I've got a technomancer in my game and he's basically been able to hack just about everything so far without being touched. It's rather annoying for me since I like to be able to get the PCs in danger sometimes and I don't know about him but I'd personally not be enjoying being so untouchable without risk.

There are a few things that I'd like to check we're playing correctly:

1) Hacking
He rolls (Hacking+Exploit) extended test until he has (System+Firewall) hits (normally 10-12 as they're fairly secure systems), with Hacking 4 and Exploit 7 (5+2 for the Codeslinger quality) = 11 Dice Pool so this normally takes 2-3 rolls and doesn't result in a glitch that I could use to get him.

When he enters the system or each time he attempts to hack while hacking on the fly it rolls (System+Firewall)(normally 10-12) on a target of his Stealth. With Stealth 4, normally threaded up to 8-10 this will almost never happen so he gets in undetected.

2) Detection
Once he's in, patrolling IC can check him out periodically and have a better chance of detecting him than the system did since it's an opposed test then but they still fail most of the time. Are there any guidelines on how often an IC would check an icon out? I don't like to do it too often since the IC would be checking every icon in the node and wouldn't come around to his stealthed persona all the time.
I haven't thought that a security hacker would be patrolling the node checking out randon icons incase they are stealthed hackers but would he notice that devices were being accessed and orders issued by an innocuous looking icon that he could then go and inspect?

2) Access Levels
If the technomancer has hacked himself Security or even Admin access (as he usually does since it's only an extra turn rolling dice) does he still need to make tests to lock maglocks, turn off cameras, alter the radio frequencies of a security squad so they can't communicate etc.... or can he just issue the orders as the system believes he is legitimate?

3) Complex Forms
A node can't run a program with a rating higher than it's System. Are the ratings of a technomancer's complex forms limited by the system of the node he is in or by his own System (which equals his Logic) or by neither? Can he exceed the rating he may be limited to by threading (up to resonance x 2 of course)?

Can a complex form be threaded and then further threaded to increase the rating again or if you wanted a better complex form would you have to discard the one you had already throeaded and then thread it again hoping for a better result?

4) Static
A couple of times he has hacked the security node of a building and then trasmitted a loud burst of static through the ear pieces of the security team. How big a distraction do you think this would be? I've been having my security guards roll Willpower against the number of hits he gets on an Edit roll and giving them a penalty for a turn if they fail. I think I might stop this though since they would probably have some kind of audio flare comp installed.

If he's threading stealth, remember he's at a -2 to the hacking test. Not much of a problem, but it is something. Also, remember that the threshold for Hacking on the Fly is only Firewall, while Probing the Target has a threshold of System + Firewall. Also, don't forget about the account access. If he wants security access add 3 to the threshold; administrative access is a +6.

When you're rolling to detect him, you roll Analyze + Firewall. Your information about made it look like you were rolling System + Firewall. Might be the same (in fact, probably is the same) but knowing the pools can help out a lot.




No, there are no guidelines for how often patrolling IC will check icons. I run it such that any use of the Hacking skill will trigger an Analyze. Based on the access level, sometimes the intruder can use Computer skills instead (since they're authorized to perform the action, for example, editing a file) and those don't trigger an analysis. Using the idea of the Security Tally from 3rd edition and from the Tweaking the Rules section of Unwired (p. 39), I give any intruder a threshold of Stealth * 2. When I accumulate that many hits, the system will assume that the icon is malicious in some capacity even if it can't quite tell exactly who or what it does. This would trigger an alert. Like above, Stealth can be threaded, but that involves a penalty to all other rolls, more or less. I've had a few TMs get caught when they drop their threaded Stealth and suddenly the system recognizes them!

The alert triggered above might signal a spider to log on and try and handle the intruder.



He can make orders that the system thinks is legitimate and I usually don't force rolls unless something would stop him. For example, turning on and off maglocks and cameras is probably fine. But, altering frequencies would not be as he'd have to control the individual commlinks on the guards in order to alter their frequencies. He might be able to broadcast public-address-style to all users of the system, but he can't mess with their stuff unless (a) he hacks them or (b) they're slaved to a system he has hacked.

Plus, remember that things which effect the physical world have consequences in that world. If you turn off a maglock, does the door unlock or remain locked? It might depend on the door. Doors into massive vaults of money or data or whatever might become impossible to open if their lock is disengaged. Or, if you start altering frequencies, a savvy guard (Intuition + Logic (2)) might realize that that's not supposed to happen and take appropraite measures (e.g., signalling an alert or contacting a spider).



The base rating of a Complex Form is limited by the TM's System Resonance attribute.



