system_profiler SPUSBDataType | grep -A 10 "1e3d:198a" (minimal probe)
I fired up Wireshark’s USB capture. After the standard control transfers, the device sent a vendor‑specific request: 0x5a (bRequest = 90 decimal). The data payload? A 32‑byte blob starting with 0x1e3d198a – its own VID/PID reversed. vid = 1e3d pid = 198a
Within an hour, I decoded the pattern. The 198a PID wasn’t for serial emulation. It enabled over USB bulk endpoints. The device was masquerading as a cheap debug tool but could read/write physical RAM if the host’s USB controller had a certain vulnerability (CVE‑2028‑44321). vid = 1e3d pid = 198a
The drone didn’t crash. It was deactivated – by a device that looked like a $2 cable. Linux vid = 1e3d pid = 198a