Here is a documet I produced some month ago as my version of answers to Bulls hacking FAQ.
At the moment I am compiling my SGM v 1.0 out of it, but maybe somebody finds it usefull in this state (with lots of typos and stuff).

Getting things together
- consistent matrix rules example
(not standalone, but rely on existing SR4 rules, introducable as FAQ
or errata)

Guidelines:
I.) Everything that is not allowed is disallowed.
Explanation: This is needed to prevent the 1001 tricks out there you
can do with computers. All these tricks should already be covered in
some rating. For example, you can not get better security by saying:
My node is sounding an alarm every time a persona enters it that does
not look like X. Such things are already included in the firewall
rating and in the stealth programme. This prevents people from having
to learn real life computer mechanics to get an edge and keeps things
fair and simple.
II.) There are only three kinds of constructs in the Matrix: nodes,
personae/agents, and data. Everything else falls into one of these
categories. Members of one category only differ by their ratings and
programmes (for example devices, comlinks, full blown matrix hosts and
sucha re all nodes but differ in their response rating).


Basic Concepts:

A.) Everybody in a node is using an account with certain rights (even
a hacker is using a perfectly valid account, which he got through
hacking in). The admin account has unlimited rights. A matrix action
that is allowed byaccount rights is a legal action, one that is not
allowed is an illegal action. What is allowed or for standard or
security accounts is different from node to node as the administrator
can define what is the case.
B.) To perform a certain matrix action a programme is needed. There is
always a programme that should be appropriate.
C.) To determine the outcome of a legal action, the player rolls
Computer (sometimes Data Search or even Electronic Warfare) +
Programme Rating test, or extended test. The number of hits determine
the quality of the test per SR4 standard rules.
D.) To determine the outcome of an illegal action, roll Hacking +
Programme vs System + Firewall test or extended test. Determine the
outcome per SR4 standard rules. The node is collecting the net hits of
all hacking tests. Once it exceeds the hackers stealth programme
rating, the hacker is found to perform illegal actions and the node
will take actions (as defined by the owner of the node)
E.) Personae and Agents can only act against other Personae/Agents
that hey found via matrix perception or that have taken any action
against them (which automatically reveals a stealthed Persona/Agent to
the affected Persona/Agent).
F.) Actions directed against another construct are determined by
rolling an opposed test using the relevant skill for the action + the
relevant programme for the action vs the relevant skill of the
defensive action (if any) + the relative programme for the defensive
action (if any).

This should cover 80% of all possible situations without any extra rules.

Explanations:
Note that some actions are so easy, that the test can be skipped (like
loading or unloading programmes, uploading agentsand so on) if they
aredone legaly.
Note that even if an action was so easy, the test was skipped using an
account that covers the action, it still needs a test when performing
the action illegaly.

Clarifications and/or Errata:

1.) Node ratings (Not explicitly contradicting SR4, as System and
Firewall are not "real" programmes.)
All node ratings are indepedent and do not restrict each other.

Response only determines how many programmes can run.
System only determines the maximum ratings of the programmes to run
and node consistency checks concerning hack attacks.
Firewall only determines the chek routines concerning hack attacks.
Signal only determines the radio capacities.

We can have very slow systems that check the incoming data extremely
well and have well programmed OSs. The slowness of the system only
means that it can not run a huge number of programms. But its
perfectly well to have credsticks with ratings: (Firewall, Response,
Signal, System) 6/1/1/6.

Fixes:
- Credsticks that are faster than 95% of all comlinks.
Jackets/Trousers/Shoes/Weapons that are as fast as an average comlink.
You get security without needing to ahe processing power. You do not
ahve to define a seperate device node.
- Spiral of Death (high proramme loads reduce response, that leads to
a higher programme load, that reduces reposnse . . .)

1.b) Response Degradation (Clarification)
A node can run PresonseRating-1 programmes without losing Response.
Every multiple of ResponseRating programmes the Response is lowered by
one. A comlink with Response 5 running 14 programmes would have an
effective Response of 3. If the response rating would drop to 0, the
node (and programmes, like Agents and Personae running on it) can only
act every X passes, where X is the response degradation below 1 plus
1. A Response 1 comlink, running 2 programmes could only act every 3rd
IP pass.

