In the interests of having the matrix playing a bigger part in our games, I (the gm) and a player who's playing the groups hacker for the first time are going over the wireless world chapter together to hopefully hammer out some issues before they arise in game-play. In the process we've come across some questions that I've promised to try to get some input on from you fine folks (IMG:style_emoticons/default/smile.gif) .

1. In regards the the Blackout\Blackhammer program, it claims in the program description to only work on VR users. He proposed that it seems like it may also work on an AR user operating through DNI input (trodes, datajack, implanted 'link). I suggested that it may be that in AR the simsense levels are toned down enough (in that they don't totally override your senses) that any spikes caused by the program would at most cause a painful headache for that combat turn.

Has anyone else done this at their table? I'm thinking that a -1 or so dice pool modifier for the turn that the program was used could be appropriate in that, admittedly very specific situation.

2. For the Spoof Command action to work, you need the access ID of an authorized user. It seems, from the fiction at least, you can use what I'm assuming is the Capture Wireless Signal action with the Sniffer program on the device, and then use a Trace User action to get the commanding node's access ID. Is this correct? Does the captured traffic give you enough of the users information to run a trace?

3. Somewhat related to the above, will the Capture Wireless Signal action work on a device if it and the user are not in direct signal range of each other? I would assume so, in that even if the information being sent is split up and routed, it departs the node intact. I would also assume you could follow one of those pieces of the original info back to the recipient using the Track program, but may not be able to record a coherent message if they do depart sliced up.

Or am I wrong and all three devices (The Hackers commlink, the device to be spoofed, and the commanding node) all need to be in mutual signal range of one another for this to work?

4. Related to question 3. For the Intercept Traffic action, it mentions that for it to be effective you have to have access to a node that all the traffic passes through. Would this include the originating and receiving node? And if you where attempting to block or alter the traffic using the Edit action on one of those nodes, would it happen too quickly to make any meaningful changes? (For example, a hacker in the node of the recipient would hear the traffic at the same time as each other).

5. We couldn't come up with a very good reason for implants that are primarily controlled by wired DNI to accept incoming wireless commands outside of repair\medical situations. Is it possible to arrange a device like a cyberarm to only broadcast info (serial numbers, medical info) but not accept any kind of commands from a non-wired DNI source unless a physical switch is activated? I'd assume that only people who are aware of this vulnerability would think about it (Professional rating 3 or above).

6. Related to question 5 (Funny how questions lead to more questions). I'm trying to think of a good way to describe this without resorting to diagrams... (IMG:style_emoticons/default/spin.gif) .

Say a hacker using a commlink with DNI hacks into a victims commlink also controlled by DNI (lets say by trodes) who also happens to have a cyberarm controlled by wired DNI.

Could the hacker, using his sim-module to translate his own arm movements into machine code, use his access to the victims commlink + sim-module to translate it back into DNI commands to the trodes, into the victims brain and from there to the wired connection into the cyberarm.

I think this may work in that a sim-module translates information from the matrix into something you can see, feel or hear with your brain so it make sense that the arm could be manipulated by these very signals.

Phew, this ran on a bit longer than I planned. Thanks in advance for your opinions!

2) Yes. In order to get the access ID you have to trace the user (after locating the signal), so I'm not sure what the last part of the question is. Can you track someone from just an access ID?, is that what you are asking? I don't think so, but you could scour through log files in nodes..

3) This is a good question. I would say they don't have to be in signal range as long as there is a mesh network present. The originating device doesn't have to remain in range but could be tracked back to it's last known location.

6) I don't think there is a need for all that. He can just issue commands without having to pre-record movements.

The cyber-hacking rules are uselessly vague at best; I would say that they don't exist as rules, just fluff.

This is one of those things. Actually it seems to work the other way around: You need the access ID to do the Trace User action, which gives you a location. However, the fluff description on the Trace program indicates it can be used to get the access ID - without ever say exactly how.
I would also assume you need to know what you are looking for (i.e. the acces ID) before you can capture a wireless signal out of the millions present basically everywhere, but this I'm really not sure of.

What I think the designers wanted to primarily do with tracing is this: You see an icon on a node, and then do an analyze on it to get the access ID, and then you can follow the subscription back to the device and find the physical location. However, there are theoretically trackable connections without either subscriptions or icons - like comm traffic. Even encrypted comm (which needs a subscription) does not I suppose need icons to be present on another node. I think the general idea was that you use the Trace User action to find the guy who is hacking you or has hacked you. Not to locate random people, even though the fluff describes the program as being able to do that.

I'm sorry it seems I'm rather raising new questions (IMG:style_emoticons/default/frown.gif)


While as a GM I can find numerous reason this just as well couldn't work... I'm not sure. A mesh network is supposed to be decentralized, and any given device that routes traffic does not actually have access to said traffic (which is of course stupid, but...). So... you would have to listen in a fairly large area in order to find the signal you are looking for, because not even the routing devices could tell you where the traffic you are looking for is. I would say it's simply better to just listen within range of the transmitting device, because even now traffic between manhattan and the bronx could theoretically get routed over australia... and it's simply conjecture to assume that the traffic will be moving even close to the direct line drawn between two devices.

IMHO no, if there is a "meat gap" you cannot cross it. Otherwise what would prevent you to"tell" the brain of the poor schmuck to move his meat limbs too, duplicating the effect (even if in a less effective way) of the biodrone rigging hardware.

I agree.

1) Blackout and Blackhammer should not work with AR, regardless of interface method. AR does not link to the nervous system the same way VR does, so the user is protected from those kinds of feedback.

