 Speeding Up Hacking, A Matrix rant |
  |
 Feb 1 2007, 06:00 PM
Post
#76
|
|
|
Neophyte Runner  Group: Members Posts: 2,086 Joined: 26-February 02 Member No.: 364  |
So, no one has any reasons, other than Rotbart's observation that the "Try Again" rules would come into play, why an IC Agent wouldn't be constantly searching the node? Because cycling IC on and off to supply the "rest" needed by the Try Again rules only makes sense if the purpose behind using IC is to protect against a lone hacker with a high end stealth program who never makes mistakes. It was my impression that the purpose behind IC is to protect against any and all possible intrusion.
|
 |
 
|
|
Feb 1 2007, 06:08 PM
Post
#77
|
|
|
Prime Runner Group: Banned Posts: 3,732 Joined: 1-September 05 From: Prague, Czech Republic Member No.: 7,665 |
For what it's worth, I'm pretty sure that once you've hacked in with admin privs, that you have an account hat has legal admin privs.
Unfortunately, hacking in is still an illegal action, even for an admin, so until you can get those logs erased you can still be detected by IC. -Frank |
|
|
|
|
Feb 1 2007, 06:44 PM
Post
#78
|
|||
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
Serbitar, you almost always revert the conversation of hacking to either agents or account rights. Correct me if I'm wrong on this, but is it your view that when a hacker is hacking into a system, he is, by definition, logging into the system with an account? Is it your view that a hacker can choose to login with an "illegitimate account"? Can he login and hack without an account? It would help me to understand some of your arguments that I've having trouble grasping if you can give me an idea where you're coming from with this view. It sounds like you're saying that a hacker is given rights by the system because of his account (legitimate or not). I think that's taking the definition of "rights" a little too far. Accounts aren't the only thing given "rights"; programs and processes are given rights, too. For that matter, "rights" just means that a given task (like assigning a pointer to a zero-length block of memory) is protected from accounts, programs, and processes that do not have "rights". So what? A hacker can bypass these protections... that's what he does. That's what his Exploit system is supposed to do. So by a hacker's "rights" we're not necessarily talking about the same type of "rights" that a user or admin is assigned by the system, but rather a measure of the capabilities the hacker can influence within the system despite his lack of any rights granted by the system. Does that make sense? So, acquiring rights by aquiring an account is one technique of the hacker, but it is not the only technique, nor is it the best technique (far from it), nor is it particularly "stealthy", and I don't think it should be thought of as the default model for hacking that you seem to imply. (Or at least that's the impression I get from your posts.) Garrowolf, Synner, correct me if I'm wrong in any of this. (P.S. I know this contradicts my earlier posts, but I think we've all seemed to abandon my "Matrix as Operating System" theory, which, I still think has a lot of merit despite everyone's insistence on dismissing it, by the way.) |
||
|
|
|
||
|
Feb 1 2007, 07:23 PM
Post
#79
|
|||
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
That assumes that IC are checking logs and not loooking a "current" flags, or pass codes. Again, a valid assumption, but still one that does not necessarily have to be made. |
||
|
|
|
||
|
Feb 1 2007, 07:28 PM
Post
#80
|
|||
|
Great Dragon Group: Members Posts: 5,537 Joined: 27-August 06 From: Albuquerque NM Member No.: 9,234 |
Typically all process and and services are running as a user. An attacker who compromises a service or process gets access to the system as the account that the process should have. In a well run system this is not a admin account, so the attacker next has to do some sort of priv escalation to get full control of the system. This is the SR exploit. |
||
|
|
|
||
|
Feb 1 2007, 07:34 PM
Post
#81
|
|||
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
Answering your questions: I have no idea how RAW sees it. RAW is giving not enough information to give a straight answer to any of those questions. Thats why I am just pointing out consequences of interpretations. But your ipmression that I am always coming back to agents or accounts might have to do with the fact, taht I am building my intrepretations arround a certain protocol of node interaction. Once this protcol is set, everything (programs, software, agents, persona) has to obey it. Thats what I call consistency (and as a by product streamlining and simplicity). In my own hacking rules, yoou hack into an account but you dont have the password for it. You can not hack into an illegitimate account because such a thing doesnt exist. You also cant hack into accounts that dont exist. Thats why you cant hack into a user level account when no such account exist. If you only hacked rights, you could hack in with user rights even if no user account existed (somethig that is contradicting Rotbarts interpretation with RAW). In my world, nothing can exist without an account. Even when only interacting with the node you "log in" with an anonymous account. In my world programs and agents run on accounts, because thats how it is done in the real world. I stick to real world stuff,b ecause I know that it works and translate it to construct a ruleset that works. A hacker can do everything with computer without being resisted, his account has the rights to do. For everything else, he has to hack and the node resists. But again, thats just my world. |
||
|
|
|
||
|
Feb 1 2007, 08:01 PM
Post
#82
|
|||
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