2.) Scanning IC (clarification)
By performing a successfull matrix perception test, one can find out
what another Personae/Agent is doing at the moment. This is the way
how scanning IC is working. Roll a matrix perception test, for every
IC that is aware of the hacker (already succeeded in a matrix
eprception test after the hack in to notice he is there) when a hacker
is performing an illegal action. A successfull test will inform the
node that a hacker is in and the node can take actions.
When more then one matrix construct is scanning another matrix
construct, dice pool modifiers apply. This is out of balancing. Enter fluff
reason here.


3.) Subscription rule (Contradiction)
The subscription rule is skipped.

Explanation: The subscription rule eiteher kills the wireless matrix
by mimiking wired connections. This is the case if one can not spoof
ones ID to circumvent subscription. If spoofing is allowed, it just
ads 4 rolls to the hack in test (intercept traffic, matrix perception,
spoof, detect spoof) without changin anything qualitatively. If one
wants to keep the subscription rule, better ad an additional treshold
when hacking in from a "disallowed" connection. Same reslut (more
complicated to hack in) but less dice rolling.

4.) Pilots and System (Contradiction)
Pilots are Agents runnning on the drones node. They have nothing to do
with the drones System rating (well they are of course, limited by the
nodes system rating).

5.) Encryption rules (Contradiction)
Totally messed up. At the moment, just another dice roll that means
nothing, as the encryption is always defeated in seconds.
Furthermore: The hacker should roll electronic warfare +decrypt due to
streamlining reasons, not response + decrypt.

Possible Solution:

Realtime Encryption (traffic)
Decrypt + Electronic Warfare (encryption
rating x 4, encryption rating combat turns)

File Encryption
Decrypt + Electronic Warfare (encryption
rating x 4, encryption rating hours)

Limited by "electronic warfare" +1 rolls (Note that SR4 only suggests
skillx2 rolls, but this is not restrictive enough. This si a general
problem of all extended tests and threshold values. They only make
sense when restricting to something like skill+1. Skillx2 for example
allows a 4/4 character to regularly get availability 21 items.)
Note that only data can be encrypted, not nodes or programmes or Personae.

6.) Hacking In (Contradiction)
The node should roll System + Firewall, not Fireall + Analyze. This is
due to streamlining reasons, and to not force the node to run another
programme . . .

7.) Rating 5/6 Agents using Rating 6/6 Comlinks. (Contradiction)
Agents should be capped at 4 (just like skillsoft and such). A rating
6 Agent on a 6/6 comlink is just as good as any hacker. No need for
hackers.

8.) Auto Reality Filter (Interpretation)
One automatically has the benefits of a reality filter in systems
where you can define the reality, like in your home node. Thus, Agents
get +1 rating (up to 5) in their home systems.

9.) Physical attributes in VR(Contradiction)
A VR construct does not have physical attributes. Thus a rigger can
not use agility or reaction for gunnery or vehicle testswhen jumped
in. He uses intuition instead.

10.) TMs and complex forms (Contradiction)
Complex forms are purchased like spells and work as programmes with a
rating of "Ressonance", limited by the TMs system value.

Explanation: Needed to balance TMs. A longer calculation can be provided.


FAQ Answers using these guidelines:

(New Rule) Means, that a new rule is needed for this answer
(Contradiction) Means, that a new rule is needed that contradicts RAW
(New Interpretation) Means, that the rules are already able to produce
this answer as a pissible interpretation.
---
Q: Do IP augmentations affect AR actions!?!!?

A: No. Only one AR action may be taken at a time. (New Rule)
Explanation: From fluff and feel AR should be slower than VR. This is
not for balancing reasons.
---
Q: does a reduction in response from running more programs then the system
rating allso result in a reduction in system?
A: No. Degradation in Response only affects the Response attribute. (New
Interpretation)
Explanation: To avaoid the spiral of death this has to work that way. I
would even go as far and allow System and Firewall higher than Response to
make things like Credsticks with high security and relatively low
processing power possible (New Rule). At the moment a Credstick has the
same processing power as a super mainframe.
---
Q: Can one Edit the wireless signal between a Rigger and his Drones to
input completely different commands?
A: No, you can only edit "content" traffic, like text, voice, video...
(New Interpretation)
Explanation: Balancing reasons. This would make hacking unnecessary.
---
Q: After hacking a Drone, does one have to subcribe the Drone to his
commlink before he issues commands or "jumps in"?
A: You automatically are subscribed to the node you are in. (New
Interpretation)
---
Q: Can Agents load Agents and thus spawn the overwhelming hordes?
A: Yes, but you need the proper rights to upload an agent, (New
Interpreatation), if you do not have them, uploading an agent is a
Hacking+edit vs System+Firewall test (New Rule).
---
Q: Does an Agent loaded into a node count as a program running on that
node for purposes of Response reduction?
A: Yes.
---
Q: "When you are directly interacting with a device, using Hacking skill
+ Logic. If you are utilizing a program, make tests using Hacking Skill +
program rating"

