Hi all,
I know there are many existing threads out there about hacking and I am doing my best to pick my way through them. So here are few of my queries maybe you can help me with.
My questions are in a few parts and based on some amount of uncertainty so please help me sort this out if you can.
1) While scanning for wireless nodes (cameras, motion sensors, etc) what can be done to determine what those devices might be?
2) When attempting to locate and hack a target system can I hack a device "down the line" like a toaster, and follow the subscription trail back to the target system or do I need to find and hack the target system some other way?
3) Would a reasonable assumption to be that Security type devices/networks to be hidden or passive, while commonplace devices/networks to be active?
4) If I want to "block out" a camera i've discovered what's involved? Can I simply sniff for the the traffic and insert my own feed?
5) Can I hack a camera directly and control the device itself or do I have to locate the node that the camera is subscribed to?
6) If I can hack the camera, can I determine what node it's subscribed to?
7) If I have to hack the camera, since it's a "simple" device would I need to hack it as an admin account?
8) When hacking nodes/devices, is it safe to assume that the controlling "system" part would have differnt account types (peronal, security, admin) and that the devices it controls (maglocks, cameras, sensors, etc) would only have admin accounts (SR4 mentioned devices have no use for other account types)?
9) If I've taken control on a device like a camera and modified it to loop a video feed how would you handle the system locating the change?
As always, thanks for your comments.
~GTT
Full Version: Some general hacking questions
| QUOTE |
1) While scanning for wireless nodes (cameras, motion sensors, etc) what can be done to determine what those devices might be? |
Hmm...Good question actually, the rules doesn't actually say. I'd rule that unless you either A:Tap the signal and check the info feed, or B: Hack the device so you will know for certain. If you had hacked the controlling computer system you'd probably get some iconic references to their function when you locate them.
| QUOTE |
2) When attempting to locate and hack a target system can I hack a device "down the line" like a toaster, and follow the subscription trail back to the target system or do I need to find and hack the target system some other way |
Any device can be hacked unless it is non-wireless - as long as you can access the device either by wireless or by using Hardware skill and open up its guts to access the system. So, yes, that would be perfectly possible.
| QUOTE |
3) Would a reasonable assumption to be that Security type devices/networks to be hidden or passive, while commonplace devices/networks to be active? |
In order for not having the local workers accessing the security cameras and suchlike I’d say that they are both hidden and encrypted, and for the more security inclined they might have a bogus signal as a camouflage connected to an alarm and either hidden/encrypted or hardwired.
It all depends on how evil the GM wants to be.
| QUOTE |
4) If I want to "block out" a camera i've discovered what's involved? Can I simply sniff for the the traffic and insert my own feed? |
Well, yes. First you would have to find the signal, tap it, decrypt it and then you can record the amount of data you want and insert a loop, pre-edited information, a tv-show etc.
| QUOTE |
6) If I can hack the camera, can I determine what node it's subscribed to? |
Subscription lists are a bit tricky. The RAW says that you have them in your Persona, and that cant be 100% true. The Persona would need a subscription list so IT knows what is allowed to talk through it, and every Device would need a similar list in its system so it knows who/what it can receive it’s orders from.
Thus it would be perfectly simple to hack a device, gain access to the subscription list and edit it as you like and even replace it with your own. Just watch out for databombs and suchlike.
| QUOTE |
 When hacking nodes/devices, is it safe to assume that the controlling "system" part would have differnt account types (peronal, security, admin) and that the devices it controls (maglocks, cameras, sensors, etc) would only have admin accounts (SR4 mentioned devices have no use for other account types)? |
Well, I would assume that a corporate system would have different level of access that gives you access to a limited amount of nodes (if the corp uses multiple nodes that is). Security cams should be barred from anyone without any kind of security access. There might also be different levels of admin access as well depending on their security rating and what nodes they have access to.
| QUOTE |
9) If I've taken control on a device like a camera and modified it to loop a video feed how would you handle the system locating the change? |
Well, that depends on how the system is designed. If you add a loop to a camera you might want to take a few things into consideration. 1: What if the cameras are hardwired to reset themselves every five minutes in order to prevent such actions (sure, it would give you a few seconds non-camera time).
