Botnets, ...Help? Options Track this topic Email this topic Print this topic Download this topic Subscribe to this forum Display Modes Switch to: Outline Switch to: Standard Linear+

[Zarek]

Greetings,

I'm a new GM (for Shadowrun, not in general), and am struggling with some of the finer points of the matrix. Particuarly botnets. Conceptually I understand them. Mechanically, not so much.

While I would prefer not to be grinding through the finer points of botnets with only three sessions under my belt, unfortunately I have taken over a much more experienced party with an incredibly ambitious AI as one of the characters. In short: He is walking all over me.

I've looked it over enough to know he cant do anything exceptionally complex, and it isnt impossible for someone to start hacking away bits and pieces of it. But based on the understanding of it i have been given, he just has hundreds of these things roaming around giving him near limitless chances and dice to do whatever he wants. I don't think this is how it is supposed to work. Now that I have a few weeks off I'm hoping to get this under control.

So, can someone guide me through the exact mechanical process of creating, using, and defending against or defeating a botnet? (as thorough as you are willing including duplicating agents, subscriptions, hierarchy if applicable, access IDs, etc).



Thanks!

[suoq]

giving him near limitless chances and dice to do whatever he wants

Have him show you in the rules where the botnet helps him do anything other than mass probes (and even there it's capped by skill) and DOS attacks.

Everything there is to find about Botnets is in Unwired around page 88 and 100.

[Zarek]

Have him show you in the rules where the botnet helps him do anything other than mass probes (and even there it's capped by skill) and DOS attacks.

Everything there is to find about Botnets is in Unwired around page 88 and 100.

I'd already read the section repeatedly before posting. It is still unclear. I realize this is largely becuase my grip on the matrix itself is still weak.

A few quotes from unwired:

Brute force methods—sending a group of agents to force their
way through a node in cybercombat—are rarely effective.

Sometimes when you can’t pull off a big hack, you can use a botnet
to pull off a lot of little hacks that add up to the same thing.
Perfect example: traffic control. Hacking the individual lights and
using bots to control them can be a hell of a lot easier than hacking
the central traffic node.

This indicates they can be used to perform other tasks - just shouldnt be effective in many cases or very sohpisticated. Becuase I don't really have a grip on them, they are not only effective but pretty much dominating.

Combine this with a very loose transition between his botnet and his normal agents suporting him, its become this ambiguous monster. Especially becuase he just makes new copies every time he does anything.

[suoq]

Becuase I don't really have a grip on them, they are not only effective but pretty much dominating.

The problem, as I see it, is that he's saying he has X for a dice pool. He's not explaining to you HOW he has X for a dice pool. Therefore you can't explain to us how he has X for a dice pool. And since we don't even know what X is, we don't know if it's actually a lot or if you're expecting SR4A defense to work against Unwired's (and other books) dice pool escalation.

Get a copy of the character sheet, post it, and tell us what dice pools he's using and how. It will make things much easier for you and us.

[Zarek]

The problem, as I see it, is that he's saying he has X for a dice pool. He's not explaining to you HOW he has X for a dice pool. Therefore you can't explain to us how he has X for a dice pool. And since we don't even know what X is, we don't know if it's actually a lot or if you're expecting SR4A defense to work against Unwired's (and other books) dice pool escalation.

Get a copy of the character sheet, post it, and tell us what dice pools he's using and how. It will make things much easier for you and us.

Thats harder than you might think, We game over skype becuase we all moved in ten different directions.

His Dice pool isnt the problem. I beleive its mid teens. My problem is he has (last number i heard was 120 but that was a few copy cycles ago) bots making that same test in the same round becuase of the botnet. He just says - "Im gonna task my botnet to data searching for A, B, C, and D and aiding one another to best efficiency possible. (IE, each one aiding the skill to provide its exact maximum bonus on the task)." Or more dangerousy "Im gonna task my botnet to hacking this group of yakuzas comms".

Even if ten fail, the next 30 don't. Thats what I mean by literally infinite dice and infinite simultanesou tries. I dont care if he has a dice pool of 10, 20, or 30. He gets a crack at it for every bot is the way hes trying to play it.

That is why I want to know step by painful step how a botnet is created. From the first original purchased agent onward. For purpose of this example assume all programs/hardware/stats/skills are 4 on the character sheet.

[Kirk]

This, I think, is the relevant passage for dealing with his botnet:

Hacker bookkeeping
One issue with botnets and mass probes is
that player characters can quickly accumulate
a lot of compromised nodes and a lot of bots—
more than a gamemaster can be expected to
fully detail at the table. The key to avoiding unnecessary
bookkeeping and holding up the game
is for the gamemaster to plan ahead and let the
player worry about the bulk of the bookkeeping.
Make up a list of five (or ten or fifteen) nodes that
would be of particular interest to the hacker, are
specifically relevant to the campaign, or are particularly
amusing false leads; the majority of the
rest of the nodes compromised by mass probing
will be home terminals, student commlinks, and
other nodes only useful as a place to store a bot
or rip an access ID from.

His biggest problem if he's got hundreds of these things is that some have been caught in honeypots by some serious counter-techs. Remember that these are weak agents sent out not to targeted systems but to random systems that have only their vulnerability in common. Most are of no use due to what they've occupied, and even those that are in the right place are weak.

Also, don't forget that his bots are getting flushed as well as created. For guidance look at the mass probe rules (UN 100). They can also be compromised and used against him, both as tracing startpoints due to the access IDs but also as tripwires. (Hey, Joe, bot 2275A is asking if we're connected to the security system in the Burbank facility. Better give security a heads up.)

[Zarek]

This is a large part of my confusion - My original understanding was he was creating copies of one of his agents, and then essentially chaining them to another one - Like a tree. Agent A tasks AA and AB, AA tasks AAA, AAB etc. and these things were just flitting around the matrix doing his bidding like a normal agent or sprite might. Each loaded down with copies of his top notch programs. Is this entirely incorrect (please tell me it is).

[Kirk]

Or more dangerousy "Im gonna task my botnet to hacking this group of yakuzas comms".

Even if ten fail, the next 30 don't.

Wait. Ten failed hack attempts on yakuza comms?

That means ten traces. And ten alerts to the yakuza's matrix-walkers. Oh, gee, the next 30, 60, or hundred succeeded? So what -- by now the yakuza switched comms (what, only runners get to do that?), put disinfo teams on sending false info through the hacked comms, and have an unwelcoming committee on the way to the hacker's location.

I have this little rule I've learned the hard way: Greed kills. Sounds to me like your hacker's gone greedy.

[Zarek]

All in the same round. Out of those ten each get hit with 10 simultanesous exploits. Thats the way it has been explained to me.

--EDIT--

That is why I am on here. I'm sure this is wrong. I just want to understand how it is supposed to happen so when I come in and say "Hey, you've been misusing this" I have a solid explanation of how it is supposed to work.

[vipox]

The Sniper Rule also applies in this situation. If he is willing to have the rules work this way, you are very able to say that the Yakuza have a massive (much larger than he could ever amass) bot net that will preform the same attack. Now given the fact he is an AI and that they could and would be loaded with Black IC, if I was him I would be very worried.

There is also a problem of being noticed, a massive wave of bots is going to cause a stir, much the same as bringing a Cannon to a Pistol fight.

[InfinityzeN]

Actually after the first few fail, since they are all copies running on a common list of codes, then security will just block all those connections and they all fail after the first few. Plus as Kirk said security is going to trace and tear him up. Plus what is he running them on? You can't just copy it and run it on his hardware, so he will have to be hacking and taking over lots of nodes to load them up on.

Just repeatedly gang rape him with traces/matrix security because the way he is doing it is very weak security. Also, you are the GM not him. He does not tell you how it works, you tell him how it works.

[Kirk]

All in the same round. Out of those ten each get hit with 10 simultanesous exploits. Thats the way it has been explained to me.

No.
Per the part I quoted first (sidebar, UN 100) not all the bots are in a position to hack the Yakuza commnet. How many are in place? That is up to YOU, the GM, not the player. If the player's been hacking places to specifically place bots for effectiveness, you and he need to have a solo session to see how many times he's oopsed his rolls.

Simultaneous on multiple comms? No. He gets to send a command to his bots to "hack this node" not "hack these nodes".

Simultaneous attack on one node? We have one of two situations: DDOS, or probing with a Teamwork test. Since he says it's a teamwork test, the rule (SR4A page 65) applies. Each of the ASSISTING bots rolls as though it's hacking. Each hit adds one to the primary hacker's dice pool. BUT, that dice pool is capped by the primary's skill (in this case I'd use its rating). AND, a critical glitch by any assisting bot raises the threshold by 1 (3 for extended tests).

It isn't infinite.

[Zarek]

In his defense I don't think he's cheating, I just think he doesnt know what hes doing, and I know that I know less. Hes been playing a matrix player since January, I first glanced at matrix rules in about July... I took over from a different GM. This GM didn't have that problem becuase the player didn't read about these until after he had retired.

[suoq]

1) The first few fail, triggering alerts and traces. The remaining fail because there are no more subscription nodes for them to make the attack on.
2) Where does it say he can command all the bots to do one thing at one time in the same round and that what they can do is anything other than a DOS or a mass probe?
3) Don't have him explain the rules. Have him give you book and page numbers.

