A (very long) Hacking Example, By extremely popular demand |
A (very long) Hacking Example, By extremely popular demand |
Oct 20 2005, 04:51 AM
Post
#1
|
|
Moving Target Group: Members Posts: 715 Joined: 4-September 05 From: Metaplane GEPLK136 (The one with the lizards. You remember the lizards, don't you?) Member No.: 7,684 |
As it has been requested several times, by myself included, I’ve decided to write an example “hack scenario.” This is by no means authoritative – I have yet to run an SR4 game. In fact, I wrote this with the rules in front of me, looking things up as I went. I've probably got as many questions as anyone else about the hacking rules. What I'm saying is it isn’t necessarily correct. But I figure if I at least throw something out there, we can start getting comments and other examples. So by all means, if you see something wrong with my examples, let me know.
I’ve decided to basically walk through an entire run, and gloss over any non-hacker parts. That might make this post rather long, but I figure too much example is better than not enough (or the current standard, which is no example...) The team will be made up entirely of the Sample Characters found starting on page 89. Most prominent in this example, of course, will be the Hacker, on page 96. I’ve made two changes to the hacker – I’ve added the “Exploit” program at 5. I don’t know how a hacker gets by without exploit, without that you can’t get in the door. I’ve also given him an “Agent 4” program, to demonstrate the use of agents. I’ve gone ahead and used a dice rolling program to roll the dice, to add to the realism. I won’t be doing any technomancers this time. I’ll be breaking the story into several sections, with each section its own reply to this post. It will be long enough as is... I tried to address nearly all of Eyeless Blond’s suggestions for examples posted in another thread. I think I got them all but rigging: -hacking a secured node (plenty of time to Probe the target) -hacking a secured node (building burning down around you) -stealing someone's car -Rigging -at a meet with a Johnson -doing a research project; legwork -doing a disinformation project; anti-legwork? Wrapup is the last section; please wait until it is posted to comment. It shouldn’t take me long to cut, paste, and format. So, without further a due, I bring you Ménage-a-Trideo The players: Hacker – Jim Bean Face – Façade Gunslinger Adept – Handsome Stranger Radical Eco Shaman – Lilly italics is story plain text is hacking rules. |
|
|
Oct 20 2005, 04:55 AM
Post
#2
|
|
Moving Target Group: Members Posts: 715 Joined: 4-September 05 From: Metaplane GEPLK136 (The one with the lizards. You remember the lizards, don't you?) Member No.: 7,684 |
The Bar
It's always a bar, isn't it... Jim Bean watched through the club’s security camera in an AR window as Ms Johnson strolled confidently into the Fire-Watering Hole. She was tall and thin, possibly an elf – but Bean was more focused on the commlink she keyed as she entered the building. (Rolls Logic + Operating Systems knowledge, 3 Hits) It was a Transys Avalon, one of the few commercial links that could run a top-of-the line OS like Novatech Navi. It was an expensive investment, but it also meant that it was probably standard. It would be a tough crack, but with few surprises. Good thing, too – that troll escort she left at the entrance looked like he could cause a lot of trouble if there where too many surprises. Ms J. walked into the hazy back room, where Jim, Façade, Stranger, and Lilly sat at one side of an oversized and slightly stained booth. Up close, Jim could see she wasn’t an elf, simply a tall and thin human woman in her mid-30’s, dressed in last year’s fashionable business suit. She slid into the cracked leather seat across from the runners, and introduced herself as Vonna. She explained that she worked for TRKL, a small media conglomerate that, among other ventures, ran news on channel 253. TRKL is involved in a ratings war with TVGP (channel 248), and that would be what this run was about. Jim lost focus on the conversation as he began working in AR. He would have preferred to go full VR, but because he had been asked for by name, Façade had told him it would be “rude – and potentially deal breaking” to “sleep” through the meet. (The GM asks Jim what programs he has loaded for this meet. While Jim should have specified this info beforehand, the GM knows that Jim’s character would have come prepared, even if the player wasn’t. Jim Bean’s Commlink is loaded initially with Analyze, Browse, Exploit, Stealth, and his Agent (which is loaded with its own programs as well). This is 5 programs, equal to the System rating of 5, so the response time will not be affected.) Jim knows Vonna has a commlink (he saw it in the club’s security camera), but as it isn’t found among the active or passive nodes in the area, (A free action to check) Jim knows it must be in hidden mode. Jim searches for Vonna’s now-hidden commlink signal (A “Detecting Wireless Nodes” extended test, using Electornic Warfare + Scan (4, 1 combat turn). Jim first spends a complex action to load his Scan program – this lowers his response to 4, as he has exceeded his System in running programs. For now Jim decides this is acceptable. Next, Jim rolls Electronic Warfare + Scan, and scores 5 hits. As the threshold for this test is 4, he finds the commlink on the first turn. Having found the signal, Jim decides to break in. This is a “Hacking on the Fly” test, and uses Hacking + Exploit (Firewall, 1 Initiative Pass). He rolls poorly, and gets only 2 hits. The commlink rolls Analyze + Firewall, and gets 2 hits. This is less than Jim’s Stealth of 5, so he remains undetected. Remaining fairly certain this is a Novatech Navi OS, Jim is confident he can get one more success before the commlink gets the three successes it needs to detect him. This time he rolls considerably better, achieving 7 hits. The commlink still gets its roll, however, and scores 2 hits. This is a total of 4, and fortunately still less than Jim’s stealth. It was, however, very close. Well, no need to tell the teammates about that part. Once in the node, Jim immediately noticed another icon. Afraid it might be IC, he spends a simple action Observing it in Detail (Computer + Analyze, GM determines Threshold). Jim rolls 2 hits, enough to determine two “facts” about the icon. Normally Jim would choose the facts, but the GM decides that this is a special case. The GM informs Jim that the icon is a Sprite, specifically a courier sprite. This is very curious indeed. Jim begins to hope fervently that Vonna is not a technomancer. He also spends his remaining simple action shutting down his Scan program; it is unlikely he will need it further. This allows his response to return to normal. On Jim’s next turn, he spends a simple action looking for any other hidden icons that might be accompanying the sprite. He makes the same test as above, scoring 2 hits. The GM