I think cyberlimb hacking is ridiculous. No one is going to install a 20,000 piece of equipment and not think about security. After the first time a limb got hacked and choked its user to death, the video would hit the matrix and every cyberlimb manufacturer would then promote 'DNI-Safe'.

Honestly, its like someone setting up a router without wep or WPA enabled. Sure back when routers were new everyone left theirs open, but now-a-days at least 90% of residential routers are locked down with a password. So sure, maybe 10% of cyberlimb users are fucktarded and install something that can get hacked, but its going to be rare to find, and never on a useful target. (Security guards, yakuza goons, even gangers... they will use DNI. Maybe a poor crippled kid at a special needs school would still use wireless in his government funded used cyberlimb.)

Agreed, but the other point is that I don't think there'y anything about hacking over DNI in the rules. DNI is not the Matrix. Cyberlimb hacking in the books (what *tiny* bit about it there is) refers exclusively to (Matrix) hacking: Issuing Commands to the Device via a wireless or other *data* link. DNI-hacking isn't an issue because it doesn't exist. (IMG:style_emoticons/default/smile.gif)

For SR 5 I kindly request the authors hire someone who has some knowledge about how a real city wide wireless topology would work and that understand the fundamentals of computer security. While obviously mapping it exactly to RL wouldn't work (it might but it would be boring), they could at least use it as a basis for their fudged up "future internet" instead of just making up vague and arbitrary nonsense based on movies that were, themselves, only loosely based on anything resembling how reality (or the future) might work.

That's just my opinion and is somewhat slanted by being one of those people.

See, I go the other way. I would rather it be fun and exciting, rather than realistic and boring...

That's why I said not to map it exactly to reality... the idea that a given piece of "Hacking" software can break into any system given enough time is ludicrous - but it's more fun than making the hacker analyze the system then go and run data searches to dig up as much info as he can on the system type, get a copy of the system for himself, code a custom app to perform various and extensive penetration tests to try and find a back way in, only to give up do a data search to find the name of the of someone who works for the company that probably has a remote access account, and then call them and make a Con roll to convince the person who answers they're with IT and need their password for a security audit.

I just believe fun and exciting should at least make some measure of logical sense.

Well then, abstract it further, and make rules that make sense (as in, are inherently consistend with themselves) and are actually usable...

As is, you a certain amount of computer knowledge is necessary to understand what the authors might have wanted, BUT a certain amount of computer knowledge is also harmful, because you might think things should work as they are now. So it's all kinds of bad.

Bring back the completely abstract SR1 system. Nobody had issues with that 'not being accurate' because it was so far off nobody thought to make the connection.

That is funny to me. I think that the rules NOW are useable... (IMG:style_emoticons/default/smile.gif)

Been recently looking at that system again. It is a good read at least.

I think what he meant is that it should follow the way RL works (that is, you have to capture wireless signal before you can decrypt it, rather than RAW's decryption before capture!) but not necessarily map it exactly to real life.

Use terms and actions, we as real people living in the 21st century understand, rather than a holdover from prior editions.

By fluff, your consciousness actually goes places (along with all your hacking programs), which is why UV nodes work.* Rather than how RL functions in that data is streamed to you from the server.

*Read Pyschotrope. One of the main characters hides from IC in an I/O port and causes a printer to spit out a few pages of gibberish. Which. Makes. No. Sense.

But. Is. Irrelevant. Because. It. Was. A. Fun. Read. (IMG:style_emoticons/default/smile.gif)

Oh fun read, sure. My point was, that the rules try and replicate that but can't.

The rules should make hacking fun for other reasons, not because you can hide in an I/O port.

(One example of how the rules replicate the "your brain travels to servers" thing is Black IC preventing you from logging out. All of us computer using people go "pull the cord" because that severs the connection. By fluff pulling the cord would do nothing)

I just finished re-reading the Renny story from VR1. I forget that Findley wrote so much of the best in-game stuff as well as some good novels.

I'm pretty sure someone pulling the cord gives you bad dumpshock, but a physical unjacking of the cable potentially saves your life or brain. It's why deckers often had someone with them during hard decking, so they could give a yank.

It's that sort of thing I've found lacking in Shadowrun 4. They're trying pretty hard, but so far no one's managed it. The short story by Chris Kubasik at the back of Virtual Realities was one of several stories-say didn't Chris also write the stuff for Universal Brotherhood? Alright damn it, I want Chris back, and Nigel raised from the dead.

I think he's a member of these boards too, I seem to recall chatting with him once.

Oops yea I meant Chris (or Dowd, whoever did that part - EDIT: Chris so says the credits page). I started NAN Vol I and had Findley on the brain.

This. Nowadays, with a wireless connection, it's harder, but you can still set yourself up to get "pulled" if need be. Heck, you could wire a servo to a biomonitor that would physically unplug you if your signs got too wacky/you went unconscious. You'd need to have a datajack or trodes to make it work, with an implanted commlink, you're just toast.

Naah... You could have a physical Switch (or Wired DNI Switch) to disconnect the Wireless/Wired Connection. Takes a bit of effort, but you oculd do it. (IMG:style_emoticons/default/wobble.gif)

Well yea, the suicidal concept of sending your consciousness through the wire has been standard Neuromancer trope before Gibson even came up with the title. I'm not even saying that needs to be dropped - though it should be limited to a specific type of "surfing" and not just day-to-day data searches.


Correct. You can sniff out and capture wireless traffic all day without decrypting a bit of it (PUN!).... but decrypting something you haven't captured makes no sense. It's like trying to read a web page without pulling it up in your browser