[Zarek]

From what yall are saying - It seems like they shouldnt be moving node to node based on chain of command orders. That is largely part of what I wasnt understanding.

The detailed description of what happened with the Yakuza is they had a group of about 8 hiding out in an apartment complex waiting for orders and they snuck in for a quick strike (hoping to capture and 'question' one). He wanted to bring his bot net in to help him find, then hack the comms (with the end goal of then commanding them to start targetting cyberware slaved to the comms).


Based on everything you have said, once he copies an agent onto a node and puts it in the botnet - that agent stays there. Is that correct?

Outside of DOS and Mass Probe Turbo Bunny heavily insuinuates there are other uses, though.

[Zarek]

I think I finally got part of it.

The problem as stated above, I was imagining this amorphous blob roaming the matrix that he was saying "Hey blob, go do this". Now I finally (with your help) understand that once a 'bot' is created on a node it ain't moving. If he wants a bot on a neighboring node (like in that apartment complex) he had best hack it and put one on there. Not simply order his botnet to 'travel' the matrix to Node Z and tell them to start hacking all the commlinks linked in to the node.

This clears much confusion. Please confirm if my new understanding is correct.

[Kirk]

That's close enough to work with.

The bot is a fixed agent. Worse for him, it's not a powerful agent with tons of flexibility.

One question you might ask your matrix person is how he's distributing these bots. Is he placing them, or is he allowing them to be hidden in worms or other malware? Each method has strengths and weaknesses, most already noted.

Suoq gave you what is probably the best advice: make him give you details. Remember, YOU are the representative of the universe at large. If you do not grok it, it does not exist.

[hobgoblin]

I am guessing he is working with a Agent running the Replicate autosoft, and with any kind of copy protection filed off.

Thing is that Unwired handles a botnet as something distinct from a bunch of rampaging agents.

If he has agents commanding agents, then point him towards the botnet section of page 100 and the replicate autosoft on page 113 of unwired. And perhaps also the section on Autonomous programs on page 110 that defines the limits of agent movement and collaborative efforts.

All in all it reads like your player is going for a agent smith setup (named for the character in the matrix movies, particularly the second and third), a idea/complaint that arose soon after the publication of SR4. Unwired added some details to try and curb this. First of all running copies of a agent share a access ID, unless the hacker takes time to spoof it when loaded onto a external node. This allows a target node to screen out all of those agents once one of them triggers an alarm. Second, note the Mook sidebar on page 101 of Unwired. Commercial agents do not do criminal acts out of the box, and they do not do well with complex tasks no matter their rating. Sidebar on page 102 may also be of interest.

So to sum up, what he is playing with is not a botnet in the Unwired sense. But a extrapolation of pre-Unwired rules and gray areas of those rules (in that there are no rules saying that a agent can not command agents of their own).

[Zarek]

Ahh yes, you have identified the source of the problem. It is exactly the agent smith scenario. However. He is clever enough to have looked into:

From Unwired 111

A copied agent may be patched in order to give it a
separate unique access ID with a Logic + Software (Rating
x 3, 1 week) Extended Test.

I was dumb enough as a GM to tell them three months had passed.

[Tymeaus Jalynsfe...]

I was dumb enough as a GM to tell them three months had passed.

So... 6 Agents (Rated 3) Patched (2 per Month, assuming average rolls on 16 Dice)?

[Zarek]

So... 6 Agents (Rated 3) Patched (2 per Month, assuming average rolls on 16 Dice)?

2 becomes 4, becomes 8, etc. I think that is what he did. Becuase I think he used the recently copied agents to act as mooks to do change ID test. That may have not been legal though.

[Kirk]

Yeah, I'd say changing IDs is outside normal operating bounds.

[Tymeaus Jalynsfe...]

2 becomes 4, becomes 8, etc. I think that is what he did. Becuase I think he used the recently copied agents to act as mooks to do change ID test. That may have not been legal though.

Agents do not have the software skill, nor can they get it. So yes, quite illegal.

[Zarek]

I'll give it to him, it was a clever attempt at a work around. Thanks so much everyone for helping me figure out what he did.

The reason hes making so many now, is hes got all these different agents stored on his home nexi. It all makes much more sense now that I know this isnt a real botnet. I could not for the life of me make a connection between the botnet rules and what he was doing. Haha.

I think what Im gonna do, since his army of agents is uniquely based on the same mal-ware (replication auto-soft), is let Renraku to try to make a career comeback in seattle with a fantastic new anti-virus program with free demos. Get a fear campaign going against this guys agents. Where every wageslave/corp/etc starts buying into platinum plus versions of this software, etc.

[Kirk]

If he's been going to all these dark alleyways in the Matrix, perhaps he's brought home an infection or two of his own?

Remember, anything the player can do to the world, the world can do to the player. (An ambush ambushed isn't very nice.)

[Modular Man]

There's still the issue that agents have built in Access IDs. This ID has got nothing to do with the node they're running on and is the same for every copy of said agent (which I assume is the case here, mass copied agents). A node only allows one agent to log on if more with the same ID try, even hacking won't get them in. This is all on page 102 in "Unwired" and roughly pictures your scenario.
Also, as said before, there's a limit on how many dice you get in teamwork. Usually, that's capped by the skill rating of the aided person, in case of an agent this would probably be his rating as he uses this instead of separate skills every time.
Mass and quick datasearches are easier and overall faster this way, of course. But I don't see a real issue of balance here as those are not as crucial as a mass hacking attempt. At the very least, to make it go faster you probably could get every agent his own archive to search. This way they bypass the interval for searches covering the whole matrix.
Having multiple packs of agents search for the same thing might give you the same results over and over. There's a limit on how many people can aid in a single test before it becomes ineffective. If you want to make multiple test, the searching packs are no longer linked to each other (because not doing teamwork any longer) - multiple results all over. Data floods can be a bitch.
Also, keeping a botnet safe and secret is way more difficult as it increases in numbers. A single agent might get exposed eventually. Does he really want this agent to carry sensible information like data search results or hacking attempts in case some authority figure takes a closer look? (IMG:style_emoticons/default/ork.gif)

Well, ninja'd by half a page. Damn, should've typed faster.

[hobgoblin]

If he's been going to all these dark alleyways in the Matrix, perhaps he's brought home an infection or two of his own?

Remember, anything the player can do to the world, the world can do to the player. (An ambush ambushed isn't very nice.)

And the world have in theory infinite resources, if the character becomes uppity enough. And characters in SR are criminals, not heroes (at least not in the eyes of the powers that be).

[hobgoblin]

Agents do not have the software skill, nor can they get it. So yes, quite illegal.

Indeed. It also stops hackers from running agent powered programming factories.

[Socinus]

I wish we had an example of how things like botnets worked the same way they do for things like char gen, when they actually step you through it in first-person mode.

[suoq]

I wish we had an example of how things like botnets worked the same way they do for things like char gen, when they actually step you through it in first-person mode.

My impression was that we do in Unwired. It's just that, really, they don't do much. Neither DOS or Mass Probe strikes me as that difficult. I don't believe they actually do anything else.

[Zarek]

Fortunately, with everyones help I have mostly figured out what happened. What he was calling a botnet, was not a botnet at all. Hence my inability to figure out what he was doing. At the end of the day, the problem comes down to he did something illegal with his agents to create something the rules were designed to prevent becuase he confused a botnet with a long term project to recreate the Agent Smith scenario.

There's still the issue that agents have built in Access IDs. This ID has got nothing to do with the node they're running on and is the same for every copy of said agent (which I assume is the case here, mass copied agents). A node only allows one agent to log on if more with the same ID try, even hacking won't get them in. This is all on page 102 in "Unwired" and roughly pictures your scenario.

This is detailed even further in pages 110-111 of Unwired on the section about copying Agents. I kept missing this section becuase it doesn't discuss botnets. However, I remember him having needed time to set this thing up. So I stumbled into what rule he used. At the bottom of this section it discusses that you can change the internal access ID of an agent with a week logic + software (rating x3, week) extended test.

What he had done illegally was in allowing agents to handle that extended test for him. Thus instead of creating about 6 new agents max (like what was mentioned previously) he had 2 agents could be copied that would become four, etc. He then used resources to build a Nexxi to store all these copies of uniquely ID'd agents. The reason I didn't know"which nodes they were on" is he jsut used a couple of cheap comms he bought to run the process and fully had thought these were free agents he could just copy wherever, like he normally could.

Becuase of the structure of Unwired, he thought that this was a botnet. In reality he was not using a botnet at all, but instead had almost revived the "Agent Smith" problem.

Then of course I kept hearing the term "botnet" so in turn I kept looking over the rules and trying to figure out how he got what he had.

My impression was that we do in Unwired. It's just that, really, they don't do much. Neither DOS or Mass Probe strikes me as that difficult. I don't believe they actually do anything else.

