My Assistant
Site Message
(Message will auto close in 2 seconds)
  |
 Rigging/Hacking: help!, How to? |
 Jun 18 2006, 05:13 AM
Post
#51
|
|||||||||
|
Mr. Johnson  Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314  |
I am not sure you understand the question. If this is the case, then to better understand your question, please replace the word "hacking" with "dancing," and the word "spoofing" with "doing a polka." As I understand it, hacking is everything that a hacker does in Shadowrun. That Spoof program is a "Hacking Program," according to the RAW. As is Exploit and Attack. In real life, the term "hacking" means several things, least of all illegally breaking into computer systems (this link leads to more detailed descriptions of the word "hacker"). The more accurate term for that would be "cracking," but a decision was made within FanPro to just stick with modern popular myth and call all of it hacking (and I can't blame them, really), and since they do, I will, too. Basically, a hefty percentage of Matrix actions listed on page 219 are hacking. Practically every use of those programs listed on page 226 and 227 as "Hacking Programs" could be considered hacking. I believe what you mean by "hacking" is using the Exploit program to find a way to access a node. A real-life example of this action would be the use of a combination of a program called nmap and sshnuke, a program that utilizes the now (in)famous SSH exploit, known to those in the biz as the SSH CRC-32 bug. It would look something like this:
This might look familiar to Matrix fans; it's the same exploit that was used by Trinity in "The Matrix Reloaded," and it's what a real hacking job would look like (the Brothers Wachowski were given mad props at the time by the hacker community for their accuracy and research). The nmap program looks for vulnerable open ports in a target, and the sshnuke program was designed to exploit the CRC-32 bug. Shadowrun's Exploit program would include the functionality of both of these programs, along with a whole library of others. Now, look at the nmap output above. It shows that there is a port (a potential connection) in the target that is open and listening for input. If this port was closed, and no other ports open, sshnuke would not work, since the target could not execute the commands that sshnuke sent it because it would never get a chance to read them. If the router attached to the open port only allowed traffic through that was from a certain address, one would have to perform IP spoofing on packets in order to have the router forward the traffic and have sshnuke work; in game terms, one would have to Spoof the node in order to Exploit it. So the short answer (too late) is yes, you need to Spoof a node that is exclusively subscribed in order to use Exploit whether you do it the slow romantic way (Probing the Target) or the hard and fast way (Hacking on the Fly). In order to run the Spoof, you need to have a Matrix ID that won't get ignored, and to get that you either need to use Decrypt and Sniffer to get the ID from the traffic to and from the drone, or Track and Analyze to find the rigger in the Matrix and get the ID that way; this assumes that there is any traffic going to and from the drone (if they're not talking, you're kinda screwed). Incidentally, the concept of subscribing to increase security has come up in other threads. The idea being that every member of the team subscribes their commlink exclusively to the team's hacker's commlink, so as to reduce the points of vulnerability. It's the same deal with the drones and the rigger.
Sounds to me like you're avoiding the question. =b Plus, you prompt another question: when did I mention a house rule? |
||||||||
 |
 
|
||||||||
|
Jun 18 2006, 05:17 AM
Post
#52
|
|
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
Oh, I forgot to mention that some nodes you can simply start using Exploit on. These are the nodes that are looking for connections from the outside world, and have their functions severely limited by not being open to those connections. Such nodes include servers, libraries, garage door openers, vending machines, personal commlinks, taxi cabs, et cetera.
Drones, cop cars, cyberware, security cameras, weapons, and the like are all examples of nodes that would not be open to connections from the outside world, and would instead be subscribed (if not slaved) to a specific node. |
|
|
|
 Jun 18 2006, 11:09 AM
Post
#53
|
|
|
Target Group: Members Posts: 31 Joined: 22-April 06 Member No.: 8,493 |
now i have been told something interesting an that is when your trying to hack a drone (on the fly) your doing it AR which means it takes Days... to take complete control over a drone because of the subscription list? now the hack on the fly spoof you could issue basic commands like land or reboot and such but not anything like attack this target and Higher functions? also there are degradation on most programs that according to the book every run you do drops it by one point? so a hacker would be putting out like 80k to 100k+ per run to be on the bleeding edge program wise and rebuild wise? also come units are like fingerprints and you need new comunits every run or you may get caught by spiders on the net?