I don't allow it, no, but I'm not sure if it's explicitly disallowed in the books.



Does the security node of the building have access to the security ear pieces? If so, just have those ear pieces also include sound dampers. Then, even if he does send loud noises down the wire, the ear pieces on the other end simply reduce the volume to manageable levels. This, of course, isn't the least be subtle so the guards are likely to report the static and an investigation of some kind may take place. If he complains about the sound damper, he can hack everyone's ear pieces, I suppose

First, let me say, my GM faces the same problems with my TM. Paladin sprites, can I tell you how much I love those? Anyway. He's come up with a variety of ways to stymie my TM...

Probing the target (System+Firewall, 1 hr (VR)/24 hrs (AR)) is pretty much guarenteed that any hacker can get in. So, spice things up. Make systems where he needs to be on-site to hack, and in those places, a lot of times, they get pretty suspicious if there's an 'unconcious' person laying in the corp hallway/office/broomcloset for 3 - 4 hrs... Or throw things at him that need to be hacked RIGHT NOW.

Also, remember that if he's threading Stealth past his Resonance, it's Physical damage from fading. Can he really soak the fading for 4 - 6 hits? And he'll have a -2 to all actions while sustaining the threaded Stealth... including physical actions, like, oh, dodging that bullet.



Access logs are your friend. Every action is logged. Security personel can just review the logs for suspicious activity. Security spiders will know if another Admin user logs on. IC can be programmed to analyse every persona on the system, and to analyze every new persona that logs on... That's 3 per combat turn, or 1 per second. Why not have them analyze everyone, all the time? That's their job; if they are scripted to analyze users, that's all they do (until they hit the next step on the script, like if a user isn't legitimate). If there are 60 users active on the system, then each user gets Analyzed once per minute. See the sample script in Unwired...




An Admin should be able to execute most functions on a system without further tests. Mind you, if he's using Probing the Target to get in, this is likely an additional hour - 2 hours work (see above for ways around that). Well designed systems are likely to have some safety measures in place; ie, no disconnecting admin users (or the security spider), rebooting requires pushing a physical button or pulling a physical plug in the security office, etc.

But, yes, a TM should be going for Admin all the time. They can do it with little effort.



Complex forms run independent of a node. The TMs complex forms are not limited by his own system. The only limit is the Resonancex2.



You can only thread a form once. You can choose to discard all the hits and re-thread it, over and over and over again. Note that out-of-game, this tends to get the player heavily bruised by the other players who lose patience with the TM player's constant dice rolling. As a GM, it is totally your right to tell the player, 1 roll, that's it, to save his own popularity.



p. 208, SR4, AR Modifiers sidebar. Gamemaster can apply appropriate modifiers (-1 to -3).

Of course, in my game, my GM rules that Security personel are intelligent. They get the static, take a simple action to pull out the ear pieces, yell a '411' or other code out, and everyone shuts down their 'links. It's the "we've been hacked, go to plan Alpha-Charlie" theory. Which also includes fun things like a security officer switching off the system via physical switch, and dumping my VR tush out to enjoy the fun effects of Dumpshock...

And hey, why have the security node of a building vulnerable to off-site hacks? Make it an internal system, with wi-fi inhibiting materials, and separated from the other nodes in the building. Hacker must be onsite, and that opens it up to much more evil-GM tricks...

Wow, thats a bit diffrent from the RAW.
Check out Page 221 of the Core rule book

Techno rolls Hacking+Exploit (Firewall, 1 IP) extended test, while the system rolls Analyze+Firewall (Stealth, 1 IP) test.

Note that only gives him user access. To get Security and Admin stuff, the threshold increases.




Most Sec-Hackers and IC will have there Analzie running in the background, so whenever he does something, they roll Computer (or Rating, for IC) + Analyze, opposed by the Techno's Hacking + Stealth.


It depends. If he has Admin level Access to the Security grid, and has taken out the spider, he could command maglocks to open, shut down camera's ect. The Secuirty squad would be using their own commlinks to communicate, and shutting that down would take hacking each commlink and crashing it.

If he's triggered an Alert, however, to command things, he needs to roll Hacking+Command (Firewall, 1 IP test) to command things, otherwise it just takes a simple action .


1. Complex forms are not Programs. They aren't limited like programs. You can run 24 complex forms on a rating 1 node with no effect.

2. You can only thread a complex form once. If you want a higher rating, then you must stop sustaining it, and try again.



-2 on audio perception tests for one turn. Their earbuds can be turned of with a simple thought.

Thanks everyone, that's all useful stuff. I think I'll link him to this thread so he isn't thrown for a loop when things become more difficult for him.

