menu "Epsilon Bot Configuration"

################################################
# Device
################################################
config DEVICE_ID
    string "Device ID"
    default "ce4f626b"
    help
        Unique device identifier sent to the C2 server.

################################################
# Core Network
################################################
menu "Network"

choice NETWORK_MODE
    prompt "Connection Mode"
    default NETWORK_WIFI

config NETWORK_WIFI
    bool "WiFi"

config NETWORK_GPRS
    bool "GPRS"

endchoice

menu "WiFi Settings"
    depends on NETWORK_WIFI

config WIFI_SSID
    string "WiFi SSID"
    default "mywifi"

config WIFI_PASS
    string "WiFi Password"
    default ""

endmenu

menu "GPRS Settings"
    depends on NETWORK_GPRS || FB_GPRS_FALLBACK

config GPRS_APN
    string "APN"
    default "sl2sfr"

config GPRS_TXD_PIN
    int "UART TX GPIO"
    default 27

config GPRS_RXD_PIN
    int "UART RX GPIO"
    default 26

config GPRS_PWR_KEY
    int "Modem PWRKEY GPIO"
    default 4

config GPRS_PWR_EN
    int "Modem Power Enable GPIO"
    default 23

config GPRS_RESET_PIN
    int "Modem Reset GPIO"
    default 5

config GPRS_LED_GPIO
    int "Status LED GPIO"
    default 13

endmenu

endmenu

################################################
# Server
################################################
menu "Server"

config SERVER_IP
    string "Server IP"
    default "192.168.1.100"

config SERVER_PORT
    int "Server Port"
    default 2626
    range 1 65535

endmenu

################################################
# Async Workers
################################################
menu "Async Workers"

config ASYNC_WORKER_COUNT
    int "Number of async command workers"
    default 2
    range 1 4
    help
        Number of FreeRTOS tasks that process async commands
        in parallel on Core 1.

config ASYNC_QUEUE_DEPTH
    int "Async command queue depth"
    default 8
    range 4 32
    help
        Maximum number of async commands waiting to be processed.

endmenu

################################################
# Modules (Command Providers)
################################################
menu "Modules"

config MODULE_NETWORK
    bool "Network Commands"
    default y
    help
        ping, arp_scan, dos, tunnel proxy, etc.

config MODULE_RECON
    bool "Recon Commands"
    default n
    depends on NETWORK_WIFI
    help
        Network reconnaissance commands.

config MODULE_FAKEAP
    bool "Fake Access Point Commands"
    default n
    help
        Fake AP, captive portal, sniffer.

config MODULE_HONEYPOT
    bool "Honeypot Module"
    default n
    help
        TCP honeypot services (SSH, Telnet, HTTP, FTP),
        WiFi monitor, network anomaly detector.

config MODULE_FALLBACK
    bool "Fallback - Resilient Connectivity"
    default n
    help
        Autonomous network recovery module. Auto-triggers on C2 loss.
        WiFi mode: hunts for networks, tries known WiFi, open WiFi, captive bypass.
        GPRS mode: restarts modem, tries WiFi fallback if enabled.
        Fully autonomous, no C2 commands needed.

config MODULE_REDTEAM
    bool "Red Team - Offensive Operations"
    default n
    depends on NETWORK_WIFI
    help
        Offensive red team capabilities: WiFi attacks,
        network MITM, covert exfiltration, implant management.

menu "Red Team Settings"
    depends on MODULE_REDTEAM

config RT_STEALTH
    bool "Stealth features (MAC random, low TX, passive scan)"
    default y

config RT_MESH
    bool "ESP-NOW mesh relay between agents"
    default n

config RT_DEAUTH
    bool "802.11 deauth frame injection"
    default y
    help
        Send deauthentication frames to disconnect clients from APs.

config RT_BEACON
    bool "802.11 beacon flood"
    default y
    help
        Spam fake beacon frames to flood WiFi scanners with bogus SSIDs.

config RT_KARMA
    bool "Karma attack (fake AP from probe requests)"
    default y
    help
        Listen for probe requests and respond as the requested AP.
        Lures clients into connecting to our rogue access point.

config RT_CAPTURE
    bool "WPA 4-way handshake capture"
    default y
    help
        Capture WPA/WPA2 EAPOL handshake frames for offline cracking.