This seems to suggest that programs may be optional (hence the "if", not
"when"), and also suggests that a Hacker can directly interact with a
device (another commlink, a remote host, a drone, etc.) using only hacking
+ logic. Is this the intended interpetation of the rules, or, as I have
heard on this board, is it impossible to do any hacking without using
programs? In SR3, I remember programs being supplemental (and very
important) to intellect, not a replacement.

A: Every matrix action needs a programme. (Contradiction)
---
Q: Do Technomancers still need a commlink for everyday stuff?
A: No, they can do everything with their living persona. (New
Interpretation)
---
Q: Do Technomancers need i.e. contact lenses or cybereyes to use
smartlinked guns? Which leads to...
A: No, their brain works as an integrated simmodule. (New Interpretation)
---
Q: How do Technomancers percieve AR? Inner eye? Intuition? Like Neo in the
Matrix movies?
A: Just like everybody else with a sim module. (New Interpretation)
Optional: They just "know" the information presented, just like aguy with
knowsoft just "knows" things.(New Interpretation)
---
Q: Does a jumped-in rigger use agility for gunnery tests?
A: No, once in VR a rigger uses intuition instead of reaction and agility.
(New Rule)
---
Q: Is one able to circumvent the subscription rule by spoofing your ID?
A: The subscription rule is there only for fluff reasons and is
automatically circumvented by hacking in. (Contradiction)
Explanation: The rule just adds another test that does nothing. Not good
for streamlining and fast rules.
Optional: Yes. (New Interpretation)
---
Q: Is an alarm only triggered by glitches after you successfully hack in?
If not, by what else?
A: No, scanning IC and losing in hacking tests while performing an action
(hacking+programm vs system+firewall) can trigger alarms. (New Rule)
---
A: How does patrolling IC work? How do they find out you are an intruder?
Q: Everytime an illegal action is performed, scanning IC can perform a
matrix perception test. If it succeeds, an alert is triggered. (New Rule)
---
Q: Is a sim module inlcuded in a cranial comlink? (no in 3rd print, yes in
1.3 pdf)
A: No.
---
Q: Does lowered response affect system and thus programme ratings, or is
the lowered rating only used for rolls where response is involved directly
(for example matrix reaction) ?
A: No, it only affects response. See above.
---
Q: Do all the programmes loaded into an agent affect the response of your
comlink if the comlink is running the agent?
A: No, concerning response, only the agent counts. The other programmes
are supposed to be managed by the agent, properly. (New Interpretation)
---
Q: Do I have to hack 5 comlinks if they are all chained together in a
subscription line, to get to the comlink at the end of the line?
(ie. A-B-C-D-E the hypen meaning a subscription to aonly accept traffic
>from that node)
A: No, one can spoof ones way past the relay hosts, this will be
covered in Unwired. (New Rule)
---
Q: Can I change system settings (Accounts, subscription lists) of a node
by inserting false traffic into the traffic to that node?
A: No, see above.
---
Q: Does the admin account have any restrictions?
A: No.
---
Q: Can I still be identificated by the system as a hacker once I hacked in
as an admin? If yes, how?
A: No, only by outside sources (security hackers). (New interpretation)
Explanation: Once logged in as an admin, the system has no way to flag you
as a hacker, as everything an admin does is allowed.
---
Q: Can I fight a matrix fight in one node and let my icon be repaired by
an agent in another node? If not, what are the restrictions?
A: You can not repaired by other agents or personae. (New Rule)
Explanation: Balancing Reasons.
---
Q: What exactly does the Command software do? If it's used with drones,
when is it used and how?
A: No idea at the moment, have to think about it.
---
Q: Can an agent/pilot program be given a Computer skill program to help
with/automate the programming process of new hacking programs?
A: No, an agent can not be "creative".
---
Q: Are there any situations where the opposed test for running a Reality
Filter is not actually required? (i.e. when running it while performing
tasks on your own commlink)
A: Yes, but you automatically gain the benefit when you are in systems
where you can determine the sculptured reality, like your comlink. (New
Rule)
Explanation: This could give IC and others an edge, by giving them +1
Response in their home systems. Would help to balance the Agent cap at 4
(see below).
---
