Alternate Hacking Systems, Post your own! |
Alternate Hacking Systems, Post your own! |
Apr 29 2010, 03:11 AM
Post
#76
|
|
Moving Target Group: Members Posts: 588 Joined: 26-February 02 Member No.: 227 |
The problem is much more in getting all those hardware OTPs distributed; that brings us to Johnny Mnemonic-land. Quantum mechanics can help with that. It is possible to transmit quantum information over a fiber optic cable in such a way that any attempt to eavesdrop will be quite apparent. That is ideal for exchanging OTPs; in fact, such a system is called "quantum encryption". This has recently been demonstrated at lengths of 30km. It is also possible to do wirelessly, with very short (but demonstrated) ranges. |
|
|
Apr 29 2010, 03:56 AM
Post
#77
|
|
Immortal Elf Group: Members Posts: 10,289 Joined: 2-October 08 Member No.: 16,392 |
Its because observing the data stream changes it. I believe it's still readable on the receiving end, but you know its been tampered with.
|
|
|
Apr 29 2010, 04:06 AM
Post
#78
|
|
Moving Target Group: Members Posts: 588 Joined: 26-February 02 Member No.: 227 |
Exactly. So, somebody sends you a one time pad using such a system. Since you know nobody observed it in transit (if anybody has observed it along the way, you don't use it), you know that only the sender (and anybody the shared a copy with) and you have a copy. Just like using a data courier, only without that silly (and unreliable) wetware.
Now you have a nice pair of OTPs to use for (unbreakably) secure communications. |
|
|
Apr 29 2010, 09:16 AM
Post
#79
|
|
Runner Group: Members Posts: 3,009 Joined: 25-September 06 From: Paris, France Member No.: 9,466 |
Personally, I explain the possibility of secure transactions with the SR4 encryption rules by considering that to successfully compromise the transaction, the hacker would need:
* To find the commlink/signal (this can be done before the transaction takes place) * To successfully decrypt the signal * To use an intercept action on the signal (according to RAW, you can't intercept a signal before decrypting it). All this before the transaction is over. Since most transactions will take a few milliseconds, most hackers won't be able to have all this done in time. As for the rest of the bank systems, they aren't completely secure, but they are aware of this and they have ways to track down a hacker who would steal money. Just like you can steal physical money from a bank, you can steal it by the Matrix. In both cases, the biggest difficulty will be to avoid getting caught and still be able to use your money. When you think about it, today's banking system isn't very secure: PIN codes are 4 numbers long and can be cracked easily, YES card or other exploits can be done quite easily and compromised bank accounts access are sold everyday in black markets. Though, the banking system still works... Well it has problems but not because of hackers. |
|
|
Apr 29 2010, 01:27 PM
Post
#80
|
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
also, transactions will be bank to bank, with the actions out in the field basically being the same as one party calling his bank and saying "this is joe, transfer x to account y" then the other party "hi, this is carl, can you give me the recent transfers from account z?". The banks keep a log of all this at each end, and if any customer complains, they can roll back whenever.
and credit companies are similar, they can basically erase the false uses, and then if the sums make a big enough bite into their balance sheet can start to track the person who did the fake uses down. And with just about anything having a RFID and a datatrail, that can be easy unless the person got the money out as certified cred, and then converted that into diamonds or something else without a RFID (tho i guess diamonds could just as easily have some kind of serial engraved using nanites in SR). Basically, the trick with tricking banks and credit companies, as with anything else, is to stay below radar. Biggest mistake is to grab a platinum card and then go out and buy a jaguar on the spot. Thats like bin laden going on world tv live and giving out his exact gps location... |
|
|
Apr 29 2010, 05:39 PM
Post
#81
|
|
Runner Group: Members Posts: 2,899 Joined: 29-October 09 From: Leiden, the Netherlands Member No.: 17,814 |
Okay, that quantum encryption bit was an interesting read. So it appears that I can justify secure encryption and communication existing. The question is: how secure can it get without making hackers less playable?