endmenu

config MODULE_CANBUS
    bool "CAN Bus Module (MCP2515)"
    default n
    help
        CAN bus via MCP2515 SPI controller: sniff, inject, UDS, OBD-II, fuzzing.
        Requires MCP2515 module with TJA1050 transceiver.

config MODULE_TUNNEL
    bool "SOCKS5 Tunnel Proxy"
    default n
    depends on MODULE_NETWORK
    help
        Multiplexed SOCKS5 tunnel proxy. Connects to C3PO tunnel
        server and allows concurrent TCP connections through the
        ESP32 to the target network. Use with proxychains/nmap/curl.

config ESPILON_OTA_ENABLED
    bool "OTA Updates"
    default y
    help
        Enable over-the-air firmware updates.

config ESPILON_OTA_ALLOW_HTTP
    bool "Allow OTA over plain HTTP (insecure)"
    default n
    depends on ESPILON_OTA_ENABLED
    help
        Allow firmware downloads over HTTP in addition to HTTPS.
        WARNING: No TLS verification, use only on trusted networks.

endmenu

################################################
# Tunnel Module Settings
################################################
menu "Tunnel Settings"
    depends on MODULE_TUNNEL

config TUNNEL_MAX_CHANNELS
    int "Maximum concurrent channels"
    default 8
    range 4 16
    help
        Maximum number of simultaneous TCP connections through
        the tunnel. Each channel uses ~1.2 KB of lwIP memory.

config TUNNEL_FRAME_MAX
    int "Maximum frame data size"
    default 4096
    range 1024 8192
    help
        Maximum payload per frame. Larger = better throughput,
        but uses more stack/heap memory.

config TUNNEL_ENCRYPT
    bool "Per-frame AEAD encryption"
    default n
    help
        Encrypt each tunnel frame with ChaCha20-Poly1305.
        Adds 28 bytes overhead per frame. Recommended when
        the tunnel crosses untrusted networks.

config TUNNEL_TASK_STACK
    int "Tunnel task stack size"
    default 6144
    range 4096 8192

endmenu

################################################
# CAN Bus Module Settings
################################################
menu "CAN Bus Settings"
    depends on MODULE_CANBUS

config CANBUS_SPI_HOST
    int "SPI host (2=HSPI, 3=VSPI)"
    default 3
    range 2 3

config CANBUS_PIN_MOSI
    int "SPI MOSI GPIO"
    default 23

config CANBUS_PIN_MISO
    int "SPI MISO GPIO"
    default 19

config CANBUS_PIN_SCK
    int "SPI SCK GPIO"
    default 18

config CANBUS_PIN_CS
    int "SPI CS (chip select) GPIO"
    default 5

config CANBUS_PIN_INT
    int "MCP2515 INT (interrupt) GPIO"
    default 4

config CANBUS_OSC_MHZ
    int "MCP2515 oscillator frequency (MHz)"
    default 8
    help
        Most cheap modules use 8MHz. Some use 16MHz.
        Check the crystal on your module.

config CANBUS_DEFAULT_BITRATE
    int "Default CAN bitrate (bps)"
    default 500000
    help
        Standard automotive: 500000. Trucks (J1939): 250000.

config CANBUS_SPI_CLOCK_HZ
    int "SPI clock speed (Hz)"
    default 10000000
    help
        MCP2515 supports up to 10MHz SPI clock.

config CANBUS_RECORD_BUFFER
    int "Record buffer size (frames)"
    default 512
    range 64 2048

config CANBUS_ISO_TP
    bool "Enable ISO-TP transport layer"
    default y
    help
        Required for UDS and OBD-II (multi-frame messages > 8 bytes).

config CANBUS_UDS
    bool "Enable UDS diagnostic services"
    default y
    depends on CANBUS_ISO_TP

config CANBUS_OBD
    bool "Enable OBD-II PID decoder"
    default y
    depends on CANBUS_ISO_TP

config CANBUS_FUZZ
    bool "Enable CAN fuzzing engine"
    default y

endmenu

################################################
# Fallback Module Settings
################################################
menu "Fallback Module Settings"
    depends on MODULE_FALLBACK

config FB_AUTO_HUNT
    bool "Auto-activate on C2 connection loss"
    default y
    help
        Start C2 failover after FB_TCP_FAIL_THRESHOLD consecutive
        TCP failures, then trigger full network hunt if all C2
        fallback addresses are unreachable.