informs him that he doesn’t find anything. Not having anything else to do with a simple action, Jim spends a turn fretting about the sprite. Seeing a sprite in the commlink spooks Jim, and he spends a few moments ignoring the AR displays and focuses on the conversation. Façade is doing well at distracting Vonna from Jim’s lack of attention, it would seem. Jim wishes briefly he was better at understanding people; that he could tell if Vonna was really a technomancer and that her commlink was a decoy. Paranoia runs deep in hackers. But he decides that if Vonna’s face betrays anything, Façade will notice first and be ready. Jim goes back to his AR work. Jim decides first to find out if Vonna is really who she claims to be. He does a Browse action, looking for identity information. This is a complex action using Browse + Data Search. Jim rolls 5 successes, easily enough to find a good amount of information. The GM informs Jim that “Vonna” is really Sally VonHesker, a minor TLKL reporter. The information also suggests her stories focus mainly on celebrities. In addition, Jim finds her birthday, and adds it to his own records. You never know when a Johnson will become a frequent employer, and a thoughtful gift on a birthday might just help that next bargaining session. Jim decides it is unlikely, based in this information in the commlink, that Vonna is a technomancer. Now Jim decides it’s time to unleash his latest creation. He spends another complex action loading an agent into “Vonna’s” link. This agent is configured with Jim’s own personal blend of Sniff, Redirect, Stealth, and Armor. As the Agent is rating 4, the programs are all capped at rating 4 as well. On his next turn, Jim issues the sprite its commands: It is to scan for any comcall signals from the link, and report to Jim when it detects them. Should it get caught and attacked, it is to Redirect any traces until it crashes. Jim hopes the Armor 4 will keep the agent alive long enough to spoof it’s data trail away from him. Lastly, having finished issuing commands to the Agent, Jim logs out (another simple action, no test required unless being attacked by black IC). To this point, 10 turns have passed. As the last of the matrix browser windows fade from Jim’s view, he glances around the room. Only half a minute has passed, and it looks like Façade and Vonna are just finishing up pleasantries and introductions. No one seems to have noticed his hacking. Vonna goes on to explain the job: TVGP has put together a special report on TRKL’s reporting, which exposes several stories as fakes designed to raise ratings. “Vonna” wants the team to infiltrate TVGP just before the story airs, which is prime-time tomorrow, destroy the copy about to be broadcast, and replace it with the one she is providing. This will prevent the story from getting out immediately, and simultaneously ruin the credibility of TVGP. That way, if they decide to re-release the story, it won’t have its intended effect. She has a specific broadcast facility in mind that covers the lower half of Seattle as well as several key matrix feeds. The pay is a bit better than usual, and the team hope that doesn’t mean extra trouble. Oh, and one more thing – the story Vonna is providing is encoded by a courier sprite – so no use trying to peak, as the sprite will just erase if it is crashed. Jim breathes an audible sigh of relief, now that the sprite has been explained. |
|
|
Oct 20 2005, 04:59 AM
Post
#3
|
|
Moving Target Group: Members Posts: 715 Joined: 4-September 05 From: Metaplane GEPLK136 (The one with the lizards. You remember the lizards, don't you?) Member No.: 7,684 |
Legwork
The team splits up for legwork. Lilly and Handsome Stranger head down to TVGP’s local broadcast station to case it for possible entrances. Façade hits up his contacts for more information. Jim Bean jacks in, and muses about the term “legwork” – as his legs only had to carry him as far as his easy chair. This time Jim loads his commlink with his standard “probing” setup – Exploit, Stealth, Edit, Redirect, and Biofeedback. He logs in in Cold Sim mode – no need to risk addiction or Black IC just for an access code. The Biofeedback program is “just in case.” You don’t get to stay a hacker very long if you aren’t paranoid… Jim heads for the TVGP main site. It is a public node, and requires no test. He then searches for the broadcasting station the team is to infiltrate. A Computer + Browse extended test yields 3 hits. The GM has stated that finding this information is “Average” difficulty (as the public most likely does not need to access the broadcast station) which has a threshold of 4. So, Jim makes another roll, getting 4 hits. Thus, 2 turns pass (interval for “same network” as the station is closely associated with the main office) before Jim moves to the broadcast node. It is a secure node, so he must break in. As Jim has a lot of time to work before his teammates return, he decides to probe for his way in. This is a “Probing the Target” test, an extended test using Hacking + Exploit with an interval of 1 hour. The GM decides that this facility is running a system that will challenge the hacker, and assigns it stats of 5. Thus, the base threshold is 10 (System + Firewall). Jim also decides he will need security access, and that adds 3 to the threshold, for a total of 13. Jim’s first roll scores 2 successes. Jim settles in for a long night. He spends two more hours, rolling 4 hits both times, bringing his total to 10. At last Jim feels like he’s making some real progress – he’s so close to an access code he can smell it (or maybe that’s just some noise in the Sim module?) when he is interrupted by an incoming message. It’s his Agent program informing him that Vonna is making a phone call! Feeling certain that TVGP has not detected him, and that he is thus safe for the moment, he “opens” another VR session and begins searching for the agent. The GM decides that Jim automatically successfully perceives his own agent, and Jim can immediately begin tracking it to Vonna’s commlink where it is running. Jim decides to first spend a complex action loading his Track 4 program, which should speed up the time. He also spends another action loading up Sniffer, which he will need to tap the call once he finds the node. Not wanting to waste any more time, Jim leaves the other programs running. As his current running programs total is 7, his response is again reduced to 4. Rolling Computer + Track nets Jim 1 hit. He keeps rolling and gets: 3 hits, 1 hit, 1 hit, 1 hit, and 4 hits. This means it takes Jim 6 initiative passes. Had the GM been using the optional rules from SECKSY, Jim would have failed this extended action, as he could only have rolled 5 times. However, the BBB has no rules about the number of roles for an extended test, so sticking with the main rulebook, Jim succeeds in three combat turns. Now that he has once again found Vonna’s commlink, he must once again break in. He could optionally break