IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> Hacking question from Gencon, did we do this right?
artent
post Aug 20 2013, 10:27 PM
Post #1


Target
*

Group: Members
Posts: 45
Joined: 4-January 12
Member No.: 46,775



I'm a bit hazy on the details of how hacking works, so here is an example of how we ran the rules at one of the games in Gencon, please help me understand by explaining what we did wrong.

The set up:
There is a building with Cameras, a distress button and some data.

Objective: Disable the distress button, copy and erase the data, disable some of the cameras.

What we did: The hacker got within cable range of a lock and hacked it directly using Hack on the fly. As per the example on pg. 224. He easily got a few marks on the lock and thus the Host for the building. Next he used an Enter Host action to get into the building. This is where we get a bit confused.

Next he rolled Matrix Perception to find the distress button device(did he have to do this, what was his threshold?). Next he used Spoof Command to disable the alarm.(At this point we realized that he had almost no chance of success on this if the device was defending with the hosts stats, this didn't feel right so we figured once you get into the Host you are past the Hosts external defenses and you roll against the device itself)
We followed the same procedure to manipulate the the cameras.

I'm not sure what rating the Host was but I think 5-6. Had our Decker been forced to roll an opposed test against the Host we could not have done this run, period.
Go to the top of the page
 
+Quote Post
shinryu
post Aug 20 2013, 10:47 PM
Post #2


Moving Target
**

Group: Members
Posts: 127
Joined: 8-March 10
Member No.: 18,255



QUOTE (artent @ Aug 20 2013, 10:27 PM) *
I'm a bit hazy on the details of how hacking works, so here is an example of how we ran the rules at one of the games in Gencon, please help me understand by explaining what we did wrong.

The set up:
There is a building with Cameras, a distress button and some data.

Objective: Disable the distress button, copy and erase the data, disable some of the cameras.

What we did: The hacker got within cable range of a lock and hacked it directly using Hack on the fly. As per the example on pg. 224. He easily got a few marks on the lock and thus the Host for the building. Next he used an Enter Host action to get into the building. This is where we get a bit confused.

Next he rolled Matrix Perception to find the distress button device(did he have to do this, what was his threshold?). Next he used Spoof Command to disable the alarm.(At this point we realized that he had almost no chance of success on this if the device was defending with the hosts stats, this didn't feel right so we figured once you get into the Host you are past the Hosts external defenses and you roll against the device itself)
We followed the same procedure to manipulate the the cameras.

I'm not sure what rating the Host was but I think 5-6. Had our Decker been forced to roll an opposed test against the Host we could not have done this run, period.


in my opinion, nope. patrol IC should have been up his ass like a motherfucker, and anything that he isn't directly connected to should be defending with the host's stats. he could have run wrapper to look like another device, but even then the patrol IC should have tried to suss him out after a door lock made a request to disable the panic button. probably not a usual operating procedure there.
Go to the top of the page
 
+Quote Post
Catadmin
post Aug 20 2013, 10:49 PM
Post #3


Moving Target
**

Group: Members
Posts: 174
Joined: 16-March 10
Member No.: 18,299



Were you playing in one of the official CGL Shadowrun games or was this a mission created by a non-affiliated person?

If the former, do you remember the name of the mission? I can check with the Missions line dev and author to figure out if what you did was a statted encounter or if it was a piece of flavor action, which does make a difference in whether what you did should work or not (GM discretion you know @=).

But to try and answer the question, the threshold to notice the alarm depends on whether or not it is hidden and / or protected by the host at all. (Which is one of the reasons I want to check the adventure for the details). Per page 241, the alarm would probably be either a 3 (limited interest or not publicized) or 6 (hidden) threshold to find with a -2 dice pool modifier for obscurity. At least, that's the way I would run it.

On the other hand, on page 235 the rules state "You can automatically spot the icons of devices that are not running silent within 100 meters of your physical location". Again, I'd want to see what the mission stated for this bit of scene before I said that he could easily find a distress button.

On the other hand, if the GM had no problem letting the decker do the deed, then it's his/her discretion and yay for the decker.
Go to the top of the page
 
+Quote Post
HugeC
post Aug 21 2013, 12:16 AM
Post #4


Moving Target
**

Group: Members
Posts: 315
Joined: 9-May 10
Member No.: 18,563



From page 233: "If you are in a host that has a WAN, you are considered directly connected to all devices in the WAN."