so how many runs should I be looking into per month to play keep up for this? your basic hacker / drone runner thank you any commits would be helpful :cyber: |
|
|
|
|
Jun 18 2006, 01:05 PM
Post
#54
|
|
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
Good explanation Aaron. I think I will have to add an explantion like this to my upcoming SGM.
|
|
|
|
|
Jun 18 2006, 04:10 PM
Post
#55
|
|||
|
Moving Target Group: Members Posts: 560 Joined: 4-March 06 From: Pueblo Corporate Council Member No.: 8,332 |
Thank you, this makes perfect sense and supports your position. But since the rules don't specifically state that you need to gain ID before attacking/exploiting (I again looked over the quotes you posted earlier, and none of them say that you must do so) I still believe that that would be a house rule. And that the rules writers were either unfamiliar with hacking or were trying for game balance. Or maybe that they were smoking crack, since my question remains - if you have an ID with which to spoof, why would you make an exploit test? |
||
|
|
|
||
|
Jun 18 2006, 04:32 PM
Post
#56
|
|||
|
Moving Target Group: Members Posts: 560 Joined: 4-March 06 From: Pueblo Corporate Council Member No.: 8,332 |
Okay, this is important. This might answer my question. If that's the way things should work, the game designers really missed the boat on writing such a rule. That would have been a very obvious sentence or two. So we could say that any node that expects communication with outside entities will not have a subscription list, and therefore be vulnerable to an exploit. And that exploiting is useless against a subscribed one. |
||
|
|
|
||
|
Jun 18 2006, 04:39 PM
Post
#57
|
|||
|
Moving Target Group: Members Posts: 560 Joined: 4-March 06 From: Pueblo Corporate Council Member No.: 8,332 |
Not that I'm aware of. You can do anything in AR that you can do in VR, you're just using your meat initiative, and you lose the extra passes. If you spoof your ID with the rigger's you can issue any command that he can. You just can't jump into it, and control it virtually. Drones usually have programs that allow them to follow complex commands such as "shoot that guy". I'm not able to find anything about program degradation. Are you thinking of SOTA? |
||
|
|
|
||
|
Jun 18 2006, 04:54 PM
Post
#58
|
|||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
wind_in_the_stones.biscuit++; |
||
|
|
|
||
|
Jun 18 2006, 04:59 PM
Post
#59
|
|||||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
Actually, they did say that, but you have to put together all of the stuff I quoted a few posts back. I suspect what happened was the same sort of thing that's happened before: the writers knew what they were talking about, the editors knew what the writers were talking about, and so it appeared that the whole thing made sense.
wind_in_the_stones.biscuit++; // that's two so far, good work! Actually, Exploit isn't useless against an exclusively subscribed node, just less efficient. |
||||
|
|
|
||||
|
Jun 18 2006, 07:45 PM
Post
#60
|
|||
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
To gain an account? ID = IP or mac-address exploit = gain an account And ID and a system account are two totally uncorrelated things. Even if my wirelss network is only accepting certain IDs, it will still check wheter the guy/device/node/whatever login on via this ID has a valid user/system/admin account. This is also the case in todays networks. Nothing very nonstandard of difficult. |
||
|
|
|
||
|
Jun 19 2006, 12:46 AM
Post
#61
|
|||
|
Moving Target Group: Members Posts: 560 Joined: 4-March 06 From: Pueblo Corporate Council Member No.: 8,332 |
You had me there, for a minute. I thought, oh yeah, if you're spoofing, you have to make a test for every command issued. And once you've successfullly hacked, you can do anything you want to the node. But then I realized your first spoof command is going to be to add your rigger to its subscription list. And that's effectively an account. Or am I missing something? |
||
|
|
|
||
|
Jun 19 2006, 12:51 AM
Post
#62
|
|||
|
Moving Target Group: Members Posts: 560 Joined: 4-March 06 From: Pueblo Corporate Council Member No.: 8,332 |
And not only that, you knew what they were talking about, apparently. So you read a lot into those quotes from the BBB. I can't make them mean what you say they mean. Not without a stretch, anyway. They support my position at least as well as yours. |
||
|
|
|
||
|
Jun 19 2006, 02:40 AM
Post
#63
|
|||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
You're missing something. Sorry. Adding your ID to the subscription list just makes the target node stop ignoring you. But once you've been added, you can start Exploiting. This is, of course, assuming that the rigger has given herself access to change the subscription list (as opposed to making that something she has to log in as an admin or have a passkey to do). |
||
|
|
|
||
|
Jun 19 2006, 02:41 AM
Post
#64
|
|||||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
I cheated. I get paid to teach this sort of thing. =) |
||||
|
|
|
||||
|
Jun 19 2006, 04:53 AM
Post
#65
|
|
|
Target Group: Members Posts: 13 Joined: 10-February 06 Member No.: 8,247 |
So what happens when I delete the subscription list? Does the node default to an open status so just anybody hook up to the drone or is it basically offline?