in to one of the matrix routing nodes that the comcall is passing through, but this would probably be more difficult than the commlink. Jim is again “Hacking on the Fly.” As exploit is already loaded, Jim rolls Exploit + Hacking for 2 hits. The system responds with a System + Firewall test for 1 hit. Next pass, Jim scores 3 hits, and breaks in. The system rolls again as well, scoring 2 hits. The total of 3 is again less than Jim’s Stealth of 5, so again he is undetected. Now that he is in, Jim can tap the call. The GM decides that because Jim hacked the commlink, and not a matrix node, that he does not need to roll a Data Search test to locate the call traffic; it is pretty obvious as there is limited other activity in the commlink. So only an “Intercept Traffic” test is needed (Hacking + Sniffer, successes are the threshold to avoid detection. This is a complex action. Jim rolls 1 hit. Frag! He’s tapped the call, but not skillfully. The GM decides that since Analyze can be set to scan automatically, that Vonna has enough computer know-how to have done so. He rolls for the automatic analyze (Rolling just Analyze 4), and gets a lucky 3 hits. Jim overhears, through a somewhat static-filled connection, Vonna’s voice saying “…has been paid. He’ll get what he deserves. What the… someone’s tapping my comm., I have to go. *click*.” Jim knows he’ll have to act fast – fortunately, he’s in VR, and will probably have an initiative pass to act. Jim spends a simple action to deactivate the agent he left running on Vonna’s commlink, to prevent any data trail leading back to him. He then quickly logs off (another simple action) – thankfully before Vonna, acting at AR speeds, can investigate. Slightly frazzled, yet exhilarated by his close call, Jim Bean returns to his probing attempt. Because he never logged off, and only a little time has passed, he can pick up where he left off. First he unloads Track and Sniffer, to bring his comlink up to full responsiveness. Then he again rolls Hacking + Exploit, getting 5 hits. This brings his total to 15, allowing him to gain security access to the system. Upon success, the node rolls Analyze + Firewall to attempt to notice the break in. Unfortunately, the node rolls 5 hits, which is enough to defeat Jim’s stealth program. The node goes on alert. Jim might normally log off before he is caught – but this time, he’s on a tight schedule. The run is tomorrow, and the system might not come down off alert before then. The exploit he found will certainly be closed as soon as they investigate the alert, so he needs to use it now, or never. Jim decides to chance it – he switches to Hot Sim mode (a free action) and presses on, using the exploit he found to log on (a complex action). The GM decides this is a good time to roll initiative. But because Jim paid for the pizza the group is eating, he decides the combat turn starts just after Jim switched to hot sim mode – his first actions in the system will have 3 passes (the same as the IC). Jim rolls Response + Intuition + 1, and scores 3 hits. This brings his initiative to 14. The GM secretly rolls for IC, and achieves an initiative of 13. Being the creative type, Jim first wants to know if he can use his “Security” access to turn off the alert. The GM decides that even a security user can’t cancel an Alert status until it has been investigated. Jim wishes he had hacked in as an Admin, as it wouldn’t have been any harder, it would have just added an extra hour. The GM wonders what excuse he could have used then – or if Admins can cancel any alert and redirect any IC they trigger at whim, as these things would fall under the legitimate purview of “Admin.” He also wonders if the play testers for the Matrix section really thought through the account statuses. Jim needs to know what to expect now that he’s triggered an alert. He uses his Security Procedures knowledge skill to determine a likely response. The GM decides thinking the security plan through in a hurry is a complex action. Jim rolls Logic + Security Procedures, and scores 5 hits. The GM informs Jim that for a node this size, the first response will probably be an IC designed to scan for intruders and that further IC will be launched based on what it finds. Also, an alert probably triggered the on-call decker – but it might be several rounds before he can be woken up (or more likely this time of night, convinced to log off his VR MMORPG.). The IC attempts to locate Jim. As Jim is running a stealth program, this is an opposed test – the IC rolls Analyze + Computer (and as IC doesn’t have a computer skill, the GM assumes the book meant that he should substitute the IC’s rating for Computer), Jim rolls Hacking + Stealth + 2 (for Hot Sim). The IC gets 3 hits, Jim gets 5. As a perception test is only a simple action, the IC repeats the test – scoring 2 hits. Jim scores 4; he remains undetected this pass. Jim is pretty sure something is out there looking for him, so he rolls a matrix perception test to find it (a standard action). He rolls Computer + Analyze +2, and achieves 6 hits. The GM rolls for the IC – Stealth + Firewall + 4 (for active alert), and scores 4 hits. This is two net hits for Jim, and so he can choose two facts to learn about the icon. Most important to him right now are what the icon is, and what its rating is. The GM informs him it is an IC, rating 5. Jim spends his next standard action unloading exploit – he won’t be needing it any more, and might need the extra memory for something more useful. The IC continues its search pattern, the same as before. This time it rolls 4 hits, and Jim also rolls 4 hits. Ties generally go to the defender; Jim escapes detection briefly, but that IC is getting very close. For its next simple action, the IC rolls 4 hits again – but Jim only rolls 2. He’s been spotted! Jim briefly considers loading a combat Agent. But the GM declares that since the rules state that agents “Can be loaded” with programs, that Jim must take a complex action for each program the agent loads. Instead he decides he needs to focus on what he came here for – getting access he can use for the run tomorrow. He decides to use Edit to create himself an account. Unfortunately for the GM, the book is exceedingly vauge on this concept – Hacking + Edit (or Computer + Edit) is nice to know, but what is the threshold and interval? The GM improvises, and decides that since the system is on alert, and actively trying to thwart hacking attempts, creating a new hidden user account will be an opposed test against the node’s System + Firewall + 4 (alert status). Under normal circumstances, an extended test against the system’s Firewall would probably have been good, too. Jim sighs, knowing the odds are against him, and rolls, remembering to add +2 for Hot Sim. Sadly, he achieves only 1 hit. The GM uses the system’s dice to buy 3 hits, and saves the need to roll. The system, having been alerted by the “Search” IC that there is a hacker, loads an “And