Thereotically, data can be encrypted in a provably secure format. However, the really secure methods for two parties to establish a shared OTP aren't terribly fast; both Kish and Quantum take some time. This is fine for a lot of purposes, like transferring business data. However, some communications need a lot more speed. Particularly high-density communications where response time is important. Like controlling drones or live simsense (rigging, VR hacking). This can still be encrypted, but it's not unbreakable. I'm toying with the idea that a brain-computer aggregate would be capable of solving problems that are quite hard for normal computers. This will of course involve some handwaving, especially in the choice of what exactly human brains contribute, and what applications that leads to. I'm thinking that pattern recognition and ambiguity handling and abductive reasoning would be plausible contributions a human brain can make to a computer. This could then be used to justify the importance of hackers over agents; brain+computer would be able to outwit pure computers in cybercombat for example. Maybe brain+computer aggregates will also be surprisingly good at cryptanalysis. After all, canon fluff states that the earliest cyberdecks demonstrated that the new technology made all previous security obsolete.. |
|
|
May 1 2010, 02:26 AM
Post
#82
|
|
Moving Target Group: Members Posts: 110 Joined: 22-February 10 Member No.: 18,190 |
I didn't read the thread, so I may be reiterating some previous ideas. I apologize if I am. This is also a basic overview, not a finished system. It still obviously needs work.
Cinematic Hacking in Shadowrun Why? Because nobody but computer geeks really care about the intricacies involved in hacking. They want a system that is quick, that meshes with the game, allows for a dedicated character to shine, and is interesting. Instead of even concerning yourself with matrix topology, let's abstract everything out to a cinematic level and not concern ourselves at all with the actual elements of hacking & programs. The System Anyone who has played Spycraft will be very familiar with this system. Hackers have commlinks and all necessary programs needed to hack. Commlinks have a rating of 0-6. The rating of the commlink is an amalgam of hardware and software. This is a dice pool modifier to the hacker. All commlinks, nodes, servers, and any other location a hacker can "visit", contains either an agent or a spider/enemy hacker. Nodes/servers have ratings of 0-12 (which function exactly like a commlink rating). The agent running on a node also has a rating of 0-12. Combining the node and the agent (or the commlink/server + spider's hacking pool) equal your base hacking pool. For purposes of technology level, assume that a rating of 6 is state of the art for consumers. Progress for the hack is measured in terms of "authority points". These are arbitrary measurements that reflect a user's control and initiative in the hacking "war". There is always an offensive party and a defensive party in every hack. The defending party starts combat by rolling either it's rating in the case of an agent, or logic + hacking in the case of a person. The defender gains this many "authority points" to begin with. Example: Twitch needs to hack a security door node in the local Renraku corp HQ, and security is tight. He connects and before combat begins, the agent (rating 5) rolls its rating- 5 dice, and comes up with 3 successes. The Agent therefore starts the combat with 3 "authority" points while Twitch has zero. There is a list of offensive and defensive actions that can be taken. At the start of each round, before any initiative passes, the hackers involved in the hack each select one offensive and one defensive action from the list and reveal it at the same time. Cross referenced, each action will impact the dice pool of the opponent. Example: Twitch is hacking a node, and at the start of the turn decides he's going to open up with an "Overflow Buffer" attack. The node (gm) has decided to open with a firewall defense, which is specifically designed to counter the buffer overflow. Cross referencing, Twitch gets a -4 penalty to his dice pool, and the agent gets a 0 modifier. Both the agent and Twitch then add their node/comlink rating to their dicepools and roll. Whoever achieves the most successes is assumed to have successfully performed their ability. Resolve the text of the ability to adjust authority points. In the event of a tie, the defender gains a single Authority Point. Example: Twitch rolls his dice pool and comes up with 2 successes. The Agent rolls 4 successes, meaning he successfully enacts the Firewall defense. The text says that the agent starts closing off communication points, strangling the ability of the hacker to attack the node at all. The defender gains 2 Authority Points for completing this maneuver, plus 1 Authority point for every 2 net successes. This means that the Agent gains 3 Authority points, giving him a total of 6 Authority points Note that some maneuvers require a difference of X number of Authority points. For example "pwn the system!", where you shred the defenses of the network and the entire system is laid bare to you, ending combat and giving you full, free access to the network, requires you to have 15 or more "authority points" than the rating of the node/commlink/server. Conversely "Dumpshock!", which cuts off the hacker and inflicts a point of stun damage per 2 Authority points requires 15 more points than your opponent. Some actions require a narrower range: Example: "Break it off!" immediately and safely ends combat with the defender. Requriement: Defender may not have more than 5 more Authority points than you do. At the end of the "hacking" turn, both the defender and attacker have the ability to spend Authority Points. To manipulate the system in some way, the hacker needs to spend a number of Authority points equal to