So once you are in a host, you can hack any devices slaved to it, and they don't get the host's Matrix attributes on defense. Sounds like you guys handled it right to me.
Go to the top of the page
 
+Quote Post
DeathStrobe
post Aug 21 2013, 02:40 AM
Post #5


Moving Target
**

Group: Members
Posts: 576
Joined: 6-May 10
From: Front Range Free Zone
Member No.: 18,558



QUOTE (HugeC @ Aug 20 2013, 06:16 PM) *
From page 233: "If you are in a host that has a WAN, you are considered directly connected to all devices in the WAN."

So once you are in a host, you can hack any devices slaved to it, and they don't get the host's Matrix attributes on defense. Sounds like you guys handled it right to me.

That's what I was thinking too. This also make some sense as Hosts have pretty damn good stats, so having a few security vulnerabilities with hardlines would make sense to me.
Go to the top of the page
 
+Quote Post
BlackJaw
post Aug 21 2013, 04:29 AM
Post #6


Moving Target
**

Group: Members
Posts: 482
Joined: 27-May 09
From: Ann Arbor, MI
Member No.: 17,213



It looks like you did alright, although it would be easier for us to give feedback if you could recall more details about the run.

QUOTE (artent @ Aug 20 2013, 02:27 PM) *
The hacker got within cable range of a lock and hacked it directly using Hack on the fly. As per the example on pg. 224. He easily got a few marks on the lock and thus the Host for the building. Next he used an Enter Host action to get into the building.
This sounds more or less right, although in most cases a lock on a reasonably secure facility isn't going to have easy access to it's universal data port. You'd probably need to make a Lockpick check to open the casing to gain access to a port, as noted on Page 363: "The first step to bypassing a maglock is to remove the case and access the maglock’s electronic guts." In really secure facilities they may also have tamper sensors, so it would require two checks to open it without setting off an alert.

QUOTE
Next he rolled Matrix Perception to find the distress button device(did he have to do this, what was his threshold?).
Matrix Perception is what you use to locate icons inside a host. Matrix Search is used to locate data, but this is a device icon, not information. Hosts are virtual so the 100 meters rule may not apply, but page 241 on Matrix Perception notes: "If you’re trying to spot an icon that is farther than 100 meters away, this is a Simple Test: the first hit lets you spot the target, and any additional hits can be used to get more information about it as mentioned above." It sounds like you handled things ok if the Panic Button was running in public mode.

If it was running Private mode, things are less clear. Page 235 notes: "If you know at least one feature of an icon running silent, you can spot the icon (Running Silent, below)." My reading of that is: If you know there is a Panic Button, and your first Matrix Perception check didn't spot the icon, then you can make a check to locate the Hidden Icon directly, pitting your Computer + Intuition [Data Processing] vs it's Logic + Sleaze. Another interpretation is that you would need to make a Matrix Perception test, or spend a hit from a previous test, to determine the number of Running Silent Icons in the Host, and then randomly pick them and attempt to spot them until you found the one you wanted. Personally, that sound rather boring.

QUOTE
Next he used Spoof Command to disable the alarm.
This might be wrong. To spoof a device you need to have a mark on on it's owner's Icon. page 242 "You spoof a device’s owner’s identity, making the device think that your command is a legitimate one from its owner. You need one mark on the icon you are imitating;" Although the device is slaved to the host, slaving and ownership are not the same thing, so unless your player had a mark on owner, he can't spoof. It's not entirely clear if an owner can be something other than a person (like a host) although page 237 notes a Corporation as an owner. Ownership is used for determining attributes used in defense tests, so it's important for a number of reasons actually.