Destroy” IC. The GM decides that since it is the same rating as the Search IC, it gets the same initiative. “And Destroy” also begins searching for Jim (as he is still running stealth, he is undetected by the new IC). The GM decides that the IC gets some pretty hefty bonuses -- +2 for being on active alert, and +4 for having been spotted by the other IC. With a whopping +6 dice to it’s matrix perception test (Computer + Analyze, hopefully agent rating is allowed), it rolls 6 hits. Jim only scores 4 with his Hacking + Stealth + 2 opposed test, and the IC locks on to Jim. A digital Ares Citymaster comes barreling over the virtual landscape towards Jim. This ends the first Combat Turn. Rolling Initiative again, Jim this time gets 15, while the IC (The GM rolls once for both IC, to save time) remain at 13. Jim Tries again to create an account. He knows this is critical, so he spends a point of edge. This time he gets 6 hits, and the system only gets 3. This is a success! He’s made a hidden account to use for the run. “Search” IC begins tracking Jim’s data trail. It rolls Computer (er, Rating) + Track, with a threshold of 15 (10 + Jim’s Stealth of 5). 4 Hits, Jim’s clock is ticking… “And Destroy,” Having found Jim, and identified him as a hacker, opens up with it’s rooftop cannon – a Blackout 4 attack program. “And Destroy” rolls Rating + Blackout, and Jim defends by rolling Response + Firewall +2 (I’m assuming the +2 here. Technically, Hot Sim applies to “all matrix actions” – but defending from attack isn’t an “action.” However, it seems within the spirit of the rule to allow it. I don’t really know about this one.). The hits are 2 to 5, Jim dodges the attack. Jim now needs to get rid of any evidence of the account he created while here. Fortunately, security logs are within the purview of Jim’s “security” access. Even more fortunately, the GM says that the logs are currently unencrypted because of the massive amount of data being logged due to the attack (Did I mention that pizza had all of the GM’s favorite toppings?). Now Jim just needs to find the logs. The GM decides for someone with as much knowledge as Jim has of both security procedures and operating systems, finding the security logs is an easy test. A Computer + Data Search +2 test yields 4 hits, more than enough to locate the logs. This is a complex action, but Jim has found the logs. “Search” takes another complex action of following Jim’s data trail, rolling Rating + Track for 2 hits. It’s got a ways to go until it finds Jim’s commlink. The GM wishes once again the authors had been more clear on the Edit rules, then decides that an Edit + Hacking (because while he can legitimately access the logs, altering them in this way is more “hacking” than “normal use”) test will serve as a threshold for noticing that he created a hidden account while in the system. He rolls, again remembering to add +2 for Hot Sim, and gets 6 hits! (Technically, this is probably incorrect. The Edit test states that you can only change a single line, or a single image, without an extended test. Rather than figure out how many lines in a security log need to be changed, it’s probably easier to assume a single “file” regardless of the file type can be changed.) “Search” continues it’s digital sniffing, by rolling Rating + Track. It gets but one success, bringing its total to 7. “And Destroy” releases another volley, rolling 3 hits. Jim defends, getting 6. Another successful evasion! Just then, the Security hacker logs in. As he spends a complex action logging in, he is unable to act this phase. It is time for a new initiative roll. The IC get 13 once again; Jim scores 15 again. Jim decides things are getting WAY too hot. Besides, he has what he came for. As “And Destroy” has yet to connect with an attack, Jim is still free to log out, and decides to do just that. Jim winces at the thought of the dump shock he’d have received in Hot Sim if the IC had jammed his connection, as the VR simulation closes around him. Jim smiles and chugs a super-hyper-caff-cola (now with double the nerps!) It’s been a long night so far, and the night’s hack didn’t go as smoothly as they like. But as they say, any hack you can walk away from is a good hack. The next morning, the rest of the team meets up via commlink to share what they have found. Jim Bean tells them of his partially overheard conversation, and that he has matrix access for tomorrow’s run. He doesn’t mention how close he came to getting blasted doing it. Nor does he mention the (fortunately slim) chance of someone discovering and closing that access. Façade informs the group that his fixer knows someone who used to be a secretary for Ms. VonHesker, but that he can’t arrange a meet until the day after tomorrow. That’s too late for the run, but the group agrees to set up the meet anyway. If things go good, it won’t do any harm; if things go bad, it will be good to know who to blame. Stranger and Lilly report that late at night, they saw a group leaving the premises that didn’t look like the regular techs. In exchange for a brief magic show, the group revealed that they where co-op students at the nearby college. They said there was practically a new group of students every day. The group decides that this might be a way into the building. A good thing, too, because Lilly says that she’s pretty sure the astral signatures around the only other entrance, near the transmitting tower, show signs of barghast activity. |
|
|
Oct 20 2005, 05:01 AM
Post
#4
|
|
Moving Target Group: Members Posts: 715 Joined: 4-September 05 From: Metaplane GEPLK136 (The one with the lizards. You remember the lizards, don't you?) Member No.: 7,684 |
The Break In
A quick Stick-n-Shock ambush by Handsome Stranger, and the group had a set of student access badges. Jim Bean used his access to re-enter the building’s matrix (which had gone off active alert sometime around noon) and change the pictures and other info in the student files to match the runners. Façade gave the guards at the front gate a story about how the pictures on the badge had been mixed up by the printer, and how there wasn’t enough time to get them reprinted. Normally, after the matrix break in the night before, the guards would have been very suspicious of the matrix information that backed up the runner’s story – but Lilly’s mob mood spell had them feeling quite agreeable. Once inside the building, the corporate suits never looked at the group’s badges. The account Jim created was sufficient to open doors right up to the side of the secured area. After breaking in to the secured area only minutes before showtime, the team decided there wasn’t time to try to hack the secured system. Instead they made their way to the editor’s room, where they ambushed an editor with the appropriate access cards. They used these to upload the sprite into the system, then Jim was able to erase the original program with his editor’s access rights. Unfortunately, their attack and computer