They could have an agent checking the videofeed between cycles to find pixel similarities (or whatever it would be called). The system might just check the system setting and finding an illegal instruction of the feed, or perhaps giving it new instructions every five minutes to make it change its sweeping pattern of the camera.
Here are my interpretations.
| QUOTE |
1) While scanning for wireless nodes (cameras, motion sensors, etc) what can be done to determine what those devices might be? |
If they do not broadcast what they are, nothing can be done.
| QUOTE |
2) When attempting to locate and hack a target system can I hack a device "down the line" like a toaster, and follow the subscription trail back to the target system or do I need to find and hack the target system some other way? |
Whent raffic goes fromt he target system to the toaster, you can hack the toaster and then use the connection to hack the target system from there.
Further interpretation:I would allow the hacker to disguise as a data packet by spoofing an ID and beeing "relayed" by several relay nodes to a target system. (hacking+spoof test by the hacker, every node that relays can make system+firewall to defend). Note that you do not get access to relaying hosts and that you still ahve to hack into the target host. If a relaying node detects you wiht system+firewall, you have the option to hack this node on the fly and be in that node, or to return to your original node, where relaying started.
| QUOTE |
3) Would a reasonable assumption to be that Security type devices/networks to be hidden or passive, while commonplace devices/networks to be active? |
Yes
| QUOTE |
4) If I want to "block out" a camera i've discovered what's involved? Can I simply sniff for the the traffic and insert my own feed? |
My interpretation: No. You have to be IN one of the nodes that is relaying the traffic to insert your own feed. The room, the wireless trafic does go through does not count as a node. (You have to delete the original feed and insert your own, that can not be done without killing the traffic in a node first).
| QUOTE |
5) Can I hack a camera directly and control the device itself or do I have to locate the node that the camera is subscribed to? |
By RAW, you would have to locate the node that the camera is subscribed to, or sniff the ID of the node. As this killing hacking I am house ruling, that the subsciption rule is not valid in my world and that every device can be hacked, even if subscribed to accept traffic only from one device. In my world, hacking in includes hacking through the subscription. Note that as a consequence, in my world, every device in a PAN can be hacked without accessing the comlink, if the device is not skinlinked and the hacker is or a relay host is near enough (3 meters).
| QUOTE |
6) If I can hack the camera, can I determine what node it's subscribed to? |
Yes, the information must be in the node. I would add this system information as a thing to be found out by a hacking+analyze (matrix perception) test.
| QUOTE |
7) If I have to hack the camera, since it's a "simple" device would I need to hack it as an admin account? |
Yes.
| QUOTE |
| When hacking nodes/devices, is it safe to assume that the controlling "system" part would have differnt account types (peronal, security, admin) and that the devices it controls (maglocks, cameras, sensors, etc) would only have admin accounts (SR4 mentioned devices have no use for other account types)? |
Yes.
| QUOTE |
9) If I've taken control on a device like a camera and modified it to loop a video feed how would you handle the system locating the change? |
As you would have to have an admin account (and have the rights to do everything), you can loop the device with a simple computer+edit action.
I would not allow the system itself to note the change. Something that is analyzing the feed itself (hacker, AI, . . .) had to notice the loop.
On the other hand, if you hacked into the ndoe that was controlling all the cameras, with user access, and you wanted to loop one camera, you would have to make a hacking+edit opposed test vs. system+firewall (as you do not have the user rights to loop the feed). Depending on the result, the GM can rule that you screw up instantly or how long it takes for the system to find out (if at all).
| QUOTE |
| 1) While scanning for wireless nodes (cameras, motion sensors, etc) what can be done to determine what those devices might be? |
Wireless nodes give away their possition and identity by default when in active mode. You can tell by the way arrows work. With hidden nodes it's different, as the information active nodes give away is given willingly. Locations of hidden nodes are only determined to within 50 meters, as you are not given it's exact location but must use triangulation as far as I can tell (Track p 219). Identity may be guessed from intercepting and eavesdroping on wireless signals from the node, or you can hack the node to find out more about it.
| QUOTE |
| 2) When attempting to locate and hack a target system can I hack a device "down the line" like a toaster, and follow the subscription trail back to the target system or do I need to find and hack the target system some other way? |
There needs to be information about the Access ID's that are subscribed in the device down the line. However, you can't actually hack a subscribed node in a network without being able to spoof the right Access ID anyway.
