A Few Questions from a 4th Ed Noob GM Options

[StealthBanana]

There are a few things I'm confused about, and if you lot could help me out that'd be pretty cool.

First off... spoof/redirect/track

How does spoof work? Does your roll on spoof act as a threshold for a track action, or can they only really trace you effectively by using track while you're still connected to the node?

For example, Harold the Hacker logs on to a Ares private node, does this mojo, and leaves. How would I determine if Ares could track him after the fact?

Next example: Harold the Hacker gets caught. A security hacker is tracking him back to his Commlink in order to counter hack. Does Harold use his spoof program to add dice to the threshold of the track attempt, or would he had to have already used spoof to mask his connection before the security hacker started tracking him?

System/Response in relation to running programs!

What is defined as an 'active program'? If I run an attack program, how long does it stay 'active'? I understand more clear cut things like armor, stealth, etc, but how do programs that resolve instantly affect my system/response? If I decided to analyze something, how long would the program be running? Until I got the info I needed and stopped making analyze tests? What about attack programs? When do they stop running? If you use attack, does it stay 'active' for the entire combat? If I'm running stealth and armor, and I use attack, how does that affect my response and for how long?

[BishopMcQ]

Tracking follows a user's datatrail, so as long as the persona is online it can still be tracked. The datatrail would still exist after the fact and could be used to track down where the user was when he went offline.

Spoof is utiliized for direct actions taken to redirect the trace if the user is still online and thinks that someone is after him, or to spoof the datatrail and cover his tracks.

Example 1--Ares would be able to track the data-trail unless Harold has actively spoofed his Access ID. (SR4, p 216 & 224)

Example 2--Harold would have to take the redirect trace action while the trace was in progress, raising the threshold of the test. I would recommend that he log off quickly as well, and start moving to put as much physical space between himself and the location he was hacking from as possible. (SR4, p 224)

Active programs
Programs stay active from the time you load them intul the time you unload them. It takes a complex action to load a program, so unless you plan on having some free time, to switch your programs around, time which you don't generally have in cybercombat, you will need to have pre-loaded them. (SR4, p227)

[StealthBanana]

Thanks a lot. One more question/clarification.

Could you give an example of Ares tracking Harold using his datatrail? Would the threshold be equal to the hits he got on the spoof action? And if they overcame his spoofed access code, would they have to retrace his datatrail to get his real access code, or by overcoming the spoof do they automatically detect his real access ID?

For example, Ares tracks his datatrail and obtains the access code for a StufferShack node. In this case they didn't overcome his spoof, they just realized that his access code was spoofed. How would they obtain his real access code, or is that no longer possible?

EDIT: I'll just tell you my players situation. He logged on to a Shiawase node, spoofing his access ID and scoring two successes. He was not detected in his time on the node, but he was a little careless and didn't edit the logs before signing off.

How would I go about determining if Shiawase could trace his connection? What does scoring two hits on a spoof test mean?

Thanks again.

[hobgoblin]

think of spoof as a forged id.

every comlink or other computer have a access id that in theory should tell the law who owns said computer (much like the licence plate on a car).

when it comes to redirect, the text of the action make it sound like it does something similar to the classical "mirror image" spell of d&d.

it trows out multiple, appearantly real, locations for the hacker to be, buying the real hacker some time to get away before the HTR/swat comes rushing in.

that, in combo with a spoofed id, can make the hacker a ghost in the matrix. sure his MO and persona is known, but noone knows who is hiding behind the "mask" ;)

[cetiah]

There doesn't seem to be any defense against a "spoof datatrail" action so long as the hacker achieved at least 2 hits (because it is a Threshold 2 test).

If they encountered the icon online they could perform a Track action to trace the hacker to his current physical location, regardless of what access ID he has spoofed. Since the hacker is no longer online, he can't be tracked in this way. There's a huge advantage in not being detected.

Since the logs were not deleted, Shiawase knows that SOMEONE hacked their logs and that SOMEONE used this Access ID. I'd say that a matrix Perception test would reveal that the access ID was spoofed, but it doesn't really matter. The point is that while they know that a hacker got into the system and they know what he did, they don't know who the hacker is or where he is and have no means of finding out.

It's not that he spoofed that's so helpful here, it's that he was undetected and therefore never tracked online.

If he had not spoofed, they would know his access ID (which would be in the logs) but still would not have any means of tracing him to his physical location.

If he had not spoofed and HAD been detected and he HAD been tracked, then a successful redirect action would have made the track harder and the tracking IC would have had a hard time finding his physical location - but they would still have his access ID.

[hobgoblin]

in the end, spoofing id is the first trick a hacker learns, and learns quickly. the rest is picked up by the law before they get most other skills trained to a usefull level ;)

[StealthBanana]

:)

Thanks a lot guys.

[Spike]

Of course, if you want to be mean, you could allow the Sysop/corp dudes to Analyse his Spoofed ID with a threshold equal to his successes to see if they can crack it.

I'm reasonably certain that isn't Contradicted by the rules.... ;)

[BishopMcQ]

It's not contradicted, but I'm not sure it is supported either. Any page references Spike?

