The drone didn’t crash. It was deactivated – by a device that looked like a $2 cable. Linux
Within an hour, I decoded the pattern. The 198a PID wasn’t for serial emulation. It enabled over USB bulk endpoints. The device was masquerading as a cheap debug tool but could read/write physical RAM if the host’s USB controller had a certain vulnerability (CVE‑2028‑44321).
lsusb -d 1e3d:198a -v # Shows device descriptors, endpoints, configurations vid = 1e3d pid = 198a
system_profiler SPUSBDataType | grep -A 10 "1e3d:198a" (minimal probe)
I fired up Wireshark’s USB capture. After the standard control transfers, the device sent a vendor‑specific request: 0x5a (bRequest = 90 decimal). The data payload? A 32‑byte blob starting with 0x1e3d198a – its own VID/PID reversed. The drone didn’t crash
Get-PnpDevice -PresentOnly | Where-Object $_.InstanceId -like "*USB\VID_1E3D&PID_198A*"
So when you see vid = 1e3d pid = 198a , you’re looking at a small, flexible, and sometimes mysterious USB bridge chip – capable of anything from blinking an LED to, in our story, subverting a drone. Always check the full descriptor. You never know what’s hiding behind a generic USB ID. The 198a PID wasn’t for serial emulation
import usb.core dev = usb.core.find(idVendor=0x1e3d, idProduct=0x198a) if dev: print(dev.manufacturer, dev.product) for cfg in dev: print(cfg) | Field | Value | Meaning | |--------------|---------------------------|-----------------------------------------| | VID (hex) | 1e3d | Chipsa Technologies (Shenzhen) | | PID (hex) | 198a | Custom USB‑to‑UART/I2C/SPI bridge, enhanced mode | | Typical Use | Low‑cost programming adapter, debug probe, IoT interface | | Driver | ch341 / usbserial (Linux) | Works out of the box on most modern OSes | | Rarity | Uncommon – likely a special firmware variant or OEM product |