Printable Version of Topic

Click here to view this topic in its original format

Dumpshock Forums _ Shadowrun _ Rigging/Hacking: help!

Posted by: wind_in_the_stones Jun 8 2006, 04:43 AM

If this sort of thing has been asked before, would someone be so kind as to point me in the general direction of the thread?

When I first started reading the rules and making characters, the whole drone rigging and hacking/stealing drones sounded like it had a lot of potential. Unfortunately, I am having trouble understanding how it's supposed to work. Can someone step me through the process(es) of taking over another rigger's drone?

Is a device considered the same as a node? So we could find wireless node in hidden mode, and then hack into it? Then what would we do while we were there? You can't jump into it that way, but you could give it orders, right? Including accepting our rigger's signal? And if we've hacked the device, then our icon is in that node. If the rigger is jumped into it, would he be able to do anything about you? Would his icon be there, and able to be crashed?

Or Could we simply intercept the wireless traffic, and then edit it, making the drone accept your own rigger signal, and not accepting its original controller's?

If you can spoof the drone into accepting your signal, does the owner have any way of knowing you're there, besides seeing what it does?

Does any of this make sense? What am I missing?

Posted by: Aaron Jun 8 2006, 02:50 PM

http://forums.dumpshock.com/index.php?showtopic=12775&hl=drone

Yes, a drone is a node.

Posted by: wind_in_the_stones Jun 9 2006, 04:31 AM

Thanks Aaron. That helps.

I find the commlink of the controlling rigger (though various routes), and do an analyze to determine his ID (I don't have to hack in, just watch him?). Then, I can use that to spoof orders to the drone, and tell it to recognize my rigger, instead of its owner. Then we fly. Not real quick, but it sounds easy.

But what about directly hacking into a drone? It seems like that would be easier. You have to locate the hidden node/drone. Then hack in. Then you just edit the subscription list (after defeating the IC). Does the rigger have any recourse to your actions, once he learns you're in there?

Posted by: Aaron Jun 9 2006, 05:43 AM

QUOTE (wind_in_the_stones)

I find the commlink of the controlling rigger (though various routes), and do an analyze to determine his ID (I don't have to hack in, just watch him?). Then, I can use that to spoof orders to the drone, and tell it to recognize my rigger, instead of its owner. Then we fly. Not real quick, but it sounds easy.

Correct. It's not quick at all, but doable if your team is pinned down.

QUOTE

But what about directly hacking into a drone? It seems like that would be easier. You have to locate the hidden node/drone. Then hack in. Then you just edit the subscription list (after defeating the IC). Does the rigger have any recourse to your actions, once he learns you're in there?

It's that darn subscription list that prevents that in the first place. Sure, you could locate it, but it's set to respond only to its owner's commlink, and will ignore your attempts to connect to it to hack your way in.

Once you're in, assuming you've altered the subscription list so it only responds to you, he'd have to do the same things you did to get it back.

Oh, while I'm posting and thinking about it at the same time, if you're facing an adversarial rigger that has jumped into a drone, hit the drone with a directional jammer. Assuming he's far enough away, that will not only knock him out of the drone, but give him dumpshock, too.

Posted by: wind_in_the_stones Jun 10 2006, 02:28 AM

QUOTE (Aaron)

So you hack in, give yourself admin access, and change the subscription list to regognize only your team's rigger.

The difficulties involved with this are... the node gets an analyze test to detect you. If it does, it can alert the owner, shut the port or launch IC. Anything else that I missed?

QUOTE (Aaron)

Oh, while I'm posting and thinking about it at the same time, if you're facing an adversarial rigger that has jumped into a drone, hit the drone with a directional jammer. Assuming he's far enough away, that will not only knock him out of the drone, but give him dumpshock, too.

Sounds like a good plan, but I was torn on whether to jam the drone or the rigger. i'd probably go with the rigger, because he's probably got control over more drones, and you never know if he's rigging the a drone or just directing it. besidse, if you jam the drone, you can't steal it. But then, the rigger probably has better ECCM on his own commlink. I just mounted a directional jammer on a Steel Lynx. We'll see how well that works.

Posted by: wind_in_the_stones Jun 10 2006, 05:22 AM

Anyone else want to jump in here?

Now what about drones?

The table on p. 212 says crawler drones generally have a signal rating of 4. The drone chart in the back of the book gives pilot ratings (3) - is that the same as System? (Which limits the size of the programs that the drone can run.) What about firewall? If pilot is not the same as system, and there's no mention of drones coming with firewall, then does that mean we've got to buy an OS (or jsut the programs - table p.228) for each drone? Or do we assume the firewall is the same as the pilot?

Posted by: Jaid Jun 10 2006, 05:45 AM

QUOTE (wind_in_the_stones)

the signal rating given there is for the drone's sensors. ie, it really just indicates a typical range of all the different sensory gear the drone has.

if you will turn to page 325, you will see there that small/medium and large drones all have a signal rating for their sensor packages of 4 (as default, at any rate). this merely indicates the range of the sensors.

the information for the drone's other matrix attributes is found on page 214, and indicates that drones typically have a device rating of 3 (ie all matrix attributes are 3, unless otherwise specified).

this works quite nicely with the fact that all the drones listed in the BBB have a pilot of 3 (which replaces the system rating for anything that you don't use, but rather give orders to pretty much). The drone comes with a firewall of 3 also, and a response and signal of 3 (so it can scan further away then it can be accessed wirelessly from).

you could buy it a higher firewall if you wanted, and it should install normally.

in order to increase pilot, however, you need a higher response. signal could be increased by the normal way, but i personally recommend a satellite link if you want higher signal... cheaper, more effective, readily available, and harder to jam.

Posted by: wind_in_the_stones Jun 10 2006, 04:36 PM

Okay, that was one of my theories - that the pilot rating is similar to the device rating, which means that all stock traits are 3. (Too bad the BBB doesn't say so. You just have to piece it together from various parts of the book.)

So my drone's broadcast signal is 400 meters.

Thanks, Jaid!

Posted by: wind_in_the_stones Jun 11 2006, 06:02 PM

Okay, I've got another question.

1. Find the controling rigger - Detect hidden node
2. Decrypt it.
3. Get the rigger's broadcast ID - Analyze
4. Use the ID to command the drone to unsubscribe the original rigger, and give it whatever orders you want, including subscribing a new rigger.

Do I have to Scan to locate the drone so I can spoof it?

Posted by: Serbitar Jun 11 2006, 10:27 PM

1. detect the drones node
2. intercept traffic
3. decrypt traffic
4. analyzeID (the ID must be in the traffic)
5. spoof command with ID
or
5. spoof your ID with ID
6. hack into the drones node (try admin acces to fully overtake it)

Posted by: wind_in_the_stones Jun 12 2006, 02:46 AM

QUOTE (Serbitar)

or
5. spoof your ID with ID
6. hack into the drones node (try admin acces to fully overtake it)

If you're talking about hacking into the drone, I believe the steps would be:

1. Detect node (drone) in hidden mode
2. Hack in at admin level
3. Give it new orders
4. Deal with IC or whatnot

Yes? No?

Posted by: Teulisch Jun 12 2006, 05:33 AM

question- what if the rigger is 'jumped into' the drone in full VR? how would that affect your attempt to hijack a drone? Even with 3 actions a turn from hot sim, one has to be spent on a complex action to pilot.

would this simply resolve as cybercombat? and if you crash the rigger's commlink, what happens to the drone in that time between rigger going offline, and hacker spoofing control?

along this train of thought, what if a rigger is physicaly in a vehicle which could be piloted remotely? just turn the commlink port off?

Posted by: Serbitar Jun 12 2006, 09:41 AM

QUOTE (wind_in_the_stones)

QUOTE (Serbitar)

or
5. spoof your ID with ID
6. hack into the drones node (try admin acces to fully overtake it)

No, they are the steps given above 1-6 using the lower 5/6. Thats why I wrote them.

Posted by: Serbitar Jun 12 2006, 09:42 AM

QUOTE (Teulisch)

I would say:

The "jumped in" rigger notices the hack when the system notices the hack.