QUOTE
(At this point we realized that he had almost no chance of success on this if the device was defending with the hosts stats, this didn't feel right so we figured once you get into the Host you are past the Hosts external defenses and you roll against the device itself)
QUOTE
I'm not sure what rating the Host was but I think 5-6. Had our Decker been forced to roll an opposed test against the Host we could not have done this run, period.
A rating 5 Host is applicable for "local police" and would have matrix attributes of 5/6/7/8 (Gm's choice, see page 247) so that's a tough run to go on. Those attributes would be used for the IC certainly, but as other posters have noted from page 233: "If you are in a host that has a WAN, you are considered directly connected to all devices in the WAN." It sounds like once inside the Host you'd be able to interact with devices at their standard attributes instead of at Host Enhanced ones. I guess the protection of the Host is that you have to get into it first, and that it has IC, which incidentally do use the rather high Host Matrix Attributes. As a side note: Files in a host use the Host attributes instead of their owner's for defending against the Edit File action, page 239: "The defender against this test is either the host holding the file or the owner of the file (if it’s not on a host)."

So to disable the the button, the player could have secured 3 marks on it via (possibly repeated) Hack on the Fly/Brute Force actions and then Formatted the device and forced it to Reboot (two more hacker actions). Alternatively he could have dataspiked it until it was bricked, or placed a mark on its owner and then spoof commands to it for the reboot and then reformat. Lastly, you might have allowed use of the Control Device matrix action to change it's response to being activated, but I'd have required at least 3 marks (Complex action) for that.
Go to the top of the page
 
+Quote Post
T2-Keks
post Aug 21 2013, 10:28 AM
Post #7


Target
*

Group: Members
Posts: 18
Joined: 3-August 13
Member No.: 137,217



Reading this helps me a lot to better understand the SR5 matrix stuff.

Special thanks to BlackJaw, your posts often give very detailed explanations with page references and many of your thoughts. You're a big help!
Go to the top of the page
 
+Quote Post
BlackJaw
post Aug 21 2013, 02:28 PM
Post #8


Moving Target
**

Group: Members
Posts: 482
Joined: 27-May 09
From: Ann Arbor, MI
Member No.: 17,213



QUOTE (T2-Keks @ Aug 21 2013, 03:28 AM) *
Special thanks to BlackJaw, your posts often give very detailed explanations with page references and many of your thoughts. You're a big help!
Thank you. I'm trying to be helpful, but I'm also doing it as part of my way of learning the new rules. I learn a lot from these boards and the discussions they bring up. I'm often wrong or otherwise learn something.

For Example: In this thread I learned that WAN rules do not provide protection to devices when dealing with hackers already inside the Host. It wasn't what I thought when I read the thread, but the rules reference HugeC dug up indicates otherwise. I dug through the book looking at all the WAN and Host rules I could find, and looking at the example text (sadly low on details) and was unable to find any other part of the book that said Hosts provide their matrix attributes to the devices inside. Instead the book talks about hosts as akin to building a house and placing the valuables inside. Page 359: "Creating a Host is akin to constructing a building and putting important things inside."

Overall this interpretation of the WAN rules encourages onsite hacking (getting the decker out of the Van). If you can gain a direct line access to part of the WAN, you can gain entrance to the Host, and once inside hack the various devices as if direct connected, etc. If the Host provides it's attributes to all the devices inside it, more similar to PAN, then you'd have to be skilled enough to hack each device as if it was the Host itself, and in that case (if you're that good) you might as well have just hacked host directly through the matrix instead of risking being shot on an onsite hack.
Go to the top of the page
 
+Quote Post
HugeC
post Aug 21 2013, 02:37 PM
Post #9


Moving Target
**

Group: Members
Posts: 315
Joined: 9-May 10
Member No.: 18,563



I'm the same as Blackjaw, just trying to learn the rules by talking to you guys! I have never really understood the Matrix, but if I want to run a game, I need to know it. There are still plenty of things (like Ownership) that make no sense to me.
Go to the top of the page
 
+Quote Post
Jack VII
post Aug 21 2013, 03:15 PM
Post #10


Skillwire Savant
******

Group: Members
Posts: 3,154
Joined: 5-April 13
From: Aurora Warrens, UCAS Sector of the FRFZ
Member No.: 88,139



QUOTE (HugeC @ Aug 21 2013, 09:37 AM) *
I'm the same as Blackjaw, just trying to learn the rules by talking to you guys! I have never really understood the Matrix, but if I want to run a game, I need to know it. There are still plenty of things (like Ownership) that make no sense to me.

