Fly Hack question Options

[Abbandon]

How often does a node check for intrusion during a fly hack. The other way...says there is only 1 intrusion test. That imply's there are multiple in Hacking on the Fly..

Is there an intrusion check each time the hacker rolls on his extended test?
first roll 2 hits (intrusions test)
second roll 4 hits (intrusion test)
third roll 4 hits (breaks in) (intrusion test)

??

[Nightwalker450]

Yes, there's a check each time and they are cumulative towards breaking your stealth.

[Raij]

Both tests are extended tests. Think of it as a race. The hacker tries to hit the threshold for the hacking test, while the node tries to hit the threshold for the detection test. Each time the hacker rolls, the node rolls right behind him.

[Abbandon]

I will just add my other questions here:

#1. Ok I just have to set up this scenario and have you guys walk me through it. A team of runners sends this bad guy to a bar for a meat but while there they tell him to call them. Meanwhile one of the team strolls into the bar after he gets a go ahead from his teammates that he is actually there. No the teammate at the bar wants to locate the bad guys commlink, get the access ID, intercept his signal and see what the bad guy has on his pan and listen in on the phone call the bad guys makes after hanging up on the runners. What does the guy at the bar have to do? Assume the bad guy has his commlink encrypted??

-locate unknown hidden node (what qaulifies as a known node so its only threshold 4? knowing its a commlink or having the access ID?). What do you learn at this point? Do you learn mr bad guys acess ID or name or anything just from looking at a node? or is all that encrypted still?
-would you call for a matrix perception test to be able to get info from just looking at a node or is it readily available/encrypted?
-Decrypt node. Now you definately know his acess ID, name, sin and stuff right? Or would you call for a MPerception test now?
-intercept. Now you can see everything communicating with his commlink, but you only see whats being "said" you cant look inside the commlink to find out his schedule, files, the code to the lock on his car or house, you would have to hack your way in for that?
-last step is to start hacking or spoofing or just keep listening?

BBB says encryption may have a layer of ice on it? I have a very hard time seeing how that works. When does it activate? When you try to break encryption or when encryption is broken?? What does it need? Analyze to see it?

#2. When you locate a node, do you know where its at if its around you.

#3. How in the hell does one know they are being tracked in order to know when to run a redirect program?? Obviously thats standard op when hacking into a node. But what about when your not hacking and someone is trying to find you unbeknownst to you. It doesnt say anything about how agents/sprites(analyzing for trackers) or you would know you are being tracked.

thats all for now.... Im about to dig into agents and actual hacker vs combat, then on to drones. I've read through all this before but this is my second read through cuz im making a cheat sheet, and it all seemed pretty easy to understand this time around lol. Atleast this time I can more fully comprehend what a node is and stuff.

#4. Oh that reminds me... Are intercept tests just a threshold test or an extended test? If you dont get 3 hits you fail and you start over from scratch right?

I dont know jack about communications networks and stuff, nodes and signals seem a little backwards to me. I think it sounds more natural to find a signal and then use it to find a node. This would be cool because then you can goto a bar, scan some people next to you and spoof your signal to look like theirs. Then when somebody trys to find you they might see 2+ signals who all have the same ID, then they would have to go through and figure out which one you really are. I'd call it piggybacking. Currently you find the node first and then you find the signal... that seems a little to easy.

[Nightwalker450]

#1. Ok I just have to set up this scenario and have you guys walk me through it. A team of runners sends this bad guy to a bar for a meat but while there they tell him to call them. Meanwhile one of the team strolls into the bar after he gets a go ahead from his teammates that he is actually there. No the teammate at the bar wants to locate the bad guys commlink, get the access ID, intercept his signal and see what the bad guy has on his pan and listen in on the phone call the bad guys makes after hanging up on the runners. What does the guy at the bar have to do? Assume the bad guy has his commlink encrypted??

Ok its a known hidden node so the scan threshold is 4 (minimum), if the bar is exceptionaly crowded it could be higher. If there's only 3 other people in there, and they're all running everything public its going to be 4. You now have the stream...

Now you need to decrypt the stream (threshold excrypt x 2), this is an extended test.

Now you can apply your sniffer program (threshold 3)

You will have nothing but his communications, no access to anything you'll have to hack into his commlink for that. You can spoof things trying to pass off as one person or the other, or just settle in and listen knowing that it is impossible to catch a wireless sniffer. As to encryption having IC, wireless won't have IC, because it doesn't have a node to reside in. Encrypted files will have IC or data bombs hiding in them.

#2. When you locate a node, do you know where its at if its around you.

