how credsticks work, a thought experiment in mechanics Options

[shinryu]

so been trying to think of how credsticks work in general, i think this probably makes the most sense in terms of the shadowrun 5 matrix rules as written. anything i'm missing? it's kind of a thought experiment to see if the matrix rules work for money transfers, since if they can't handle that the whole world falls apart. as does the rules system.

credstick sends message, requesting a mark on a bank host. said bank host is probably rating 8 at the very least, and this may go up for hosts handling more expensive credsticks (i would imagine the host handling gold sticks may be mildly less secure than the one handling the security for black sticks, and that banks would probably have multiple separate hosts to avoid compromise of one host affecting all the accounts)

host verifies the credstick's identity and responds by inviting a mark.

credstick icon adds mark, enters host.

credstick uses send message to request the host decrypt the account file

account file is decrypted by.

credstick uses edit file to change balance of account and sends message to host to re-encrypt file.

host re-encrypts account and revokes mark from credstick.

this is probably very much how bank transactions work in general, substituting commlink for credstick.

so hacking a credstick account basically involves disguising yourself as a credstick with a wrapper, getting a mark on a host with a firewall between 12 and 16, and then passing the Patrol IC's matrix perception check that you are not a credstick (versus probably 16 to 24 dice). oh good, that should be easy. i am actually somewhat reassured about the security of banking in shadowrun. however, there don't seem to be exact rules for seeing through wrapper programs. is one success all that's needed? it seems like there should be an opposed sleaze roll to keep your disguise. i think this needs clarification in the errata.

[Eratosthenes]

I suspect credsticks are similar to cashier's checks, in that they themselves hold value. That "value" is likely a hideously long hash (or the 2075 equivalent thereof), which if valid tells the banking system (that initially created the credstick) how much it's worth, issuing bank, whatever other info they'd have to store.

I don't think you'd really "hack" a credstick, insomuch as use forgery (which, per the SR5 book, is nigh impossible for actually getting any money). Maybe a dedicated forgery ring could have ins to getting valid hash values they could doctor to generate forged credsticks, but they'd eventually be found out via accounting.

[shinryu]

given that encryption is effectively dead, a self-contained credstick seems unworkable. it would be relatively trivial to crack the stick and put whatever value you want on it, unless the sticks themselves are the equivalent of firewall 12 servers. shadowrun's approach to technology sometimes borders on the LOL MAGIC side, admittedly. i suppose you could hard-encrypt the stick at the factory with something like a Rating 12 data bomb on the working bits. idata-bombed files like this may even be the passwords of the matrix in general; you let the server get a mark on you, let it make sure the data-bombed encrypted id file it owns that you have matches, and then it invites a mark from you. something like the model here would still need to exist for transactions from actual bank accounts in any case.

[Bearclaw]

I would think everyone would think of that plan.
I would say you mostly have the right idea, except for the idea that the credstick is in any way directly communicating with the account data store on the actual server. That would be dumb, and be an easy way to break in.
So what the credstick does is say "I'm me".
The system responds with "prove it".
The credstick proves it.
The credstick says "I want to pay the device I'm plugged into 200 nuyen".
The system says "let me check". The system checks the balance and confirms the account of the credstick reader the stick is plugged into.
The system then says "approved. 2 nuyen service charge added. After this transaction, your balance is 12,555 nuyen."
The credstick says "OK bye".

At no point does the remote credstick have any direct control over anything on the server.
Otherwise they would be stupid. And they would be poor. And since they're not poor, we can assume they're not stupid, and that won't work.

[Epicedion]

Shadowrunner puts 10,000 nuyen onto Credstick A. Zurich-Orbital makes a note that Credstick A holds 10,000 nuyen.

Fixer takes Credstick A and transfers 8,000 nuyen to his account. Zurich-Orbital updates his account, adjusts the Credstick value, and then makes a note that Credstick A holds 2,000 nuyen.

Shadowrunner hacks Credstick B, making it look like it holds 10,000 nuyen instead of 12 nuyen.

Fixer takes Credstick B and tries to transfer 8,000 nuyen to his account. Zurich-Orbital sees that Credstick B should have 12 nuyen on it instead of 10,000, and the Corporate Court sends an HTR to murder Shadowrunner.

Result:

Hacking a credstick is hard, but possible. Probably like 20-25 dice hard. Probably rating 10+ encryption and data bombs on the money files. Really hard, really dangerous.

Hacking a credstick and then using the money is practically impossible, since you'd have to hack the Z-O bank host to update the relevant file to match the hack job on the credstick, or else it would throw up alerts.

The only thing that a hacked credstick would then be good for would be tricking someone into thinking you'd paid him by dropping off the credstick and high-tailing it before he got a chance to slot the credstick, which would throw immediate red flags and HTRs.

Response:

No one ever just accepts the credstick as payment, you actually have to transfer the funds.

[shinryu]

the reason for granting access in my scenario is that there's not much way to prove things in shadowrun digitally aside from matrix perception, and as far as i know the only way the host can do that is via patrol IC. while you can handle the transaction as a series of send message requests rather than permitting an edit file action, the credstick still has to get a mark on the host so it can "enter" the host and be validated. otherwise there's no way to tell that the device that sent you the credstick validation code is really the credstick and isn't a hacker that jacked the access key off a legitimate credstick. the danger of jacking off credsticks cannot be underestimated.

[Smash]

given that encryption is effectively dead, a self-contained credstick seems unworkable. it would be relatively trivial to crack the stick and put whatever value you want on it, unless the sticks themselves are the equivalent of firewall 12 servers. shadowrun's approach to technology sometimes borders on the LOL MAGIC side, admittedly. i suppose you could hard-encrypt the stick at the factory with something like a Rating 12 data bomb on the working bits. idata-bombed files like this may even be the passwords of the matrix in general; you let the server get a mark on you, let it make sure the data-bombed encrypted id file it owns that you have matches, and then it invites a mark from you. something like the model here would still need to exist for transactions from actual bank accounts in any case.

I think the 'LOL MAGIC' explanation is the best one in this case. What you have to consider is that these things have probably been about for the good part of 40 years. I'm sure that any problems with hackers have been solved by now.

Personally I'm going to take the 'Pacific Rim' solution to this which is "my giant future robot with twin nuclear engines is analog and therefore immune to the future" and apply it to credsticks.

[Teulisch]

the easy way to hack credsticks, is basic identity theft. the hacker sets device A to look like device B(known to have a good balance). device A is then used to move funds. the owner of device B will then wonder what the heck happened, and complain about how he was never in Seattle and what is with this charge? and now the balance is on device C, which may be a little hot if anyone decides to investigate.

a 'credstick' is like a debit card or prepaid gift card. it has information in a certain format which is used to interface with the system. anyone with the information can use it. honestly, if we just say 'prepaid debit card' instead of credstick, then everything makes sense. the credstick simply adds a few bells and whistles like a balance remaining display and possibly biometrics.

well, unless credsticks are a type of bitcoin. because real-life economics can be weird too.