Posted by: wind_in_the_stones Jun 13 2006, 03:15 AM

QUOTE (Serbitar)

No, they are the steps given above 1-6 using the lower 5/6. Thats why I wrote them.

I know, but that doesn't make any sense to me, so I replied with something that does make sense to me. So I'll be more specific. You said...

1. detect the drones node
2. intercept traffic
3. decrypt traffic
4. analyzeID (the ID must be in the traffic)
5. spoof your ID with ID
6. hack into the drones node (try admin acces to fully overtake it)

I didn't know what you meant by "spoof your ID with ID". I guess you meant make the drone think that you have the proper ID (I would call that "spoofing the drone" but that's just my terminology, I guess.) Aside from that, you have things just a little bit out of order. decrypting must be done before intercepting (p225). And detecting the drone's node doesn't have to be done until just before the... oh. If you're hacking, you don't need ID and spoofing. You only need the ID if you're going to try and fool the drone into accepting your commands. If you're hacking, you just detect the drone's node and attack it. So that brings us back to my steps 1-4.

It sounds like we basically agree on the spoofing style of hacking.

Posted by: wind_in_the_stones Jun 13 2006, 03:30 AM

QUOTE (Teulisch)

That's a good question. It is a little unclear what state a rigger is in when he is jumped into a drone. I would say that the drone is an extension of his body. What the drone sees, he sees. When he tries to run, the drone moves. Since he can only see what the drone sees, he has no awareness of what is going on inside it or its computer. I think that if you're jumped, the only thing you can do is drive the drone. And the only way you'll be able to tell if there's a hacker in your drone, is if it goes on active alert and gives you a warning.

QUOTE

what if a rigger is physicaly in a vehicle which could be piloted remotely? just turn the commlink port off?

It depends on how the rigger is driving. If he's logged in to the vehicle through his wireless commlink, then technically he's piloting it remotely, and he loses control if you shut the port. If he's got a datajack and a cable (or hands on the wheel), then shutting the port will not do any good.

Posted by: ornot Jun 13 2006, 04:17 AM

I think that I'd prevent a hacker from hacking a currently rigged drone. The drones software is overridden by the impulses of the rigger.

Alternatively one could rule it as a cyber combat test instead... Just throwing it out there ^^

Posted by: wind_in_the_stones Jun 14 2006, 03:44 AM

I don't think it would be overriden, exactly. It's just that the programs that are loaded (pilot, clearsight, etc.) would not be in use.

Cyber combat? Like assuming that the rigger's icon is occupying the node, so the hacker has to fight him? But if the rigger's icon is there, that means he's watching the node, not the drone's surroundings.

It would make more sense for the rigger's icon to be there if he's on the subscription list, and issuing commands to the drone. But a hacker's icon doesn't have to be in a drone in order to command it.

Posted by: Serbitar Jun 14 2006, 08:47 AM

QUOTE (wind_in_the_stones)

QUOTE (Serbitar)

No, they are the steps given above 1-6 using the lower 5/6. Thats why I wrote them.

yes, you are right. Still thats kind of counter intuitive . . .
(how can you hack something you havent intercepted?)

QUOTE

And detecting the drone's node doesn't have to be done until just before the... oh.

I would say that you have to detect the node first before you want to intercept traffic. After you intercept traffic there is no need to detect the node, you already know its Access ID because of the traffic interception and decryption (all the protocol data must be in the traffic).

QUOTE

If you're hacking, you don't need ID and spoofing. You only need the ID if you're going to try and fool the drone into accepting your commands. If you're hacking, you just detect the drone's node and attack it. So that brings us back to my steps 1-4.

No, if the drone is subscribed to the other riggers comlink (whch everybody will do) you have to spoof your ID.

QUOTE

It sounds like we basically agree on the spoofing style of hacking.

mostly

Posted by: wind_in_the_stones Jun 15 2006, 05:14 AM

QUOTE (Serbitar)

yes, you are right. Still thats kind of counter intuitive . . .
(how can you hack something you havent intercepted?)

I guess because if you have no idea what the traffic is transmitting, you can't consider it to be intercepted? But more to the point, let's assume you're trying to intercept some specific traffic, like the a rigger/drone exchange. You have no idea if you've even got it, until you've decrypted it. There are hundreds of wireless signals in the air, and you have to get the right one. Just don't ask me why you don't have to make a decrypt check for every random signal until you find the right one.

QUOTE

After you intercept traffic there is no need to detect the node, you already know its Access ID because of the traffic interception and decryption (all the protocol data must be in the traffic).

This makes sense. But is there always traffic between the comm and the drone? Or only when an order is being given? If traffic is continuous, then that would be fine. If not, then there may be no traffic to intercept. But that's way too problematical, so I'll go with what you said.

QUOTE

No, if the drone is subscribed to the other riggers comlink (whch everybody will do) you have to spoof your ID.

No again. If you can get the ID, you can spoof. That's where you pretend you're the rigger, and you lob commands to his drone. Hacking is a totally different method. That's Hacking on the Fly (p221), and it's completely regardless of subscriptions and IDs. It's a hacking+exploit extended test, versus the Firewall. Once you succeed, your icon is in the node/drone, and its at your mercy.

Posted by: Serbitar Jun 15 2006, 06:16 PM

You can not hack into a node that is not accepting your traffic. Thats what subscribing does and thats why you have to spoof your ID to hack in.

This issue has been discussed numerous times in this forum. Just do a search.

Posted by: wind_in_the_stones Jun 16 2006, 02:57 AM

QUOTE (Serbitar)

That's insane. The hacking on the fly section doesn't say anything about having to gain ID or intercept traffic.

Okay, I'll try a search.

Posted by: wind_in_the_stones Jun 16 2006, 03:22 AM

Can't find anything in a search. "hacking" turns about a third of the posts here, and adding one more word turns up no results.

I'll reiterate. Neither detect hidden node, nor hacking on the fly refers in any way to using ID. And if you have ID, you don't have to hack. That's why they call it hacking. Notice also, that p222 says that once a hacking hacker is inside the node, he can do anything that an authorized user can do - it doesn't say anything about having to spoof. So if spoofing requires ID, then why would hacking also require ID, when it doesn't require spoofing?

People may have discussed it, but there are no rules as written that back up that theory.

Posted by: Dr. Dodge Jun 16 2006, 03:34 AM

isn't hacking a drone and crashing it a viable option? that is without going through the commlink first? i'm unconvinced you have to go through a subscribed drones characters commlink to do everything.

it seems to me the linking and subscribing action is to keep out random or accidental access, not make something unhackable.

plus wind, here's at least one of the threads: http://forums.dumpshock.com/index.php?showtopic=11835&hl=hacking,and,drones&st=0

Posted by: Aaron Jun 16 2006, 04:07 AM

QUOTE (Dr. Dodge)

Perhaps this will help convince you.

I'd like you to find someone you know and/or trust, and ask them to do a little practical exercise with you. The goal is for you to instruct them to make a peanut butter and jelly sandwich. Make sure that the peanut butter is creamy (anything else isn't real peanut butter), but the jelly could actually be jam or preserves. In fact, construct a small flowchart of options for the jelly, asking questions of your friend like the time of day and the like; the specifics aren't important (except the peanut butter type), the point is that this represents the giving of instructions and queries from the hacker (that's you) to the drone (that's your friend; if it's not a friend, we'll just say he or she is for now). That would be normal interaction with a drone.

Next, insert an instruction to chuck the ingredients into the garbage disposal. If you have no garbage disposal, remove the word "disposal" from the equation. If you have no garbage, I don't want to talk to you anymore. If the person you are performing this exercise with is not actually a friend, feel free to insert instructions to stab himself or herself in the nostrils with the knife. This simulates the attack program giving conflicting and destructive input to the target drone.

Now, have your friend put his or her fingers in his or her ears, shut his or her eyes tightly, and hum "God Save the Queen" very loudly. Actually, it could be "Ozar Midrashim" by Information Society for all I care; it doesn't matter what the song is, as long as the humming is loud. Have him or her only listen to instructions that come from your mom (be sure to tell him or her this before he or she starts the humming). Now, try the above exercises again. Get anywhere? No? How about when you pretend that the instructions come from your mom and actually convince your friend (or whatever) that this is the case?