To save extra Matrix Perception tests, I would say yes if you are trying to intercept a signal thats across the room from you. The additional threshold on the scan program is how you make it more difficult to find the one.... On a glitch or critical glitch I might give them "a signal" but it wouldn't be the correct one. If its a random node, thats what the track program is for.

#3. How in the hell does one know they are being tracked in order to know when to run a redirect program?? Obviously thats standard op when hacking into a node. But what about when your not hacking and someone is trying to find you unbeknownst to you. It doesnt say anything about how agents/sprites(analyzing for trackers) or you would know you are being tracked.

You have no idea you are being tracked... It sucks. Whenever you're doing something maybe spend a pass to do a redirect, or if you're done and fleeing from a node, spend 2 passes redirecting. My technomancer wasn't thinking once, and wasn't doing any redirects... He's now living in a different neighborhood. Most hackers/IC/whatever will track you before engaging in combat, unless they plan on Black ICing you quick to lock your connection. But if a hacker seems like he's going to be there for a while, track then attack.

thats all for now.... Im about to dig into agents and actual hacker vs combat, then on to drones. I've read through all this before but this is my second read through cuz im making a cheat sheet, and it all seemed pretty easy to understand this time around lol. Atleast this time I can more fully comprehend what a node is and stuff.

Check out my webpage at the bottom for a Matrix cheat sheet for a list of actions and thresholds, or Knassers webpage for examples of nodes

#4. Oh that reminds me... Are intercept tests just a threshold test or an extended test? If you dont get 3 hits you fail and you start over from scratch right?

Since its only 3, I think its just a threshold test, any net hits go towards the Matrix Perception check to find you. This is only if you are intercepting within a node, so doesn't apply to wireless signals.
EDIT: I guess its not net hits over 3, its just straight hits for the Matrix Perception to locate a line tap.

[Ryu]

So let me take a shot at a few answers (we are running it freeform, check me on RAW if you want to):

Lets simplify your example first: You want to access a hidden, encrypted node. Specifically, you want to listen in on the nodes communication, and access to the nodes PAN.
1.) You are searching for a specific hidden node, so the threshold is 4, possibly increased by your GM for the number of nodes present in the bar.

2.) The node cannot be encrypted. The node is at max. in hidden mode because it is a comlink activly used for communications. Only files and connections can be encrypted, and only private nodes can be limited to encrypted communication. Yes, the book says you can encrypt a node and does not give further info. If your GM rules otherwise, you indeed decrypt. (You would do so anyway if you only wanted to intercept the signal.)

3.) Decryption gets you past encryption. Duh! You can intercept the signal of the target comlink by rolling EW+Sniffer(3). The wise move for this would be to intercept and record first, decrypt second. The way of RAW requires you to decrypt first.

4.) If you want a PAN device listing, you need to hack the comlink to get in on skinlink, DNI and wired connections. We found the node in step 1. Exploit (will require hacking on the fly unless you plan to be there several hours). RAW suggests Comlinks have only admin access (words fail me whenever I think about it), so any high-rated comlink will detect you, unless you are a TM with double-digit stealth. We have to exclude that factor first: Analyse. First hit: matrix ID (should it be needed for spoofing at some point), Second: Firewall Rating. Third: Response Rating. Assume the node has analyse running at Response. (The only information you get without analyse is what the nodes broadcast, and that may be made up). If you can likely beat

5.) Iced Encryption is not detailed by RAW. The way I would handle it: You access the file (as in "Decrypt"), the IC rolls Matrix Perception(your stealth, 1 turn). This would apply on file and node encryption only, network decryption should not be noticeable because you can intercept signals without being noticed, and decrypt those until the result is not gibberish.

6.) You apparently know the location of traced nodes - if your opposition is wireless, a general search for hidden nodes may be generate quite a bit of information on their gear.

7.) A trace is only indirectly noticeable. If IC enters your node, you should immediately analyse it. First information: Program load (no ratings). If trace is among those, you will be traced. Notice that Relocate trace does only provide a small delay (the ice will have more successes on the search than you have net hits on the relocate action), and even less of a delay if you have less IP than the IC.

8.) Intercept Signal is fortunately a success test.

I dont know jack about communications networks and stuff, nodes and signals seem a little backwards to me. I think it sounds more natural to find a signal and then use it to find a node. This would be cool because then you can goto a bar, scan some people next to you and spoof your signal to look like theirs. Then when somebody trys to find you they might see 2+ signals who all have the same ID, then they would have to go through and figure out which one you really are. I'd call it piggybacking. Currently you find the node first and then you find the signal... that seems a little to easy.