Q: Is it possible to modify a Sim Module to disable the emotive tracks of
simsense, or is feeding your AR/VR through the various *-Link implants
(Image Link, Sound Link, Touch Link...) instead of using a sim module the
only way to avoid simsense-induced emotion?
A: It is possible to modify it. (New Interpretation)
---
Q: What are the benefits of having a system use Linked Passcodes or
Passkeys over Basic Passcodes? The rules for Hacking on the Fly and for
Probing the Target don't seem to care what type is used.
A: There is no difference other than the user does not have to remember
linked passcodes. (New Interpretation)
---
Q: Can a Matrix Perception Test tell the difference between a user who
logged in using a Linked Passcode / Passkey, and a user logged in under an
account that doesn't have a Linked Passcode / Passkey because their
account is a backdoor created using the Probing the Target method?
A: No. A person that hacked in has perfectly legal acces rights with the
account chosen at hack in time. (New Interpretation)
---
Q: What exactly does it mean to encrypt a device? A signal?
A: Encrypting a device means, that the encryption software is running and
traffic to and from the device is encrypted. Furthermore,files on the
device can be encrypted. An encrypted singal has to be decrytped before it
can be (rules wise) intercepted. Only data can be encrypted.
---
Q: When using Edit to manipulate data in real time (video feeds, etc.) are
there any guidelines for what the program is and isn't capable of?
A: In general, modern programmes are very powerful. (make example list
here)
---
Q: A node on Alert gains a Firewall bonus against the intruder who
triggered the alert. However, under both types of breaking-in scenarios
(Hacking on the Fly, Probing the Target), it is possible to trigger an
Alert and fail your break-in attempt at the same time. Can a Node identify
a specific intruder even when they fail to break in? In other words, if an
intruder attempts to break in, fails and triggers an alert, does the
Firewall get the Alert bonus if they try a second time to break in?
A: The node uses the Access ID to flag the user (and gain the firewall
bonus) even when he fails to break in. Once the user changes its Access
ID, it will not be affected by the flagging anymore. (New Interpretation)
---
Q: When exactly is the Data Bomb program considered to be running?
A: In contrast to encryption, the data bomb programme must only be running
to "apply" the data bomb. (New Interpretation)
---
Q: What determines whether a character is a Hacker or not, for the
purposes of awarding points for Simsense Vertigo?
A: As a guidline, somebody is a hacker if he spent more than 50k in
software.
---
Q: A Technomancer's organic wireless link allows them manipulate EM fields
to be able to receive and broadcast a wireless signal. Does it also allow
them to manipulate the electrical field on the surface of their skin,
thereby letting them communicate directly with skinlinked devices without
any additional hardware?
A: Yes.
Explanation: Balancing reasons.
---
Q: What happens when Response drops to 0 as a result of running too many
programs? Does the device simply refuse to run any more programs?
A: A device always runs on at least a response of 1. Instead, the comlinks
programmes can only acte every second pass if the response was to drop to
0, every thrid pass if it was to drop to -1 and so on. (New Rule)
---
Q: On page 216, it notes: "Note that standard electronic devices only have
admin accounts, as there is no need for other accounts for their
software."

Q: Are commlinks standard electronic devices for this purpose? Could you
please give examples of other standard electronic devices?
A: No, a comlink is not a standard device for this purpose. Standard
devices
for this purpose are cameras, clothing, cyberware, optical chips . . .
---
Q: When sending an Agent of to perform a Datasearch, he jumps Nodes. As
his Response is defined by those, what dicepool does he have when
searching the entire Matrix?
A: Agents performing datasearch must be run on the comlink and can not be
uploaded. Thus, they use the respnse they get from their home comlink.
(New Rule)
Explanation: Streamlining, keep things simple. Insert fluff reson here.
---
Q: On page 216, it notes: "Note that standard electronic devices only have
admin accounts, as there is no need for other accounts for their
software."

When attempting to break in to a standard electronic device (whether using
Hacking on the Fly or Probing the Target) do you automatically fail if you
attempt to gain User-Level or Security-Level access?