the node/commlink rating. There is no limit to how many times you can spend authority points in one turn, so long as you have the points to do so. This represents you spending some of your initiative and attention on achieving an immediate, short-term goal. Example: Several rounds later, Twitch has gained 6 Authority points, and the Agent has 9. The Agent has the "Black Hammer" attribute, which means it can spend 1 Authority Point at the end of every hacking round to inflict 1 point of physical damage on Twitch. It does this, spending 3 Authority points and inflicting 3 physical. Twitch, however, needed to only force a door open so his team could get through it. He spends 5 Authority points to manipulate the node controlling the security doors, and forces the doors in this area to unlock. Next turn he can try to "break it off!" and log out of the system before things get worse. After this round, the normal combat round occurs for the rest of the team. Augmented Reality If a hacker is using Augmented Reality, s/he may still participate in the "meat" round, at a cost of 2 Authority Points per turn, representing a yielded initiative. At the GM's discretion, a -2 dice penalty may be imposed on the hacker during his "meat" actions for multi-tasking (almost all combat or active skills should receive this penalty, but a person could generally walk, carry a slightly distracted conversation, dial in a passcode, possibly search a small area for something obvious, etc). You choose at the start of each turn if you want to be in AR or VR, but don't pay the points price until the end of the hacking phase. You may never have less than zero Authority Points, so at 0 you may hack in AR without penalty. VR & Hotsim VR prevents the hacker from acting in the meat world, but the up shot is that the hacker doesn't pay that 2 Authority Point penalty each turn. If a hacker decides to go hotsim, a further +1 (or maybe 2) dicepool modifier is given to the hot-simmed hacker. However, VR opens up a hacker to stun damage, and hotsim opens up a hacker to physical damage. Black & Grey ICE In AR, a hacker is immune to stun & physical damage from ICE. In VR, a hacker can receive stun damage, soaked as normal. Also, in rare circumstances, physical damage can also impact a VR user. The rating of the commlink represents "armor" in the form of safety circuits in the simrig. The commlink subtracts it's rating from any incoming physical damage before being applied to the user. In hotsim, physical damage goes straight through to the hacker: the commlink does not "soak" the physical damage beforehand. Agents While hackers have the full gambit of offensive/defensive attributes to cull from, agents generally are only defensive, and have a limited number of maneuvers available to them. They will always have the ability to monitor the hacker, which results in either 1 Authority point per turn, but effectively rolls a 0-net success on all hacking contests, or can roll agent + node rating as a maneuver. Otherwise, agents have a number of defensive maneuvers equal to their rating. These can either be pre-determined (commercial agents are often well known for their defensive packages), or randomly drawn (hackers of varying talents cobble together defensive suites, leading to a lot more uncertainty). Agents also are assigned Authority Abilities. Stun, Trace, Slow, Black Hammer, etc... all cost varying amounts of Authority Points. For 10 authority Points, an alert can be issued by an agent, which can do 1 of 2 things. 1) It can alert a Spider, who will instigate cyber-combat in D6 rounds. This is a silent alert that the hacker has no knowledge of. 2) If no spider is available, each node that triggers an alert will add it's rating to the number of starting Authority Points that the defender receives for all further hacks in that network, until the alert is canceled. Custom Code It's generally assumed in most hacks that the hacker is whipping off code bits assembled quickly from libraries of exploits, worms, viruses, and other nasty tricks. However, with dedicated effort, you can create a big gun. Custom Code has a rating of 1-6, and represents an especially nasty virus or exploit you've discovered and "weaponized". It's extremely potent (adding dice to your dice pool for the duration of combat), but is time consuming to create. Creating custom code is an extended test, 1 month in duration, and has a threshold of rating x 3. Most agents are adaptive in nature, and analyze exploits used by intruders. Corporate, commercial agents usually submit their defenses to a global database run by the Corporate Courts, sharing intrusion data and bolstering defenses under the concept that there is safety in numbers. Hackers who code their own agents can use this if they subscribe for a nominal fee. Any agent who does not have the attribute of "Isolated" is tied into this system. The first time you use custom code, it works at it's appropriate rating for the duration of that single combat. However, the agent is recording and uploading, in real time, heuristics about your attack, and the database updates itself with counter-tactics, who then download the appropriate defenses back to all subscribers. In game terms, after your first use of custom code, every combat that you use your code the agent gets to roll it's rating in dice. Every two hits (rounded down) reduces, permanently, your custom code rating by 1. At rating 0 the code becomes useless: it's been used too many times in the wild and any agent subscribing to the database can adapt to your exploit. Custom code can not be maintained, upgraded, or enhanced in any way at all. Think of it as the cyber equivalent of a clip of highly powerful ammunition. ------------------------- That's just off the top of my head. Any thoughts? |
|
|
May 1 2010, 03:22 AM
Post
#83
|
|
Immortal Elf Group: Members Posts: 10,289 Joined: 2-October 08 Member No.: 16,392 |
....That looks pretty nice.