This is difficult, becuase you are totally right in that DDOS and Mass Probe are the only thing it provides rules for. However it heavily implies that a botnet can be used for more than that. On 88 the jackpointers recommend using botnets to manage a hacked traffic system, lower on the same page they discuss that corps use them to spead spam, ON 102 it discusses automating datasearches in the code zombie section, then on 100 there is this:

The botnet program contains a list of all the agents online and
connected through the botnet, with simple status symbols communicating
their effective Matrix attributes, current Matrix Condition
Monitor, payload, location, and what action they are undertaking.
With a Simple Action, the hacker can issue a command (see Issuing
Commands, p. 220, SR4) to any number of bots in the botnet.

Based on this I see no reason any common program loaded on the botnet couldnt be used to some manner.

Again thanks for all the help. My problem is halfway solved. Now I just have to go talk to my already angry hacker and tell him I'm ruling against him on yet another issue.

[hobgoblin]

This is difficult, becuase you are totally right in that DDOS and Mass Probe are the only thing it provides rules for. However it heavily implies that a botnet can be used for more than that. On 88 the jackpointers recommend using botnets to manage a hacked traffic system, lower on the same page they discuss that corps use them to spead spam, ON 102 it discusses automating datasearches in the code zombie section, then on 100 there is this:

The traffic system example likely implies each worm/agent of the net taking up residence in the peripheral node of the individual lights. This then allows the hacker to operate what amounts to a secondary control system of the lights via his botnet, rather then hack the central control node. Then he can just issue commands like "create a green wave from 4th to 15th, now!" and the botnets goes to work messing with each individual node on that stretch of road.

As for the spam, that is very real life. Each "zombie node" would be connecting to long lists of comcodes and such and delivering a preset message. And set up correctly the MSPs will simply see a mass of nodes making contact rather then a single big node pushing truckloads of data. A use that is likely pointless for a shadowrunning hacker, unless he has a side job pushing herbal viagra or something (IMG:style_emoticons/default/wink.gif)

[Fortinbras]

Somethings I've found working with bot-nets that are worth remembering

1) The nodes these Agents are in likely have a response of 2 or, if you're lucky, 3. This means that an average Agent in the bot-net is rolling about 4 dice on tests, or 6 with Teamwork. If he has Optimization on all his Programs, that bumps that up a bit to 8 and 12.
If you enforce the diminishing returns rule for Extended Tests, the cat is more likely to want to use his own Data Search skill and have his bot-net augment it rather than having his bot-net do all his work for him, as he likely has a greater skill and, therefore, will get more out of a Teamwork test than his bot.

2) These Agents use his Access ID and can only take orders from that Access ID or whichever one's the hacker has allowed in the bot's script. This means that if your hacker spoofs his Access ID often, he'll have to change it back in order to issue orders to his bot-net. If he hasn't taken that particular AI Quality, it's even more dangerous.

3) Anyone who happens to find a copied Agent will be able to trace it back to your hacker though a myriad of methods from checking the bot's subscriptions, looking through the Access Log or simply analyzing the Agent's Access ID. It has to be able to communicate with your hacker and vice-versa. It is though this line of communication that a trail can be found. I guarantee your hacker will become a lot more cautions if you simply remind him of this and he'll likely dump the thing is you send someone after him because of it.
The only way I can think of around this is to use an Anonymization service which routinely erases it's Access Log. It's not something the player can do, because his Access ID will be the one which logged on and erased the access log. I guess you could try to use a proxy, issue your commands, log off, spoof your Access ID, hack in with Admin and erase the log...but I think I'd just pay the 300 a month.

4) GOD! My personal favorite, the Grid Overwatch Division. Since this cat is an AI, he should also contend with Artificial Resource Management. If that bot-net becomes too huge, it's going to be noticed by the Matrix police who can do everything from send a SWAT team to, more likely, just shut the whole thing down. It's a great storytelling tool and a useful way to introduce characters to the wider world of the Matrix though game play rather than narration.

[Zarek]

All of those things are great suggestions! WOrking on bringing GOD in as soon as a iresume the game (after my vacation)

[Udoshi]

2 becomes 4, becomes 8, etc. I think that is what he did. Becuase I think he used the recently copied agents to act as mooks to do change ID test. That may have not been legal though.

Agents cannot self-patch. Software is a skill forbidden to them.

Also, that test is to change ONE agents access id. Therefore, no recursive agent patching.

I was dumb enough as a GM to tell them three months had passed.

It also sounds like someone is forgetting to apply Program Degredation. If you break the Copy Protection on a program, in order to crack it or run multiple copies, or even to give your agents prograps in their payload - you deal with SOTA rolls.

Also, The Faq has some good information for you.

Just for reference, here’s a quick reminder of the limitations inherent on agents:

Off-the-shelf agents won’t perform any action that requires the Hacking Skill, even if loaded with the correct program (p.101, Unwired).
Agents do not have a Software Skill (p.234, SR4A).
Once running, an agent’s access ID may not be changed (p.110, Unwired).
Copies of an agent will have the original’s access ID; a copy cannot access a node on which an agent with the same access ID is already running (p.110, Unwired).
Agents are limited to 3 Matrix IPs (p.236, SR4A).

Additionally:

Copied Agents and IDs
If a copy tries to access a node on which an agent with the same access ID is already running, however, the node will automatically refuse ac-cess (even if the agent tries to hack his way in, the attempt will automatically fail). This security feature both deters piracy and prevents mass invasions by agent mooks (the so-called “Agent Smith” scenario).

[Brainpiercing7.6...]

What I don't get is this:

Agents which are copied all share an access ID, which excludes the possibility of using them to hack one system using teamwork.

Botnets are nets of agents or worms, which supposedly are all copied and distributed in some way, and you CAN use them for a DDOS attack. Which is sort of a contradiction, because after the first bot connects, all the others should be refused.

I would tend to think that the Replicate Autosoft actually creates a new agent with a new access ID, or else worm and bot nets would NEVER ever work. Also, why would you even need Replicate when you could just copy the agent, or have the agent copy itself normally? Of course, this is not really what the RAW suggests.

These entire rules once again suffer from trying to balance them in some way, in order to make sure that agents remain expensive - when in fact, like with all software, you should be able to copy them easily. They should use the access id of the device they are running on, rather than have their own, or at least be able to start up with a new id every time.

[hobgoblin]

Watch out, there is a little trick to Access IDs. They are assigned pr persona, not pr node.

Yep, for the longest time i thought that each node came with a Access ID. not so. The Access ID is attached to the person. So each persona spawned by a nexi will have its own Access ID.

This little detail shows up in the "behind the scenes" sidebar on page 53 of Unwired.

As for DDOS, the effectiveness of that comes from the issue that even if the node is just rejecting the agents it still has to process the initial login or data request. So to perform a DDOS attack one just need a big enough botnet to generate enough of these requests to overwhelm the processing capacity of the target node.

Oh, and a agent is normally forbidden form loading a copy of itself on a different node. Replicate gets around that. This likely in fluff by tricking the source node into thinking the agent have been wiped once the transfer to the target node have been completed. Lets not forget that agents normally either move from node to node by being transferred over, or reside in one node and log into multiple ones much like a persona can (yes, there is also the option of traveling with the persona of its owner. but i was limiting myself to agents operating outside the users node).

[Aerospider]

Watch out, there is a little trick to Access IDs. They are assigned pr persona, not pr node.

Yep, for the longest time i thought that each node came with a Access ID. not so. The Access ID is attached to the person. So each persona spawned by a nexi will have its own Access ID.

This little detail shows up in the "behind the scenes" sidebar on page 53 of Unwired.

Actually both nodes and personas have access IDs (as well as other autonomous constructs). In fact the persona's ID is born of the originating node's ID. References to nodes having access IDs are few and subtle, but see Persona Access IDs on Unwired p.52 and Slaving on Unwired p.55.

Oh, and a agent is normally forbidden form loading a copy of itself on a different node. Replicate gets around that. This likely in fluff by tricking the source node into thinking the agent have been wiped once the transfer to the target node have been completed. Lets not forget that agents normally either move from node to node by being transferred over, or reside in one node and log into multiple ones much like a persona can (yes, there is also the option of traveling with the persona of its owner. but i was limiting myself to agents operating outside the users node).

It's more that agents are incapable of replicating themselves rather than being forbidden (Unwired p.111), but perhaps that's half-a-dozen of one and thirty-six-to-the-nought-point-five of the other. They do need Replicate, but Copy Protection will still prevent it (even if only on it's loaded programs, which are also replicated).

Here's one for a giggle - can anybody cite RAW that bans agents without Replicate (or even with it) from copying each other...?

[hobgoblin]

Oh ye lovely inconsistent wording...

I am tempted to introduce the concept of Node ID just to get some mud out of the water (IMG:style_emoticons/default/nyahnyah.gif)

As for the other bit, there is a one line entry for a unrestricted agent on Unwired p100.

[Brainpiercing7.6...]

So what about worms? It does seem weird that all worms that spread themselves have the same access ID, yet they use the same rules as agents, or else you wouldn't need agents.

I think this is once again a case of wanting too much in one ruleset, and not thinking enough about consistency.

[Zaranthan]

So what about worms? It does seem weird that all worms that spread themselves have the same access ID, yet they use the same rules as agents, or else you wouldn't need agents.

I think this is once again a case of wanting too much in one ruleset, and not thinking enough about consistency.