Hope that helped.

Posted by: ornot Jun 16 2006, 04:16 AM

Is that God Save the Queen by the Sex Pistols?

Posted by: Dr. Dodge Jun 16 2006, 04:34 AM

QUOTE (Aaron)

QUOTE (Dr. Dodge)

beautiful analogy.

how could my friend listen to my mom (or anybody?) if he's humming real loud with his fingers in his ears? does the fact that i told him to give him this ability? but i see that you mean that he will only take orders from my mom and not anyone else (ala subscription list).

My analogy to the attack would be, grabbing his hands from his ears and punching him or throwing the sandwich or wherever we're going with this. I'm not trying to pretend to be the authorized user and give orders, i'm busting in and breaking things (locating the node, hacking in, and taking it from there, in this case crash OS action)

and why would an analogy for attack involve giving orders? do you give orders to another icon, OS, my mom etc. when you attack them in (cyber)combat? I thought it was that "Attack programs are hostile code carriers that attempt to kill processes, introduce random input, create buffer overflows or program faults, and otherwise make a program/icon crash." What I am wondering is, do you have to go through the commlink of a subscribed drone in order to crash(OS) it?

if subscribed drones are immune to hacking, is there a pressing need for firewall for them?

so basically, what i'm trying to be convinced of, is that spoofing is the only way to deal with drones.

Posted by: Aaron Jun 16 2006, 05:01 AM

QUOTE (Dr. Dodge)

how could my friend listen to my mom (or anybody?) if he's humming real loud with his fingers in his ears? does the fact that i told him to give him this ability?

This has been left as an exercise to the reader (HINT: it involves having your mom tap your friend on the shoulder so he or she looks to see if it's really her).

QUOTE

and why would an analogy for attack involve giving orders? do you give orders to another icon, OS, my mom etc. when you attack them in (cyber)combat? I thought it was that "Attack programs are hostile code carriers that attempt to kill processes, introduce random input, create buffer overflows or program faults, and otherwise make a program/icon crash." What I am wondering is, do you have to go through the commlink of a subscribed drone in order to crash(OS) it?

Here's a question for you: which processor kills the processes, takes the random input, has the overflowing buffer, and finds the program faults? (HINT: It's the target's processor.)

Okay, that wasn't really a hint, but the point is it's still the target processor that gets proverbially narfed hardcore. Consider, if you will, a bit of malware that gets on your machine. It's running on your machine; if the processor isn't being made to screw up, it won't get screwed up. In order for a processor to do anything, it needs instructions. In order for a processor to suffer hardcore narfage (proverbial or otherwise), it needs to receive malicious instructions, as with your (ex-)friend stabbing himself or herself in the nostril.

QUOTE

if subscribed drones are immune to hacking, is there a pressing need for firewall for them?

They're not immune to hacking, it's just that you have to spoof your ID every time you try your Exploit or your Attack. It's more efficient to just spoof a command to include you on its subscription list and then Exploit it, Attack it, or just plain give it commands that its owner won't like. And Laziness and Impatience are the First and Second Great Virtues of a Programmer.

QUOTE

so basically, what i'm trying to be convinced of, is that spoofing is the only way to deal with drones.

At the risk of telling you that you are wrong again, you're wrong again. Jammers are quite effective against drones that are being directly controlled by their rigger owners. An anti-vehicle rocket or a high volume of fully automatic fire works nicely, too. Spells involving electrical effects can do a number on a drone, too.

Oh, unless you meant spoofing being the only way to deal with drones when you have a commlink. In which case, yes, you've got it.

Posted by: wind_in_the_stones Jun 16 2006, 05:09 AM

So you tell your friend, "I'm going to tell you how to make a sandwich, and what to do with it, and you can't listen to anyone but me." And then the neighbor kid comes in, disguised as you and says, "give me the sandwich." And your friend does. That's spoofing.

But when the neighbor kid comes in, trips your friend, grabs the sandwich and runs, that's hacking.

Two completely separate ways of compromising a drone.

And firewall is your defense against hacking. In answer to your specific question (sort of), you do have to go through a drone's wirless connection. But with hacking, you're not talking with it (which would require a subscription, real or faked), you're trying to fry it.

Posted by: wind_in_the_stones Jun 16 2006, 05:11 AM

QUOTE (Aaron)

it's just that you have to spoof your ID every time you try your Exploit or your Attack.

Show us the rules. Explain. Please. I've been waiting for two weeks for someone to justify this using the RAW.

Posted by: Aaron Jun 16 2006, 05:30 AM

QUOTE (wind_in_the_stones)

But when the neighbor kid comes in, trips your friend, grabs the sandwich and runs, that's hacking.

Negative. That's shooting the drone down and taking its commlink. In order to be hacking anything, you have to have access to its processes, and beating up the drone isn't the way to do it.

Posted by: Aaron Jun 16 2006, 05:47 AM

QUOTE (wind_in_the_stones)

QUOTE (Aaron @ Jun 16 2006, 12:01 AM)

it's just that you have to spoof your ID every time you try your Exploit or your Attack.

Show us the rules. Explain. Please. I've been waiting for two weeks for someone to justify this using the RAW.

Okay, here we go.

QUOTE (Boyle et al. 212)

QUOTE (Boyle et al. 221)

Note that agents and drones will only take orders from their controlling persona, unless another persona spoofs an order (see Spoof Command, p. 224). If the controlling character chooses, he can instruct the agent or drone to receive orders from other specified personas.

QUOTE (Boyle et al. 238)

To manipulate a drone, you must first have accessed it and linked to it as a subscriber (see p. 212).

And a bit of indirect evidence:

QUOTE (Boyle et al. 224)

To spoof commands, you must beat the agent or drone in an Opposed Test between your Hacking + Spoof and the target’s Pilot + Firewall.

QUOTE (Boyle et al. 238)

Riggers also don’t usually spend the time or money to buy up or program their own top-notch hacking utilities, preferring instead to focus on a good Signal strength, good Scan, Command, Encrypt, and Sniffer programs, and of course, plenty of drones with amped Pilot, Response, and Firewall attributes of their own.

Note the lack of mention of Analyze or IC in the last quote.

If that's not good enough for you, then we'll have to wait for the next rigger book. Meanwhile, feel free to GM your own game and run it any old way you want. =)

Posted by: -X- Jun 16 2006, 08:20 AM

That makes perfect sense and definitely seems to follow the RAW. So is there a reason other than money to not fill a commlink full of IC designed to verify your commands then duct tape the thing to the back of the drone and plug that bad boy in with fiber optics, leaving your drones brain (presumably also a commlink or something like it) free for autosofts and the like?

Or do commlinks not have more than one type of 'on' when it comes to being wireless? Can you set a commlink to only act as a relay for drone commands without allowing it real wireless networking access? By the rules I mean, obviously it is possible logically. I get radio on my computer but I not exactly concerned about catching a virus from it.

Posted by: Serbitar Jun 16 2006, 10:25 AM

Thanks, Aaaron, thats the way I would quote RAW to justify my rules interpretation, too.

Posted by: The Jopp Jun 16 2006, 12:22 PM

Aarons RAW interpretation is correct as long as you want to SPOOF a command, there are other ways as well.

Let's assume that we cannot find the persona of the owner so we cannot spoof, then we do the next best thing.

We locate the wireless signal and insert fake orders and/or give it new files to upload or shutdown commands.

Hacking a drone by accessing it's wireless signal is also viable since a drone is an OS in itself, the pilot program is an OS and can therefore be hacked like any commlink.

Spoofing would only be needed if you want to fake being the real user, as long as you sit with your stealth program and being a hacker intent on hacking the drone system then spoofing command will not be needed.

Intercepting Wireless signal: SR4 page 225.