Well, you can intercept any signal without knowing one of the nodes. Those would need to have a matrix ID (no WAN without adress headers), so you could indeed copy a random ID from a present signal by spoofing it. I have great hopes and some fear for Unwired...

[Abbandon]

Since its only 3, I think its just a threshold test, any net hits go towards the Matrix Perception check to find you. This is only if you are intercepting within a node, so doesn't apply to wireless signals.
EDIT: I guess its not net hits over 3, its just straight hits for the Matrix Perception to locate a line tap.

Im sorry I should have specified, This is about a wireless intercept. I've located a node, i've decrypted it. Now Im trying to listen in on it. EW+Sniffer(3). I just have to keep rolling until i get 3 hits in one shot, or is it extended where i can get 1 hit and then 2 hit and im in.

[Abbandon]

Hey sorry ryu was typing the same time as you and didnt see your message first.

-ok both of you guys said that it would be threshold 4 because i know what im looking for? But what does my character know that makes it known. All my character knows is that one of these mofo's with a commlink is the guy. Thats all it takes? No Access ID.

-You guys didnt clear this up for me yet... When during that whole process above would I learn
A) the guys broadcasted SIN and related info
B) his access ID ( Phone # right?)

-When you are sitting there in front of a node do you know what it is a node for? A commlink, a coffe pot, a hardwired matrix point? When a commlink node say: "Billy Bob's commlink". Or is that like irrelevant, If i just look for billy bob's node and i pass the test i have found it no if's and's or buts.

[Abbandon]

- pg239 says jumping into a drone is a Complex action and on the same page its also a Simple action so which is it?

- Jamming as an attack method. I can put a directional jammer on a drone and then it can use a complex action to target other drones or nodes and try to jam them? There's no rolls involved to help it succeed? Like Pilot + EW vs targets Signal + ECCW. Each net hit improves or decreases the jammers rating for the actual jamming test. Jammer vs signal + eccw, if jammer wins node goes offline?

[Raij]

- pg239 says jumping into a drone is a Complex action and on the same page its also a Simple action so which is it?

Fixed by errata ( http://www.shadowrun4.com/resources/sr4/sr4_errata_v15.pdf )

p. 239 Jumping Into Drones [4]
The first line of the first paragraph should read:
"Riggers may also take a Simple Action"
The last line of the second paragraph should read:
"Any tests are made using the rigger’s skills plus the
Matrix/vehicle attributes of the drone."

so it's a Simple Action.

Jamming is pretty simple:

Any device with a
Signal rating less than the jamming device's Signal rating is overwhelmed.
Note that ECCM (see p. 227) increases a protected
device's Signal rating for jamming comparison purposes.

You jam something, if it doesn't have a signal + ECCM > your jammer's rating, it's out. No rolls.

[Dashifen]

#1. Ok I just have to set up this scenario and have you guys walk me through it. A team of runners sends this bad guy to a bar for a meat but while there they tell him to call them. Meanwhile one of the team strolls into the bar after he gets a go ahead from his teammates that he is actually there. No the teammate at the bar wants to locate the bad guys commlink, get the access ID, intercept his signal and see what the bad guy has on his pan and listen in on the phone call the bad guys makes after hanging up on the runners. What does the guy at the bar have to do? Assume the bad guy has his commlink encrypted??

1. First thing to do (as you indicate above) is locate the commlink. This would be an Electronic Warfare + Scan extended test with a variable threshold based on the number of other nodes in the area, how much they know about their target, and what PAN mode its running in (i.e., active, passive, or hidden). This is a test where I highly recommend using the optional rule that you can't roll more times in the extended test than the dice in your pool making it difficult to find hidden nodes from among a larger group. Personally, I'd make this threshold quite high (15+) assuming the target is reasonably paranoid about detection.
   
2. Once they've found the node, they'll need to decrypt the information they can read about it. That's a Response + Decrypt extended test with a threshold of Encryption Rating x 2 and an interval of a Combat Turn. Yes, this means that they'll be able to decrypt communications probably faster than they found said communications in the first place.
   
3. Here's where one of two things could happened depending on the GM. Some GMs might force the searching hacker to perform an "Intercept Wireless Signal" action (Electronic Warfare + Sniffer (3) test) to indicate that they've "locked-on" to the communications coming from the node they just discovered. Others might assume that by discovering the node, you've already performed enough work to intercept the wireless traffic. Personally, I'd forgo this test in the interests of time unless the express purpose of the hack was to listen in on communications (which, I notice, you did indicate above).
   
4. Getting the Access ID would be a simply Computer + Analyze test. I would combat this with Firewall (+ Stealth) if their commlink is in passive or hidden mode. With that Access ID they could spoof his traffic if they need to.
   