Most well-written viruses don't infect the same machine twice. The author would prefer the worm remain active and spreading as long as possible. Reinfection rapidly consumes all resources on the target machine, so unless your payload was running Nuke, doing so is counterproductive. Thus, the access ID restriction actually helps, since it prevents a Kilroy Was Here event.

[Udoshi]

What I don't get is this:

Agents which are copied all share an access ID, which excludes the possibility of using them to hack one system using teamwork.

Not necessarily

Q:When exactly does an agent’s access ID change?

A:Agents loaded into a persona have that persona’s access ID; if you load the same agent into a different persona, the access ID will be that of the new persona. If an agent is loaded into another node to act independently, the agent will have a unique access ID, and any other copies of that agent running independently will have the same ID. When an agent is not running, a hacker may patch the code to change this unique access ID (p.234, SR4A).

So its possible for an agent to piggyback off of another persona's access ID.
Also, an Agent carrying Spoof in its Payload should be able to make the Spoof(2) test to temporarily change its access ID.
It makes a bit more sense to me, because my group has gotten in the habit of using full-length commcodes, which have a certain format for where the call is coming from.


Also, regarding the inconsistent persona-vs-node Access ID - its not that of a far fetch for both to happen at once.
To use a real world analogy: Each machine has an IP address, but each user on that machine has a slightly longer address so you can tell them apart and get ahold of a specific user.
A better analogy would be an office extension number. You can reach this machine at ABC-XYZ-1234, and this user at extension 456.

[Fortinbras]

Also, an Agent carrying Spoof in its Payload should be able to make the Spoof(2) test to temporarily change its access ID.

In order for an Agent to change it's Access ID, it needs to make the longer extended test from Unwired. The Spoof test is just for personas. Were Agents able to change their Access IDs so easily, they would be able to replicate an infinite number of themselves on the same node, which is the problem Zarek was having with his troublesome hacker in the first place.

In terms of worms and Teamwork tests, unless I'm very much mistaken, Agents needn't be in the same node to assist each other with things like data searching or trying to access the same node for a DDoS if they are loaded onto different nodes, they just need to be able to communicate with one another.

They can't assist each other with hacking or cybercombat, because that would require them to be on the same node, which can't be done because they share an Access ID. They can, while on different nodes, all call the same number at the same time, creating a DDoS. More than one won't be allowed on the node, but the access requests are what clogs the system. No contradiction that I can see.
Nor can I really see a problem with worms having the same access ID. As long as they all infect different nodes, how is that a problem?

It's easy to say that Agents should be able to duplicate themselves ad infinitum to represent computes as we know them, but that creates the Agent Smith scenario and makes the Matrix unplayable.
And don't forget that computers as we know them were crashed for being too slow and archaic. To complain about the difference between the Matrix and modern computing is like complaining that the Internet could never work because no one could keep track of all the punch cards. It's a vastly complex system explained as best it can in gaming terms.
Wibbly Wobby, Timey Wimey. This is my Matrix machine. It goes ding when there's stuff. Just go with it.

[Udoshi]

In order for an Agent to change it's Access ID, it needs to make the longer extended test from Unwired. The Spoof test is just for personas. Were Agents able to change their Access IDs so easily, they would be able to replicate an infinite number of themselves on the same node, which is the problem Zarek was having with his troublesome hacker in the first place.

Sadly, what you're discovering is that they TRIED to fix agent smithing, but didn't really flat out prevent it.

The spoof test is allowed to anyone who can run the program, and you're actually wrong. You can use it on the commlink, and the personas running on it, and, as i pointed out earlier, agents loaded onto your commlink use the link's ID, not their own.

The extended unwired test is only for changing the permanent ID of an agent - much like you can use Hardware to spoof your commlink's ID(if you'd bothered to read the rules, you'd notice its a hardware or spoof (2) test) if you so choose.
The key difference is that the unwired test is not a spoof test; its logic+software, and furthermore its a patch which is an important distinction because software creation suites would not give a bonus to it.
You see, nothing prevents agents and IC from loading spoof, and many of the sample ic actually come with it preloaded. Once its loaded, assuming its a Mook, it can take any Actions available to it in its passes. Just like any other user.

That's would be the difference between low rating cracked civvy crap agents who can't get their hands on real hackware for their agents, and have to use the inefficient test because they don't know any better.


The ONLY entity in the matrix who is forced to use a more complex test to spoof their ID are AIs, and that is explicity spelled out as a spoof test. (RC 88)
Unfortunately for yoru arguement, Spoof tests and Software tests are not the same, but they are two distinct options, each with their benefits and drawbacks, and you're free to use either one.

[Fortinbras]

The spoof test is allowed to anyone who can run the program, and you're actually wrong.

I'm not.

The standard technique to reduce your datatrail is to spoof your
commlink’s access ID. There are two ways to change your access ID;
both take only a few minutes. You can alter your access ID by reprogramming
your router settings with a Hacking + Software (2) Test, but
this only lasts until your commlink is rebooted. A more permanent
solution is to alter the hardware with a Hardware + Logic (2) Test,
which lasts until the hardware is altered again or replaced.

Both the Hardware and Software test only change the Access ID of the commlink, through either the router or the commlink's actual hardware. A persona uses the Access ID of the commlink it's on, however an independent Agent keeps it's unique(i.e. one of a kind) Access ID as alluded to in the FAQs you quoted(and on SR4A p. 234.)
Plus, as you'll recall, Agents have no Software skill so they can't change the router nor can they change the hardware as they only exist in the Matrix. Calling it 'Spoofing' probably threw you off.

The other way you know I'm right is that statements of fact require no qualifiers.

[Brainpiercing7.6...]

Sadly, what you're discovering is that they TRIED to fix agent smithing, but didn't really flat out prevent it.

The spoof test is allowed to anyone who can run the program, and you're actually wrong. You can use it on the commlink, and the personas running on it, and, as i pointed out earlier, agents loaded onto your commlink use the link's ID, not their own.

The extended unwired test is only for changing the permanent ID of an agent - much like you can use Hardware to spoof your commlink's ID(if you'd bothered to read the rules, you'd notice its a hardware or spoof (2) test) if you so choose.
The key difference is that the unwired test is not a spoof test; its logic+software, and furthermore its a patch which is an important distinction because software creation suites would not give a bonus to it.
You see, nothing prevents agents and IC from loading spoof, and many of the sample ic actually come with it preloaded. Once its loaded, assuming its a Mook, it can take any Actions available to it in its passes. Just like any other user.

That's would be the difference between low rating cracked civvy crap agents who can't get their hands on real hackware for their agents, and have to use the inefficient test because they don't know any better.


The ONLY entity in the matrix who is forced to use a more complex test to spoof their ID are AIs, and that is explicity spelled out as a spoof test. (RC 88)
Unfortunately for yoru arguement, Spoof tests and Software tests are not the same, but they are two distinct options, each with their benefits and drawbacks, and you're free to use either one.

Ok, just to clarify:

Spoof comes with a few different uses:

Spoofing a command to come from a different access ID (i.e. persona, with different user account priviledges): This is the one that agents should be able to do easily. Also, since I believe you run several identical agents on your commlink (because they are running as programs, not connecting), you can use those many agents to spoof a large number of commands, some of which will eventually get through. At the very least you can use several commlinks to run those agents, all of which try to spoof commands for you.

Spoofing your access ID for a matrix connection (this was apparently changed in 4A, in 4E this was actually a hacking+spoof for the commlink): This is a harder one, because if you spoof your access ID online, you are instantly logged off the matrix (as per Unwired P99), as all your connections are closed. Now what happens then? A commlink/persona simply reconnects with the new access ID, and it should stay spoofed until it logs off again. Interestingly enough, spoofing your access ID online uses hacking + spoof once again, as long as it is an opposed test with a IC, as previously in 4E. So if you were to have to use the RAW literally, you would have to jam your agent's connecting (to your home node) with IC, and then let it spoof, and finally reconnect.
But using common sense (yes, yes, I know...) I would assume agents can simply spoof their access ID online using Pilot+spoof, if you tell them to. Which means that as long as an agent is running independantly, you can run multiple copies with multiple access ids, all of which were spoofed by the agents themselves.

Using a proxy server: Theoretically, one copied agent running on x nodes could use x-1 proxy servers to receive x individual unique access ids, and use those to hack a system using teamwork. That's a bit more complicated, but since there is malware that sets up a proxy for you, and for some reason that is cheaper than real agents (I think), it's not such a big problem. You could also do it by hacking a few systems and use them to set up a few proxies. You lose some response though, either way, IIRC.

These things would all be simpler if the system were more consistent, i.e. if you actually added up ALL the possible influences on a test, rather than having certain things replace others.

For instance, instead of letting pilot replace skill, you should let it replace logic, and use a skill software, with an additional program for a specific task. (And use the same system for meat hackers/techos/etc.) Adjust thresholds to taste. Well...

[Fortinbras]

Also, since I believe you run several identical agents on your commlink (because they are running as programs, not connecting)

No. Agents run a unique Access ID when running independently. If more than one of the same Access ID logs onto a node, the second one gets kicked off or deleted. You can run several on your persona, though that get's into subscription and System requirements.