The sentences Aaron has quoted is what I would take as a LEGAL way of accessing drones. For ILLEGAL ways when you CANNOT spoof it you can always hack it and sneak into its system, then you replace its subscription list so that YOU are the controlling persona. Intercepting the signal from the controlling user to the drone and editing the infrmation is also a tactic.

Spoofing is just the simplest way, there are always more than one way of tackling a problem.

Posted by: Dr. Dodge Jun 16 2006, 03:43 PM

QUOTE (aaron)

This has been left as an exercise to the reader (HINT: it involves having your mom tap your friend on the shoulder so he or she looks to see if it's really her).

Yeah I guess I didn't consider touching when making an analogy about wireless.

QUOTE

Here's a question for you: which processor kills the processes, takes the random input, has the overflowing buffer, and finds the program faults? (HINT: It's the target's processor.)

Okay, that wasn't really a hint, but the point is it's still the target processor that gets proverbially narfed hardcore. Consider, if you will, a bit of malware that gets on your machine. It's running on your machine; if the processor isn't being made to screw up, it won't get screwed up. In order for a processor to do anything, it needs instructions. In order for a processor to suffer hardcore narfage (proverbial or otherwise), it needs to receive malicious instructions, as with your (ex-)friend stabbing himself or herself in the nostril.

Well, I'll admit i don't know IT from ET, so i'm just going to use the SR rules here to fuel my argument. We got two things here, we got Command and we got Attack. In order to command the drone via the matrix, you have to have "accessed it and linked to it as a subscriber" (p. 238). Ok. if i want give the drone faulty instructions, then I must scan for the controlling riggers commlink (it's probably in hidden mode), make a matrix perception test on the controlling riggers commlink, and finally be a spoofy mcspooferson and spoof some forged instruction to the drone. On the other hand, I see the drone out there. It's floating around in the matrix somewhere, just like me and the controlling rigger. We are all nodes. I find the drone node just like i did with the riggers commlink, only instead of trying to command it (which it wouldn't accept) I hack it's firewall (with the standard +6 since its admin only). and then if successful, proceed to crash it's OS.

QUOTE

While I do appreciate the condescending attitude, I think it was obvious I was only concerned with hacking drones/riggers and not looking for an exhaustive list of how to destroy/confound a drone. thanks though.

Posted by: Aaron Jun 16 2006, 03:50 PM

QUOTE (Serbitar)

Thanks, Aaaron, thats the way I would quote RAW to justify my rules interpretation, too.

That seemed snarky, Serbitar. I wonder if that was intentional.

QUOTE (The Jopp)

We locate the wireless signal and insert fake orders and/or give it new files to upload or shutdown commands.

I used to think that would work, too, and tried it out in my own game, but my GM made two interesting points that convinced me otherwise. First, wireless traffic is moving at the speed of light. How is anybody supposed to receive, analyze, edit, and transmit it fast enough to make it work? Second, the bit about editing and inserting the signal comes after the bit about copying, recording, or forwarding the signal, the implication being that the Edit action is for the recorded data about the command, not for the command itself. He said, and I agreed, that if my commlink was the only path between the rigger and the drone, then I could delay the traffic headed for the drone and control the traffic stream, but since that is rarely the case, I couldn't.

He also brought up the fact that if it was that easy hijack a drone, people would stop using drones in combat, but I'm not sure how convincing that argument would be with this crowd.

Posted by: Serbitar Jun 16 2006, 03:57 PM

I have no idea what "snarky" is . . .

Posted by: Aaron Jun 16 2006, 04:10 PM

Snarky == sarcastic. I wasn't sure whether you were being sarcastic or not. That time or this one, for that matter.

>>> Edit: http://www.urbandictionary.com/define.php?term=snarky explains it way better than I do. First hit on Google for "snarky," too.

Posted by: Dr. Dodge Jun 16 2006, 04:30 PM

QUOTE ((Boyle et al. 212))

But then in the following paragraph (interestingly beginning with "In game terms")

QUOTE

"In game terms, your persona maintains a subscription list of nodes that you are accessing and that are allowed to establish communication with you. The subscription list may be unlimited in size, but the number of nodes, agents, or drones that a persona may actively subscribe to (access) at any one time is limited to the persona’s System x 2."

Ok, it says "that you are accessing and are allowed to establish communication with you." I don't see, "that you are accessing and are only allowed to establish communication with you." To me, it looks like subscription lists are a limit on the number of nodes you can actively access, as well as a defense against having every node around you cluttering up your PAN. Not some pseudo firewall.

QUOTE ((Boyle et al. 221))

The controlling persona of the drone is one that has "accessed it and linked to it as a subscriber." Ok. But we're not talking about issuing orders (see command). we're talking about hacking a drone. "Hacking is centered around defeating a node's firewall and breaking in" (p.221).

QUOTE ((Boyle et al. 224))

To spoof commands, you must beat the agent or drone in an Opposed Test between your Hacking + Spoof and the target’s Pilot + Firewall.

I was wondering why drones would have a firewall at all in the subscriber spoof only world, so this at least goes a little way to convince me.

QUOTE ((Boyle et al. 238))

You use Analyze to make a matrix perception tests (p.217) which is necessary for spoofing (p.224) so if anything this supports the hack-the-drone angle. IC is casually mentioned elsewhere (top of 223)

QUOTE

If that's not good enough for you, then we'll have to wait for the next rigger book. Meanwhile, feel free to GM your own game and run it any old way you want. =)

Or at the very least a FAQ (c'mon we're rolling on a year now) but yeah.

Posted by: Aaron Jun 16 2006, 05:00 PM

QUOTE (Dr. Dodge)

You also use Analyze to detect intrusion attempts (Boyle et al. 221). It's the first line of defense against Exploit use. I consider it to be the best, since detection leads to alert, and an alert gives a free +4 bonus to a node's Firewall, and can activate IC. Neither Analyze or IC are listed among the preferred programs of the rigger on page 238, which indirectly argues that they are not as important as the programs that are listed. That was my point.

Posted by: Shinobi Killfist Jun 16 2006, 05:09 PM

QUOTE (Aaron)

QUOTE (Dr. Dodge)

Perhaps this will help convince you.

The goal is for you to instruct them to make a peanut butter and jelly sandwich. Make sure that the peanut butter is creamy (anything else isn't real peanut butter)

And that's the point where anyone who knows peanut butter insults your masculinity. Creamy peanut butter what's next milk chocolate or fru fru bevrages, or how about the unholiest of unholies sweetened ice tea.(man how can a region that gave us biscuits and gravy give us that)

Posted by: Aaron Jun 16 2006, 05:29 PM

QUOTE (Shinobi Killfist)

QUOTE (Aaron @ Jun 15 2006, 11:07 PM)

Make sure that the peanut butter is creamy (anything else isn't real peanut butter)

Look, what's the first step in making peanut butter? Crush up the peanuts (remember that song?). If there are peanut chunks in the peanut butter, it is, at worst, impure because stuff has fallen into it, and at best unfinished.

Dunkelzahn would have agreed with me.

Posted by: Dr. Dodge Jun 16 2006, 05:29 PM

QUOTE (Aaron)

QUOTE (Dr. Dodge @ Jun 16 2006, 11:30 AM)

Alright. I guess I'm thinking of using analyze in an offensive posture and you're describing it in a defensive posture.
But you still need it to spoof. And if spoofing is the only way to affect a subscribed drone, why would it not be listed? In the hack the firewall approach, analyze is unnecessary.

Posted by: Dr. Dodge Jun 16 2006, 05:32 PM

QUOTE (Aaron)

QUOTE (Shinobi Killfist @ Jun 16 2006, 12:09 PM)

QUOTE (Aaron @ Jun 15 2006, 11:07 PM)

Make sure that the peanut butter is creamy (anything else isn't real peanut butter)

yeah crunchy peanut butter is an abomination. which reminds me how much i hate that Take 5 candy bar. peanunt butter and peanuts shouldn't count as two separate "ingredients" first off, it's the same thing only one is smashed, and two, it's already called crunchy peanut butter.