A: Yes. And no alert is triggered. (New Interpretation)
---
Q: Why are drones and devices treated differently?
A: They are not.
---
Q: Can I hack an opponent's cybereyes and guns? Do they count as standard
devices? If so, is it necessary to install ICE or unplug these devices?
How would I do so?
A: Yes. Yes. Yes. Treat the devices as normal nodes and install Agents on
them. Furthermore skinlink them, so an attacker has to go through your
comlink to reach them.
---
Q: Can Agents perform or assist in Teamwork tests?
A: No, not with the standard software. There might be a programm for this
in Unwired.
---
Q: Is it possible to insert a Pilot as the OS of a commlink and/or device?
A: No, Pilots are agents, not operating systems. (Partly Contradiction)
---
Q: If the above is possible could a Pilot Commlink hack for itself (with
adequate instructions)
A: An Agent on a comlink can act as a "hacker in a box", yes.
Explanation: Need to cap agents at 4! A rating 6 agent with rating 6
programms makes hackers mostly unnecessary.
---
Q: Does "flavour" programs like Wallspace, Virtual Person etc affect
Response?
A: Yes, but you can pack them up in an agent. (New Interpretation)
---
Q: How many "pre-set" commands can I give a Pilot? Could I limit what
kinds of orders it is allowed to receive, what language they have to be in
for example?
A: Yes, but anybody with an admin account can change that. (New
Interpretation)
---
Q: How many standing orders can I have for an agent? Can it doublecheck
orders from a controlling persona for a drone to prevent spoofing?
A: This depends on the rating of the agent. YOu can not circumvent
spoofing by "tricks" as they are already covered in the abstrackt firewall
rules.
Explanation: This is important!
---
Q: Can Agents use medic on each other or the hacker?
A: No, see above.
---
Q: For agents to affect each others with programs (medic for example) do
they have to be in the same node.
A: Yes. (New Interpretation)
---
Q: What happens to a Commlink with Response 1 who runs 1 program - Does it
shut down?
A: No, See above.
---
Q: Can vehicles perform Jamming with their Electronic Warfare Autosoft
alone or do they need some kind of hardware?
A: They need a jammer.
---
Q: Are all Drones classed with average matrix attributes of 3 or does (for
example) the Steel Lynx classifies as a "Security vehicle" and then have
Matrix Attributes of 4?
A: All have 3.
---
Q: How do drones, nodes, agents and autosoft fit together?
Is a drone a node that is running an agent (the pilot programme) of rating
3 that is in return running the autosoft?
A: A drone is a node (with response, system firewall, signal) running a
pilot/agent that in turn uses autosoft. (New Interpretation)
--
Q: What happens if the agent is running more than two autosofts?
A: If it is a rating 3 agent, the response drops. See above what that
means. (New Interpretation)
---
Q: Are the encryption rules meant to be that way?
(A moderate hacker, everything rating 3, can hack the best available
encryption in 18 seconds.)
A: Change the threshold to (4xrating, rating tuns) for real time
decryption of traffic and (4x rating, rating hours) for file decryption.
Use the optinal rules that limit extended tests to skill+1 roll.
(Contradiction)
---
Q: Do you need a rigger control to jump into a vehicle?
A: No.
---
Q: Can agents load and unload new programmes?
A: Yes.
---
Q: Isnt a rating 6 agent running on his own comlink better or equal to
most maxed hackers. What stops anybody (especially runners) from just
letting rating 6 agents do all the work?
A: Agents are capped at 4 now. Only AIs and others can have 5+
(Contradiction)
---
Q: Because of the differences in how a Technomancer's Living Persona's
ratings are generated compared to a normal Commlink, is a Technomancers'
System rating limited by their Response rating? It doesn't seem that
Technomancers' forms affect their Response, so would the Response still
affect the rating of System?
A: Technomancers System is limited by its Response. Complex forms do
not affect Response. (New Interpretation)
---
Q: Put hopefully more simply: Is a technomancers System rating the lowest
of (Resonance or Logic), or is it the lowest of (Resonance or Logic or
Intuition)?
A: The former.
---
Q: Do Technomancers have a "living node" that houses their persona? If so,
can it be hacked by others? If so, can a hacker screw up the
Technomancer's normal neurological functions?
A: A technomancer only has a living persona, no living node that can be
hacked. (New Interpretation)
---
Q: Could you clarify the game-mechanics effect of subscripting a device to
only accept input from another device (say, a drone to the rigger's
commlink)? Is this simply fluff text, or does it make the peripheral
device completely unhackable except through the master device?
A: it is only fluff text (see above). (Contradiction)
Optional: It makes a spoof test necessary. (see above)
---
Q: Do drones need to remain within Signal range of their rigger, or can
they be remotely rigged via Matrix coverage?
A: They can be rigged remotely if wireless access via matrix is availible.
(New Interpretation)
---
Q: When crack sprites trigger an alarm it is suppressed for several turns
- if in the meantime the sprite hacks in, can the alarm be disabled?
A: Yes. (New Interpretation)
---
Q: When you trigger an alert, will security automatically spot you, or do
they still need to succeed in an opposed matrix perception test?
A: They automatically spot you as they got your Access ID when you
triggered the alarm. (New Interpretation)
---
Q: Matrix Condition Monitors (SR4 p. 231) are defined as using
8+(System/2) to calculate the number of boxes. But what about sprites? Is
the MCM for a sprite determined by the node it currently resides in? Does
it use the System of the living persona of the technomancer that summoned
it, or should you use either the Rating or Response of the sprite? Should
you use the highest value of any of the attributes (Response, Firewall)
that can be higher than Rating?
A: It is rating/2 +8 (New Interpretation)
---
Q: Can sprites be detected in a node?
A: Yes just as every other persona, agent, IC. (New Interpretation)
---
Q: How do they avoid being noticed?
A: By using stealth programmes, or if the TM has the rights to use agents
in that node. (New Interpretation)
---
Q: Do they need an account to avoid being flagged as an intruder?
A: If they are on themselves, yes. Or have a stealth programme. (New
Interpretation)
---
Q: Do they have to be inthe node with the TM to aid the TM ?
A: Yes. (New Interpretation)
---
Q: In one of the Shadowrun Missions (Best Served Cold I think) the runners
get pinged by a security drone to check their commlinks. Does this mean
that if you have LOS on a person you can automatically ping them to
determine what mode their commlink is in without having to use Scan to
check all nodes?
A: No, you have to find the node first. (New Interpretation)
---
Q: Can Crack sprites hack a system for a TM and pass along the back door
to him?
A: Yes.
---
Q: Since System and Firewall are programs is it possible to encrypt them?
Specifically can a TM use a courier sprite at rating 1 to prevent the
system from communicating with the firewall?
A: No. Only data can be encrypted.
---
Q: If a character implants a simrig, full arms, legs, torso, skull, and
builds a neck brace could he be rigged like an anthroform drone?
A: No. You still need skillwires for that, augmentation will cover
that. (New Interpretation)
---
Q: Can spirits and critters (i.e. dragons) use AR?
A: Dragons yes, Spirits, no.