But using common sense (yes, yes, I know...) I would assume agents can simply spoof their access ID online using Pilot+spoof, if you tell them to. Which means that as long as an agent is running independantly, you can run multiple copies with multiple access ids, all of which were spoofed by the agents themselves.

Spoofing a commlink's Access ID requires a Software or Hardware roll, something an Agent can't do. Even if you were to use the old 4E rules, that would simply change a commlink's Access ID and not the Agents unique ID, as per Unwired.

Using a proxy server: Theoretically, one copied agent running on x nodes could use x-1 proxy servers to receive x individual unique access ids, and use those to hack a system using teamwork. That's a bit more complicated, but since there is malware that sets up a proxy for you, and for some reason that is cheaper than real agents (I think), it's not such a big problem. You could also do it by hacking a few systems and use them to set up a few proxies. You lose some response though, either way, IIRC.

A proxy doesn't change your Access ID, it simply makes it harder to trace your data trail by rerouting you through another node. Thusly, Agent's don't have their unique Access ID changed by a proxy server either.

You are welcome to use the old 4E rules for such things, but that is what Zarek was bemoaning. It is also what many a poor GM was bemoaning before Catalyst fixed this problem. It was a problem, but it has been fixed with a supplement and fixed better with a revision to the corebook. To complain about the inconsistency of old rules that have since been remedied is like complaining that LBJ needs to do something about this war in Vietnam.

[Wiseman]

Like a lot of things in Shadowrun, there are tons of anxillary and situational rules that curb abuse, but it's up to you as the GM to apply them.

Let's go over what limits agents and botnets

1) Processing power (if running on your node)
2) Subscription Limits (if running on any other node)
2b) Botnets bypass the subscription limits by grouping. That means every bot must be given the same command. This also means you can spoof the whole botnet with one command. Exactly the same as drones sharing a single subscription.
3) Agents are retards. They're not very smart, even with good scripting they tend to get hung up when faced with unexpected situations. There are rules for how "smart" an agent is based on it's rating. Use this.
4) Using a cracked agent to copy over an over means they ALL have the same access ID. This means only one can be in a system at a time (since repeat access ID's are denied from the server)
5) Botnets of any size have the same access ID. This means they cannot all hack a system, or even attack it. All they can really do is spam the system (DDOS), or scan the matrix for vulnerabilities (Mass Probe) because neither requires them to actually log on a node (and every one would fail after the first). They can also assist with Data Search, but not all that much better than just having a few agents can.
6) Agents are programs and degrade, upkeep costs required
7) Botnets not only degrade as agent programs, but bots are "lost" over time per the rules for botnets. They require even more upkeep.
(IMG:style_emoticons/default/cool.gif) Botnets require a botnet program to command them all. This means all bots of the botnet trace back to whoever commands them. Most people use proxy servers to bypass this risk.
9) It's possible to steal a WHOLE botnet. Botnet size #120 to #0 in one combat turn...
10) Botnets have their uses, but as spelled out in Unwired, due to redundancy and limits of their programming, even mega corporations use them sparsely. They're just not super effective. More, as noted by others, any spider who notices a full scale botnet DDOS can deny the entire botnet by tweaking the access permissions to deny an access ID, a range of access ID's, or even any Access ID not already specifically allowed.

I strongly suggest you re-read the whole section on agents in SR4a and Unwired. Not that everything becomes crystal clear, but you'll begin to see the limits of bots in general and botnets in whole.

P.S. - I didn't have time to read the entire thread, but I got through about a page and half, apologies to anyone who's already noted the above and most likely explained it better than I.

[Brainpiercing7.6...]

In order for an Agent to change it's Access ID, it needs to make the longer extended test from Unwired. The Spoof test is just for personas. Were Agents able to change their Access IDs so easily, they would be able to replicate an infinite number of themselves on the same node, which is the problem Zarek was having with his troublesome hacker in the first place.

Since agents running independantly have their own set of matrix attributes (derived off the node they are running on just as a persona's are by the commlink employed by the user), and have their own icons, I don't see them as any different than "personas" in any identifiable way. Their pilot acts as the controlling instance (the skills), and everything else is matrix attributes, derived off hardware and software, the same as any matrix user.

Of course, they are still programs, running on certain processing power (the response rating of the node they are running on). Before they can run independantly, they have to be started up on some sort of computer, which I would say can also be the commlink of the matrix user himself, they are just not integrated into his persona, they are running on his node (his commlink has to be its own node, too, or else you could never hack one). They can then be transferred to other nodes, or move on their own. They then use the response of the other node.

On P99 of Unwired, it says this bit:

Spoofing a Datatrail Online
Since nodes require an access
ID before they will allow a connection,
it is important to spoof your
datatrail (if you are so inclined)
before you actually access other
nodes. Once you have logged onto
other nodes, a change in access ID
will automatically close your connection
to other nodes—after all,
you are no longer who you said you
were. Under some circumstances,
this may be an expedient way of
closing multiple connections. For
example, if you are under attack by
Black IC in another node, you can
try to spoof your datatrail in order to change your access ID and log
off that node. If the Black IC is jamming your connection, however,
this will require an Opposed Test pitting your Hacking + Spoofing
versus the Black IC rating + Response.
You can also use this trick to try and avert a direct trace. If
someone is using Track to trace you, you can spoof your datatrail
and change your access ID as normal. While this will sever all of
your connections, it means that the Track will only be able to
trace you to the nearest node that your connection happened to
have been routed through. The tracking hacker can still acquire
your old access ID, but will not be able to pinpoint your exact
physical location—though he will know that you are close to
that nearest node.

Now to me this means that there is still the possibility of using Hacking+Spoof to change an access ID, or else you would never be able to do that opposed test. And Agents are allowed to use their Pilot rating in place of the hacking skill. Now the question is what will happen to an agent that tries this? Will its process be killed, or will it just be logged off the node, and have to reconnect? I could argue that I can program my commlink to not kill the process when the agent that is running on my node (but not my persona) changes its access ID, and then let it reconnect to the node, in which case I now have an agent running on my node with a new access ID.

Of course, if you argue that its process is automatically killed, well, that's that then. However, I have another option, and that is multiple commlinks:

Each commlink is a new Persona, because the commlink determines my matrix attributes. So now I get a bunch of additional commlinks, and load up my identical copied agents (which are more expensive than the commlinks) into each commlink's persona. Then I spoof each commlink's access ID with a very quick test, and end up having several agents which are no longer identical, because each is running in a seperate persona with a new access ID. These I can then use as I wish.

In terms of worms and Teamwork tests, unless I'm very much mistaken, Agents needn't be in the same node to assist each other with things like data searching or trying to access the same node for a DDoS if they are loaded onto different nodes, they just need to be able to communicate with one another.

They can't assist each other with hacking or cybercombat, because that would require them to be on the same node, which can't be done because they share an Access ID. They can, while on different nodes, all call the same number at the same time, creating a DDoS. More than one won't be allowed on the node, but the access requests are what clogs the system. No contradiction that I can see.
Nor can I really see a problem with worms having the same access ID. As long as they all infect different nodes, how is that a problem?

Ok, I'm with you there.

It's easy to say that Agents should be able to duplicate themselves ad infinitum to represent computes as we know them, but that creates the Agent Smith scenario and makes the Matrix unplayable.
And don't forget that computers as we know them were crashed for being too slow and archaic. To complain about the difference between the Matrix and modern computing is like complaining that the Internet could never work because no one could keep track of all the punch cards. It's a vastly complex system explained as best it can in gaming terms.
Wibbly Wobby, Timey Wimey. This is my Matrix machine. It goes ding when there's stuff. Just go with it.

The trouble is that the writers didn't just replace computers as we know them with a new magical computer matrix. They tried to extrapolate from what there is, and hence, people think things should still work as we know them. It's really a "it doesn't say I can't" problem, because people can create possibilities both from rule loopholes, as well as demanding that things work they way they think they should, because the options aren't clearly defined.

[hobgoblin]

Earlier editions tried more closely to mirror the computers found in Neuromancer and later (funny, given that the author borders on a technophobe), but got decried by the IT-geeks of the crowd. With SR4 the person responsible for the matrix chapter used crash 2.0 as a opportunity to move things closer to real life. Out goes gray IC, in goes AR, end result is that the in your face threat of hacking/decking have gone away (unless your a TM or AI).

[Brainpiercing7.6...]

Earlier editions tried more closely to mirror the computers found in Neuromancer and later (funny, given that the author borders on a technophobe), but got decried by the IT-geeks of the crowd. With SR4 the person responsible for the matrix chapter used crash 2.0 as a opportunity to move things closer to real life. Out goes gray IC, in goes AR, end result is that the in your face threat of hacking/decking have gone away (unless your a TM or AI).

Meh, I would tend to think the in-your-face threat of having your data trail tracked and your hide-out blown up sort of makes up for it (IMG:style_emoticons/default/smile.gif)

[hobgoblin]

Traces can be delayed or interrupted with little real retaliatory threat. Gray IC could produce expenses in a single action, and cripple the decker for the rest of the run.

[Udoshi]

Spoofing your access ID for a matrix connection (this was apparently changed in 4A, in 4E this was actually a hacking+spoof for the commlink):

Gah. Nice catch.