5. I, personally wouldn't give you any information on the guy's PAN unless you hack your way into it. Once you hack it (using the Hack on the Fly rules, probably), I'd let a Computer + Analyze test (in other words, Matrix Perception) give you information about running programs, the rating of the device, subscription lists, etc. A Data Search + Browse test would give you details about his recent email traffic, maybe his favorite hang outs, etc. If you get information about his subscription lists, you could use Tracking or Detect Wireless Node actions to try and hack his friends, if it would be important to do so.

BBB says encryption may have a layer of ice on it? I have a very hard time seeing how that works. When does it activate? When you try to break encryption or when encryption is broken?? What does it need? Analyze to see it?

I take that to mean the the Encryption might be being performed by an IC program. In other words, an Agent program with a payload of Encrypt, Analyze, and an offensive program (Attack, Blackout, or Blackhammer). This IC could detect the attempt to decrypt the signal that it's encrypting with a Pilot + Analyze against the hacker's Electronic Warfare + Stealth. Be aware, this is just my interpretation. It's left intentionally vague so that GMs can come up with interesting hacker tricks. I expect Unwired might have more clarity, but until then, this is how I've run it in the past.

#2. When you locate a node, do you know where its at if its around you.

If you Track it (p. 219, SR4) you can find out information about it's location.

#3. How in the hell does one know they are being tracked in order to know when to run a redirect program?? Obviously thats standard op when hacking into a node. But what about when your not hacking and someone is trying to find you unbeknownst to you. It doesnt say anything about how agents/sprites(analyzing for trackers) or you would know you are being tracked.

I usually run it as a System (+ Analyze) test. This would represent the system of the device realizing that someone is attempting to track it. The threshold for this test is the Hacker's Stealth rating and I accumulate hits just like Hacking on the Fly. Thus, it's possible for a hacker to track a target before the target becomes aware of the track depending on (a) the rating of the Hacker's Stealth program and (B) the DP for the hacker's Track action.

#4. Oh that reminds me... Are intercept tests just a threshold test or an extended test? If you dont get 3 hits you fail and you start over from scratch right?

It's a success test with a threshold of 3. If they fail, they can try again, but remember the rules on p. 59 which state:

Just because a character has failed a test doesn't means she has no hope of ever succeeding. A character may attempt a task she has previously failed, but each successive attempt incurs a -2 dice pool modifi er. A magician who has failed twice to summon a spirit, for example, can try again with a -4 modifier.

If the character takes the time to rest for a sufficient period (anywhere from 5 minutes to 1 hour, as the gamemaster decides), the negative modifier no longer applies and the character gets a fresh start.

I think it sounds more natural to find a signal and then use it to find a node. This would be cool because then you can goto a bar, scan some people next to you and spoof your signal to look like theirs. Then when somebody trys to find you they might see 2+ signals who all have the same ID, then they would have to go through and figure out which one you really are. I'd call it piggybacking. Currently you find the node first and then you find the signal... that seems a little to easy.

It's only easy if the node isn't hidden and protected. Then, the threshold for the Detect Wireless Node test should be 15+ as indicated in the book. Thus, it might not be possible for a hacker to find the target node before they run out of rolls, unless you don't limit the number of rolls in the extended test.

Reason for edit: Clarification of Thresholds and Grammar

[Dashifen]

You guys didnt clear this up for me yet... When during that whole process above would I learn
A) the guys broadcasted SIN and related info
B) his access ID ( Phone # right?)

I think my post above clears this up, but I thought I'd make sure: I wouldn't give you any identifying information about the guy's system until you've detected the node and decrypted it. This doesn't require an Intercept Wireless Signal action as that's specifically to learn about the traffic on the node, not the identifying parameters of the node.

When you are sitting there in front of a node do you know what it is a node for? A commlink, a coffe pot, a hardwired matrix point? When a commlink node say: "Billy Bob's commlink". Or is that like irrelevant, If i just look for billy bob's node and i pass the test i have found it no if's and's or buts.

I use glitches during detection tests to point hackers at the wrong target. Sort of like false positives during a search. However, whether or not a commlink (or device) responds to a request for information is largely dependent on it's current PAN mode. Someone in Active mode would probably respond with a short message indicating that you've connected to the right node. However in passive or hidden mode, that may not be the case. Since this bad guy is in a public area and, conceivable, being careful about detection, he's probably running hidden. In that case, I'd require a Computer + Analyze vs System (+ Stealth) to determine if you've acquired the right target. If it's a simply device like a toaster, then I'd forgo the Opposed Test and just make it a Success test with a threshold of 1.

[Nightwalker450]

Hey sorry ryu was typing the same time as you and didnt see your message first.