Yeah, I don't care about RAW; at least not for this sub-discussion. I'm just trying to get our views on what hacking IS because it seems like we're at cross-purposes due to our definitions. Thank you for clarifying your position. Here is mine: (I don't like the word Node for this discussion. I'll use system, because that's what I'm talking about. Usually the operating system, but also all programs and such installed into it.) A system has three major components: programs, GUI, and processes. The GUI is what gives the user access to programs and processes, and users are categorized as given rights to their accounts, we can conceptually percieve this as: Programs, Accounts, and Processes. Now despite what you posted above about so-called "real life", a system *is* capable of running a program without a user-account telling it to do so. It's also capable of running processes. Examples of processes include managing memories, updating the system clock, managing how much power is used, maintaining a cache for file access, and hundreds of thousands of other similiar tasks happening all the time managed only by the system. Often, even an administrator working with all of his administrator rights can't access some of these processes if the operating system wasn't made to allow such access. I think we can take for a given that the user-account can access processes through the GUI. If a user says "delete this program", that's a process. Technically it's being accessed through a program (delete) but that's breaking the operating system too far into component programs. In fact, when I specify "programs", I'm pretty much talking about "applications". For the purposes of our discussion, the user (through his GUI, through his account) can perform processes (such as delete files off a hard drive, for example) and the operating system can perform processes (such as deleting all contents in a block of memory). Programs can also access processes. For the typical user, everything he does is through programs. Need to scan for a file to see if it's being tampered with? Use a program to compare its code to a previously recorded code for that file. Need to dial into another computer? Use a program that sends commands to the modem. Hell, operating systems will do that for you these days with a variety of processes that manage your internet connection. A user using a program may think he's just clicking on a hyperlink, but there are thousands of processes that go in the background. A "right" therefore is defined in two ways: 1) as the ability to perform or terminate a process, and 2) as the ability to execute a program with the ability to perform or terminate a process. For example, generally my Windows environment doesn't give me the right to directly determine what pixels appear on my screen. Those rights are determined by programs that send requests to the operating system which sends requests to the video card. However, it is possible to access a program where I can input binary commands that completely bypass and override the operating system, sending conflicting commands to my video card and effectively destroying my display. So what's the point of all this? It's important because in addition to the standard GUI used with operating system, there's all kinds of ways to access processes within a computer system without using the GUI or its associated programs. Security features use "rights" as one method of preventing a hacker from doing just that, but there are ways of bypassing these restrictions. A hacker is someone who knows those ways. Since he doesn't need "rights" or permission from the operating system to directly access processes, he's very difficult to detect. Effectively, nothing is telling that operating system that the process is being run - and since the operating system itself isn't running it, it may remain ignorant of it until it tries to access that device, file, block of memory, byte, sector, or whatever (at which point it will either alert the sysop or crash completely, depending on who made your operating system). So, definition of hacker: Someone who can directly access a computer process without going through applications or the operating system. Alternatively, somone who has the ability to bypass the operating system. User accounts never go deeper than the highest layer of the operating system, since that's the part that interacts with users. That's where I'm coming from. I advise others in this discussion to post their "conceptual views" on what a hacker is so that we can all get on the same page and move forward. |
||
|
|
|
||
|
Feb 1 2007, 08:12 PM
Post
#83
|
|||
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
You do neither. You trick the system into doing your bidding, then use it. Trying to manually modify a process by machine code is... not an option. |
||
|
|
|
||
|
Feb 1 2007, 08:14 PM
Post
#84
|
|
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
catiah: What you are trying to describe is kernelspace, which is more or less the operating system. Its the only stuff that runs without being run by a user account.
|
|
|
|
|
Feb 1 2007, 08:28 PM
Post
#85
|
|||
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
Machine Code is not the only process you have at your disposal. That problem came up earlier in this thread, too... there isn't just GUI and MACHINE CODE, you know. There are many subtle levels of programming in between. Users and administrators work in the HIGHEST level of programming and function, giving commands and requests and then allowing those requests to be translated at multiple stages until finally everything that needs to be be managed, is managed. There are many, many LOWER LEVELS of easily accessible programming beneath the GUI where you can bypass a lot of this "translation process", especially the ones that aren't necessary. For example, programming in Python is still programming and you can do a lot with it - but the system still manages A LOT for you behind the scenes. While C, for example, is a much lower-level programming language, able to do its job far more efficiently but requiring the programmer to do a lot of low-level management of system resources by hand. Hackers, thus, would have programs (like Exploit) that works at a much lower level of programming than the standard GUI. The lower the level, the more skill required, and the more efficient the end result (as a general rule). |
||
|
|
|
||
|
Feb 1 2007, 08:47 PM
Post
#86
|
|
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
My head hurts now, thank you very much.