Still, agents use Pilot for Hacking so they still fill the skill requirement of the sidepool to change the access ID in 4A.


One day, i swear I will go through both books and list out the differences between the two damn matrixes. This shit is damn annoying already without half the debaters using different systems.

[hobgoblin]

That was what the errata was supposed to do, but there have been none since the financial upheavals and no explanation why.

Hell, some recent reprints have managed to revert to the pre-errated version...

[Fortinbras]

Since agents running independantly have their own set of matrix attributes (derived off the node they are running on just as a persona's are by the commlink employed by the user), and have their own icons, I don't see them as any different than "personas" in any identifiable way.

No. SR4A very clearly identifies personas as only belonging to individuals, as they are firmware associated with a commlink that allows a user to interact with the Matrix. Agents are only represented by icons. They only exist in the Matrix, and so cannot use a persona to interact with it. Nor do they need to.
An Agent's abilities change depending upon which node they are in. Personas do not. Personas are static representations of the commlink you are using.

Now to me this means that there is still the possibility of using Hacking+Spoof to change an access ID, or else you would never be able to do that opposed test. And Agents are allowed to use their Pilot rating in place of the hacking skill.

The Hacking + Spoof Test is to ensure that one's connection is not jammed open. This is irrelevant to independent Agents as they are not projecting from one node to another, but are running upon the node they are on. Agents may not have icons in multiple nodes like persona programs can. Therefore Black IC cannot jam a connection that does not exist. No roll is necessary, required or possible.
This text was writen using 4E rules, and have been transplanted by SR4A. But, even if one were to use this, it would only change the Access ID of acommlink and not the unique Access ID of the Agent.

However, I have another option, and that is multiple commlinks:

Each commlink is a new Persona, because the commlink determines my matrix attributes. So now I get a bunch of additional commlinks, and load up my identical copied agents (which are more expensive than the commlinks) into each commlink's persona. Then I spoof each commlink's access ID with a very quick test, and end up having several agents which are no longer identical, because each is running in a seperate persona with a new access ID. These I can then use as I wish.

This is only possible with multiple hackers. Someone must be using these commlinks in order to load said persona. These Agent will only follow the commands of the persona upon whom they are loaded. This is a common technique for Hackers to protect the party, but a persona does not run independently, it is a firmware program that requires a user.
Additionally, an Agent loaded onto a persona goes where that persona goes, so unless the persona is also hacking onto a node, the Agent can't log onto that node independently.

Gah. Nice catch.

Still, agents use Pilot for Hacking so they still fill the skill requirement of the sidepool to change the access ID in 4A.

No. Spoofing an Access ID is a Software roll. Agents have no Software skill, so they cannot make Software rolls. Even if they could, this would only change the Access ID of the commlink they are in, not the unique Access ID of the Agent.

These rules are explained clearly on pages 216-247 of the book Shadowrun Fourth Edition, 20th Anniversary Core Rulebook in the chapter entitled The Wireless World. It explains everything fully and in detail.

[Aerospider]

Agents may not have icons in multiple nodes like persona programs can.

I don't know about 4e, but SR4a says they can't whilst Unwired says they can.

[Fortinbras]

I don't know about 4e, but SR4a says they can't whilst Unwired says they can.

I don't know where that is, but I'll take your word for it. However, the most recent rules are the rules.
One is welcome to play an old edition, but to ignore the solution to a problem and then complain that it wasn't fixed seems silly.

EDIT: It's the first sentence of the second paragraph under "Node Movement and Action" on p. 110 of Unwired. It has been replaced/overruled by the sentence you quoted, which is verbatim from the last sentence on p. 234 of SR4A.

[Aerospider]

I don't know where that is, but I'll take your word for it. However, the most recent rules are the rules.
One is welcome to play an old edition, but to ignore the solution to a problem and then complain that it wasn't fixed seems silly.

EDIT: It's the first sentence of the second paragraph under "Node Movement and Action" on p. 110 of Unwired. It has been replaced/overruled by the sentence you quoted, which is verbatim from the last sentence on p. 234 of SR4A.

Interesting. Though fully aware that SR4a came after the core supplements I'd instinctively considered the supplements to overrule it. What you say makes perfect sense, though I wouldn't necessarily bet that most of the changes from 4e to the supplements were not undone in 4a.

[Brainpiercing7.6...]

No. SR4A very clearly identifies personas as only belonging to individuals, as they are firmware associated with a commlink that allows a user to interact with the Matrix. Agents are only represented by icons. They only exist in the Matrix, and so cannot use a persona to interact with it. Nor do they need to.
An Agent's abilities change depending upon which node they are in. Personas do not. Personas are static representations of the commlink you are using.

Alright, blame that one on my insufficient knowledge of 4A. I have still been too stingy to dish out money for an update which should have been available as an errata.

The Hacking + Spoof Test is to ensure that one's connection is not jammed open. This is irrelevant to independent Agents as they are not projecting from one node to another, but are running upon the node they are on. Agents may not have icons in multiple nodes like persona programs can. Therefore Black IC cannot jam a connection that does not exist. No roll is necessary, required or possible.
This text was writen using 4E rules, and have been transplanted by SR4A. But, even if one were to use this, it would only change the Access ID of acommlink and not the unique Access ID of the Agent.

So an agent can't open a connection to another node, it can only travel to another node? That won't work whenever the agent doesn't actually have access to a node, and so an agent could never independantly hack another node, because it can't run on the node it's trying to hack. So to me it seems agents must be able to open connections, too. (And Unwired very precisely says that it can do this, even multiple connections to multiple nodes, on Page 110. Now I'm assuming 4A contradicts that...)

Finally, Unwired says that an agent's access ID can be spoofed prior to loading it into a node (by the user, I suppose using the updated Software+Spoof) roll. And as long as I can do that then I don't even need to actually physically change the hard-coded access ID of the agent.

An agent’s access ID may be spoofed (see Spoofing
the Datatrail, p. 224, SR4), but only when it is being
loaded onto a node.

Again, 4A might contradict this, I don't know.

This is only possible with multiple hackers. Someone must be using these commlinks in order to load said persona. These Agent will only follow the commands of the persona upon whom they are loaded. This is a common technique for Hackers to protect the party, but a persona does not run independently, it is a firmware program that requires a user.
Additionally, an Agent loaded onto a persona goes where that persona goes, so unless the persona is also hacking onto a node, the Agent can't log onto that node independently.

I don't need an independant hacker to control another commlink, I just need one to control it simultaneously. Most certainly the agent can't act independantly, controlling the persona, but once a connection is opened, the agent can slow-hack by itself, for instance, without needing further input, and I can have several personas with linked agents do a teamwork slow-hack, too. It's not nearly agent smith territory, but a definite benefit, and all I need to do for that is pick up every commlink I see on a dead body, hoping to get an R4 and up. I could also buy a nexus and run multiple personas from there.

[Fortinbras]

Again, 4A might contradict this, I don't know.

It does, as discussed above. Unwired had problems. SR4A fixed these problems. Do not simultaneously complain about a problem while purposefully ignoring it's solution.

I don't need an independant hacker to control another commlink, I just need one to control it simultaneously. Most certainly the agent can't act independantly, controlling the persona, but once a connection is opened, the agent can slow-hack by itself, for instance, without needing further input, and I can have several personas with linked agents do a teamwork slow-hack, too. It's not nearly agent smith territory, but a definite benefit, and all I need to do for that is pick up every commlink I see on a dead body, hoping to get an R4 and up. I could also buy a nexus and run multiple personas from there.

You can't control two or more persona simultaneously. Slamm-O! discusses this on p. 91 of Unwired. No matter how many commlink you have, you only have one brain.
A persona isn't just a commlink, it's a user's interface provided by the commlink. You need multiple people to have multiple persona. Moreover, each persona would need to hack the same node in order to get it's attached Agent into said node, so you'd have to roll to hack the device for each persona and each time you do, you risk putting the system on alert.

Again, this is all spelled out very clearly in the basebook. If you read it, it will answer all of your questions.

[Mardrax]

You can't control two or more persona simultaneously. Slamm-O! discusses this on p. 91 of Unwired. No matter how many commlink you have, you only have one brain.

You can however have up to six hands, and comlinks work fine through manual control as well, meaning you could run up to 6 'links just manually, plus one through DNI. Potentially other methods of control may add more.

How's about an anthroform drone (or even just one with some hands) controlling a comlink? (IMG:style_emoticons/default/wobble.gif)

[Udoshi]

So an agent can't open a connection to another node, it can only travel to another node? That won't work whenever the agent doesn't actually have access to a node, and so an agent could never independantly hack another node, because it can't run on the node it's trying to hack. So to me it seems agents must be able to open connections, too. (And Unwired very precisely says that it can do this, even multiple connections to multiple nodes, on Page 110. Now I'm assuming 4A contradicts that...)

I'm fairly sure that agents can operate just like other users on the matrix. The issue that is so confusing involves their ability to travel around. AI's have this problem as well. Basically, there are three modes an agent can run in. It usually starts at 1, just after you loaded it into your commlink's memory.