-ok both of you guys said that it would be threshold 4 because i know what im looking for? But what does my character know that makes it known. All my character knows is that one of these mofo's with a commlink is the guy. Thats all it takes? No Access ID.

-You guys didnt clear this up for me yet... When during that whole process above would I learn
A) the guys broadcasted SIN and related info
B) his access ID ( Phone # right?)

-When you are sitting there in front of a node do you know what it is a node for? A commlink, a coffe pot, a hardwired matrix point? When a commlink node say: "Billy Bob's commlink". Or is that like irrelevant, If i just look for billy bob's node and i pass the test i have found it no if's and's or buts.

If you do not know which guy in the bar is the bad guy, then the threshold is 15. Otherwise you know its the third guy setting from the end. You're simply looking at signals around him till you find the one that is actually connected to him. He's obviously having an AR conversation with someone else, so of those connected to him, you need one that is carrying alot of information out of this room. The low ones are not actively in use, and the ones that don't extend out of the bar are probably him looking at the drink menu, or the newspaper. This is of course all fluff, and just painting the picture of how scan works. The adjusted threshold is used to handle this over abundance of information.

If he's running in public mode, then you have his SIN information at least as much as he wants known, and then your scan threshold drops. If he's running private or hidden then you will need to crack his commlink first, though you will probably have his Comm # just on the scan, since you have found the node. Perhaps run a Matrix Perception to get the commlink number off a node (with threshold based on operating public/private/hidden), would probably be a better way to go about it.

[Abbandon]

Thanx guys.

-about the pan info. If I intercept his wireless transmissions, I should be able to see what all his commlink is talking to just from the info passing through the air. I know its not as much as hacking his commlink and seeing everything first hand, including the stuff he has skinned and any other things but its something.

-tracking. Yes you can go the tracking route but thats more of a Im on this side of the planet and the target is on the other side. And you narrow it down to within 50 meters. Im talking about ok im standing in front of a building facing the street and I locate a node with my own commlink's signal range. Theres no way to tell if its to my right or my left? I do not like that section of tracking. I think it should be super easy to triangulate node positions no matter your proximity. Agents can open multiple nodes.... hmmm.

[Dashifen]

about the pan info. If I intercept his wireless transmissions, I should be able to see what all his commlink is talking to just from the info passing through the air. I know its not as much as hacking his commlink and seeing everything first hand, including the stuff he has skinned and any other things but its something.

If you intercept transmissions you can get any information that is transmitted. So you'd be able to listen in on commcalls, you could probably see if he's browsing for data on the Matrix, maybe even detect if he's running a scan of some kind on the room. It is less information that a full hack, but you're right: it's better than nothing (IMG:style_emoticons/default/biggrin.gif)

tracking. Yes you can go the tracking route but thats more of a Im on this side of the planet and the target is on the other side. And you narrow it down to within 50 meters. Im talking about ok im standing in front of a building facing the street and I locate a node with my own commlink's signal range. Theres no way to tell if its to my right or my left? I do not like that section of tracking. I think it should be super easy to triangulate node positions no matter your proximity. Agents can open multiple nodes.... hmmm.

I disagree ... I always though of track as a triangulation. That or, alternatively, of following a signal to its origin and then triangulating your own from there. Either way, trigonometry is involved somewhere!

[Nightwalker450]

No rule for this, but if you just want to physically trace a signal (assuming you're connected to it directly and its not being bounced through routers and repeaters), then I'd probably let someone make a significantly reduced tracking check. Probably threshold 5 to get general direction, and another threshold 5 to get distance. These are just numbers thrown out.

Everyone hops in the jeep and takes off, hacker tracing for direction, while every now and then checking to see if you're closing the distance. That could be pretty nifty if you want to hunt down a hacker or person who's moving, vs setting VR simmed in an apartment. The two commlinks would have to stay within the (lowest of the two) signal range, or you'd loose it. Hacking car chase..

[Abbandon]

Ok I got some good questions now.

-Is there any problem with encrypting a node, and encrypting files within that node? Or do you guys do the all or nothing? If you allow encrypted files within an encryption then what about individual files?? Each transmission going out from your commlink?

-First Example is a Drone. Ok I located a node, I hacked into the node, I Data Search + Browsed and found the user accounts. Now I can just Hack + Edit and change the admin to me?? There is nothing to stop me? Even if an agent/sprite spots me editing the account whats it gonna do? I could then try to sever the agent/sprites connection with a firewall+system vs hack +exploit test?? Do I replace firewall or system with my own attributes? Or do i just give that command to the node and it does it.