Posted by: Aaron Jun 16 2006, 05:34 PM

QUOTE (Dr. Dodge)

It's not listed for riggers because riggers have a much more direct approach to dealing with enemy drones: use their own drones to shoot them down. The rigger is concentrating on rigging, the hacker on hacking.

Besides, one only needs one lousy hit to get the ID of a commlink.

Posted by: wind_in_the_stones Jun 17 2006, 05:03 AM

Now, just because all of your devices can talk to other devices doesn’t mean that they will. For simplicity, privacy, and security, you may configure your devices so that they only interact with another specific device (usually your commlink, as your PAN’s hub) or a specific network (your PAN). This prevents confusion between users (am I accessing my guncam or yours?) and also offers a degree of protection from snoopers and hackers. Rather than allowing any stranger access to all of your electronics, anyone that wants to interact with your PAN must connect to your commlink first.

This is about communication, not attacking. I consider the subscription list and ID to be like logins and passwords. You want to interact with my PAN, I must first let give you the password. If I don't, then you can try to hack into my comm.

Note also, that this is not a rules section, so much as it is giving a general description of how things work, so the player has an idea of what is going on in 2070. Slight difference - not as precise.

Note that agents and drones will only take orders from their controlling persona, unless another persona spoofs an order (see Spoof Command, p. 224). If the controlling character chooses, he can instruct the agent or drone to receive orders from other specified personas.

This describes spoofing. And I dont think there is any appreciable difference between my interpretation of the spoofing procedure, and yours.

To manipulate a drone, you must first have accessed it and linked to it as a subscriber (see p. 212).

Same deal. Manipulation is not the same as electronic warfare. Plus, to manipulate a drone after hacking it, you must have first accessed it (which you did, because you just hacked it), and linked to it as a subscriber. This part is irrelevant, because by the time you've accessed it, your icon is already inside it, so you're not a subscriber. Or could say that since you've hacked it, you can put yourself on its subscription list.

To spoof commands, you must beat the agent or drone in an Opposed Test between your Hacking + Spoof and the target’s Pilot + Firewall.

Again, spoofing is different than hacking.

Riggers also don’t usually spend the time or money to buy up or program their own top-notch hacking utilities, preferring instead to focus on a good Signal strength, good Scan, Command, Encrypt, and Sniffer programs, and of course, plenty of drones with amped Pilot, Response, and Firewall attributes of their own.

Note the lack of mention of Analyze or IC in the last quote.
I'm not sure they have to mention every possible improvement.

If that's not good enough for you, then we'll have to wait for the next rigger book. Meanwhile, feel free to GM your own game and run it any old way you want. =)
And you yours.

Negative. That's shooting the drone down and taking its commlink.
Okay, then I have no clue what that otherwise entertaining analogy was supposed to mean.

Anyway... Let's say you've logged in to Dumpshock. I track down your IP, and use it to log in there under your name. The forum thinks I'm you. That's spoofing. Now let's say that I don't mess with getting your info - I just hack the site. I can make it think I'm you or anybody else. That's hacking on the fly. I dont need to forge a password, I just brute-force my way in.

Edited: sorry the quote tags didn't work.

Posted by: wind_in_the_stones Jun 17 2006, 05:16 AM

QUOTE (Aaron)

They're not immune to hacking, it's just that you have to spoof your ID every time you try your Exploit or your Attack.

If the point of attacking (which I take to mean hacking on the fly, which is a hacking+exploit roll) is to get access to the node,

QUOTE (BBB p.222)

A hacker who has successfully broken into a node undetected can go about his business like any user with the appropriate account privileges.

why would you need to spoof? I mean, if you have the ID, you don't need to attack - you're in!

Posted by: Aaron Jun 17 2006, 06:35 AM

Mr. or Ms. wind_in_the_stones, riddle me this:

How could you hack, as you say, Dumpshock if the site ignores all of the network packets coming from you? How about if the site ignores all packets except those coming from me?

Hm. Y'know, it just occured to me that you may have a disconnect on how network communication works. In case you do, I'll explain it in a nutshell. In case you don't, I'll encapsulate it in a spoiler tag.

[ Spoiler ]

All network traffic is split up and each chunk is encapsulated (which is to say, wrapped) in a bit of code that describes where the chunk has come from, where it's going, and some extra information about what's inside the chunk. This is true for all communication, including instructions that are malicious (such as Attack usage) or overflow commands and queries (such as Exploit attempts). Specialized computers called routers use this information to decide where to forward each chunk.

Now, every commlink (if not every wireless device) in 2070 is also a router, including the drone's commlink. A router can make decisions about chunks of network traffic (modernly, these chunks are called packets) based on the encapsulation information. In a modern router, these decision trees are called Access Control Lists, or ACLs. They have the ability to forward or discard traffic based on its source, destination, or type of traffic. You can make an ACL that ignores all (standard) Counterstrike traffic, for example, or all Web page requests (no DS for you). You could ignore all traffic from a certain IP address (matrix IDs) or network of addresses. You could even ignore all traffic except one that comes from a single address.

That's where the subscription list comes in. The rigger sets the drone so it only accepts traffic from one address, and all other traffic is ignored. So now, you need to forge packets that appear to come from a different address, specifically the rigger's commlink. Modernly, this is called IP spoofing; in 2070 it's called simply Spoofing. Nowadays, it's a lot easier than it is in 2070; apparently there are some checks and security measures built in to each packet, since you have to make a Hacking + Spoof roll to actually convince the router (in this case, the drone) not to ignore the packet, or more likely series of packets, and in order to do that, you need to know where the traffic is coming from, either by tracing the signal to the rigger, or by decrypting and sniffing the traffic between the drone and the rigger.

Also, I don't know if I brought up this point in this thread or another, but if it really was that easy to defeat a drone, why would riggers use them?

Posted by: wind_in_the_stones Jun 17 2006, 03:02 PM

QUOTE (Aaron)

Mr. or Ms. wind_in_the_stones

Male, thanks for asking. (Took the handle from the name of a favorite character.)

Thanks for the info about network communication. Would you please explain hacking?

And in game terms, what does hacking get you, as opposed to simply spoofing?

QUOTE

if it really was that easy to defeat a drone, why would riggers use them?

Sounds to me like you're trying to house-rule to cover a percieved game imbalance.

Okay, how about Probing the Target? Do I need an ID to probe? Probing is exactly the same as Hacking on the Fly, with regards to purpose. "...identifying flaws that can be exploited for access." And from hacking, "...find an exploit that will get you in..." As I said before, why would you need to hack if you had an ID?

Posted by: Aaron Jun 18 2006, 05:13 AM

QUOTE (wind_in_the_stones)

Thanks for the info about network communication. Would you please explain hacking?

And in game terms, what does hacking get you, as opposed to simply spoofing?

I am not sure you understand the question. If this is the case, then to better understand your question, please replace the word "hacking" with "dancing," and the word "spoofing" with "doing a polka."

As I understand it, hacking is everything that a hacker does in Shadowrun. That Spoof program is a "Hacking Program," according to the RAW. As is Exploit and Attack.

In real life, the term "hacking" means several things, least of all illegally breaking into computer systems (http://www.catb.org/jargon/html/H/hacker.html leads to more detailed descriptions of the word "hacker"). The more accurate term for that would be "cracking," but a decision was made within FanPro to just stick with modern popular myth and call all of it hacking (and I can't blame them, really), and since they do, I will, too.

Basically, a hefty percentage of Matrix actions listed on page 219 are hacking. Practically every use of those programs listed on page 226 and 227 as "Hacking Programs" could be considered hacking.

I believe what you mean by "hacking" is using the Exploit program to find a way to access a node. A real-life example of this action would be the use of a combination of a program called nmap and sshnuke, a program that utilizes the now (in)famous SSH exploit, known to those in the biz as the SSH CRC-32 bug. It would look something like this:

CODE

state service
22/tcp open ssh

No exact OS matches for host

nmap run completed -- 1 IP address (1 host up) scanneds
% sshnuke 10.2.2.2 -rootpw-"Z1ON0101"
Connecting to 10.2.2.2:ssh ... successful.
Attempting to exploit SSHv1 CRC32 ... successful.
Reseting root password to "Z1ON0101".
System open: Access Level (9)
% ssh 10.2.2.2 -l root
root@10.2.2.2's password:

This might look familiar to Matrix fans; it's the same exploit that was used by Trinity in "The Matrix Reloaded," and it's what a real hacking job would look like (the Brothers Wachowski were given mad props at the time by the hacker community for their accuracy and research). The nmap program looks for vulnerable open ports in a target, and the sshnuke program was designed to exploit the CRC-32 bug. Shadowrun's Exploit program would include the functionality of both of these programs, along with a whole library of others.