tampering alerted the guards, and a harrowing escape down a waste chute landed the team in the underground garage for the facility. A quick look around finds a suitable getaway vehicle – a small armored sedan. However, it (and all the other vehicles in the lot) are currently off – thus, not hackable. No doubt the expensive ones have remote starters, but without intercepting and spoofing the remote starter, there’s no way to use a wireless link to start the car. Fortunately, Jim Bean has studied more than just wireless – hardware is part of his skill set, and he’s brought his electronics kit. (What’s that? The hacker archetype doesn’t have an electronics kit? He darn well should!) But he’d better hurry, those guards are on their way down the elevator. Jim sets to work on the car. The GM decides it is a Basic difficulty to get the car to power on. The approaching guards have the hacker nervous, and underneath the car is very cramped for an Orc, so the GM applies a -1 penalty for distracting conditions. However, today is going much better for ‘ole Jim Bean, and he rolls 5 hits! Having started the car’s computer, Jim immediately drops into VR Hot Sim mode. Those guards are only two floors away now! Fortunately, the car starts up in active mode. Jim immediately begins “Hacking on the Fly.” Because Jim didn’t specify his program loadout, the GM decides he has his standard “Hacking” loadout that he used last night. Fortunately, this includes Exploit. Cars that have not been upgraded with their own commlinks, the GM decides, are “standard electronic device” according to page 216’s “Access Privileges” section. This means it only has Admin security status, which adds 6 to the breaking in roll. Jim Rolls Hacking + Exploit +2 (Firewall 3 + 6 for admin), the car rolls Firewall + Analyze (Stealth 5) to detect Jim. Jim rolls only one hit (maybe his luck is running out?) The car, with it’s Pilot (and therefore system, firewall, etc.) of 3, rolls no successes. Jim continues, this time rolling 6 hits. The car scores 2 hits. One more round (ending the combat phase) and Jim scores 4 more hits, which has him as admin of the car. The car scores one more hit, not enough to detect Jim. With the combat turn over (3 phases of Hot Sim VR), the guards are only one floor away by elevator. Jim logs into the car with his Admin privileges, which takes a complex action. Unfortunately, the car is not rigger adapted, so Jim can’t “Jump In” to it. However, he can unlock the doors and start the engine, which he immediately does. The GM rules that these actions are simple enough not to require a control test. Jim then spends his last action of the phase logging out and shutting off VR so he can climb into the vehicle. The car starts and the doors unlock, but before the team can move, the sound of the elevator chime rings across the parking lot, and the doors begin to open. It’s going to be a close race to get out of here. |
|
|
Oct 20 2005, 05:02 AM
Post
#5
|
|
Moving Target Group: Members Posts: 715 Joined: 4-September 05 From: Metaplane GEPLK136 (The one with the lizards. You remember the lizards, don't you?) Member No.: 7,684 |
Wrapup
There’s no more hacking here, but I wanted to finish out my storyline. As the team sped away in their now (slightly damaged) armored sedan, Jim Bean fed a matrix stream of TVGP’s newscast into the sedan’s display screen so the team could watch the results of their handywork. They where all curious as to what the sprite had contained, and they had just barely made the deadline. “…ack team of investigative reporters has found that our competitor, TRKL, has been distorting the news they report for financial gain! We here at TVGP are devoted to the truth, no matter the cost. And in that vein we now give you our report!” The screen switched to a few frames of the original broadcast, scrambled. Then, it slowly resolved into… was that… oh my. A very raunchy scene involving a middle-aged man, an elven joygirl, and… a male dwarf? Whoever they where, those objects where clearly intended for external use only, and the group was thus very much in violation of their EULAs. Scrolling across the bottom was the text “How would Mrs. Heintrek feel about this? Why don’t you call and ask her, at comcode #256FG36Y.” The ghastly scene played on for a solid minute and fifteen seconds before the techs at the station, still recovering from the team’s infiltration and daring escape, where able to kill the feed. … The warehouse in the docks district – Façade’s fixer sure had a classic streak in him. It was a foggy night, too. The secretary was younger than the group had expected. She was clearly nervous about meeting a team of possibly dangerous runners on a foggy night; to try to cover her nervousness she launched immediately into her story. “I started working for Mrs. VonHesker at TRKL two years ago. About a year ago, I stumbled in on.... that is to say, it came to my attention that she was having an affair with a married man. a Mr. Heintrek (she blushed bright red at his name; clearly she had seen the broadcast) was the one she was with... and the one on the braodcast yesterday. Not the dwarf, the... uh, well, never mind. Well, Sally – that’s Mrs. VonHesker, she, found out after about six months that she. wasn’t the only one he was cheating with. What a pig! She swore up and down she’d get that two-timing… er, three timing? drek-head if it was the last thing she did. After that, she was kind of hard to work with, very moody, and eventually I left the company as a result. But I found out about the ratings war with TVGP, and that she had been given the authority to hire runners to win that ratings war. Well, don’t you see? Heintrek was one of TVGP’s anchormen, on their morning show! I just knew she’d use the opportunity to get back at him, and hurt TVGP in the process, but I couldn’t have predicted this!” The team just stared at the secretary, slack-jawed. She went on: “I followed up a bit before we met up here. Mrs. Heintrek had the divorce papers filed within minutes of that broadcast. She got so many calls about it that they had to disconnect her com from the net. I hear she’s moved out, and her lawyer is pretty certain she’ll get everything.” “I guess in a way, things worked out then” muttered Handsome Stranger, a bit bewildered. “Not quite… “said the secretary. “Sally VonHesker… well, she didn’t count on one thing. TVGP’s ratings SKYROCKETED after that clip. They where the highest rated broadcaster for a full 37 minutes after that, outpacing even much higher budgeted networks in this area. TRKL fired her when they found out, her vengeance cost them their ratings war!” -- End -- Post: Apparently I am very fond of the words "very" and "thus." Please ignore their repetition. |
|
|
Oct 20 2005, 06:32 AM
Post
#6
|
|
Target Group: Members Posts: 70 Joined: 2-September 05 Member No.: 7,673 |
Great story Feshy! Don't know if you have ever played the Munchkin card game but Jim obviously just went up a level or 2!