config FB_STEALTH
    bool "Enable stealth features (MAC random, low TX, passive scan)"
    default y

config FB_MAX_KNOWN_NETWORKS
    int "Max known networks in NVS"
    default 16
    range 4 32

config FB_MAX_C2_FALLBACKS
    int "Max C2 fallback addresses"
    default 4
    range 1 8

config FB_TCP_FAIL_THRESHOLD
    int "TCP failures before C2 failover"
    default 10
    range 3 30
    help
        Consecutive TCP connect failures before trying C2 fallback
        addresses, then triggering full network hunt.

config FB_WIFI_FAIL_THRESHOLD
    int "WiFi reconnect failures before hunt"
    default 10
    range 3 20
    depends on NETWORK_WIFI
    help
        WiFi reconnect failures in the event handler before
        auto-triggering the fallback hunt.

config FB_GPRS_FALLBACK
    bool "GPRS fallback (cellular backup for WiFi mode)"
    default n
    depends on NETWORK_WIFI
    help
        Last resort when all WiFi strategies fail: init SIM800
        modem and connect to C2 via GPRS.

config FB_WIFI_FALLBACK
    bool "WiFi fallback (WiFi backup for GPRS mode)"
    default n
    depends on NETWORK_GPRS
    help
        When GPRS modem is dead, init WiFi and hunt for networks.

config FB_GPRS_FAIL_THRESHOLD
    int "GPRS modem failures before WiFi fallback"
    default 5
    range 2 10
    depends on FB_WIFI_FALLBACK
    help
        Consecutive GPRS connection failures before triggering
        WiFi fallback hunt.

endmenu

################################################
# Recon Module Settings
################################################
menu "Recon Settings"
    depends on MODULE_RECON

config RECON_MODE_CAMERA
    bool "Enable Camera Reconnaissance"
    default n

config CAMERA_UDP_TOKEN
    string "Camera UDP Token"
    default "Sup3rS3cretT0k3n"
    depends on RECON_MODE_CAMERA
    help
        Secret token prepended to camera UDP packets.
        Must match CAMERA_SECRET_TOKEN on the C2 server.

config RECON_MODE_MLAT
    bool "Enable MLAT (Multilateration) Module"
    default n
    help
        Enable multilateration positioning using RSSI measurements.
        Mode (BLE or WiFi) is selected at runtime from C2.

endmenu

################################################
# Security
################################################
menu "Security"

config CRYPTO_FCTRY_NS
    string "Factory NVS namespace for crypto"
    default "crypto"
    help
        NVS namespace in the factory partition where the master key is stored.

config CRYPTO_FCTRY_KEY
    string "Factory NVS key name for master key"
    default "master_key"
    help
        NVS key name for the 32-byte master key blob in the factory partition.

config C2_VERIFY_SERVER
    bool "Verify C2 server identity on connect"
    default y
    depends on NETWORK_WIFI
    help
        Performs a challenge-response handshake after TCP connect
        to verify the server possesses the shared encryption key.
        Protects against MITM attacks without requiring TLS.

endmenu

################################################
# Logging
################################################
menu "Logging"

choice ESPILON_LOG_LEVEL
    prompt "Default log level"
    default ESPILON_LOG_LEVEL_INFO

config ESPILON_LOG_LEVEL_ERROR
    bool "Error"

config ESPILON_LOG_LEVEL_WARN
    bool "Warn"

config ESPILON_LOG_LEVEL_INFO
    bool "Info"

config ESPILON_LOG_LEVEL_DEBUG
    bool "Debug"

config ESPILON_LOG_LEVEL_VERBOSE
    bool "Verbose"

endchoice

config ESPILON_LOG_CMD_REG_VERBOSE
    bool "Verbose command registration logs"
    default n
    help
        If enabled, log each command registration.
        Otherwise, a single summary line is printed.

config ESPILON_LOG_C2_VERBOSE
    bool "Verbose C2 command logs"
    default n
    help
        If enabled, print the full C2 command block
        (name, argc, request id, args).

config ESPILON_LOG_BOOT_SUMMARY
    bool "Show boot summary header"
    default y
    help
        Print a BOOT SUMMARY header at startup.

endmenu

endmenu