I remember glancing over Spycraft once and recall the "Authority Points" mechanic. |
|
|
May 1 2010, 06:35 AM
Post
#84
|
|
Moving Target Group: Members Posts: 110 Joined: 22-February 10 Member No.: 18,190 |
....That looks pretty nice. I remember glancing over Spycraft once and recall the "Authority Points" mechanic. It was actually the chase system and was measured in "lead", which wasn't individually tracked. The idea of allowing a hacker or agent to spend "authority" to achieve short-term goals instead of having to completely hack each node each time speeds up the time spent hacking. |
|
|
May 1 2010, 10:08 AM
Post
#85
|
|
Runner Group: Members Posts: 2,899 Joined: 29-October 09 From: Leiden, the Netherlands Member No.: 17,814 |
Interesting.. I'm gonna let this sink in, it's working in a fairly different direction than I was thinking. Maybe I'll borrow my friend's spycraft book to cehck up their system, since apparently they had a bright idea there.
|
|
|
May 1 2010, 04:27 PM
Post
#86
|
|
Immortal Elf Group: Members Posts: 10,289 Joined: 2-October 08 Member No.: 16,392 |
It was actually the chase system and was measured in "lead", which wasn't individually tracked. The idea of allowing a hacker or agent to spend "authority" to achieve short-term goals instead of having to completely hack each node each time speeds up the time spent hacking. Exactly. |
|
|
May 2 2010, 12:57 AM
Post
#87
|
|
Moving Target Group: Members Posts: 258 Joined: 31-January 08 Member No.: 15,593 |
I like the concept above. How would multiple IC/Hackers/Agents work. What if they add their authority together, creating a teamwork.
|
|
|
May 2 2010, 01:07 AM
Post
#88
|
|
Running Target Group: Members Posts: 1,263 Joined: 4-March 08 From: Blighty Member No.: 15,736 |
Dixie,
Why wouldn't a network want to have all of its nodes with active alerts 24/7? With 5 rating 3 nodes on constant alert, anything that is being hacked automatically has 15 Authority Points and Dumpshock!s the hacker. If 15 AP is insufficient, then just add more nodes on constant alert. |
|
|
May 2 2010, 01:28 AM
Post
#89
|
|
Moving Target Group: Members Posts: 312 Joined: 3-March 10 Member No.: 18,237 |
Pretty decent, might give it a shot sometime
|
|
|
May 2 2010, 01:44 AM
Post
#90
|
|
Moving Target Group: Members Posts: 110 Joined: 22-February 10 Member No.: 18,190 |
Dixie, Why wouldn't a network want to have all of its nodes with active alerts 24/7? With 5 rating 3 nodes on constant alert, anything that is being hacked automatically has 15 Authority Points and Dumpshock!s the hacker. If 15 AP is insufficient, then just add more nodes on constant alert. Cinematics. You're asking too many questions. Trust me, I agree with you in common sense. But I threw common sense totally out the door and went with cinematics. The chase system I adapted hacking from has a maneuver in it called "That's Impossible!" that pretty much says "You get to defy the laws of physics and reality for one turn. Have fun thinking up something." Reality intentionally is left by the wayside. The idea of an intrusion alert provides a "the clock is ticking" trade-off for the hacker, and an option for the GM if the hacker is totally outclassing his agents. Also, I didn't develop the rules enough, nor have I playtested them. I might say that after a dumpshock, the alert is canceled or something similar. The concept is to give you a penalty for faffing about or biting off more than you could chew. I'd probably re-write the "monitor" ability to make it a little more useful for the GM, but the idea is that if a hacker totally outclasses an agent, it can "observe and report", and if the hacker needs to access the system again, it's waiting to f*ck with the intruder. Oh okay I suppose that I can also give you a real-world explanation. Intrusion alerts usually send off all kinds of alarms, lockdowns, and kicks in higher amounts of logging. That results in A) more processor overhead, resulting in degraded end-user service, and B) the sysadmin (and there will always be a sysadmin) actually has to take time to go and review the alert. It's the