|
|
|
|
|
Jun 19 2006, 06:59 AM
Post
#66
|
|||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
Good question to ask. That's probably a judgement call for your GM to make. In real life, the answer is both (useful, huh?). This is because the creation of what Shadowrun calls a subscription list is separate from the implementation of that list. So if you tell it to stop using that particular list, then it will become open. If you merely erase the list it's using, it will discard all traffic. So, yeah. Up to your GM. If I was the GM, I'd have you make a Logic + Operating Systems Knowledge, or Logic + Hacking, or something, to give you a chance of getting the desired result. |
||
|
|
|
||
|
Jun 19 2006, 12:57 PM
Post
#67
|
|||
|
Moving Target Group: Members Posts: 244 Joined: 8-June 06 Member No.: 8,681 |
It's a minor nit, but since we're talking about wireless.... each node with a receiver has to run its own filter. A better real-world model for a subscribed node would be a server with ssh turned on, but a software firewall (ipchains, for example) configured to ignore connection attempts that don't come from a specific list of IPs. If the node is going to receive ANY traffic, some piece of software on the node needs to examine each incoming message and decide whether or not to pay attention to it. One way to gain access to such a node would be to spoof your own identity (once you've figured out what ID it's looking for). In theory, though, you might also be able to take advantage of a vulnerability in the filtering software. (Just like, in the hardwired example you gave, you could in theory crack the router instead of spoofing) |
||
|
|
|
||
|
Jun 19 2006, 02:20 PM
Post
#68
|
|
|
Runner Group: Members Posts: 2,925 Joined: 26-February 02 Member No.: 948 |
Aaron, in your game I agree that you could play it your way, as long as you have fun but according to the RAW one can use Spoof, Hacking and Intercepting wireless signals to try taking over a drone, they are not immune to hacking and electronic warfare and there’s nothing in the rules saying that you need spoof before you hack.
There are however several simple ways of stopping rampant abuse of the above – orders. It’s stated in the book that Agents understand any order given although they could take them a bit too literally. Here are the actions and what one can do to stop it. 1. It can only take orders from it’s controlling persona (Spoof can stop that) 2. It will double-check the order with the controlling personas log file if said order has been sent (spoof will NOT work because of that). Also, add an order to IGNORE commands that stops it from checking the logfile or changing the subscription list 3. Intercepting signal and inserting an order (Illicit editing action of data) will fool drone with fake orders inserted in the controlling personas datastream. 4. Point 1 can stop 3 from working since the hacker don’t have the original log file and cannot fake the correct order history (drone could have a log file from the persona with several days of history.) 5. Hacking the drone takes time and it is rare that a hacker would make an exploit test and rather hack on the fly – which gives the drone several attempts to discover the intruder. 6. Running an agent on the matrix on a standard node (citywide signal node or suchlike) and give it an order to peek inside the drones node (within the subscription list of the drone) would give it additional defense and save up slots for autosofts as well. It could run permanent analyze checks and have attack programs ready. On another issue: Can I spoof command to an agent? |
|
|
|
|
Jun 19 2006, 05:00 PM
Post
#69
|
|||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
I have to disagree. The RAW states that commlinks are also routers. This makes sense for a ubiquitous wireless network; it becomes very easy to run such a network if every device can pass packets. I'd assert that only a tiny fraction of traffic that a single commlink encounters would actually be for that commlink, rather than traffic to be forwarded. If that capability was integrated into the commlink's central processing duties, it would be a terrible waste of resources, especially when the user wants it for something processor-intensive (like gaming or decrypting or compiling or something). More likely, the router functionality is part of the wireless tranceiver (analogous to a modern computer's network card). Unless you are maintaining that a subscription list is unlike a modern ACL, then what you propose would not work. The packet in question never even gets looked at, only the network header. Modernly, it reads bytes six through nine (for the source address), and that's it. |
||
|
|
|
||
|
Jun 19 2006, 05:15 PM
Post
#70
|
|||||||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
Jopp, omae, I could respond to this, but I'd just be repeating every fraggin' thing I've been saying this entire thread, so I'll leave that as an exercise to the reader. And by that, I mean reader, not skimmer. Also, let us not forget that "hacking" is, among other things, Spoofing and Intercepting (that one was a few posts back). Don't confuse Exploit with hacking.