1) Running Normally.
2) Connecting to an account elsewhere with the Log On(or hacking) action. This puts an Icon there, but doesn't mean its now Running on it. When you think about it, this is actually a necessary state for an agent - else it cannot just 'data search the matrix', and nothing explicitly prevents an agent from using the Log On or Hack On The Fly(which includes a free log on as part of it). Thus, agents operate like any other user, and can make connections to other nodes. (Note that AI's operate this way as well - nothing forces them to expose themselves to the vulnerability of a node crash just by being there)
3) Roaming. It physically transfers itself to another node. This may change its stats, especially if the system or response of the new node that it is now running on is lower than before.
TLDR: You REALLY NEED to keep track of where the agent is Running, physically consuming computing resources from the Processor Limit. (remember that the Agent counts as a running program itself, in addition to the programs in its Payload).

Of course, if you argue that its process is automatically killed, well, that's that then. However, I have another option, and that is multiple commlinks:
Each commlink is a new Persona, because the commlink determines my matrix attributes. So now I get a bunch of additional commlinks, and load up my identical copied agents (which are more expensive than the commlinks) into each commlink's persona. Then I spoof each commlink's access ID with a very quick test, and end up having several agents which are no longer identical, because each is running in a seperate persona with a new access ID. These I can then use as I wish.

A better option would be to use a Nexus. As I pointed out earlier, each Persona on a device has its own access ID, in addition to the hardwired ID of the node. An agent loaded onto a persona uses that persona's ID, and nexi are specifically made to have more than 1 Persona Limit. Paired with the ability to set programs on a nexus available for public use by its users, well....
This is likely the exact setup that corporations use to set up IC Farms and their Botnets. Fairly inexpensive, and effective.
Clusters are able to do this to some extent as well, as the persona limit of 1(default for most devices) adds up quickly.

[Fortinbras]

I'm fairly sure that agents can operate just like other users on the matrix.

No. This was the case in Unwired. Fans pointed out this was broken, as you are doing now, and that Catalyst should fix it. Catalyst then fixed it. They wrote it down and published it on the 234th page of a book called Shadowrun Fourth Edition, Anniversary Edition.

A better option would be to use a Nexus. As I pointed out earlier, each Persona on a device has its own access ID, in addition to the hardwired ID of the node. An agent loaded onto a persona uses that persona's ID, and nexi are specifically made to have more than 1 Persona Limit. Paired with the ability to set programs on a nexus available for public use by its users, well....
This is likely the exact setup that corporations use to set up IC Farms and their Botnets. Fairly inexpensive, and effective.
Clusters are able to do this to some extent as well, as the persona limit of 1(default for most devices) adds up quickly.

The details on how persona work, and how this suggestion doesn't, is fully explained on page. 223 of the aforementioned SR4A. It explains in full and explicit detail how persona work.

[Brainpiercing7.6...]

It does, as discussed above. Unwired had problems. SR4A fixed these problems. Do not simultaneously complain about a problem while purposefully ignoring it's solution.

You can't control two or more persona simultaneously. Slamm-O! discusses this on p. 91 of Unwired. No matter how many commlink you have, you only have one brain.
A persona isn't just a commlink, it's a user's interface provided by the commlink. You need multiple people to have multiple persona. Moreover, each persona would need to hack the same node in order to get it's attached Agent into said node, so you'd have to roll to hack the device for each persona and each time you do, you risk putting the system on alert.

No, that's wrong. Ok so I went out and got 4A. Now let me check:

The Persona is just a bit of firmware. Each commlink has one, a nexus can have several.

A persona is a firmware program built into the device’s hardware that
you use to interact with the Matrix, in AR and in VR. It allows you to
perceive the digital world and projects your icon (or icons) into nodes.
Without a persona, you would be unable to access the Matrix. Even
technomancers have a (living) persona.
Your persona’s Matrix attributes are inherited from the device on
which it is running.

So that means that every commlink has a new persona program. I would interpret that to mean that there should be one dominant one, the one which you access with your trodes or DNI, and several others, but I haven't found that actually spelled out anywhere - especially seeing as how you can control a commlink with a good old-fashioned keyboard, too.

The paragraph you are adressing in Unwired refers to daisy-chaining vs parallel commlinks. Now all that shadow-talk is just fluff to me, because there are no rules to represent what you have there. While it's true that having multiple icons with DNI in multiple nodes will leave you vulnerable in all of them, you can just disconnect your auxilliary commlinks from your DNI, and then you are completely safe. You could even leave them at a different place and let the agent connected to that persona do its thing.
Which it can, because:

If you run the agent in the same node
in which your persona resides (usually your commlink), it can assist
you in any nodes you access. You must have an account with permission
to run programs on the node (usually security or admin).
Agents can also access other nodes independently, if instructed to
do so. They must have access to the node either by using your account
or by hacking their own. When operating independently, an agent has
its own icon. Agents may not have icons in multiple nodes like persona
programs can.
Agents loaded into your persona use your access ID. Traces on an
agent program trace back to your own point of origin.

So what I do is this: connect auxilliary commlink. Load agent into persona. Connect to a node and tell agent to slow-hack it. The agent stays loaded into that commlink's persona program. Then dump the commlink somewhere. Rinse / repeat. I can come again after a few hours/days and check on the agent, or do the entry hack on my own. I don't need to dump the link if i'm not afraid of being traced, or, for instance, I have another agent scanning for traces (on a neighboring node).


Again, this isn't nearly an agent smith scenario, but it still means I can very generously slow-hack a lot of nodes, even without mass-probing.

[Udoshi]

No. This was the case in Unwired. Fans pointed out this was broken, as you are doing now, and that Catalyst should fix it. Catalyst then fixed it. They wrote it down and published it on the 234th page of a book called Shadowrun Fourth Edition, Anniversary Edition.

The details on how persona work, and how this suggestion doesn't, is fully explained on page. 223 of the aforementioned SR4A. It explains in full and explicit detail how persona work.

Oh for fucks sake. You are wrong. Thank you for quoting pages for me, so I don't have to look it up myself.

Using Agents:
Agents can be loaded and run like other programs, using a Complex
Action to run the agent. The agent is a running program and counts
against a node’s processor limit. If you run the agent in the same node
in which your persona resides (usually your commlink), it can assist
you in any nodes you access.[/b]

Notes that it says Nodes.

Continuing on from the same quote block...

Using Agents:
Agents can also access other nodes independently, if instructed to
do so. They must have access to the node either by using your account
or by hacking their own. When operating independently, an agent has
its own icon. Agents may not have icons in multiple nodes like persona
programs can.

It cannot do the functions it says it can without Accounts, therefore it can Log In or Hack its own. And says it can.
When operating with your persona, it can access multiple nodes, because YOU can be in multiple nodes, and it can help you in any you are in.
When operating independently, it can only be in one at a time. This is fair, but only limits an independent agent to one connection at a time - it doesn't force an agent to Roam. When operating independently, an agent has its own icon. When making a connection to another node, without physically loading itself onto it, its icon is present there - but its not taking up processor limit.

In fact, if you WANT it to roam, you need a special setup....

To have your agent operate in the Matrix independently, you must
either run it on a separate node from your persona (with an appropriate access account) or run it on your own node and then send it to
other nodes. The agent will continue to operate in the Matrix even if
your persona goes offline.

Agents do not roam by default, you have to tell it to do so specifically - by loading it onto another node. Only then does it run independently.

Yeah, sorry dude. Everything you've pointed me at supports my arguement.
The only-one-connection-at-a-time nerf IS a nerf, but its not a very big one.
This only reaffirms the NEED to keep track of where an agent is running at any given time. And not just where, but which settings its using.

I would also point out that nothing prevents an Agent from hacking itself onto someone ELSES persona while roaming in order to gain increased functionality, as long as it has the permissions to do so.

If you run the agent in the same node
in which your persona resides (usually your commlink), it can assist
you in any nodes you access. You must have an account with permission to run programs on the node (usually security or admin).

This node can be an enemy node by the way. The permissions do not have to be legally gained.

[Fortinbras]

It seems y'all have jumped from one statement to another that is, frankly, hard to follow. Here is what I am trying to say:

Agents use a unique Access ID that cannot be spoofed by the Agent as it is a Software test or by a hacker as a Spoof Access ID roll only changes the Access ID of a commlink and not an icon.
The only way to change the Access ID of an independent Agent is a week long extended test as detailed in Unwired. This prevents the infinite number of Agents per hacker scenario and makes the game playable.

What you seemed to be saying was that Agent's Access ID's can be Spoofed easily and that this creates an Agent Smith Scenario. This argument has been abandoned.

Now what you seem to be saying is that a commlink is the same thing as a persona and that once an Agent loads itself onto a different node, it can then load itself onto that node's persona and change it's Access ID, thereby creating an unlimited number of Agents.
This is not true. Each commlink has it's particular commcode, but a persona is limited by the individual using it. When that person is logged off, there is no persona as there is no need for the firmware to be active to allow a user to interact with the Matrix, as there is no user with which to interact.
Only a persona may load an Agent onto itself. An Agent can only load itself onto a node. Therefore this run-around to create an infinite number of Agents won't work either.