I know this is something of an old thread by now, but when it was posted, I didn't really have time to read it too closely, and there were a few comments I wanted to make about various points.

Ok, I get your point on the specific device rating. But I dont like that. Either something has a program or not, either something has a rating or not. Thats what ratings are for, to judge its capabilities.

Concerning the alarm thing:
I think an alarm is the end of a run.
As soon as a hack alarm in a security camera or any other such device goes off, the hot phase begins. It is not merely hacking in with another ID, thats useless, the sneak phase is over.
To me hacking is all about secrecy and not being noticed, thats why I do not want to force hackers the high risk of hacking into everything with admin rights by default.

Most likely though, his eyes will be in hidden mode, so you would have to be within 3m to even pick up the base signal. No base signal means no commcode, which means no jumping from another node to it.

Cyberware is pretty hard to hack no matter any way you put it. It doesnt even have to be slaved to anything except the DNI.

Face it, most of the time you are better off going after their guns, since they are usually connected to the commlink for smartlink computations.

Face it, most of the time you are better off going after the truck going by and drive the opponent over .

Hell, I hear that if you have a strong enough signal, you can call in orbital space cow support.

Serbitar:
"The whole spoofing access ID thing is very difficult. How would the packets from the node you are interacting with reach you if you gave him a wrong IP?"

The node doesn't know you gave them the wrong IP because you spoofed it. When you spoof your AID your machine is now set to respond to all requests to that AID. Meaning any communication received on the spoofed AID is given to you because it is either setup as your AID(temporarily, as far as the node knows), or you have made it so all traffic to that spoofed AID is being forward to you. You might even be communicating to that spoofed AID by proxy, tunneling, or shelling.