What you can do, in my opinion, is to preform a Track action on the subscribed node to find it's parent node, and if you succeed you may hack it and go through that, or use the information gathered from the Track action (the correct Access ID that is) to spoof your way past the subscription problem and hack the subscribed node directly.
| QUOTE |
| 3) Would a reasonable assumption to be that Security type devices/networks to be hidden or passive, while commonplace devices/networks to be active? |
I think so, yes.
| QUOTE |
| 4) If I want to "block out" a camera i've discovered what's involved? Can I simply sniff for the the traffic and insert my own feed? |
Using Electronic Warfare, you can only eavesdrop, copy, record or forward signals. To edit the signal you need to be present in a node somewere in the signal's path (Intercept Traffic p 224).
| QUOTE |
| 5) Can I hack a camera directly and control the device itself or do I have to locate the node that the camera is subscribed to? |
The rule about subscription is that you may not access a subscribed node unless your Access ID corresponds with the one on the node's subscription list. But ID's can be spoofed, only the rules only speak of forging a random Access ID. I say that if you know exactly what you're trying to imitate, you can forge an exsisting ID too. If you do that, the subscription doesn't matter and you can go about hacking in as normal. To find out the ID you want, you can use the Track action as it's very specificly stated that you get a nodes Access ID that way (p 219).
| QUOTE |
| 6) If I can hack the camera, can I determine what node it's subscribed to? |
As I stated before, it's my opinion that this should be done before you hack the camera using the Track action.
| QUOTE |
| 7) If I have to hack the camera, since it's a "simple" device would I need to hack it as an admin account? |
Yes.
| QUOTE |
| When hacking nodes/devices, is it safe to assume that the controlling "system" part would have differnt account types (peronal, security, admin) and that the devices it controls (maglocks, cameras, sensors, etc) would only have admin accounts (SR4 mentioned devices have no use for other account types)? |
Yeah.
| QUOTE |
| 9) If I've taken control on a device like a camera and modified it to loop a video feed how would you handle the system locating the change? |
The same way you would handle somebody exchanging a guard for a disguised runner or something. The system's actions are not as regulated as in previous matrix rules. How the system reacts is up to the GM. Have IC and security hackers make rounds and do a few Matrix Perception tests now and then.
If someone hacked in with admin or security status and incerted a video loop, I may have required the system to have IC specificly programed to look for anomalies even from these user's interventions, in order for some kind of alarm to go off. Security hackers could off course notice something's up either way. But it's just as much up to the GM as any physical intrution would be, really.
| QUOTE (Serbitar) |
| By RAW, you would have to locate the node that the camera is subscribed to, or sniff the ID of the node. As this killing hacking I am house ruling, that the subsciption rule is not valid in my world and that every device can be hacked, even if subscribed to accept traffic only from one device. In my world, hacking in includes hacking through the subscription. Note that as a consequence, in my world, every device in a PAN can be hacked without accessing the comlink, if the device is not skinlinked and the hacker is or a relay host is near enough (3 meters). |
the subscription rule is for active subscriptions, actually. there can be any number of inactive subscriptions, it's only active subscriptions that count.
| QUOTE (mintcar) | ||
... What you can do, in my opinion, is to preform a Track action on the subscribed node to find it's parent node, and if you succeed you may hack it and go through that, or use the information gathered from the Track action (the correct Access ID that is) to spoof your way past the subscription problem and hack the subscribed node directly. |
Bingo, this is how I play it as well. First they Detect the signal, Decrypt it (if necessary, and it usually is), then they try and Hack the device (eg. Camera). After the first roll I tell them, "ACCESS DENIED. Invalid Access ID." After that they need an Intercept test to grab the outbound trafic, then a Track test to "ride" it back to its source. Now that they have the Access ID they can use a Spoof to Hack into the target device. However, using this method I make them roll a Spoof before every action they perform. If the Hack the source node first, then they can command or control directly any of the linked devices without the Spoof action.