|
|
|
Oct 20 2005, 06:35 AM
Post
#7
|
|||
Neophyte Runner Group: Members Posts: 2,431 Joined: 3-December 03 Member No.: 5,872 |
Yeah you were very fond of using those words, thus I found it hard to read :D Thanks, I'm working thorugh the hacking section right now and this is a big help. |
||
|
|||
Oct 20 2005, 07:28 AM
Post
#8
|
|
Immoral Elf Group: Members Posts: 15,247 Joined: 29-March 02 From: Grimy Pete's Bar & Laundromat Member No.: 2,486 |
I was entertained ... nice job! :)
So Matrix Gurus (Guri?), is it correct, rules-wise? |
|
|
Oct 20 2005, 07:52 AM
Post
#9
|
|
Moving Target Group: Members Posts: 165 Joined: 26-February 02 Member No.: 1,002 |
Quick oberservation.... with jim loading an agent onto to the other comlink would that affect the other persons system and response as well because then she would have his agent running on her comlink.
|
|
|
Oct 20 2005, 08:05 AM
Post
#10
|
|||
Target Group: Members Posts: 70 Joined: 2-September 05 Member No.: 7,673 |
As you said you weren't including Technomancers I'm guessing this reference to the sprite is wrong (especially as you've called it an Agent earlier. |
||
|
|||
Oct 20 2005, 11:17 AM
Post
#11
|
|
Target Group: Members Posts: 21 Joined: 26-February 02 Member No.: 674 |
Thanks, Feshy, for the example; it defintely helped me put the rules into some context. It's also disturbing how many holes you pointed out. So basically, all a hacker needs to do is gain admin privileges and then he can turn off the alert and make any threat from the system pointless. Sigh. I am NOT looking forward with having to deal with this when I run a game.
|
|
|
Oct 20 2005, 11:59 AM
Post
#12
|
|
Moving Target Group: Members Posts: 123 Joined: 7-October 05 From: Glow City Safehouse Member No.: 7,821 |
unfortunately, in their attempts towards making the game lighter on the rules, they left some big questions floating about, and I swear half of them are concerning hacking. However, there are a few things you can do to limit them from in game:
Use various types of passcodes, such as linked or passkey passcodes (pg. 215), that need an additional confirmation of some sort before it will hand the keys over to the player. It's best to use this as an excuse to keep the dreaded admin rights out of players hands, but for some closed Zero Zone systems, the players may have to find a keycard before they are even allowed to log on as a grunt! Secondly, feel free to add additional modifiers for trying to get higher level access for better designed systems. Finding the code for an admin that hasn't changed his password in two decades is not that hard. Finding the code for an admin that uses an offline synchronized code sequence is going to be a heck of a lot harder without access to the admin layer of the node or quietly swiping the code generator off an admin. Third, feel free to tell a player the extended test is over anytime you feel it would make sense. For instance if a player is looking for security holes in a system and the system shuts down and resets over the night, an auto-update from the main offices might have plugged up the security leak by morning, forcing them to start all over. This one may not stop them from going for admin status, but it will make them sweat a bit when you tell them "This site is going offline at Midnight for two hours of daily maintainance." |
|
|
Oct 20 2005, 01:13 PM
Post
#13
|
|
Moving Target Group: Members Posts: 600 Joined: 31-August 05 Member No.: 7,659 |
You said it loaded IC onto the comlink but isn't IC just a program that has to be weilded like a weapon by either a person or an agent?
Also, to prevent the players from making one roll and having admin rights to everything just put different data on different nodes. That way they need to system hop a bit to get everything. I talked a little bit about setting up different nodes here: http://forums.dumpshock.com/index.php?show...=0entry322396 |
|
|
Oct 20 2005, 02:28 PM
Post
#14
|
|
Moving Target Group: Members Posts: 617 Joined: 28-May 03 From: Orlando Member No.: 4,644 |
Way to go Feshy, that does break down the majority of a hacking scenario quite well. My GM and I were perusing this and it looks like it nails down most of the hacking issues we had.
|
|
|
Oct 20 2005, 03:12 PM
Post
#15
|
|
Moving Target Group: Members Posts: 261 Joined: 26-February 02 From: Massachusetts Member No.: 2,115 |
I'm not sure what the rules say, but IRL if anyone ever made it so you could edit a security audit log with "security" access rather than full admin access I would stab them in the face. In really secure systems, audit logs are written to write-once media (there are write-once harddrive controllers, but the simplest solution is to just immediately print the logs on paper). Another trick is called "capabilities", where even a full admin doesn't have permission to modify the logs.
Again, in real life, on computer systems with admin accounts, any logs that might be used for a security audit can only be deleted or modified by an admin. It can get harder than that, but should never get easier unless the OS designer or the sysadmin are total morons. |
|
|
Oct 20 2005, 07:04 PM
Post
#16
|
|||||
Moving Target Group: Members Posts: 286 Joined: 5-September 05 Member No.: 7,688 |
Beautiful examples. This is exactly what we needed. Thanks for taking the time to write out the story and examples. I enjoyed it.
What about on page 58?: "A good limit is to allow a maximum number of rolls equal to the character's dice pool (so a character rolling 6 dice has 6 attempts to get it done)."
:D Yes, there seems to be a lot of loose ends with the hacking system, but I imagine the devs are looking over forums such as these (maybe even posts such as mine!) and might include more information in that upcoming matrix book. Or maybe it'll just be chock-full of human-on-elf-on-dwarf pr0n. Well I guess it'd be an improvement on the current artwork, hmm... |
||||
|
|||||
Oct 20 2005, 07:11 PM
Post
#17
|
|||||||||||||||||
Moving Target Group: Members Posts: 715 Joined: 4-September 05 From: Metaplane GEPLK136 (The one with the lizards. You remember the lizards, don't you?) Member No.: 7,684 |
Thanks for the encouragement and comments, everyone.