But that's what I already ... I went over ... ... *sigh* Very nice, Jopp. Very succinct. Thanks.
I don't see why not. Logically (meaning within the logical theoretical construct of the Matrix), a drone's Pilot and an Agent are identical, they just control different hardware. |
||||||
|
|
|
||||||
|
Jun 19 2006, 05:26 PM
Post
#71
|
|||||
|
Moving Target Group: Members Posts: 244 Joined: 8-June 06 Member No.: 8,681 |
I didn't write the second paragraph of that, so I'm not sure where it came from. Is it part of your response, and accidentally inside the quote-tag?
Actually, I agree with everything you've said here. I didn't intend to suggest that the filtering had to run on the main processor as opposed to a dedicated sub-processor...merely that it has to be done within the commlink itself, SOMEWHERE. It can't rely on a different node to do its filtering for it. And it can't be entirely hard-wired, because you need to be able to configure the contents of the list at run-time. |
||||
|
|
|
||||
|
Jun 19 2006, 05:30 PM
Post
#72
|
|||
|
Moving Target Group: Members Posts: 244 Joined: 8-June 06 Member No.: 8,681 |
Only one of these I disagree on is the garage door openers. By design, a garage door receiver is intended to respond to only one or two dedicated transmitters. It's pretty much a perfect example of a subscribed node. Unless you meant a public pay-garage, rather than a home one? |
||
|
|
|
||
|
Jun 19 2006, 07:39 PM
Post
#73
|
|||||||
|
Mr. Johnson Group: Dumpshocked Posts: 3,148 Joined: 27-February 06 From: UCAS Member No.: 8,314 |
Fixed. Weird, it looked okay in the preview.
I think I'm hung up on the term, "filtering." To call the thing that an ACL or subscription list does "filtering" is somewhat inaccurate, but it occurs to me that such nit-picking (Nim-picking?) doesn't really add anything to the discussion, so I'll shut up about it. Anyway, my original point was that the packets carrying the Exploit commands/probes/unagi would never reach a place where they could do harm, because it would get discarded before it got that far. It might help to explain that there are actually multiple layers of encapsulation at work in network communications (encapsulated in a spoiler for those who like to skim). [ Spoiler ]
Okay, maybe not garage door openers. Except the public ones, as you say. |
||||||
|
|
|
||||||
|
Jun 19 2006, 11:20 PM
Post
#74
|
|
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
My view of the whole situation. I tried to find a consistent solution that is sensible and does not violte SR4 RAW. Maybe somebody finds it interesting.
|
|
|
|
|
Jun 20 2006, 03:20 AM
Post
#75
|
|
|
Moving Target Group: Members Posts: 244 Joined: 8-June 06 Member No.: 8,681 |
*grin* Good explanation. And yeah, this is getting pretty far afield, but I'm enjoying the conversation :)
What I was getting at, though, is that in a wireless network, the sender controls every aspect of the encapsulation. There aren't (or at least, needn't be) any intermediaries between the original sender and the final recipient. So, you can't trust the outer envelopes to be any cleaner than the inner message - the Bad Man sending the message could have fiddled with any layer of the network stack that he wanted to. IF, and this is a big if, there's a vulnerability in the implementation of the ACL itself (it falls over when it receives a packet with a magic number of bits, or it stores the packet in a fixed-length buffer without checking the size first, or it does something similarly boneheaded), then you've got a problem. The reason it's a big if, though, is that that sort of thing is usually more compact and easy to debug than something like sshd would be. And if it's well-designed, then when it breaks it ends up passing NOTHING along, rather than everything, and you're inconvenienced but not compromised. |
|
|
|
|
|
Lo-Fi Version | Time is now: 12th April 2022 - 06:48 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.