While in a node with a persona or other icon, an Agent may assist that persona with a Teamwork test. So, yes you can use your bot-net to give your Teamwork dice if you load your persona onto the nodes which each Agent in the not-net has access to.
This does not mean the Agent is loaded onto another node. This does not mean that the Agent can run cybercombat from it's node onto the node in which you are hacking.
An Agent may only be on one node at a time. This is a blanket statement of fact.

I'm not trying to prove you wrong or win an argument. When I point you towards a particular chapter, my goal is not to say I'm right and you're wrong, but to point out the truth of the mechanic. I'm trying to point out that the Matrix system isn't as broken as you seem to think it is and that the rules support a fully functioning Matrix that shuts down rules lawyers who try to work their way around it. Yes, there were problems with copying Software, but these problems have been fixed.

If what you are trying to prove is that Shadowrun is a horrible, unplayable game designed by morons whose rules make no sense and should all be burned, then I shall cede the point. I suggest you not only stop playing this terrible game, but stop posting on it's fan boards as well.

[Udoshi]

Agents use a unique Access ID that cannot be spoofed by the Agent as it is a Software test or by a hacker as a Spoof Access ID roll only changes the Access ID of a commlink and not an icon.

Okay, people keep on pointing that out like its a holy grail of arguement defeating. But its not.

The 'new' 4a roll to change an ID is Hacking+Software.
Agents do not have Software.
Agents use Pilot for Hacking.
You default to program-1 on the matrix, not skill, because program replaces attribute.
Software is not a program.
They do not NEED Software to make the test, because they have the other skill, Hacking, and thus actually have a dice pool.
Test is declared, dice pool is figured out.
0 dice for software. Rating dice for Hacking. Therefore, an agent rolls 1-6 dice to change an access ID under Anniversary rules.
In 4th edition rules they roll Pilot+Spoof, and cannot make the test without a spoof program
As I pointed out before, agents may be loaded onto persona in order to use their ID, and may also do so illicitly if they have the proper permissions.

Therefore, an agent is still quite capable of botnetting, but its not as easy as it was, as only high rating agents stand a chance of making the necessary test to get a new ID on a commlink - and they must be a mook to do it, because it takes the hacking skill.

[Brainpiercing7.6...]

Okay, people keep on pointing that out like its a holy grail of arguement defeating. But its not.

The 'new' 4a roll to change an ID is Hacking+Software.
Agents do not have Software.
Agents use Pilot for Hacking.

Patching an agent takes Logic + Software, which under a general rule that agents roll Pilot for any tests involving normal attributes, would allow them to default. Unfortunately it says in the book that they can't do that.

Unwired at least maintains that the user can spoof their access ID when loading them onto his node, and they then keep that access id. Interestingly enough it is not clear what happens when that agents self-replicates - I would assume it replicates with its original hard-wired id.

Therefore, an agent is still quite capable of botnetting, but its not as easy as it was, as only high rating agents stand a chance of making the necessary test to get a new ID on a commlink - and they must be a mook to do it, because it takes the hacking skill.

I think it's safe to say that they can't self-distribute a botnet of unique agents by themselves anymore. I still believe they can be spoofed by the user, or multiplied into several independant unique agents via multiple commlinks. This is a significant gain to PC hackers, but not totally out of line, because it is to be assumed that most opposition will have cheap access to unique agents anyway. You just have to use them as a GM.

[Mardrax]

The 'new' 4a roll to change an ID is Hacking+Software.
Agents do not have Software.
<snip>
Software is not a program.

Which means you can't use it on the Matrix. You can only use programs on the Matrix, not skills. If you want to use 'skills', you need the appropriate Autosofts. Software is explicitly excempt from being available as an Autosoft. This means you can't default, because the roll in itself is an impossibility.

Udoshi:

Agents can be loaded and run like other programs, using a Complex Action to run the agent. The agent is a running program and counts against a node’s processor limit. If you run the agent in the same node in which your persona resides (usually your commlink), it can assist you in any nodes you access.

I don't see how this says what you seem to imply it does.
You can access nodes as much as you please, because you're an actual user, and have a persona.
All it says is when you're accessing a node different than the one your persona is running from (ie. your 'link) -say, looking for a book in the public library node- and you happen to have an Agent running in the node your persona is running from, this Agent may help you with your Data Search action from the node it's running in, without having to log in to the library's node as well.

Agents can also access other nodes independently, if instructed to do so. They must have access to the node either by using your account or by hacking their own. When operating independently, an agent has its own icon. Agents may not have icons in multiple nodes like persona programs can.

In order to run on a node, without being loaded into your persona, the Agent has its own Icon there. It may not have icons in multiple nodes. This means if you tell the Agent to go look for this book in the library by itself, it would have to Log On to the public library node. Since it can't have an icon in multiple nodes, it will have to stop running on your 'link, and start running on the library node. This will cause it to assume the Matrix Attributes of the library node. It will also make all trace of it running disappear from your 'link, and show up on the library node instead. It will also use up processor limit on the library node, instead of on your 'link. If it subsequently wants to report its finding back to you, it will need to move back to your 'link's node in a similar fashion.

To have your agent operate in the Matrix independently, you must either run it on a separate node from your persona (with an appropriate access account) or run it on your own node and then send it to other nodes. The agent will continue to operate in the Matrix even if your persona goes offline.

Agents do not roam by default, you have to tell it to do so specifically - by loading it onto another node. Only then does it run independently.

...Or by the Agent moving itself there, when it needs to access another node. Because it has to move in order to access it, to satisfy the limit ofnot having icons in multiple nodes, as I explained above.

I would also point out that nothing prevents an Agent from hacking itself onto someone ELSES persona while roaming in order to gain increased functionality, as long as it has the permissions to do so.

Except that loading a program into your persona can only be done voluntarily, through using the appropriate action.

This node can be an enemy node by the way. The permissions do not have to be legally gained.

Indeed. When you have hacked your way into an admin-level account on the public library node, and are currently accessing this node through this account, and have an Agent running on the 'link you're using, this Agent can do anything admin level gives it clearance for, respecting limitations generally valid for Agents. If you tell it to look for any user accounts owned by people named 'Suzie' and delete them, it can, without any further intervention from you, because it's riding off your clearance, using the Attributes of your 'link.
However, if the Agent wants to do this on its own, it needs to Hack its way into an admin-account, Log On, again moving itself from your 'link to the library node, switching to the Attributes that has, and running on its processor limit.

[Wiseman]

You're both right and you're both wrong, at least by the letter of the rules. Honestly guys, this was an old arguement and caused some discussion when SR4a first came out.

Unwired's description of how agents function independently directly contradicts with SR4a's single sentence

Agents may not have icons in multiple nodes like persona programs can.

It's sad but true. Now people argued SR4a was the later edition and thus superseded Unwired. Other's (including me) argued Unwired is listed in SR4a as advanced rules, thus they were more extensive.

Saying that people complained about Agent Smith and they wrote that in sentence in SR4a for just that reason is speculation, unless you have some evidence that's why that sentence is there or some interview with the writer themselves discussing their intention (by all means I'd love to know)

Actually the Unwired errata that disallowed you to spoof access ID when loading an agent was the extent of stopping Agent Smith. Nothing stops you having multiple agents, or even a botnet, but copying a single agent and bypassing rules for unique access ID's logging into the same node is pretty much dead.

You can copy an agent, load it on all your teammates 'links, and it is individual for all of them provided it is run with their persona. Independent agents however don't get that benefit, and thus must have software rewritten. Agents cannot default on skills they don't have, and they don't get software skill.

We can guess what the writers meant all day, but even using icon as the definition is ambiguous to start with. I can easily argue that the Agent program Icon only exists where the program is running, and all other Icons associated with multiple connections are Icons of subscriptions. Therefore the agent may only "run" on a single device at a time (using that devices attributes). Copies of agents running on independent nodes have their own icons, but share an access ID.

Edit: In effect i'm saying that rule disallows a single agent program to Load itself on multiple nodes at once, effectively copying itself without copying itself...

[Brainpiercing7.6...]

Ah, an unwired errata, it's good that you mention that. I'm notoriously bad with knowing about these pesky things... (IMG:style_emoticons/default/smile.gif) .

Here we find the following goodies:

Concerning Personas:

p. 51 Personas
Add the following text following the second paragraph:
“As a user interface for a particular OS, a persona is
designed to be used exclusively — one persona at a time. While
a user actually may have more than one persona running on
di erent nodes or devices, each persona must be controlled
separately.  is means it requires a Complex Action to switch
between persona interfaces a user might have active on di erent
devices. Users may attempt to control multiple personas at
the same time at a +4 modi er to all actions for each persona
a er the  rst. As personas are user shells or interfaces for physical
users, they are not designed to use node scripts (p. XX).”

So there ARE rules. You have to switch, but you CAN have several. I don't understand the modifier thing. This looks like shoddy editing, once again, as it should be a -4 DP mod, I suppose, since a +4 threshold mod is completely out of line. And in any case threshold mods are only normal with extended tests.

.
2
p. 110 Access IDs
Remove the following sentence from the second
paragraph:_
“An agent’s access ID may be spoofed (see Spoo ng the
Datatrail, p. 224, SR4), but only when it is being
loaded onto a node.”

Ok, so there I am finally actually contradicted. Which is fine, I am content with using multiple commlinks.