-What if im hacking a system. Once I find the user accounts. Is there anything beyond a simple hack + edit test to prevent me from adding/deleting security or admin level accounts? Do you guys turn that into an extended test? Against what? Is that auto-shutdown?

[Nightwalker450]

Ok I got some good questions now.

-Is there any problem with encrypting a node, and encrypting files within that node? Or do you guys do the all or nothing? If you allow encrypted files within an encryption then what about individual files?? Each transmission going out from your commlink?

-First Example is a Drone. Ok I located a node, I hacked into the node, I Data Search + Browsed and found the user accounts. Now I can just Hack + Edit and change the admin to me?? There is nothing to stop me? Even if an agent/sprite spots me editing the account whats it gonna do? I could then try to sever the agent/sprites connection with a firewall+system vs hack +exploit test?? Do I replace firewall or system with my own attributes? Or do i just give that command to the node and it does it.

-What if im hacking a system. Once I find the user accounts. Is there anything beyond a simple hack + edit test to prevent me from adding/deleting security or admin level accounts? Do you guys turn that into an extended test? Against what? Is that auto-shutdown?

Encryption as long as its running covers everything. I don't think there's any Encryption over Encryption.

As long as you hack into the drone with Admin status (+6 threshold) which would have access to admin records than yes.

Agent or Sprite wouldn't have a connection, since it would be loaded onto the node, you'd have to crash it.

The drone will operate on its own Firewall and Pilot (System equivilant), even after you hack it. Its trying to sever the connection, not your commlink, so you would also command the node.

Hack + Edit would be adding or deleting...
Everything past this is my own idea on rulings, take it or leave it
...hits would probably be the threshold for a Matrix Perception to notice the alteration. Once found it would probably be deleted. Most systems will probably run routine log checks to find inconsistancies, so this might only stay open for a day or two at most when hacking into a corporation. A drone, once you get a hold of it, you can perform the proper formatting, reloading, whatever to make it permanently your own (don't forget to remove the RFID's). A commlink you might be able to stay on for days or even weeks before it would clean. [/Non-Canon]

[Dashifen]

Is there any problem with encrypting a node, and encrypting files within that node? Or do you guys do the all or nothing? If you allow encrypted files within an encryption then what about individual files?? Each transmission going out from your commlink?

Depends on the table, the group, and the game. There's certainly no reason you couldn't do this. You could also say that everything is individually encrypted, but the idiot security hacker encrypted it all with the same key which would mean that it's an all-or-nothing situation. But, for more (or better) security, you could encrypt different portions of a system with different keys (essentially different passwords for different important documents) and then force invading or snooping hackers to perform multiple decrypt actions. About the only thing I wouldn't do would be to have multiple encryptions on the same file since it's starting to get silly at that point and the rest of the players might be tired of watching the hacker roll dice.

First Example is a Drone. Ok I located a node, I hacked into the node, I Data Search + Browsed and found the user accounts. Now I can just Hack + Edit and change the admin to me?? There is nothing to stop me? Even if an agent/sprite spots me editing the account whats it gonna do? I could then try to sever the agent/sprites connection with a firewall+system vs hack +exploit test?? Do I replace firewall or system with my own attributes? Or do i just give that command to the node and it does it.

I would say this depends on the access level that you hacked at. A normal User may not be able to edit the drone's subscription list and change its admin accounts around. I probably wouldn't even let a Security account do this. What your describing is an administrative action and, thus, would incur a +6 to the hacking threshold. A good hacker will still get in, but probably not before an alert is fired. Plus, I'd block the edit test with the a Firewall (+ Analyze) test, personally, indicating the fact that the system will try to protect such an important resource. Similar to how Windows will warn you if you try to modify a read-only file. Don't forget that if an Alert was fired, the Firewall gets a +4 modifier. That makes editing the accounts a little harder.

If the system spots your edit, it could stop the edit from happening. It's definately going to alert the rigger who runs the system. If an alert had not previously been in place, the system would go on alert. The rigger controlling the drone would probably log on and do his best to defend his system. And, since you've hacked into the node, he could engage you in cybercombat if he can find you. Hell, if he's smart, he engages you in cybercombat in one node while telling his Agent to track you back to other nodes in which you're active and then jumps you there, too. This is really bad news for the average hacker (even the exceptional hacker) since you can only act within one node at a time but you can get attacked in multiple nodes at once. I've dumped a few hackers off the matrix with this little trick. I've yet to get my current Technomancer character with it, but then again doing so might also kill the TM so I'm a bit conflicted about how nasty to be.