I'm also pretty confused about this, particularly as it relates to the Spoof command. Some examples in the book identify MegaCorpX as the owner of a device. How does one place a mark on MegaCorpX in order to accomplish the Spoof comand? It seems like there are supposed to be owners and delegated owners to make the rules work.
Go to the top of the page
 
+Quote Post
Redjack
post Aug 21 2013, 03:19 PM
Post #11


Man Behind the Curtain
**********

Group: Admin
Posts: 14,871
Joined: 2-July 89
From: End of the Yellow-Brick Road
Member No.: 3



QUOTE (BlackJaw @ Aug 20 2013, 11:29 PM) *
This sounds more or less right, although in most cases a lock on a reasonably secure facility isn't going to have easy access to it's universal data port. You'd probably need to make a Lockpick check to open the casing to gain access to a port, as noted on Page 363: "The first step to bypassing a maglock is to remove the case and access the maglock’s electronic guts." In really secure facilities they may also have tamper sensors, so it would require two checks to open it without setting off an alert.
The pad was not wireless. A wire ran from the pad to the ground, then underground to the facility. The hacker peeled back the cover and used a datatap, bypassing tamper detection on the case. Multiple cameras were watching the pad but from the back, facing the user, not the pad.,Also, the team followed a security guard going off shift to his favorite watering hole, sent team members in disguise to get good audio and video of him, then used disguise (Pre-spend edge: 8 hits) to look like the guard. The team mage was sustaining levitiate on the decker, so when he went full VR, she held him off the ground. Of course, the onsite security got suspicious, him returning to work and all, but the team owned his comlink back at the bar and carried on a conversation long enough for the decker to get to the host.

QUOTE (BlackJaw @ Aug 20 2013, 11:29 PM) *
Matrix Perception is what you use to locate icons inside a host. Matrix Search is used to locate data, but this is a device icon, not information. Hosts are virtual so the 100 meters rule may not apply, but page 241 on Matrix Perception notes: "If you’re trying to spot an icon that is farther than 100 meters away, this is a Simple Test: the first hit lets you spot the target, and any additional hits can be used to get more information about it as mentioned above." It sounds like you handled things ok if the Panic Button was running in public mode.
The panic button was also wireless, but by this time, the decker was in the host and by virtue of his connection, both technomancers as well.

QUOTE (BlackJaw @ Aug 20 2013, 11:29 PM) *
If it was running Private mode, things are less clear. Page 235 notes: "If you know at least one feature of an icon running silent, you can spot the icon (Running Silent, below)." My reading of that is: If you know there is a Panic Button, and your first Matrix Perception check didn't spot the icon, then you can make a check to locate the Hidden Icon directly, pitting your Computer + Intuition [Data Processing] vs it's Logic + Sleaze. Another interpretation is that you would need to make a Matrix Perception test, or spend a hit from a previous test, to determine the number of Running Silent Icons in the Host, and then randomly pick them and attempt to spot them until you found the one you wanted. Personally, that sound rather boring.
Running silent is broken unless a lot of stuff is running silent.

QUOTE (BlackJaw @ Aug 20 2013, 11:29 PM) *
This might be wrong. To spoof a device you need to have a mark on on it's owner's Icon. page 242 "You spoof a device’s owner’s identity, making the device think that your command is a legitimate one from its owner. You need one mark on the icon you are imitating;" Although the device is slaved to the host, slaving and ownership are not the same thing, so unless your player had a mark on owner, he can't spoof. It's not entirely clear if an owner can be something other than a person (like a host) although page 237 notes a Corporation as an owner. Ownership is used for determining attributes used in defense tests, so it's important for a number of reasons actually.
QUOTE (BlackJaw @ Aug 20 2013, 11:29 PM) *
It sounds like once inside the Host you'd be able to interact with devices at their standard attributes instead of at Host Enhanced ones. I guess the protection of the Host is that you have to get into it first, and that it has IC, which incidentally do use the rather high Host Matrix Attributes. As a side note: Files in a host use the Host attributes instead of their owner's for defending against the Edit File action, page 239: "The defender against this test is either the host holding the file or the owner of the file (if it’s not on a host)."
He got marks on the host by getting marks on the pad. From there, spoofing commands to other slaved devices was a walk in the park.