|
|
|
|
|
Feb 1 2007, 09:05 PM
Post
#87
|
|||
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
Okay, yeah. But specifically, I'm talking about the kernel, its processes, interupts and system calls, not (just) kernelspace. Why would a hacker be using anything else? |
||
|
|
|
||
|
Feb 1 2007, 09:27 PM
Post
#88
|
|
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
Well, there is only userspace and kernelspace. All you are metioning is kernelspace.
|
|
|
|
|
Feb 1 2007, 10:43 PM
Post
#89
|
|||
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
These are just aspects of how virtual memory are assigned. There's more to a system than that. And I told you what I was focussing on. Why did you choose to ignore it? System calls and interupts to the kernel are at the very heart of what I'm talking about. --- Okay. There's not much point in us trying to convince eachother either way. It's obvious we have two very different models for how someone "hacks", both in the game and the real world. But I think knowing this will help us in the discussions on this thread. |
||
|
|
|
||
|
Feb 1 2007, 10:56 PM
Post
#90
|
|
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
Well, actually I dont really care how hacking works in SR4. Thats something I dont need to know, I can handle it like a black box. What I need to know is how permission rights and accounts are supposed to work in SR4, as they are subject of the rules.
|
|
|
|
|
Feb 1 2007, 11:17 PM
Post
#91
|
|
|
Target Group: Members Posts: 27 Joined: 31-January 07 Member No.: 10,846 |
Oh is that how its supposed to work? I thought you were supposed to be disrupting the opcode or running basically an advanced password cracker. Sort of how the maglock sequencer would work
http://news.com.com/2100-1009_3-5053063.html Weird. |
|
|
|
|
Feb 1 2007, 11:27 PM
Post
#92
|
|
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
Oooh, they used a rainbow table to attack a stored password.
Now that is new. :S |
|
|
|
|
Feb 1 2007, 11:29 PM
Post
#93
|
|||
|
Moving Target Group: Members Posts: 941 Joined: 25-January 07 Member No.: 10,765 |
Apparently not. Given the information in the article, this has been a nearly standard attack pattern against windows machines since 3.1, thus the encryption includes a salt nowadays... per the article of course. I haven't got three clues what a rainbow table actually is.. :spin: |
||
|
|
|
||
|
Feb 1 2007, 11:40 PM
Post
#94
|
|||||
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
He was being sarcastic. |
||||
|
|
|
||||
|
Feb 1 2007, 11:49 PM
Post
#95
|
|||
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
Serbiter, are you just arguing for the sake of it now? I know you want to defend your system, but this is rediculous. First you critique SR4 for not being realistic. Then you attack other interpretations to streamline custom rules for not taking into account your views on how hacking works. Then when someone tries to explain to you that your views in no way match how hacking rules, you say you don't care, and want to know how it works in SR4. There have been numerous attempts to explain it to you. I and others have tried. You just don't want to listen. An exploit allows you access to a system without a user account. That's how it works in SR4. A hacker doesn't have permission rights, but he can do stuff anyway. (My theory is that this is done through the kernel.) A hacker can attempt to get a user account, but this is +3 to his exploit test. Since a user account has basic permissions to many parts of a system and limited access to the operating system, he can do more from here. With +6 he has admin access which has even more permissions, but still not everything. You are not understanding it because you are sticking to this idea that there is no way to hack a system unless you have a user account that gives you permission rights. It's just not true. |
||
|
|
|
||
|
Feb 1 2007, 11:49 PM
Post
#96
|
|||||||||||||
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
Gorrawolf, I can only respond in a very limited way to your suggestions so I'm sorry if I sometimes ignore your points. But a lot of what you describe was the "mission statement" behind my custom hacking rules, so I don't know what I can contribute that dodn't go into those and I know you've already seen them. So, I want to contribute more and feel you're bringing up important points and ideas, I just don't know how to contribute.
I know this statement was addressed to Serbiter, but if you're applying it to the posts that Garrowolf or I have made on that subject, I want to point out that what is being called into question is not just the "abitrary rate those tests are made" but whether some of them even need to be made at all. Just trying to clarify matters.