If you successfully get control of the drone and wrest it away from its owner, you wouldn't replace its attributes with your own. Drones, as independent devices, have their own Matrix attributes. Usually, for "normal" drones, their device rating is 3. Security/Military drones have a device rating of 4. Plus, Arsenal and SR4 provide guidelines for upgrading these systems for safer or more secure drones. Regardless, the attributes would stay the same and you could command the drone exactly as if it were your own.

What if im hacking a system. Once I find the user accounts. Is there anything beyond a simple hack + edit test to prevent me from adding/deleting security or admin level accounts? Do you guys turn that into an extended test? Against what? Is that auto-shutdown?

This is mostly up to the GM of your game. Again, I'd require the hacker to have hacked Administrative user access (+6 to the hacking threshold) and then I'd require them to edit the files appropriately. If they get away with this, then they could have created a legitimate account for them to use and potentially even cut out other users of the system. However, I would at least consider the possibility that there are Agents (or maybe event Sprites or AIs, depending on the game) that would have access to some devices in the system and would periodically connect to a device to see its status. If you cut off that access, its conceivable that a person would go to the device to perform service on it. In other words, I probably wouldn't let this sort of hack last forever. It's a good idea for a short term need, but eventually someone is going to notice that they no longer have access to the device and take steps to solve the problem.

[Abbandon]

Cool, cool. Guess im a sexpert now on the matrix!!!!

[Nightwalker450]

Everyone is (IMG:style_emoticons/default/grinbig.gif)

Thats the (dis)advantage to the matrix rules, they're so ambiguous everyone is an expert.

[Fortune]

I'm not! (IMG:style_emoticons/default/frown.gif)

[Abbandon]

Ok i think i found the hard part to the matrix lol. All the tests and what not are a piece of cake to actually figuring out how persona's and programs interact with nodes.

Hmmm ok first lets talk about persona's, programs, node/systems and response.( dont worry, no im not gonna ask about death spiral.)

Lets give our hacker R4 across the board on his commlink and programs.
1 agent: Pilot 4, Firewall= pilot 4, Response = system's response, System = Pilot 4
Our node/system will have Response 4, Signal 4, Firewall 5, and System 3. (is signal even worth mentioning for systems/websites?)
1 IC: Pilot = system 3, Firewall= pilot/system 3, Response 4

Ok..Our hacker easy breaks his way into the system unnoticed or atleast it appears that way. He was running Exploit 4 and Spoof 4(redirect) which is only two programs so no drop to his Response. Those programs are running off his commlink so they have no effect on the enemy system right?? The system has IC though and even though it hasnt spotted our hacker*wink* it does affect the enemy system. It is running Analyze 3 and Track 3 and isnt affecting anything.

Our hacker wants to dump his agent in the system and let it get its freak on so.... he spends a complex action and loads:
1 Agent(garbageman)
Browse 4
Sniffer 4
Edit 4
Analyze 4

Our hacker also takes a free/simple? action and unloads Exploit and Redirect. Our agent is in the node so he doesnt count towards our hacker. We are running 4 programs so the hackers response drops to 3. 4 programs = system = -1 response.

Garbageman right off the bat is Pilot 3, Firewall 3?(its software?), and response 3.
After it copies our 4 active programs it becomes:

Garbageman: Pilot 3, Firewall 3?, Response 2 (4 programs> system = -1) and has the programs:
browse 3
Sniffer 3
edit 3
analyze 3

I guess our hacker shoud load up Command, Attack, and Armor also..that only brings his total programs up to 7 so he still is only at -1 response or 3.

Now garbageman the IC and the hacker are all on the same node but it doesnt effect the systems reponse because the hacker is running off of the system, so that only leaves 2 other programs which is less than the system of 3. But if there was another ic program or our hacker loaded another agent it would make the whole system drop to response 3, possably alerting the system but forget that...

Hacker Commands garbageman to start seeking out employee accounts and to start wiping them out randomly(we hacked in with security/admin clearence).

Garbageman fly's off and starts browsing sniffing and deleting employee accounts

Hacker begins to analyze the IC in the node....................................
-------------------------------------------------------------------------------
Is that all right so far??
-Does Firewall and system of an agent/sprite get limited by the node's system rating?
-If Hacker unloads, browse, sniffer, edit, and analyze that means the agent can not longer tap into those programs right?
-It doesnt matter what node your agent is in he always has access to the programs you have loaded up?
-Wait how does that work when you leave an agent online and you log off ?? Shouldnt he lose all of his programs?
-Agents that you unload onto a system, those are actually copies of the main agent program right? It doesnt matter if they get destroyed or whatever? Wouldnt it be stupid to leave them behind, couldnt they be used to track you down or is that only when you are online?
---------------------------------------------------------------------------------------------

Next up are drones.....the stats of a Lonestar I-ball are:
Pilot 3, body 1, armor 0, sensor 2....these are stats for moving around and controlling it...
Inside the drones node though it would look like........
Pilot 3, System 3, Firewall = pilot 3, Response??

