You are not logged in.
Pages: 1
Topic closed
Hey all.
I just bought a USB C hub: https://www.amazon.it/dp/B074NVZWVP/F-pAbEZEB4A5
Today, after having used a bit it, I just run dmesg to look at what it connects... All looks normal, apart from the last line:
[ 240.451856] hid-generic 0003:2109:D101.0004: hiddev0,hidraw1: USB HID v1.10 Device [VIA Labs, Inc. USB Keyboard ] on usb-0000:00:14.0-4.1/input0
So I tried lsusb, and the "VIA Labs" devices are three:
Bus 001 Device 008: ID 2109:2813 VIA Labs, Inc.
Bus 002 Device 014: ID 2109:0813 VIA Labs, Inc.
Bus 001 Device 010: ID 2109:d101 VIA Labs, Inc.
From "lsusb -v", the first two are "USB2.0 Hub" and "USB3.0 Hub". But... The last one:
Bus 001 Device 007: ID 2109:d101 VIA Labs, Inc.
Couldn't open device, some information will be missing
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x2109 VIA Labs, Inc.
idProduct 0xd101
bcdDevice 3.01
iManufacturer 1
iProduct 2
iSerial 3
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 34
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0xa0
(Bus Powered)
Remote Wakeup
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 3 Human Interface Device
bInterfaceSubClass 1 Boot Interface Subclass
bInterfaceProtocol 1 Keyboard
iInterface 0
HID Device Descriptor:
bLength 9
bDescriptorType 33
bcdHID 1.10
bCountryCode 0 Not supported
bNumDescriptors 1
bDescriptorType 34 Report
wDescriptorLength 59
Report Descriptors:
UNAVAILABLE
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0008 1x 8 bytes
bInterval 13
I am really not getting its purpose. Could it be some sort of keylogger or just something legit?
The fact, however, is that the 1 Gbit port is made by Realtek, and I really don't see how the two devices could communicate and send datas to their servers.
Bus 002 Device 017: ID 0bda:8153 Realtek Semiconductor Corp. RTL8153 Gigabit Ethernet Adapter
I am bit worried. What do you think?
Last edited by deepInTheKernel (2017-12-24 21:09:57)
Offline
I know this has been almost a year and a half, but with I came looking for someone else who did this with a similar product. I am currently product testing for QACQOC, https://www.amazon.com/gp/product/B07HF … UTF8&psc=1, and was watching
dmesg -w
when I noticed the same crap show up. Sketchy AF, for sure. I started up tcpdump to see if it tries calling out anywhere while concurrently blocking all connections out. I haven't seen anything there yet, but that's not to say it doesn't record stuff on the back end. I don't like it one bit. Sounds like perfect candidate for a rubber ducky, really... a usb hub. Who would suspect? You plug it in and use it like normal.
Have you gotten anywhere on this?
Last edited by misuchiru03 (2019-04-23 04:18:05)
Offline
The OP has not been back since 2017. Please do not necrobump.
Closing.
Offline
Pages: 1
Topic closed