| QUOTE (Serbitar) |
| Further interpretation:I would allow the hacker to disguise as a data packet by spoofing an ID and beeing "relayed" by several relay nodes to a target system. (hacking+spoof test by the hacker, every node that relays can make system+firewall to defend). Note that you do not get access to relaying hosts and that you still ahve to hack into the target host. If a relaying node detects you wiht system+firewall, you have the option to hack this node on the fly and be in that node, or to return to your original node, where relaying started. |
Very interesting. This is something that could be built on. Essentially if the Hacker was "disguised" as a data packet they could arrive in the source host "for free" but would have very limited access upon arrival. This is a very interesting idea.
| QUOTE (mdynna) | ||||
Bingo, this is how I play it as well. First they Detect the signal, Decrypt it (if necessary, and it usually is), then they try and Hack the device (eg. Camera). After the first roll I tell them, "ACCESS DENIED. Invalid Access ID." After that they need an Intercept test to grab the outbound trafic, then a Track test to "ride" it back to its source. Now that they have the Access ID they can use a Spoof to Hack into the target device. However, using this method I make them roll a Spoof before every action they perform. If the Hack the source node first, then they can command or control directly any of the linked devices without the Spoof action. |
I would use a regular Matrix Perception test instead of that Intercept test. I may also forget about that test altogether unless the camera is running a Stealth program.
| QUOTE | ||
Wireless nodes give away their possition and identity by default when in active mode. You can tell by the way arrows work. With hidden nodes it's different, as the information active nodes give away is given willingly. Locations of hidden nodes are only determined to within 50 meters, as you are not given it's exact location but must use triangulation as far as I can tell (Track p 219). Identity may be guessed from intercepting and eavesdroping on wireless signals from the node, or you can hack the node to find out more about it. |
About finding out info I just read the text on Matrix Perception tests again, and I found you can get one piece of info per hit about a host (or anything else present in the matrix that your persona can see) by just doing one of those.
And while you may not know the exact physical location of the node just from scanning it, you do have it in view in the matrix that way.
Thanks everyone! Your responses help. I'll work on a summary based on the ideas you've all presented so far and re-post them soon.
Here's a follow-up question:
In AR when your commlink scans for new nodes (as per my question #1) I can see the overlay in your vision showing nodes, but what about in VR? Since you've replaced AR with VR, physical location of nodes is meaningless there.
Would possible nodes/networks just show up on a list perhaps? Maybe some iconography would be possible, but the physical VR layout doubtfully matches the reality of a real node-scan.
Thanks,
~GTT
Here's a follow-up question:
In AR when your commlink scans for new nodes (as per my question #1) I can see the overlay in your vision showing nodes, but what about in VR? Since you've replaced AR with VR, physical location of nodes is meaningless there.
Would possible nodes/networks just show up on a list perhaps? Maybe some iconography would be possible, but the physical VR layout doubtfully matches the reality of a real node-scan.
Thanks,
~GTT
I have a question on running VR HOT. When you get that +2 bonus dose it count towards your attacks as well
Would you be rolling
Cybercombat+attack program+2
or is only for other hacking tests?
Would you be rolling
Cybercombat+attack program+2
or is only for other hacking tests?
| QUOTE (Goliath) |
| I have a question on running VR HOT. When you get that +2 bonus dose it count towards your attacks as well Would you be rolling Cybercombat+attack program+2 or is only for other hacking tests? |
I belive the +2 applies to any test in VR-HOT mode.
Hot sim in full VR grants a +2 bonus to all Matrix tests (per p. 229 of your hymnal). Matrix actions are listed in the black sidebar on page 219, and include making an attack.
| QUOTE (GrinderTheTroll) |
| Thanks everyone! Your responses help. I'll work on a summary based on the ideas you've all presented so far and re-post them soon. Here's a follow-up question: In AR when your commlink scans for new nodes (as per my question #1) I can see the overlay in your vision showing nodes, but what about in VR? Since you've replaced AR with VR, physical location of nodes is meaningless there. Would possible nodes/networks just show up on a list perhaps? Maybe some iconography would be possible, but the physical VR layout doubtfully matches the reality of a real node-scan. Thanks, ~GTT |
I envision nodes showing up as a list, or a box of icons or something similar when you scan for them. It's not nodes that overlay your visual in AR either—it's arrows. If the nodes are running hidden they are not displaying any arrows. At least that's my take on it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.