concept of Chicken Little. He doesn't want it going off constantly, because that tells him nothing. System alerts are there to make an intruder's life harder while someone (eventually) responds, and to let the admin know that there was something important enough to *cause* an alarm that warrants his attention. The system needs a *lot* of fleshing out and balancing to make it quick and fun. I'd probably try to reduce the die rolls somewhat, and probably reduce thresholds, to make hacking go quicker in either direction. The intent was to make agents pose an obstacle, but make hackers a real lethal threat, while avoiding the munchkin crunching that the current system has. I tend to favor either a realistic system with sacrifices made for gameplay, or a totally cinematic system that isn't based in reality at all. Meshing the two tends to screw things up and set up common sense assumptions that break the rules system down. For example, I wouldn't describe the topology of the wireless Matrix in great detail. Nodes would be wired/wireless, and in AR/VR each node would have a list of relevant systems it "subscribed" to. For example, the above security door node would have access to the building event logs, read only access to the authorized users list (executive offices) letting you force the door but not forge a new ID authorization, and a read-only access to the power grid (on power out, unlock the door). This would give you three things you could possibly do with this node. You could force the door by faking authorized access, you could cut the power or fake a power outage, and you could access the logs to either cover your tracks or see who passed through the door in the last 24 hours. Each of those actions would require on average the rating of the node in authority points. I might introduced the "hardened" attribute, which adds to the required number of authority points to force the system to do anything. I'd abstract things even further with encryption and files. Files can only be decrypted by the node that encrypted them (note, it doesn't have to be the storage node), and each rating of encryption costs node rating x encryption rating (so for example, if it's a Renraku black bag R&D lab, the encryption might be level 4, and the node might be level 5, meaning 20 authority points to force the decryption. It'd be easier to pwn the node at that point, but probably dangerous regardless). Brute force cracking could be done by Commlink rating divided by the total authority point requirement in weeks rounded up (so if you had 20 points to decrypt an encrypted file, and a commlink 3, it'd take 7 weeks to brute force crack). I could complicate things by allowing multiple commlinks of the same rating to hack on a decryption, with the rating equaling how many identical commlinks you can cluster together (4 rating 4's for 16 authority points a week for example). However, even a rating 1 commlink is considered "professional" hardware in this system. Rating 6 is SR3's Excalibur Deck costs, since you can do *so* much with it. This way, network topology will have strongholds and checkpoints without worrying about designing topology. Checkpoints are obstacles to overcome, and complicate longer hacking missions. Strongholds are nodes that actually contain the useful processes (authorized user list, decryption access, alarm servers, etc etc) and would be a significant effort to gain access to. A spider might monitor the hacker as he forces his way through checkpoint nodes, and enter into combat at strongholds. I'm not even worrying about how a legitimate user accesses the same system. The odds of a PC ever accessing a black bag R&D network legitimately is slim to none, and could be roleplayed out without system mechanics. It's a major thematic overhaul of the Matrix, and I'm not even sure if it would mesh with the rest of the game, but I feel like it might focus on the "bigger picture" more than the minutiae of hacking. |
|
|
May 2 2010, 01:54 AM
Post
#91
|
|
Moving Target Group: Members Posts: 110 Joined: 22-February 10 Member No.: 18,190 |