The undoing of the team were actually two things. First, other security measures that I'll leave unknown so as not to spoil the run for others and second... Never forget EVERYONE also has a personal comlink.
Go to the top of the page
 
+Quote Post
Redjack
post Aug 21 2013, 03:23 PM
Post #12


Man Behind the Curtain
**********

Group: Admin
Posts: 14,871
Joined: 2-July 89
From: End of the Yellow-Brick Road
Member No.: 3



QUOTE (Jack VII @ Aug 21 2013, 10:15 AM) *
I'm also pretty confused about this, particularly as it relates to the Spoof command. Some examples in the book identify MegaCorpX as the owner of a device. How does one place a mark on MegaCorpX in order to accomplish the Spoof command? It seems like there are supposed to be owners and delegated owners to make the rules work.
I think Ownership is a poorly thought out mechanic to deal with players who "dungeon crawl for loot" rather than play Shadowrun. Easier solutions to the root problem include notoriety, public awareness, burned contacts & police investigations.

Edit: As well as the enemies quality. Just because there is no rules for adding it for karma, does not mean a GM cannot assign it for having your stuff stolen, your brother's body parted out, etc.
Also, I had a player who was abusing the connection rating rules. He was using a rating 1 contact (Virtually no social influence; useful only for their Knowledge skills, SR5, pg387) to fence parted out cyber ware. A GM simply pushing back on nonsense like that can deal with the issue better than the ownership mechanic.
Go to the top of the page
 
+Quote Post
Goonshine
post Aug 21 2013, 03:55 PM
Post #13


Target
*

Group: Members
Posts: 16
Joined: 21-August 13
From: Tokyo
Member No.: 145,862



QUOTE (Jack VII @ Aug 22 2013, 12:15 AM) *
I'm also pretty confused about this, particularly as it relates to the Spoof command. Some examples in the book identify MegaCorpX as the owner of a device. How does one place a mark on MegaCorpX in order to accomplish the Spoof comand? It seems like there are supposed to be owners and delegated owners to make the rules work.


So in the corporate world right now we have systems to allow for very granular and decentralized user control, solutions like Active Directory. Usernames, policy groups, all adminstrative rights can be managed through these systems. You want to keep basic users from messing up their computers or the system, so you give them very little control. Next you have user admins, who belong to a group who can mess with a user's computer for troubleshooting, and might have access to networking or security areas as part of their work as well. On top of them all, you have the networking and security admins, who have total access to their own systems.

It would be totally infeasible for a security device to only have one user as the owner of a device. What if he decides to quit? Nobody can reboot that door until you mess with the settings! No, you would have a group of people with access, and the point would be to either get some marks on one of the members of that group, or get some marks on the server/device/host/whatever that handles all those security permissions.

Fun fact: a lot of upper management will press for admin rights to everything in the system just because they are upper management, and despite it being a huge security liability sometimes departments will be forced into going along with it. Instead of trying to break into the system and put your marks there against the trained veterans, why not just run into a junior VP at a bar, slip something into his drink, and peel his commlink away for a few minutes? Just a thought.
Go to the top of the page
 
+Quote Post
Jack VII
post Aug 21 2013, 04:15 PM
Post #14


Skillwire Savant
******

Group: Members
Posts: 3,154
Joined: 5-April 13
From: Aurora Warrens, UCAS Sector of the FRFZ
Member No.: 88,139



^ That's a very SR4 approach with the different levels of authority. I think it made the system a bit more robust in dealing with issues like this, but could get wildly confusing.

Just my view, but it seems like there is a relation between, for instance, a corpsec guard and their smartgun that allows them to give the gun commands (eject clips through DNI) but not actually give "ownership" of the gun to the guard. I would think the spoof command would allow you to mimic that particular relationship by getting a mark on the guard's smartlink/commlink/datajack however they have their PAN set up. As written, the guard probably isn't the device's "owner" so the Spoof Command, as written, wouldn't work (unless they are carelessly using the term owner in the program description).
Go to the top of the page
 
+Quote Post
shinryu
post Aug 21 2013, 04:42 PM
Post #15


Moving Target
**

Group: Members
Posts: 127
Joined: 8-March 10
Member No.: 18,255



yep, good old social engineering at work, there.

i am a little surprised that devices in a host don't get the host's defenses once penetrated, but the thing to remember even then is that any reasonable host will be running patrol IC looking for unauthorized users all the time. so it's still risky to hang out in a host for any length of time.
Go to the top of the page
 