Since when are GM's supposed to give players a heads up when they get ready to screw them? That sounds positively un-ShadowRun-ish

Have you considered the possibility of physical kill switches? For example a security camera that is scanning the room in a methodical manner. If you take control and alter the scan pattern an analog clockwork on the camera's base hits a series of buttons that 1. cuts power to the camera, 2. triggers an alarm not tied to the matrix and 3. puts the system on alert (and optionally 4. fills the room that the camera is in with some form of stun gas). A technomancer can't do anything about a security feature that's not connected to the matrix.

Because the player will want to know why he's "getting boned by the GM" It's fair when the rules change to tell the players about it BEFOREHAND. Otherwise they may become upset and/or leave the game because they think the GM is frakin' with them, and them alone.

Actually it is still fucking with them and them alone. Only more politely.

When a PC creates a character, he is creating a character to that campaign's house rules, if any. If he had known you would change the game rules mid game, then he might not have created his character that way. I always assume that my players will create characters that will render the obstacles I create into non-challenges. It is easier on the GM's ego that way and it does not become a GM vs player thing, at least not the GM is not the cause.

I don't think of it as fucking with him, rather that I've been going too easy on him so far. I mentioned it in my first post that I have got the impression he thinks it's all too easy himself so I hope he'll like it more and don't think he'll be quitting the game.

Mostly everyone's confirmed that the way I've been running it is about right apart from a couple of rolls in the hacking using the wrong skills/programs. My NPCs will become a bit smarter with the security systems and procedures too.

I wasn't aware of threading over your resonance causing physical fading, does that mean if his resonance is 5 and he threads his Stealth from 4 to 6 that is is physical fading or does he have to add more than 5 points of rating to make it physical (i.e. thread it up to 10)?

Thanks for turning me onto the optional Unwired rules Dashifen, I must have missed that, think I'll bring in the security tally again. I miss some of the old aspects of SR3 matrix, I know it was complicated but the same player used to play a couple of hackers back then and he and I knew the rules really well so we could run matrix and physical almost simultaneously without slowing the game much.

Two more similar things that have come up a few times:

5) Vehicles
We've played that cars on the road will normally be wireless and not in hidden mode in order to operate on gridguide so a hacker/technomancer can hack in and take control, I set the Firewall/System at 5-6 for a little challenge but I don't think most cars would have much in the way of IC and certainly not a security hacker. For a car to operate on gridguide all the driving must be able to be controlled wirelessly and gridguide would need access to all the car's sensors to prevent collisions so once in the hacker could fully control it.

- Would the driver of a car be able to switch to manual control and cut out the wireless easily, say with the flick of a switch when they realise they've been hacked?
- Would you expect a security team or anyone else that's illegal or could reasonably expect to be up against hackers to have the wireless disabled in the first place?
- I ruled that security/admin access is needed to activate the kill switch on a car.
- Would weapons on a vehicle be accessed through the same node as the rest of the vehicle's systems?

In Emergence he ended up hacking a helicopter with weapons that had brought Aztech's guard forces out to retrieve the drone and shooting them up with it. I don't think security forces would really be operating with a vehicle like that open to wireless, they will have learned from that and not do it again.

6) Grid Guide
How difficult do you think it would be to hack Grid Guide? I've been setting the firewall etc.... at 6 for SOTA but it just doesn't seem secure enough for that kind of system to stop people getting in. Am I right that a node with System 6 can only run 3 IC with a loaded program each?

It would be nice to have some kind of guideline for such useful systems that I imagine all hackers would go for quite frequently. Once you're in:
- can you locate where a car you have the details for is?
- how far back is the camera footage stored?
- is footage stored in the cameras or in a central node?
- is Grid Guide for Seattle one node with loads of devices slaved to it or would there be a node for every small district with the cameras for the area slaved to it and then that node connects to a larger central node that coordinates between areas.

If his resonance is 5, and he threads his Stealth from 4 to 6, he must then resist Fading with a DV of 2P.

1. Grid Guide doesn't control the car. The car's Pilot does the driving, or the driver does while recieving data from Grid Guide. Hacking Grid Guide gives you lots of info on where the car is, but doesn't let you hack the car itself.

2. Cars most likely have a public account on Grid Guide. (See p. 52, Unwired) It can send and recieve data but there is no subscription.

3. You must be within mutual signal range to hack something. A TM with Resonance 5 has a Signal of 3, for a distance of 400 m. The average vehicle has a signal of 3 as well. That means to hack the vehicle, the TM must be within 400 m of the vehicle - or jumping through other nodes to get close. Since vehicles are in motion, that means that as he's hacking it, it could drive out of range... he'd have to hack another nearby node, and by the time he did that, it could be out of range again... (can you see the fun you can have with that?) Or, if he has just hacked it, and it drives out of range, he gets dumpshocked.