Now, look at the nmap output above. It shows that there is a port (a potential connection) in the target that is open and listening for input. If this port was closed, and no other ports open, sshnuke would not work, since the target could not execute the commands that sshnuke sent it because it would never get a chance to read them. If the router attached to the open port only allowed traffic through that was from a certain address, one would have to perform IP spoofing on packets in order to have the router forward the traffic and have sshnuke work; in game terms, one would have to Spoof the node in order to Exploit it.

So the short answer (too late) is yes, you need to Spoof a node that is exclusively subscribed in order to use Exploit whether you do it the slow romantic way (Probing the Target) or the hard and fast way (Hacking on the Fly). In order to run the Spoof, you need to have a Matrix ID that won't get ignored, and to get that you either need to use Decrypt and Sniffer to get the ID from the traffic to and from the drone, or Track and Analyze to find the rigger in the Matrix and get the ID that way; this assumes that there is any traffic going to and from the drone (if they're not talking, you're kinda screwed).

Incidentally, the concept of subscribing to increase security has come up in other threads. The idea being that every member of the team subscribes their commlink exclusively to the team's hacker's commlink, so as to reduce the points of vulnerability. It's the same deal with the drones and the rigger.

QUOTE (wind_in_the_stones)

QUOTE (Aaron)

if it really was that easy to defeat a drone, why would riggers use them?

Sounds to me like you're trying to house-rule to cover a percieved game imbalance.

Sounds to me like you're avoiding the question. =b

Plus, you prompt another question: when did I mention a house rule?

Posted by: Aaron Jun 18 2006, 05:17 AM

Oh, I forgot to mention that some nodes you can simply start using Exploit on. These are the nodes that are looking for connections from the outside world, and have their functions severely limited by not being open to those connections. Such nodes include servers, libraries, garage door openers, vending machines, personal commlinks, taxi cabs, et cetera.

Drones, cop cars, cyberware, security cameras, weapons, and the like are all examples of nodes that would not be open to connections from the outside world, and would instead be subscribed (if not slaved) to a specific node.

Posted by: CrimsonHawk Jun 18 2006, 11:09 AM

now i have been told something interesting an that is when your trying to hack a drone (on the fly) your doing it AR which means it takes Days... to take complete control over a drone because of the subscription list? now the hack on the fly spoof you could issue basic commands like land or reboot and such but not anything like attack this target and Higher functions? also there are degradation on most programs that according to the book every run you do drops it by one point? so a hacker would be putting out like 80k to 100k+ per run to be on the bleeding edge program wise and rebuild wise? also come units are like fingerprints and you need new comunits every run or you may get caught by spiders on the net?

so how many runs should I be looking into per month to play keep up for this? your basic hacker / drone runner

thank you any commits would be helpful

Posted by: Serbitar Jun 18 2006, 01:05 PM

Good explanation Aaron. I think I will have to add an explantion like this to my upcoming http://www.serbitar.de/stuff/SGM.pdf.

Posted by: wind_in_the_stones Jun 18 2006, 04:10 PM

QUOTE (Aaron)

Now, look at the nmap output above. It shows that there is a port (a potential connection) in the target that is open and listening for input. If this port was closed, and no other ports open, sshnuke would not work, since the target could not execute the commands that sshnuke sent it because it would never get a chance to read them. If the router attached to the open port only allowed traffic through that was from a certain address, one would have to perform IP spoofing on packets in order to have the router forward the traffic and have sshnuke work; in game terms, one would have to Spoof the node in order to Exploit it.

So the short answer (too late) is yes, you need to Spoof a node that is exclusively subscribed in order to use Exploit whether you do it the slow romantic way (Probing the Target) or the hard and fast way (Hacking on the Fly). In order to run the Spoof, you need to have a Matrix ID that won't get ignored, and to get that you either need to use Decrypt and Sniffer to get the ID from the traffic to and from the drone, or Track and Analyze to find the rigger in the Matrix and get the ID that way; this assumes that there is any traffic going to and from the drone (if they're not talking, you're kinda screwed).

Thank you, this makes perfect sense and supports your position. But since the rules don't specifically state that you need to gain ID before attacking/exploiting (I again looked over the quotes you posted earlier, and none of them say that you must do so) I still believe that that would be a house rule. And that the rules writers were either unfamiliar with hacking or were trying for game balance. Or maybe that they were smoking crack, since my question remains - if you have an ID with which to spoof, why would you make an exploit test?

Posted by: wind_in_the_stones Jun 18 2006, 04:32 PM

QUOTE (Aaron)

Okay, this is important. This might answer my question. If that's the way things should work, the game designers really missed the boat on writing such a rule. That would have been a very obvious sentence or two.

So we could say that any node that expects communication with outside entities will not have a subscription list, and therefore be vulnerable to an exploit. And that exploiting is useless against a subscribed one.

Posted by: wind_in_the_stones Jun 18 2006, 04:39 PM

QUOTE (CrimsonHawk @ Jun 18 2006, 06:09 AM)

Not that I'm aware of.

You can do anything in AR that you can do in VR, you're just using your meat initiative, and you lose the extra passes. If you spoof your ID with the rigger's you can issue any command that he can. You just can't jump into it, and control it virtually. Drones usually have programs that allow them to follow complex commands such as "shoot that guy". I'm not able to find anything about program degradation. Are you thinking of SOTA?

Posted by: Aaron Jun 18 2006, 04:54 PM

QUOTE (wind_in_the_stones)

[...] since my question remains - if you have an ID with which to spoof, why would you make an exploit test?

wind_in_the_stones.biscuit++;

Posted by: Aaron Jun 18 2006, 04:59 PM

QUOTE (wind_in_the_stones)

Actually, they did say that, but you have to put together all of the stuff I quoted a few posts back. I suspect what happened was the same sort of thing that's happened before: the writers knew what they were talking about, the editors knew what the writers were talking about, and so it appeared that the whole thing made sense.

QUOTE (wind_in_the_stones)

So we could say that any node that expects communication with outside entities will not have a subscription list, and therefore be vulnerable to an exploit. And that exploiting is useless against a subscribed one.

wind_in_the_stones.biscuit++; // that's two so far, good work!

Actually, Exploit isn't useless against an exclusively subscribed node, just less efficient.

Posted by: Serbitar Jun 18 2006, 07:45 PM

QUOTE (wind_in_the_stones @ Jun 18 2006, 11:10 AM)

[...] since my question remains - if you have an ID with which to spoof, why would you make an exploit test?

To gain an account?

ID = IP or mac-address
exploit = gain an account

And ID and a system account are two totally uncorrelated things. Even if my wirelss network is only accepting certain IDs, it will still check wheter the guy/device/node/whatever login on via this ID has a valid user/system/admin account.

This is also the case in todays networks. Nothing very nonstandard of difficult.

Posted by: wind_in_the_stones Jun 19 2006, 12:46 AM

QUOTE (Serbitar)

You had me there, for a minute. I thought, oh yeah, if you're spoofing, you have to make a test for every command issued. And once you've successfullly hacked, you can do anything you want to the node. But then I realized your first spoof command is going to be to add your rigger to its subscription list. And that's effectively an account.

Or am I missing something?

Posted by: wind_in_the_stones Jun 19 2006, 12:51 AM

QUOTE (Aaron)

And not only that, you knew what they were talking about, apparently. So you read a lot into those quotes from the BBB. I can't make them mean what you say they mean. Not without a stretch, anyway. They support my position at least as well as yours.