+Quote Post
Jaid
post Aug 21 2013, 05:12 PM
Post #16


Great Dragon
*********

Group: Members
Posts: 7,089
Joined: 4-October 05
Member No.: 7,813



QUOTE (shinryu @ Aug 21 2013, 11:42 AM) *
yep, good old social engineering at work, there.

i am a little surprised that devices in a host don't get the host's defenses once penetrated, but the thing to remember even then is that any reasonable host will be running patrol IC looking for unauthorized users all the time. so it's still risky to hang out in a host for any length of time.


particularly since IC can be infinitely spawned and can be extremely nasty to go up against even if there's only one...
Go to the top of the page
 
+Quote Post
DeathStrobe
post Aug 21 2013, 06:01 PM
Post #17


Moving Target
**

Group: Members
Posts: 576
Joined: 6-May 10
From: Front Range Free Zone
Member No.: 18,558



QUOTE (Jack VII @ Aug 21 2013, 10:15 AM) *
^ That's a very SR4 approach with the different levels of authority. I think it made the system a bit more robust in dealing with issues like this, but could get wildly confusing.

Just my view, but it seems like there is a relation between, for instance, a corpsec guard and their smartgun that allows them to give the gun commands (eject clips through DNI) but not actually give "ownership" of the gun to the guard. I would think the spoof command would allow you to mimic that particular relationship by getting a mark on the guard's smartlink/commlink/datajack however they have their PAN set up. As written, the guard probably isn't the device's "owner" so the Spoof Command, as written, wouldn't work (unless they are carelessly using the term owner in the program description).

I think that makes sense. The Corp will probably offer that Corpsec guard a 3 or 2 mark invite to the gun. So if the hacker gets one mark the Corpsec's commlink/persona, they'll have access to spoof up to the limit of marks the corpsec guard has.

If it does work that way, it'd be hilarious to unwittingly mark another hacker hacking a host only for that hacker to be discovered and blowing your cover at the same time.
Go to the top of the page
 
+Quote Post
xsansara
post Aug 27 2013, 09:27 AM
Post #18


Moving Target
**

Group: Members
Posts: 129
Joined: 3-July 08
Member No.: 16,112



But that also explains why there are no centralized companies offering WAN for hire. The second anyone touches your customer's device to hack-with-cable, they'd have access to your inner sanctum AND to all your other customers, if only for a second, until your IC fries them.

It also explains why there are so many physical hosts out there on location. The current trend is for companies to have large virtual server farms and then distribute to the various outposts. The SR5 hacking paradigm requires hosts to be completely independant of each other.

I wonder how they work together on a con scale. Fearing an actual data connection to avoid a breach in their compartementalized IT structure, there is probably a lot of couriering and not-sharing-the-information going on. Which is very 80's (IMG:style_emoticons/default/smile.gif)
Go to the top of the page
 
+Quote Post
Sendaz
post Aug 27 2013, 10:58 AM
Post #19


Runner
******

Group: Dumpshocked
Posts: 3,039
Joined: 23-March 05
From: The heart of Rywfol Emwolb Industries
Member No.: 7,216



Think they will also bring back the vanishing nodes where they only appear for brief periods to shoot a fast stream of data out and take in same before disappearing again.
Go to the top of the page
 
+Quote Post
BlackJaw
post Aug 28 2013, 03:31 PM
Post #20


Moving Target
**

Group: Members
Posts: 482
Joined: 27-May 09
From: Ann Arbor, MI
Member No.: 17,213



QUOTE (Redjack @ Aug 21 2013, 08:19 AM) *
He got marks on the host by getting marks on the pad. From there, spoofing commands to other slaved devices was a walk in the park.


Someone else recently pointed out this bit of text from the book:
QUOTE (GODs and Spiders, Page 360)
Since spiders are considered the owners or administrators of a system, they can command any of the devices in that system without having to gain any marks, since they already have the owner mark for all devices. They have the authority to launch or shut down IC, raise or cancel alarms, or even perform an emergency shutdown of the entire system.