[hobgoblin]

basically, the book only say how hard it is to spood a aID, not how hard it is to detect a faked one.

i guess this is because your replacing the aID. in effect, the fake ID is your only ID.

so, it looks like the only way they can tell its a fake ID is when they show up at the owners place and find it to be a old grandma with a comlink thats used for basic grocery orders.

its kinda like the RIAA today suing old grandmas for downloading music because her computer supposedly had the IP address in question at the time...

[Spike]

No real page reference... as I suspected. The closest I saw was under the Trace action, where it uses the hits on the redirect action as a threshold... fairly standard opposed test, there.

Of course, I'm of the opinion that if you go easy on players they get lazy and stop showing up to games. Far better to scourge them with a thousand lashs of lemonjuice IC programs, they come screaming back for more... :grinbig:

[StealthBanana]

Two more questions that I thought of in the shower:

Agents. How do they affect Response/System? Does an agent loaded with four programs count a one program, four programs, or five programs (4 loaded programs plus the agent itself)?

EDIT: Also, if you have a program loaded and a linked agent uses it, can you also use it? What are the rules for that. I'm working off the first printing of SR4 and either I just don't get it or there are a few errors in the text.

Also, how do you guys deal with Technomancers? As far as I can see, counterhacking a technomancer that is using his meatbody as his conduit to the Matrix isn't possible. The best you could do is crash his Persona, or track him to obtain his physical location, but you couldn't actually travel to his home 'node', right?

I think I had another question, but I forgot it already haha. The good shower gives, and the good shower, he taketh.

[Spike]

I would assume a 'linked' agent is just accessing the same programs you have loaded, so if you want to load the agent with 'attack' you have to have attack loaded on the link. Not two copies.

Once the Agent is loaded onto another node, you no longer have to worry about processor speeds, but it can only load programs you had loaded when you dispatched it, which is mere bookkeeping unless you are trying to do this under combat conditions (where timing matters... complex action to load a program and all that...)

[cetiah]

[Spike]

Unlike Nodes and Commlinks, Technomancers have no organic memory storage that can be hacked. Their persona can be crashed (inflicting stun on the TM), which would temporarily knock them out of the matrix and give them a whomping good headache, but to store anything they need a seperate node item with the on board memory which would need it's own protection, though if the signal is weak enough it's unlikely that anyone could get close enough to hack it without being in the TM's pocket, so to speak...

[cetiah]

[Spike]

No... Technomancers have no organic memory... thus you can't hack it. They have a persona with no node. You can crash them, but not hack them.


If they want to store paydata they have to bring along something technological to transfer the info too. THAT can be hacked as normal.

[hobgoblin]

the TM node debate is one of the ongoing ones for SR4...

its not stated that a TM have a node, but its also not stated that a TM does not have a node.

all in all, its yet another topic that one hope is handled by future books or similar. emergence may give us something to go on there...

as for the agent stuff, im with cetiah. its much cleaner and simpler to go with how the book defines it then the FAQ. if anything the FAQ on this makes things more messy then is needed.

here is my take:

a agent have a internal response rating. if its loaded into a persona its based on the persona home node. other times its based on the response of the node its active on at the time.

the internal response of the agent reacts just like a nodes response to having to many programs loaded. but for a agent its based on its rating, not the system rating of any node. so if you load more then agent rating of programs into a agent, its internal response rating suffers.

also, its can only swap programs when its loaded into a persona. if its roaming the matrix on its own, it will have to bring its programs, and they are all active, all the time. no messing around with them being in use or not like the FAQ talks about.

and yes, id make a agent count as a program (its more like a virtual machine but thats a topic for some other time). so if you load more agents on a node then the system rating of said node, the response rating suffers.

[Spike]

I haven't seen anyone suggest that Technomancers can run software without a physical device, the certainly don't have the memory to actually load them (RAW, page 233). Since they don't have memory, that makes loading your own icon onto their 'node' a challenge.

That is to say: you can hack a Technomancer's PAN (that is, any of the devices he carries and links via his own internal 'commlink') but you can only crash his persona, not hack him personally. There is nothing on his 'commlink' to hack.

On that, are there any hacks you can do to the persona of an opposed commlink? I know you can hack the link itself, take data on and off it, etc... but what can you actually do to the persona other than 'attack' it?

[cetiah]

[Spike]

Not even in theory: If you hack someone's Commlink, which is the central node of their PAN, you could have access to all the data flowing through their PAN. You can see through their cybereyes, listen in on team chat...

In theory, having the right account priviledges might give you access to the subnodes in the PAN, or at least make hacking easier.. thus you could turn off their eyes, or insert false chatter to the team network (spoofing commands to the rest of the team... though of course, since you are dealing with true intelligences, how they react to false data is not as easy as dice rolling...)

The trouble with tying this to Technomancers, is there are no programs or files in their 'commlink' to hack into, just a persona and the ability of the TM to talk to all those devices himself.

Thus my opinion: you can't hack a technomancer, just the hardware he's talking to independently. You can crash him, but that's it.

[hobgoblin]

[Spike]

Yeah... without memory, where does your Icon load to? :eek:

[hobgoblin]

it may be loaded but not stored. as in, the TM reads the stream of data, figures out the feedback signals and similar and basically recreates the persona in a TM compatible form...

im pulling this out of my ass btw :P

[cetiah]