The rules don't specify. The only time loading an agent on a node is mentioned is p.228, where it basically only says that the agent then counts towards your subscriber list. No tests for running an unauthorized process, or any info about how it affects the nodes response. Personally, I don't know how I feel about it. At first I agreed with you -- until I realized that, because there is no test or anything, a runner could simply spend his first 20 or so complex actions in a node loading agents, and bringing the system to a painful crawl. No doubt this would set off an alert, but how much threat are the IC going to be at Response 1? Especially with the help of 10 agents (only 10 could really be on the subscriber list, but you could certainly have more commlinks helping to load them...)? In general, the "unlimited army of agents" problems worry me -- even if "unlimited" is really "System x 2" in practical terms. Just imagine how different Jim's ordeal would have gone if he'd loaded 10 agents instead of the hacking he'd done. He'd have outnumbered the IC 5 to 1, and his personal army could have blasted their way through the system. Even the node closing all connections wouldn't have stopped him if he had the foresight to make one of the agents responsible for editing the file, as the lack of connection to the hacker wouldn't have stopped it. The only thing that would have is a complete reboot, and that's got to be a VERY expensive operation for a broadcast studio. Of course, the system node could just load up 10 IC to combat the 10 Agents; but then it's going to come crashing to a halt with that much activity. Plus, you are then basically replacing every combat roll with 20 more combat rolls, slowing matrix actions by a factor of 20. And then it begs the question -- if the node can launch it's own army of IC, why doesn't it launch an army of IC every time it is compromised?
Yep, exactly right -- just one of the no doubt many errors and type-o's I made. The only sprite I intended was the one that carried the new video clip. This was partially for flavor, and partially because courier sprites are the only way to transmit data that CANNOT be seen beforehand (thanks to their awesome Hash power).
Unfortunately, the book makes exactly zero tie-in between these passkey types and the hacking attempt. In my younger days, I had a bit of experience with gaining unauthorized access to computer systems, and keys of that sort where generally only discouragements to social engineering attempts. That is, it wouldn't do much good to eyeball the admin's password if you still needed his access card. But when "probing" for entry, passwords where seldom an issue (no sane system would let you brute force passwords) as you where looking for back door entries that bypassed the security altogether. While I certainly HOPE that by 2070, buffer overflow attacks and the like are a non-issue (OO programing should have made them a non-issue today, but legacy code is very common), this is the type of thing I envision for a "hacking in" test -- at least the extended one. The "hacking in on the fly" test I might be more picky about. There's only so much you can do in a combat turn, after all... Really, this is yet another place the rules are too skimpy. Does simply having linked passkeys of any sort preclude any type of breaking in action? Do they add modifiers to the difficulty or the time? Do they have any effect at all? There's simply no direction from the book; at least none that I could find.
This is a good suggestion, definitely. Unfortunately, all the modifiers do is make it a longer extended test, but when you add in your third suggestion:
It's a lot better. The extended test is one of my biggest frustrations with SR4. It is a very common test, and some of the most important and interesting tests are extended tests. Yet the only limit is one "arbitrarily" assigned by the GM. I have no problem with occasional arbitrary decisions by GMs. What I do have a problem with is that one of the more common and interesting tests pretty much requires GM arbitration EVERY TIME. Breaking into the most secured facility's computer, aquiring high-quality anti-vehicle missiles and a panther cannon, or finding what happened to Dunklezahn with a net search -- these are all "extended tests" with reasonable intervals that players could easily do, regardless of their skills, with enough time. Now of course, those particular examples are really clear indications of a good place to arbitrate. However, the way the test is, I would have to consider arbitrating on ANY and ALL extended tests that the player doesn't make on the first two or three rolls. And that I don't like.
No, IC is another word for Agent, essentially. IC is an Agent launched by the system when it detects an intruder. It functions identically to an Agent. In my example, if you where curious, "Search" was loaded with Analyze, Track, Stealth, Armor, and Exploit. Had it locked on to Jim's trail, it would have used its exploit program to gain entry into Jim's commlink. Though, with those programs, I'm not certain what it would do once there -- probably call for help again. "And Destroy" had Blackout, Armor, Analyze, Medic, and Attack (in case Jim tried to load an agent, which is immune to Blackout).
I saw that post earlier, it's a good idea. And I did like your approach. I just wanted to be very careful about doing that, because I remember all too clearly the horrors of Matrix actions in SR2. Systems with 100 nodes to hack through, etc... it was a mess. Also, given the lengthy time of the extended probing test, which combines long, uninteresting rolls with an unpredictable amount of long, involved hacking, I'd rather runners weren't probing too many nodes per game session. As an example, I hadn't intended Jim to get caught during his probing attempts. But that's how the dice came up, so I decided to go with it to see how it would play out. It wound up being, by far, the largest section. Just imagine if he had to try that on a dozen or so nodes! Best case, he makes about 50 rolls to get all the extended tests down. Worst case, a dozen encounters like the one above! The rest of the group would have left to shoot pool by then, I'd wager. Still, there was some of the different node approach. The actual broadcasting controller node was in a secure area, and not accessible from the main system. It sort of had to be, otherwise why break in? But that was handled by non-hacking methods (and thus sort of glossed over) -- both to demonstrate that hacking isn't always necessary or desirable (you've got other teammates to worry about seeing some action too) and because I'd already written like 15 pages of stuff. :)
Well, SR4 isn't like that. I think it's safe to say that by 2070, printing logs to paper would pretty much be the same as not printing them at all. With so much processing power and memory available, how big do you think logs have gotten? And when the entire world is only as far away as the inside of your skull (thanks to an implanted commlink) who is going to go read through reams of paper? Especially since the printer is, in 2070, quite capable of hosting VR actions, and thus vulnerable to spoofed "Out of Toner" messages, or print queue tampering... But really, editing logs is one of the main uses recommended in the book for Computer + Edit. See, for example, page 218. So basically, it's in the book, so I went with it. Given how versatile and interactive all matrix programs and files are, I can understand why they wouldn't be as simple to secure as they are today. Plus, in the somewhat dystopian future, there are things that megacorps might WANT removed from the logs... But you're right, with today's computers, IRL, in high-security areas, it wouldn't be possible. And, no doubt, it'll make a nasty surprise for some runner when they happen to run into an un-editable log in a highly secure area. But in general, it's good game flavor, IMHO. |
||||||||||||||||
|
|||||||||||||||||
Oct 20 2005, 07:21 PM
Post
#18
|
|||||||||
Moving Target Group: Members Posts: 715 Joined: 4-September 05 From: Metaplane GEPLK136 (The one with the lizards. You remember the lizards, don't you?) Member No.: 7,684 |
Thanks!