Posted by: Aaron Jun 19 2006, 02:40 AM

QUOTE (wind_in_the_stones)

But then I realized your first spoof command is going to be to add your rigger to its subscription list. And that's effectively an account.

Or am I missing something?

You're missing something. Sorry.

Adding your ID to the subscription list just makes the target node stop ignoring you. But once you've been added, you can start Exploiting. This is, of course, assuming that the rigger has given herself access to change the subscription list (as opposed to making that something she has to log in as an admin or have a passkey to do).

Posted by: Aaron Jun 19 2006, 02:41 AM

QUOTE (wind_in_the_stones)

QUOTE (Aaron @ Jun 18 2006, 11:59 AM)

I cheated. I get paid to teach this sort of thing. =)

Posted by: Navaruk Jun 19 2006, 04:53 AM

So what happens when I delete the subscription list? Does the node default to an open status so just anybody hook up to the drone or is it basically offline?

Posted by: Aaron Jun 19 2006, 06:59 AM

QUOTE (Navaruk @ Jun 18 2006, 11:53 PM)

So what happens when I delete the subscription list? Does the node default to an open status so just anybody hook up to the drone or is it basically offline?

Good question to ask. That's probably a judgement call for your GM to make.

In real life, the answer is both (useful, huh?). This is because the creation of what Shadowrun calls a subscription list is separate from the implementation of that list. So if you tell it to stop using that particular list, then it will become open. If you merely erase the list it's using, it will discard all traffic.

So, yeah. Up to your GM. If I was the GM, I'd have you make a Logic + Operating Systems Knowledge, or Logic + Hacking, or something, to give you a chance of getting the desired result.

Posted by: Nim Jun 19 2006, 12:57 PM

QUOTE (Aaron @ Jun 18 2006, 12:13 AM)

If the router attached to the open port only allowed traffic through that was from a certain address, one would have to perform IP spoofing on packets in order to have the router forward the traffic and have sshnuke work; in game terms, one would have to Spoof the node in order to Exploit it.

It's a minor nit, but since we're talking about wireless.... each node with a receiver has to run its own filter. A better real-world model for a subscribed node would be a server with ssh turned on, but a software firewall (ipchains, for example) configured to ignore connection attempts that don't come from a specific list of IPs.

If the node is going to receive ANY traffic, some piece of software on the node needs to examine each incoming message and decide whether or not to pay attention to it. One way to gain access to such a node would be to spoof your own identity (once you've figured out what ID it's looking for). In theory, though, you might also be able to take advantage of a vulnerability in the filtering software. (Just like, in the hardwired example you gave, you could in theory crack the router instead of spoofing)

Posted by: The Jopp Jun 19 2006, 02:20 PM

Aaron, in your game I agree that you could play it your way, as long as you have fun but according to the RAW one can use Spoof, Hacking and Intercepting wireless signals to try taking over a drone, they are not immune to hacking and electronic warfare and there’s nothing in the rules saying that you need spoof before you hack.

There are however several simple ways of stopping rampant abuse of the above – orders.

It’s stated in the book that Agents understand any order given although they could take them a bit too literally.

Here are the actions and what one can do to stop it.

1. It can only take orders from it’s controlling persona (Spoof can stop that)

2. It will double-check the order with the controlling personas log file if said order has been sent (spoof will NOT work because of that). Also, add an order to IGNORE commands that stops it from checking the logfile or changing the subscription list

3. Intercepting signal and inserting an order (Illicit editing action of data) will fool drone with fake orders inserted in the controlling personas datastream.

4. Point 1 can stop 3 from working since the hacker don’t have the original log file and cannot fake the correct order history (drone could have a log file from the persona with several days of history.)

5. Hacking the drone takes time and it is rare that a hacker would make an exploit test and rather hack on the fly – which gives the drone several attempts to discover the intruder.

6. Running an agent on the matrix on a standard node (citywide signal node or suchlike) and give it an order to peek inside the drones node (within the subscription list of the drone) would give it additional defense and save up slots for autosofts as well. It could run permanent analyze checks and have attack programs ready.

On another issue: Can I spoof command to an agent?

Posted by: Aaron Jun 19 2006, 05:00 PM

QUOTE (Nim @ Jun 19 2006, 07:57 AM)

I have to disagree. The RAW states that commlinks are also routers. This makes sense for a ubiquitous wireless network; it becomes very easy to run such a network if every device can pass packets. I'd assert that only a tiny fraction of traffic that a single commlink encounters would actually be for that commlink, rather than traffic to be forwarded. If that capability was integrated into the commlink's central processing duties, it would be a terrible waste of resources, especially when the user wants it for something processor-intensive (like gaming or decrypting or compiling or something). More likely, the router functionality is part of the wireless tranceiver (analogous to a modern computer's network card).

Unless you are maintaining that a subscription list is unlike a modern ACL, then what you propose would not work. The packet in question never even gets looked at, only the network header. Modernly, it reads bytes six through nine (for the source address), and that's it.

Posted by: Aaron Jun 19 2006, 05:15 PM

QUOTE (The Jopp)

Jopp, omae, I could respond to this, but I'd just be repeating every fraggin' thing I've been saying this entire thread, so I'll leave that as an exercise to the reader. And by that, I mean reader, not skimmer.

Also, let us not forget that "hacking" is, among other things, Spoofing and Intercepting (that one was a few posts back). Don't confuse Exploit with hacking.

QUOTE (The Jopp)

Here are the actions and what one can do to stop it.

1. It can only take orders from it’s controlling persona (Spoof can stop that)

But that's what I already ... I went over ...

...

*sigh*

Very nice, Jopp. Very succinct. Thanks.

QUOTE (The Jopp)

On another issue: Can I spoof command to an agent?

I don't see why not. Logically (meaning within the logical theoretical construct of the Matrix), a drone's Pilot and an Agent are identical, they just control different hardware.

Posted by: Nim Jun 19 2006, 05:26 PM

QUOTE (Nim @ Jun 19 2006, 07:57 AM)

It's a minor nit, but since we're talking about wireless.... each node with a receiver has to run its own filter. A better real-world model for a subscribed node would be a server with ssh turned on, but a software firewall (ipchains, for example) configured to ignore connection attempts that don't come from a specific list of IPs.

Unless you are maintaining that a subscription list is unlike a modern ACL, then what you propose would not work. The packet in question never even gets looked at, only the network header. Modernly, it reads bytes six through nine (for the source address), and that's it.

I didn't write the second paragraph of that, so I'm not sure where it came from. Is it part of your response, and accidentally inside the quote-tag?

QUOTE (Aaron)

Actually, I agree with everything you've said here. I didn't intend to suggest that the filtering had to run on the main processor as opposed to a dedicated sub-processor...merely that it has to be done within the commlink itself, SOMEWHERE. It can't rely on a different node to do its filtering for it. And it can't be entirely hard-wired, because you need to be able to configure the contents of the list at run-time.

Posted by: Nim Jun 19 2006, 05:30 PM

QUOTE (Aaron)

Only one of these I disagree on is the garage door openers. By design, a garage door receiver is intended to respond to only one or two dedicated transmitters. It's pretty much a perfect example of a subscribed node. Unless you meant a public pay-garage, rather than a home one?

Posted by: Aaron Jun 19 2006, 07:39 PM

QUOTE (Nim)

I didn't write the second paragraph of that, so I'm not sure where it came from. Is it part of your response, and accidentally inside the quote-tag?

Fixed. Weird, it looked okay in the preview.

QUOTE (Nim)

I think I'm hung up on the term, "filtering." To call the thing that an ACL or subscription list does "filtering" is somewhat inaccurate, but it occurs to me that such nit-picking (Nim-picking?) doesn't really add anything to the discussion, so I'll shut up about it.

Anyway, my original point was that the packets carrying the Exploit commands/probes/unagi would never reach a place where they could do harm, because it would get discarded before it got that far. It might help to explain that there are actually multiple layers of encapsulation at work in network communications (encapsulated in a spoiler for those who like to skim).

[ Spoiler ]

QUOTE (nim)

Okay, maybe not garage door openers. Except the public ones, as you say.