I like the concept above. How would multiple IC/Hackers/Agents work. What if they add their authority together, creating a teamwork. That might work, or allow individuals to share authority points at a cost (2-to-1 or whatever). Thematically I'd be more likely to only want to run one hacking session at a time. One hacker/agent takes point, the rest support, while still being about to do sh*t in the meat world if possible. It's actually the one major flaw that I have in proposing the system. In Spycraft, it's always one dude driving and everyone else riding shotgun. If it's multiple people vs one target, then that's easier, one target plays a maneuver against all the opponents, and each action is resolved, either with it's own roll for each opponent (yuck) or one roll vs three (better, but still yuck), accumulating authority points from each "face off". In a general melee between multiple opponents on each side, I have no elegant solution. It would devolve into rolling craploads of dice and combat phases before the meat round starts, which would suck and totally go against the intent of the system (to maintain inertia). |
|
|
May 2 2010, 01:59 AM
Post
#92
|
|
Moving Target Group: Members Posts: 110 Joined: 22-February 10 Member No.: 18,190 |
Pretty decent, might give it a shot sometime It needs a lot of writing to be feasible. 1. you need to create defensive & offensive maneuvers thematically appropriate. There was something like 8-10 in Spycraft. 2. You need to create a matrix of penalties/bonuses for each player to encounter depending on who played what. 3. You'd also need "authority point" costs for agents for stun damage, dumpshock, black ICE, trace, etc etc. 4. A list of general network "services" that each node a character accesses could potentially have read or write access to. 5. sh*tloads of playtesting It's doable, but it'd require a lot of work to balance, and at the end of it, you might find it *still* makes hacking a pain in the ass. I know the chase system is craploads of fun in Spycraft. We actually looked forward to the chases. But they were set pieces almost, frequent but distinct. It might not suit something done as frequently as general hacking. |
|
|
May 2 2010, 03:46 AM
Post
#93
|
|
Immortal Elf Group: Members Posts: 10,289 Joined: 2-October 08 Member No.: 16,392 |
Trust me, I agree with you in common sense. But I threw common sense totally out the door and went with cinematics. The chase system I adapted hacking from has a maneuver in it called "That's Impossible!" that pretty much says "You get to defy the laws of physics and reality for one turn. Have fun thinking up something." Reality intentionally is left by the wayside. The idea of an intrusion alert provides a "the clock is ticking" trade-off for the hacker, and an option for the GM if the hacker is totally outclassing his agents. Hehehe. I have to actually try Spycraft sometime. Nothing like a maneuver called "That's Impossible!" complete with exclamation mark. |
|
|
May 2 2010, 04:34 AM
Post
#94
|
|
Great Dragon Group: Members Posts: 5,537 Joined: 27-August 06 From: Albuquerque NM Member No.: 9,234 |
The people who use one password for everything are the same as the people who work in the high security places. Yes, but because their employer cleverly requires that they use their RSA card (the one that generates a new random code every 60 seconds) to log into the network that they can reach only after the guard looks at their ID card and the biometric lock decides they are the person the card was issued to, it's pretty unimportant what their personal password preferences are. Passwords suck as a security measure, no matter how complex. If you are depending on passwords to keep your secrets "your secrets" you are going to have a bad day coming. |
|
|
May 2 2010, 05:16 AM
Post
#95
|
|
Moving Target Group: Members Posts: 213 Joined: 11-October 09 From: Des Moines, IA Member No.: 17,742 |
I've read the Matrix rules for SR2, SR3 & SR4 several times and none of them make complete sense to me. I know my own SR game would benefit greatly from a more cinematic/streamlined hacking system.