It looks to me that in order to spoof things inside a Host, you'd need to have a mark on the Spider, not the host.
Go to the top of the page
 
+Quote Post
DMiller
post Aug 29 2013, 02:16 AM
Post #21


Moving Target
**

Group: Dumpshocked
Posts: 681
Joined: 23-March 10
From: Japan
Member No.: 18,343



QUOTE (BlackJaw @ Aug 29 2013, 12:31 AM) *
Someone else recently pointed out this bit of text from the book:

It looks to me that in order to spoof things inside a Host, you'd need to have a mark on the Spider, not the host.

Since a Spider is not a device or a host, you can not mark it, therefore you can not spoof any attended devices or unattended devices that are slaved to an attended device because you would have to mark the non-matrix entity that is the owner.

So they need to remove the Spoof command during the Errata of SR5.

Or adjust that the mark needs to be on the Master rather than the Owner... This seems to be the better solution.
Go to the top of the page
 
+Quote Post
Jack VII
post Aug 29 2013, 02:20 AM
Post #22


Skillwire Savant
******

Group: Members
Posts: 3,154
Joined: 5-April 13
From: Aurora Warrens, UCAS Sector of the FRFZ
Member No.: 88,139



QUOTE (DMiller @ Aug 28 2013, 09:16 PM) *
Since a Spider is not a device or a host, you can not mark it.
A spider is usually a persona, which can be marked.
Go to the top of the page
 
+Quote Post
DMiller
post Aug 29 2013, 03:05 AM
Post #23


Moving Target
**

Group: Dumpshocked
Posts: 681
Joined: 23-March 10
From: Japan
Member No.: 18,343



QUOTE (Jack VII @ Aug 29 2013, 11:20 AM) *
A spider is usually a persona, which can be marked.

If he's not on-line, but still the owner?
Go to the top of the page
 
+Quote Post
Jaid
post Aug 29 2013, 03:45 AM
Post #24


Great Dragon
*********

Group: Members
Posts: 7,089
Joined: 4-October 05
Member No.: 7,813



yeah, having a person as the owner doesn't work unless you assume that everything is equipped with unbeatable DNA testing devices or something like that.

it kinda has to be a device. that device is probably whatever the person typically uses to access the matrix, which for most people will be their commlink (but for deckers, especially ones designated to be owners on behalf of the corporation, probably their cyberdeck or terminal).

that said, renting out a host to a variety of people would still be a tremendous problem, because if any one of them has a low rating device accessible for a direct connection, you can get a mark on the device, which gets one on the host, which gets you into the host, which gets you direct access to every other device on the host (not being able to use your mark on the host to spoof every device is a slight improvement, but the fact that having even one unsecured device can leave every other device exposed is a compelling argument to not rent out parts of a host.
Go to the top of the page
 
+Quote Post
BlackJaw
post Aug 29 2013, 04:13 AM
Post #25


Moving Target
**

Group: Members
Posts: 482
Joined: 27-May 09
From: Ann Arbor, MI
Member No.: 17,213



QUOTE (DMiller @ Aug 28 2013, 07:05 PM) *
If he's not on-line, but still the owner?

Sure, why not? If I log off the matrix to go to sleep, why wouldn't I still be the owner all my stuff? The game does specify that icons/devices can only have one owner and that changing ownership is a slightly complicated affair that takes a minute to re-register devices with various grids. I don't see that being something I need to do for all my files and devices every time I log off the matrix or reboot my commlink/deck.

Spoofing is a powerful hacking option, but it's limited by requiring a mark on the owning icon. If something is owned by a person, that means their Persona, and they only have a persona if they are actively using the matrix in AR or VR. The rest of the time you can't spoof their devices. Spoofing, much like getting a file out a host archive, may require waiting for the right moment or using a little social engineering.

Don't confuse ownership with slaving. A device might be slaved to a commlink or a host, but that doesn't mean the commlink or host is the owner. An device can have a master and an owner that aren't the same icon. Spoofing requires a mark on the owner, not the master.

EDIT: Setting a Host as owner is actually a bad idea. Anyone that has hacked access into the host would have at least one mark on the host to do so, which means they would be able to spoof any device "owned" by the host. It's far safer to have the Spider as owner, so even if someone hacks their way into a the host, they still need to locate and mark the persona of the spider, if they happen to be online, in order to spoof devices. Note that page 360 specifically says that Spiders in a host are considered the owner of the devices and host. This may be an exception to the general rules about icons having a only a single owner. It's a special relationship.
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 25th April 2024 - 07:11 PM

Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.