It is also possible that the hacker is just manipulating the packets to a point to where the node only thinks the address is different. Maybe he snuck in a trojan horse that changes the address on all the packets that are received from his IP address. Then, when they are sent back out the trojan horse sends them to his correct IP.

There are many viable way this could be done in real world terms, let alone in terms of the game, which isn't very real at all.

OK, what the hell is then the benefit of spoofing your access ID if it behaves like your real access ID?

(BTW: Your trojan horse thing does not work. Spoofing has to be a passive action as it is effecting not only one target but every matrix construct you will encounter.)

It isnt real to the node you are spoofing it too. They still see the spoofed AID, you of course, see the real one. Think of the spoofed AID as an intermediary between you and the node. The only way the node speaks to you is through the spoofed AID, and the only thing it sees is the spoofed AID.

You are not spoofing access IDs to different nodes, you are spoofing your overall ID to everybody (at least according to RAW).

But still, what is the benefit?

the access id sounds more like some kind of mac address then a ip address...

or not even that, but some kind of TPM number thats attached to every transmission for identification, rather then being protocol related.

so for a hacker it would be like having several fake SINs at hand. when targeting a dangerous target, you would spoof your ID, cutting off all other communication at the same time.

that way you do not connect your every day ID to the attack.

most likely when getting a legal comlink, the ID number is connected to the SIN. by using a random or stolen ID in the spoof you can frame someone for the attack

Spoofing your ID to make you look like somebody else would only work if everything had very fixed IDs.

I really dont like that, I am more into dynamic IDs ( to give runners at least a chance of security and privacy).

Yeah, in the end it looks like I ended up agreeing with you on the spoofing on active alert part. What is this about dynamic IDs? Isn't the AID rather fixed when the ISP assigns it to you. AIDs seem to mirror SINs a whole lot. The only way to get a different AID is to spoof it, get a different ISP, request a new AID from the ISP, or use an anonymizer service. I would think just by default AIDs are very fixed in that sense. What is your view of them; in what ways are they more dynamic?

EDIT: Two more questions. Doesn't spoofing allow for all the security and privacy a shadowrunner could ever need? Couldn't they also use one of the anonymizer services it talks about on PG. 214?

spoof allows for dynamic IDs, in that you can assign yourself a temporary ID thats not connected to your SIN for the time being.

and unless a hacker left the node thats on active alert spoofing the ID would not help a bit as it would still be the same persona, and the system would most likely draw the conclusion that therefor its the same person.

both of you seems to work under the assumption that the access ID is the same as a real life IP address.

given how entertainingly simple it is to have a random ip at this day and age (if your using a laptop with a wifi connection, and "borrow" net access from open access points, your assigned a new one each time) it would make for a horribly poor identification.

i find it more likely, and its described as it on the RAW even (p 216, "the datatrail", as a hardware identification. its a number or alphanumeric code burned into a chip in every device out there.

this number is then liked to the owners SIN on purchase.

so when spoofing the hacker is using a program to override this number with a software generated one. this is the exact same tactic that one can use to access real life wifi points that use MAC address (a alphanumeric number, in theory, unique to every network card) filtering.

basically you somehow get hold of a MAC address that the point will let in, and then override your cards hardware address using software.

im guessing that for a hacker to operate under a spoofed access ID for long he have some kind of call&mail forwarding set up with a fly-by-night service provider that don't care about access id when it comes to identifying a user.

or it could simply be that providers make it simple to (un)register new devices to existing accounts. so that you provide your (fake) SIN and other required info, tell them the new device and your off.

hmm, now that i think about it, given that the wireless matrix is a mesh network, the datatrail can become very convulsed very fast as every packet of data have a new trail its not like the old hardwired matrix where every new switching point had a fixed location...

still, at some point one will hit fixed points. and using the data from those one can get a fairly accurate location within the overlapping area.

About the hacking devices with admin accounts only thing: Think of it as when you log in to a router to change it's IP adress, or something. It has a very limited set of funktions compaired to a computer, and it always requests admin passwords upon login. There simply is no other way to manage the device. The normal users will never log in to the device at all, it'll just be there doing it's job. And by that example, there would be no alert if somebody tried to log in with a normal account as there's no such thing.