That SpyCraft derivative seems a lot more simple and intuitive. If anyone is willing to write it up, then I'm more than willing to playtest it. (IMG:style_emoticons/default/smile.gif) |
|
|
May 3 2010, 02:52 AM
Post
#96
|
|
Immortal Elf Group: Members Posts: 10,289 Joined: 2-October 08 Member No.: 16,392 |
That SpyCraft derivative seems a lot more simple and intuitive. If anyone is willing to write it up, then I'm more than willing to playtest it. (IMG:style_emoticons/default/smile.gif) Looking over the Spycraft hacking rules, I think it's almost possible to strait up rip it right out. The section contains no rules as to how Lead is gained or loss or what the checks are (those are spycraft system specify) so something would need to be adapted, but yeah. Basically its all right there and ready. You basically have a list of strategies (types of hack) that have an associated skill, program, or other requirements, a modifier, and a few possible advantages for winning the roll. For example: Tactic: “Shall We Play A Game?” Skill: Tactics (Wis) Requirements: Computer Power Rating 3+, Probe software Modifier: –4 Advantage: Pause, Probe Pause means that as you keep taking actions against the target, no progress (Lead) is gained or lost. Probe forces the loser to make a Computers check. Success means nothing, With failure, the winner may immediately execute 1 core command (eg, if the Hacker succeeds a probe, the SysAdmin rolls Computers, if they fail the Hacker gets off a system action). Core Commands are things like editing files, downloading data, stopping programs, authorizing/banning users, upload programs.... There's also a table on how long each hack action takes, the bigger the Lead the system has over the hacker, the longer it takes to perform a hack action: QUOTE Hackers approach these basic “flaws” with an arsenal of tools ranging from bribing and blackmailing system operators to deducing a Prey's password from personal information to making brute-force attacks with massive processing power. This process accelerates as a system’s outer defenses are stripped away, until the hacker and system are making split-second decisions at the final barrier. Might need a little work to make it shadowrun, but it's basically already there. |
|
|
May 3 2010, 05:49 PM
Post
#97
|
|
Moving Target Group: Members Posts: 385 Joined: 20-August 07 Member No.: 12,766 |
I'd like to see hacking stratified into two types. Bear with me, here, I'm being general.
The first kind is network hacking. Essentially what hackers do in the game now. It's the "upper-level" attack that lets you build backdoors, hijack existing accounts, or make entirely new ones for yourself. Also lets you futz with the entire concept of the node.. for security nodes, you could deactivate or manipulate almost anything connected. What makes it different then current Shadowrun is the scale; network hacking should be abstracted into general rolls, and placed against a time scale. It should also require dedicated equipment, as previously mentioned. No more hacking the Pentagon with a cell phone. You need a dedicated suite of computers. This also makes the hacker responsible for hiding his physical location through proxies - more potential for out-of-run hacker gameplay. The second kind of hacking is gizmo hacking, which includes everything mentioned in the hacker-as-spy idea. This is on-site, and only requires a 'link. It also frees up hacker actions for other things. For example, when not directly hacking a device, the hacker could use AR more actively; perhaps expand the rules for TacNets, for example. Now, the fun of this system is that it clearly delineates the hacker's job into the buildup / preparation phase, and the tactical phase. Before the run, the hacker can (through his actions) pick a strategy going in, like pushing bad drivers to turrets, and make them a little bit less aware. Alternatively, he could try and forge some emails, and get some security personnel transferred before the run. Looking over the Spycraft hacking rules, I think it's almost possible to strait up rip it right out. The section contains no rules as to how Lead is gained or loss or what the checks are (those are spycraft system specify) so something would need to be adapted, but yeah. Basically its all right there and ready. This could also be fun. Essentially turn it into a card game. Hacking stops being primarily about rolls and more about strategy. There would need to be a lot, though - maybe thirty or forty.
|
|
|
May 3 2010, 07:58 PM
Post
#98
|
|
Immortal Elf Group: Members Posts: 10,289 Joined: 2-October 08 Member No.: 16,392 |
This could also be fun. Essentially turn it into a card game. Hacking stops being primarily about rolls and more about strategy. There would need to be a lot, though - maybe thirty or forty. I don't think you need 30 or 40 different tactics, all you need are the basic 12 or so that grant you some kind of advantage. The goal is to use those advantages to get what you need, which isn't necessarily the same thing from hack to hack. |
|
|
May 3 2010, 08:06 PM
Post
#99
|
|
Moving Target Group: Members Posts: 656 Joined: 18-January 06 From: Leesburg, Virginia, USA Member No.: 8,177 |
To return to the Quantum Communication item for a moment, more recent results cast the perfection in doubt.
It turns out that due to a number of factors, folks were able to demonstrate undetctable tapping of a Quantum link. Sorry, there is no free lunch, Joel |
|
|
May 3 2010, 08:42 PM
Post
#100
|
|
Immortal Elf Group: Members Posts: 10,289 Joined: 2-October 08 Member No.: 16,392 |
|
|
|
Lo-Fi Version | Time is now: 22nd January 2025 - 07:56 AM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.