Serbiter, this isn't fair. You attack an interpretation, demending a defense, then someone else explains/defends/expands it, and you dismiss the reply out of hand because its not convinient for your interpretation. If your going to request a clarification on an interpretation you have to be prepared to awcknoledge the response.
Someone (Synner?) already addressed that the perception-tests are not node-wide. The perception test is made to see if the IC is looking in the particular part of the system you are accessing at the moment as it cycles one at a time through the various files and processes in a system. IC, apparently, can not look at all aspects of the node at one time.
I agree, but this is an overall flaw with Shadowrun, and maybe RPGs in general that rely on a "skilled gamemaster" as the omni-answer to everything. You won't fix it by re-writing the hacking rules. (I'm well aware of your baselines though and agree that they are vitally important and missing from the rules. I've made my own for my system. But it's really a minor point. RPGs have never really worked out stuff like this and its not fair to bash Shadowrun for it.
It's a really cool rule from older editions that, in practice, was kind of difficult to implement. Fans of the system tend to bash SR4 for not having it (or something like it). Serbiter added one in his system that was a little more streamlined. I've been trying to avoid adding something like it to my system. It was basically a security count-up of all activity on the system. Everything was handled in opposed tests with the system counting up all hits and adding results to its security tally. The GM had a pre-designed sheet that showed the system's response when the tally got to certain points. Like "4 - Release Trace IC, 12 - Release Attack IC" for example. It was the main reason you couldn't simplify hacking (as per Garrawolf's suggestions) because you'd have to re-write the security tally rules which depended on having all of those opposed rolls. |
||||||||||||
|
|
|
||||||||||||
|
Feb 1 2007, 11:57 PM
Post
#97
|
|||||
|
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
Thank's for answering a question asked by someone else than me. :| |
||||
|
|
|
||||
|
Feb 2 2007, 12:00 AM
Post
#98
|
|
|
Moving Target Group: Members Posts: 745 Joined: 2-January 07 From: Los Angeles, CA Member No.: 10,510 |
Always glad to help. :oops:
|
|
|
|
|
Feb 2 2007, 12:42 AM
Post
#99
|
|||||||||
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
First: I dont want to defend my system (my system was never attacked in this thread, it wasnt even discussed). If I really want something in this thread then it is to show the flaws of RAW. Second: I am not criticising rules for not taking my rules into account, but for not being consistent or streamlined. That is an objective criteria. This has very little to do with what I prefer. And when I prefer something I write phrases lie "in my world" "I would like to" "I prefer" "in my opinion" "at least for me" and so on. Search for them, you will find them. Third: I dont care about a certain level of complexity. On some point you have to make abstractions. How exactly hacking works is abstracted by me as well as by RAW. So it is completely irrelevant. Accounts and Rights are not abstracted (if that is an English word). They appear in the rules, so it matters how they work. Its really that simple.
This is simply wrong. It is not mentioned at all in RAW wheter you get a user account or only the permissions. Its completely up to interpretation. The phrase that is used in RAW is "user access". Whatever this is. And a hacker HAS permission rights. That is explicitly stated in RAW. Maybe ask Rotbart if you dont believe me. He stresses the point several times in this thread.
+0 is user access +3 is security access +6 is admin access whatever "access" is. Its up to you to interpret it.
Wrong again. I explicitly mention that you can make this assumption (not getting an account by hacking in), but point out some consequences. But you always have at least user access (again, whatever that is) that comes with user permissions. PLease read my posts before complaining. Actuall you wanted to know how I view things. I just want to point out consitency flaws and anti streamlining in RAW and point out consequnces of certain assumptions. |
||||||||
|
|
|
||||||||
|
Feb 2 2007, 12:49 AM
Post
#100
|
|||||||||
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
Maybe you dindt get the "this may or may not be desirable part". Im am not dismissing anything, I am just stating the consequences which one has to live with then making an assumption. Its for everybody himself to deside wheter he wants to make the assumptions or not. Be there is no way arround the consequences of an assumption.
So you basically say: "Well, all rules in every RPG are bad, no point in trying to make them better?" What kind of reasoning is this? Especially as it is extremely easy to give rules for scanning IC if you want to. Its exactly one sentence. "Everytime a hacker performs an action not coverd by his permission rights, the IC can roll a perception test to spot this action." Doesnt sound too difficult for me. And I really dont see the reason why anybody should prefer a "the GM will handle it" solution, and defend it for pages after pages, just because its written in a book (no, we are not talking about religion at the moment). And btw its Serbitar. |
||||||||
|
|
|
||||||||
|
|
Lo-Fi Version | Time is now: 8th May 2026 - 10:13 AM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.