Doh! Good call. Though, it really doesn't scale very well unfortunately. As long as the extended tests for hacking are, it's also very conceivable that the hacker in question is rolling as many dice as he needs hits for. e.g. the 10 threshold "probing" test, with Hacking 5 and Exploit 5. That's allowing the runner to roll 100 dice to get 10 hits. Even if the threshold is doubled by modifiers (+6 for admin access, +4 because you put pineapple on the GM's pizza -- Er, I mean, because it is a really secure system) 100 dice for 20 hits is still very easy.
Yikes! Though, it'd probably make the matrix that much more like the real-life internet... I guess I had really hoped SR4 wouldn't go the way of SR2 -- that is, you need a dozen or so books to have all the rules, and looking up a rule required checking at least four of those books. I can tell that the matrix was intended to be a lot more open ended than in the past -- unlike, as I've said, SR2, where it was known EXACTLY what you'd have to do in detail so excruciating no one ever played a hacker in our group. EVER. In a decade of game play. This is certainly better... but it is still too open ended I think. Though, with a lot of examples and a few tweaks, I think it will probably work out pretty good in the long run. |
||||||||
|
|||||||||
Oct 20 2005, 07:45 PM
Post
#19
|
|||||
Moving Target Group: Members Posts: 123 Joined: 7-October 05 From: Glow City Safehouse Member No.: 7,821 |
The book doesn't make any rule tie ins, but I would play it just like the they tend to work in real life: Unless the computer gets exactly what it want's, it doesn't let you in. Sequenced computers are great things, for it allows a code/password combination that is next to impossible to break without (a) a copy of the source code and a timed intercept of a code transfer to start it out on the right foot, or (b) access to the actual key. This is the type of system that keeps the main systems of the NSA and IRS secure, for you can't hack what you can't get to. |
||||
|
|||||
Oct 20 2005, 08:12 PM
Post
#20
|
|
Moving Target Group: Members Posts: 600 Joined: 31-August 05 Member No.: 7,659 |
Just have it so whatever comlink is connecting in needs a maglock key inserted into the comlink also. It adds extra security and the rules for breaking that key are in the book too.
It wouldn't really take long to have different nodes, just set it up so the player can only connect into one or two nodes pre-run. I just say that once you hack in you only have so long until they eventually find traces of you hacking in. Also, each is accessible from the ground level, you don't need to node climb at all. It's just that you can't get ALL the data from one node. |
|
|
Oct 20 2005, 09:35 PM
Post
#21
|
|
Moving Target Group: Members Posts: 286 Joined: 5-September 05 Member No.: 7,688 |
For separate nodes, do you need to make seperate Hack in on the Fly tests for each, or would your hacked account from the first carry over? Or maybe would only certain nodes (ex. highly secure areas) have their own new sets of passcodes, perhaps requiring a physical identification too (like what's been mentioned)?
|
|
|
Oct 20 2005, 10:17 PM
Post
#22
|
|||
Moving Target Group: Members Posts: 715 Joined: 4-September 05 From: Metaplane GEPLK136 (The one with the lizards. You remember the lizards, don't you?) Member No.: 7,684 |
I suppose it would depend on your interpretation of nodes. I tend to think of "nodes" as an abstracted network. My definition answers your question in a circular way -- I define "node" as the boundary at which you need a new account... |
||
|
|||
Oct 21 2005, 01:29 AM
Post
#23
|
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
hmm, it could be that the corp network style nodes have a special mode. ie, you have to take it down into that mode, while at the same time shutting down any wireless or wired matrix connections, and sit down at a special console to get access to the controls for the IC and the other stuff.
this way, a remotely logged in admin cant tell the IC to go away as thats is out of reach for even that style admin. allso, they may be able to force the triggering of an alert, but cant shut it down again. it kinda makes me think of linux with the SElinux addon from NSA. there you can basicly lock yourself out compleatly, even as the root user (the boss of bosses on unix style systems), if your not carefull. fixing that will require a full reboot to take the kernel into a diffrent mode where you can config and test the SElinux system without it fully applying to your current enviroment. hell, mess around to much with the access control lists in windows and presto, you have files and other stuff that not even a admin level account can change or delete ;) |
|
|
Oct 21 2005, 02:06 AM
Post
#24
|
|
Moving Target Group: Members Posts: 123 Joined: 7-October 05 From: Glow City Safehouse Member No.: 7,821 |
We really should begin saving and sorting everything we have put up, maybe put it all up as a series of ideas and concepts for how to work with the matrix within the new mostly open design of SR4 rules.
|
|
|
Oct 21 2005, 02:59 AM
Post
#25
|
|||
Moving Target Group: Members Posts: 286 Joined: 5-September 05 Member No.: 7,688 |
My interpretation of nodes that every seperate computer system was its own node, nd I figured some nodes could share "account lists". A huge corporation would require seperate physical nodes for different things, and I think at some point having multiple accounts per user would become redundant. But like I said, high-security nodes might have an entirely different access list, but I don't know, so I asked. :P Also, one thing that wasn't exactly addressed. How would hacking someone's cyberware work? To begin with, I believe you would hack the commlink (which is one node), then move to another node on the user's PAN (which is the cyberware piece). For this to be a usable tactic in streetfights, I think a couple balance points need to be considered: 1) It can't be too difficult or take too much time, or there might be little use in ever attempting. 2) It can't be too easy! Then everyone's wired reflexes systems will start magically shifting off, cyberlimbs start coordinating jigs, and smartlinks become dumblinks. 3) There needs to be some nearly immediate confirmation that an enemy's cyberware IS available to be hacked. I've seen plenty of forum topics where people want to disable their cyberware's wireless capability, obviously for this reason (even if they're no fun). Plus there needs to be some serious downsides to doing this, or why would anyone want to use wireless in the face of such horrendous security risks? 4) Maybe someone could define exactly what kind of access you need to start messing with an enemy. Personal level access might allow you to bombard them with pr0n advertisements (AR-induced dice penalties?) or false cyberware warning systems ("warning! your cyberarms have been compromised... we hope you like your new glorified back-scratchers"), while admin might allow you to wreak some serious damage. 5) I dunno, shoot some bull and tell me what you all come up with. |
||
|
|||
Lo-Fi Version | Time is now: 22nd December 2024 - 07:48 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.