Posted by: Serbitar Jun 19 2006, 11:20 PM

My http://www.serbitar.de/stuff/SGM.pdf of the whole situation. I tried to find a consistent solution that is sensible and does not violte SR4 RAW. Maybe somebody finds it interesting.

Posted by: Nim Jun 20 2006, 03:20 AM

*grin* Good explanation. And yeah, this is getting pretty far afield, but I'm enjoying the conversation

What I was getting at, though, is that in a wireless network, the sender controls every aspect of the encapsulation. There aren't (or at least, needn't be) any intermediaries between the original sender and the final recipient. So, you can't trust the outer envelopes to be any cleaner than the inner message - the Bad Man sending the message could have fiddled with any layer of the network stack that he wanted to.

IF, and this is a big if, there's a vulnerability in the implementation of the ACL itself (it falls over when it receives a packet with a magic number of bits, or it stores the packet in a fixed-length buffer without checking the size first, or it does something similarly boneheaded), then you've got a problem. The reason it's a big if, though, is that that sort of thing is usually more compact and easy to debug than something like sshd would be. And if it's well-designed, then when it breaks it ends up passing NOTHING along, rather than everything, and you're inconvenienced but not compromised.

Posted by: wind_in_the_stones Jun 21 2006, 04:00 AM

QUOTE (Aaron)

Adding your ID to the subscription list just makes the target node stop ignoring you. But once you've been added, you can start Exploiting.

It seems to me, that if I'm on its subscription list, I can give the drone commands, and I no longer have to make spoof tests. Am I wrong about this too?

Posted by: Aaron Jun 21 2006, 06:11 AM

QUOTE (wind_in_the_stones)

QUOTE (Aaron @ Jun 18 2006, 09:40 PM)

Adding your ID to the subscription list just makes the target node stop ignoring you. But once you've been added, you can start Exploiting.

It seems to me, that if I'm on its subscription list, I can give the drone commands, and I no longer have to make spoof tests. Am I wrong about this too?

Sort of.

You have to spoof it if you want it to follow a command. All being on the subscription list does for you is not have the drone ignore you out of hand. Once you're on the list, then you can start the Exploit or what have you.

Posted by: Aaron Jun 21 2006, 06:55 AM

QUOTE (Nim)

What I was getting at, though, is that in a wireless network, the sender controls every aspect of the encapsulation. There aren't (or at least, needn't be) any intermediaries between the original sender and the final recipient. So, you can't trust the outer envelopes to be any cleaner than the inner message - the Bad Man sending the message could have fiddled with any layer of the network stack that he wanted to.

Um ... huh? Are you sure about that?

If "every aspect of encapsulation" is only controlled at the origin, it wouldn't work. Each end of the communication, and every step in between, has to be equally responsible for operating the proper network protocol (both routed and routing) or it don't work. It's like playing a game of telephone, except the players are from all around the world, and the first person is the only one that gets to pick what language will be used; it might work, but it probably won't.

While there doesn't have to be an intermediary between the sender and the receiver, it's faster if you're able to route your message through multiple routes at once. You gain a little bit in speed, and a lot more in security and error-checking.

As far as the trustworthiness of the "outer envelope" is concerned, there are plenty of ways to authenticate an envelope. If you're using encryption, you could encrypt the lower-level headers and then check it against the outer header to validate the whole packet. You could also include encrypted sign-countersign data using something like a one-time pad.

With wireless communication, though, you need encapsulation on both ends. Ever notice how 802.11g is clocked at 54 Mbps but you never even get close to that speed? That's because the best you can get is actually 26 Mbps, because every packet sent requires that the receiver double check that the packet arrived intact, which more or less doubles the traffic required per unit data transmitted.

QUOTE (Nim)

IF, and this is a big if, there's a vulnerability in the implementation of the ACL itself (it falls over when it receives a packet with a magic number of bits, or it stores the packet in a fixed-length buffer without checking the size first, or it does something similarly boneheaded), then you've got a problem.

Meh. Maybe. I think you might be fishing a bit, though.

Posted by: Nim Jun 21 2006, 12:58 PM

QUOTE (Aaron)

Meh. Maybe. I think you might be fishing a bit, though.

At this point, probably

We've also wandered totally away from actual SR-related topics.

QUOTE

If "every aspect of encapsulation" is only controlled at the origin, it wouldn't work. Each end of the communication, and every step in between, has to be equally responsible for operating the proper network protocol (both routed and routing) or it don't work.

But in a distributed wireless network, if the original sender and the receiver are within range of each other, there /are/ no steps in between, right? Obviously the sender can't grossly violate the protocol, or the packets it's sending will be meaningless. But no trusted (or at least, neutral) third party has encapsulated that message. They could flood you with as many malformed packets as they liked.

If the sender and receiver were far enough away from each other that the packet had to be routed through intermediate nodes, THEN encapsulation might protect you (at first glance) from malicious content.

QUOTE

While there doesn't have to be an intermediary between the sender and the receiver, it's faster if you're able to route your message through multiple routes at once. You gain a little bit in speed, and a lot more in security and error-checking.

That's certainly true with wired communication, because the actual throughput on any given intermediary link may be lower than your own maximum rate of transmission. At that point, splitting the message across multiple routes will get the whole message there faster. In a wireless network, though, I don't see how adding addition intermediaries (assuming the sender and receiver are within clear trransmission range of each other) can do anything but slow the process down.

Or am I missing something here? I'm honestly not JUST trying to be difficult.

Posted by: wind_in_the_stones Jun 22 2006, 04:45 AM

QUOTE (Aaron)

You have to spoof it if you want it to follow a command. All being on the subscription list does for you is not have the drone ignore you out of hand. Once you're on the list, then you can start the Exploit or what have you.

*slaps forehead* Right. Subscribing is like putting each other on your AIM buddy list. All it means is that the drone can hear you, not that it will listen. This would have been a lot simpler if that had occurred to me a couple of pages sooner. I was thinking that a subscription is the channel the rigger uses to issue commands. I think. It's hard to remember what I was thinking last week. Or the week before.

So...

What does the subscription list have to do with it? When you're spoofing, you don't need to be on it, because you're pretending that you're the guy who is on the list.

And back to my original question: what does it take to give control of the enemy drone to my rigger? Once I've hacked into it, I can transfer command rather easily, I'd imagine. Is it the same for spoofing? This seems like a simple decision, but I'd like to get someone else's opinion.

Posted by: Aaron Jun 22 2006, 08:53 AM

QUOTE (Nim)

Assuming a simple protocol, like the sort we use now-a-days, yes, it would be faster. I can think of a few reasons why to purposely send packets via multiple routes on purpose, especially when wireless is a) ubiquitous and b) security-critical.

Posted by: Aaron Jun 22 2006, 09:10 AM

QUOTE (wind_in_the_stones)

And back to my original question: what does it take to give control of the enemy drone to my rigger? Once I've hacked into it, I can transfer command rather easily, I'd imagine. Is it the same for spoofing? This seems like a simple decision, but I'd like to get someone else's opinion.

It comes down to what the drone has been configured to accept as commands. A rigger concerned about security would allow himself to send operational commands, but require higher-level access, Security or Admin, to do anything else, such as give accounts. Ideally, also requiring a passkey, for that added kick.

The long and the short of it is, giving commands is usually enough, at least for a couple of turns, until the rigger sends a command to switch IDs or something like that.

Posted by: wind_in_the_stones Jun 23 2006, 04:58 AM

So basically, you've got to hack it, and set up an account for your rigger. And take away the rigger's existing account.

Thanks a lot for your patience, Aaron.

Posted by: Aaron Jun 23 2006, 09:35 AM

QUOTE (wind_in_the_stones)

So basically, you've got to hack it, and set up an account for your rigger. And take away the rigger's existing account.

More or less. Again, though, usually by the time you've done all that, your Street Sammie has torn it to shreds, or your magician has managed to beat the 4+ threshhold with a damaging spell, or something.

QUOTE

Thanks a lot for your patience, Aaron.

Null perspiration, omae. Didn't I mention that I teach for a living?