I figured out where firewall attribute comes from but where do you find out their Response? Do you go across the board?

[Nightwalker450]

-------------------------------------------------------------------------------
Is that all right so far??
1-Does Firewall and system of an agent/sprite get limited by the node's system rating?
2-If Hacker unloads, browse, sniffer, edit, and analyze that means the agent can not longer tap into those programs right?
3-It doesnt matter what node your agent is in he always has access to the programs you have loaded up?
4-Wait how does that work when you leave an agent online and you log off ?? Shouldnt he lose all of his programs?
5-Agents that you unload onto a system, those are actually copies of the main agent program right? It doesnt matter if they get destroyed or whatever? Wouldnt it be stupid to leave them behind, couldnt they be used to track you down or is that only when you are online?
---------------------------------------------------------------------------------------------

1-Firewall is never limited by system. Agent's have their own system rating that I believe is only limited by the response of the node. So you could have a much higher rating agent on a lower rating system (never thought about that before... but it works)

2-If those programs are loaded into the agent, the agent has access to them, and will take them to the node with him. But the hacker wouldn't have access to them... At least from a basic reading of the book thats what it looks like since otherwise the part of having to pirate software wouldn't make much sense.

3-He has access to the programs loaded in the agent.

4-Again, programs are loaded into the agent, he has them, not you.

5-There can be only 1, unless you take the time (and your GM allows you), to copy the agent through pirated software... IE Agent Smith. The can only be used to trace you if they are constantly feeding you data. If you load them and tell them to run locally and wait for your return, there is almost no connection to you... Of course if you bought said program, it probably has registration codes/ids that could be used to find out who purchased the software. Just as leaving your car at a run site would probably be a bad idea.

6-For the I-ball, assume Response is equal to Pilot, since Pilot cannot exceed Response. Though combat drones I believe should have a Response (Device Rating) of 4. These would only include drones that come with weapon mounts already equipped, and some military vehicles.

[Dashifen]

Lets give our hacker R4 across the board on his commlink and programs.
1 agent: Pilot 4, Firewall 4, Response = system's response, isnt their a fourth attribute?

A pilot's System rating is equal to its Pilot. So in this case, your Agent has 4's across the board with the exception of its Response which is equal to the Response of the system on which it's running. 'Course, if it's running on your commlink, then that would be 4 (IMG:style_emoticons/default/biggrin.gif) .

Our node/system will have Response 4, Signal 4, Firewall 5, and System 3. (is signal even worth mentioning for systems/websites?)
1 IC: Pilot = system 3, Firewall 3, Response 4

Signal is important for determining if a person is within range to hack. With a Signal of 4, the character could be out of range or might have to hop from his own node to another node and then finally to the target node (or more hops limited only by one's subscription limit). 'Course, this becomes dangerous if you're tracked since you could be assaulted in any one of those nodes.

Ok..Our hacker easy breaks his way into the system unnoticed or atleast it appears that way. He was running Exploit 4 and Spoof 4(redirect) which is only two programs so no drop to his Response.

I'm not sure if you meant Spoof or if you intended to mean Stealth. When hacking, the threshold to be noticed by the node you're hacking is the rating of the hacker's Stealth program. Thus, you'd really, really, really want to run it while hacking in and probably thereafter. Plus, you can only perform a Redirect Trace operation during an active track of your system, so trying to do it while your hacking doesn't make sense in this case.

Those programs are running off his commlink so they have no effect on the enemy system right?

Correct.

The system has IC though and even though it hasnt spotted our hacker*wink* it does affect the enemy system. It is running Analyze 3 and Track 3 and isnt affecting anything.

That also seems okay, but since the hacker wasn't running Stealth, above, it is highly likely that the IC has found him.

Our hacker wants to dump his agent in the system and let it get its freak on so.... he spends a complex action and loads:
1 Agent (garbageman) [Browse 4 Sniffer 4 Edit 4 Analyze 4]

Our hacker also takes a free/simple? action and unloads Exploit and Redirect.

Unloading a program is a simple action. The book refers to it as a "Deactivate Program or Agent."

Our agent is in the node so he doesnt count towards our hacker. We are running 4 programs so his response drops to 3. 4 programs = system = -1 response. Garbageman right off the bat is Pilot 3, Firewall 3?(its software?), and response 3.

Yup. Agent Firewalls are equal to Pilot. (IMG:style_emoticons/default/biggrin.gif)