch goal)
- [x] OTA TLS certificate verification (ESP-IDF CA bundle)
- [ ] NVS encryption for auth_secret at rest
### Features
- [ ] Multi-target (send UDP data to 2+ destinations simultaneously)
- [ ] Deep sleep mode with wake-on-CSI-motion
- [ ] Battery-optimized duty cycling
- [ ] AP+STA config portal (captive portal for initial setup)
### Testing
- [ ] Tune presence threshold per room with real-world testing
- [ ] Power consumption measurements (per-mode: idle, CSI, BLE, probe)
- [ ] Benchmark: CSI callback latency
- [ ] Benchmark: UDP throughput at different rates
### Documentation
- [ ] Document esp-crab dual-antenna capabilities
- [ ] Document esp-radar console features
- [ ] Pin mapping for ESP32-DevKitC V1
- [ ] Compare CSI quality: passive (router) vs active (ESP-NOW)
- [ ] Multi-sensor deployment guide (placement, zones, triangulation)
## Tools (esp-ctl)
- [ ] Migrate OSINT database to Flask API (esp-ctl becomes thin client)
- [ ] `esp-ctl api` subcommand (query Flask API)
## Ideas
- ESP-NOW mesh for direct ESP32-to-ESP32 CSI
- External PIR sensor for CSI ground truth validation
- RSSI triangulation with 3+ sensors (approximate device location)
- Home Assistant MQTT discovery integration
- Grafana dashboards for long-term analytics
- ML-based device classification (phone vs laptop vs IoT)
- Webhook callbacks for alerts (Slack, Discord, ntfy)
Reference in New Issue View Git Blame Copy Permalink