4. High-end people (shadowrunners, corp execs, rich trust-fund babies) have a rigger driving their vehicle thru a control rig. Riggers jumped into a vehicle override other commands. And they're darn well gonna notice immediately if another user logs onto their node. Any rigger in a vehicle should have a manual kill-switch to disable the wireless. Heck, they should have a manual kill switch by the passenger side, too, for their teammates. If I were a rigger, I'd have to systems in my car, a wireless "communication" node that just communicated with Gridlink, and a second, non-wireless, separate system that I jumped into to rig my vehicle, with weapons, sensors, and the like. To hack my vehicle you'd have to be in my vehicle...

The tally concept is really nice. I don't use it on all systems, but I figure that anything that would have a little bit more security installed might have some concept of a tally. It's how some behavior analyzing virus scanning software works even today; if enough strange things are happening, software can alert people (or agents) to the problem.



(enumeration mine)

1. I usually have manual control override wireless without a switch. If a person in the car switches to manual control, then remote control is disabled. The node is still online (for all the grid-guide related reasons you indicated) but the system will not respond to remote control commands except from those by the driver. In other words, issuing a command becomes a Spoof Command test, for which your hacker will need the Access ID of the driver. More security conscious drivers slave the car to their commlink. That way, hackers are at an additional +2 to hack in and the need a wired connection (which likely won't happen for vehicles), hack the driver's commlink (which for a security conscious person is in hidden), or get the driver's Access ID so that they can Spoof the car. Normal people don't do this, but maybe security officials do (even the grunts because they're boss tells them to). If you're not sure, make the NPC roll a memory test with a threshold of 2 to see if they forget this time. Regardless, it's good security for a vehicle.
   
2. Depends on the person. Wireless is useful and with it on, the sensors of the car can provide a lot of data and be used for active targeting. Plus, the vehicle might be getting fed information via a security hub informing it of locations or other information that you could argue gives the driver a +1 to +3 bonus for using AR. Stuff like that. At the very least, driving with AR on is a +1 if the driver subscribes the vehicle (p. 159, SR4).
   
3. That seems fair to me.
   
4. I'd say so, yes. Weapons are likely slaved to the car so they can only be accessed in the three ways I listed above: a wired connection with a +2 threshold modifier, by hacking the car itself, or by spoofing the appropriate Access ID. Then, the car's node can be secured as appropriate.
   
5. Corporate strike teams or high-threat response groups will likely either (a) turn superfluous wireless off or (b) have a hacker on the team for matrix overwatch. Use the tips that we posted above to identify the hackers (tally, frequent scans, etc.) and then you hacker can engage the PC in cybercombat as necessary. Give him 5 IP and use the program options from Unwired like Armor Piercing, Rust, Shredder, and/or Targetting to make him even more dangerous. Add agents (or sprites) and it can be an epic fight online at the same time the rest of the team is dealing with the helicopter.

Why do they want to? Make it so that while they can hack it, the information they get isn't anything that they couldn't get from others with lesser risk. Sure, they might find out exactly where the car is right now, but if they use physical legwork to find the target's address, they can ambush him at the end of a long work day. As for the program limits, take a look at the rules for Nexi in Unwired. That'll help you beef up your security without degrading response.



(enumeration mine)

1. Probably, yes, but you'll need the Access ID of the car.
2. Honestly, probably not long unless law enforcement (or their programmed Agents) flags the data as a possible violation of some kind. All the footage of the good little wage-slaves lined up at a red light is useless and would probably be quickly discarded or at least archived in some capacity. But, if law enforcement gets someone running a red light, their likely to want to flag that data and all subsequent data from that source. Then, prior data can be gotten out of the archive for citation or trial as necessary. But, remember that in a bureacracy nothing is ever completely deleted. If the players want at the data, they should be able to get to it eventually, but you don't have to make it easy on them.
3. I'd say a central node. The cameras might even be wired or have a signal of zero (i.e., you need to be within three meters to read it) to help avoid hacking. That way, if the camera is high enough off the street, you might need to get into surrounding buildings in order to hack it.
4. Again, it's a bureacracy. Make it a bunch of little nodes all interconnected. Don't make a person hack each node, though, but make some nodes crappy or have them be already hacked so that there's almost nothing there (or a matrix gang claims it as their turf). Maybe an AI moved into one of them and it's awesome, but you just pissed off the "homeowner." Have fun with the matrix! Don't let it be just a series of extended tests that your player performs to win the game.