Alright, so I've converted Mercurial at Underworld 93 (don't know if any of you have played that one) to SR4 because I liked the story, but in any case, my groups hacker got into the Sorayama's system, got the intel he needed, got some paydata, was GOING to do a system transfer to take 500,000 nuyen, when he got attacked by 3 different kinds of IC, and logged off, before being able to delete the access logs.


Firstly, what exactly did it record? Each of his actions on the fake admin account he created, with the access ID name? Or just that an admin account made these changes? Do they have his access ID now? (one of the IC's was almost done with a track action, but he logged off in time)

Secondly, if you have someones access ID, what can you do with it exactly? Search for it? Directly try to connect to it over the matrix? (if it's connected). Secondly, if you spoof your access ID, is it temporarily spoofed on that node? Because one of the options says you can modify your commlink to spoof at all times?

I've got most of the other things down, I'm just confused about the datatrail and whatnot.

He deleted the log - end of story. Nobody knows what he did anymore.

Normally, though, by viewing the access log, you can tell what the hacker's ID was. With the ID, you can run a Trace to figure out a) where he physically was when he did the hack and b) where he is right now IF he is using the same ID as when he performed the hack.

As any hacker will always be spoofing their ID between hacks, you are usually only able to tell from where he performed the hack in your system and rarely where he is right now.

But, since he deleted the log, that's the end of that - unless you want to be cruel and say the node performed backups of the logs. That'll probably make the hacker feel disempowered and angry though.

Read again, Backgammon. He didn't delete the log.

D'oh, 8 am reading fail.

Yeah, so what I said about being able to trace him at the time of the hack then.

So if you have someone's real accessID, a.k.a, the one hardwired into your commlink, they basically need to permanently spoof it or they're screwed right now?

Yeah, but that's incredibly easy. Your access ID is defined by the hardware that is actually talking to the matrix. I's seriously just one thing in your PAN and it can be anything in your PAN. Really you just need to buy a new thing with a signal rating and run your PAN through that. Now you have a different access ID. Not a fake new access ID, a real new access ID. Signal 8 sat links are incredibly cheap, and a dedicated hacker should probably be using those most of the time anyway. Tossing his old one and grabbing a new one is much cheaper than getting a new SIN.

Problem solved. Forever.

-Frank

Yeah, but spoofing your ID is very easy. As a GM I assume the hacker is constantly spoofing his ID. It's a simple test that he can't really fail, and you can assume he'll always be doing it. If you change your hardwired ID, well, you're just trading one number for another, right? What you need to do is basically spoof it every day, or several times a day, a certainly before and after a hack. You can also just buy the gizmo in Arsenal that automatically and periodically spoofs the ID of any device, though again I think it's trivial for a hacker to do this so I don't bother.

The only crucial limitation to spoofing your ID is that you CAN'T do it in the middle of a hack. When you spoof your ID, it kills all your subscriptions and links. So if you do it during a hack, you immediatly leave the node.

So normally, you'll have a unique access ID for the duration of a hack. Therefore, you can only be traced to where you performed the actual hack, as you ID from before, and after, the hack are different, so cannot be traced from the log.

So a hacker should never hack from his own apartment basically?

I'll try to put this in current day perspectives as I understand it. Basically, his Access ID info is like a serial number unique to his commlink. In our current day, we call this a MAC address. MAC address can be changed. After all, it's still just a bit of code buried in the firmware. We also have IP Addresses which are just a bunch of numbers that denote where we are located, somewhat physically and within the internet. With all of that being said...

If the player didn't delete the log file, then there should be a record with all of the actions he took, what account he used, and what his ID was at the time. They will have to do a search to isolate where he was physically at the time of the incident but I'm sure that won't be hard unless he spoofed it some how. Then, if he hasn't acquired a new commlink by now, or changed his current Access ID, then the next time he goes live the will be able to find him and hit him with an orbital laser. If one were so inclined, that is...

Edit: He can hack away to his hearts content from the comfort of his home/apartment. He just has to be very careful to not get caught and bounce himself through as many proxies and gateway connections as possible or some sort of equivalent in 2070. It's not a good idea to do this, no matter how good you think you are. Unless you are an old Echo Mirage survivor then I suppose it's ok...

Rule of thumb: Don't hack megacorps from anywhere that a 2000 lb JDAM hitting would kill anyone you really care about.

Or would make you liable under your insurance contract. You might survive a JDAM if you're lucky (or have a spare rating point of Edge). Your car? Your apartment? Your cat? Fat chance.

What's the crunchy system stuff/rules for changing the Access ID of a commlink and spoofing your location using 4.0 rules? Any takers? Let's see some Hacker & Technomancer stats.

It's just a simple Hack+Spoof(2) test I believe. I don't have my SR4A with me, but the test is clearly detailed in the rulebook, just look it up.
You can't spoof you location though. Your location is derived by swimming upstream through all the nodes your requests went through. That is impossible to fake - unless you handsomely edit the access log of those devices.

Or happen to be using a directional aerial and connecting exclusively via a far-away node. That should let you use a Logic + Electronic Warfare test to add to the Trace threshold if the rules modelled anything approaching real life. Or if your GM is willing to give it to you on account of being a blag based in real world knowledge.

The test with the Hacking skill only changes your Access ID until you reboot, then your Commlink reverts to its hardware Access ID. The one with the Hardware test is a permanent change.

Frank, where is the rule that you can run your Commlink "through" another device and use that device's Access ID instead? I always had the impression that the Access ID that was stored in any log would be the Access ID of the device running the Persona program that was used to perform the action. Peripheral devices have no Persona firmware, therefore their Access ID would not be reported as the "originating" device of the action.

Yeah, that's exactly what the "Redirect Trace" action does, which is a Hacking + Spoof test opposed by the tracking Icon's Computer + Track. The RAW only let you do this when a Trace has actually been initiated against you, and it can only be done from the node where the trace is being performed. So, if you're in a node hacking it and some IC or Spider starts to Trace you, then you make the Redirect Trace test to give yourself time.

I believe the purpose of the Stealth program is that it already does things like attempt to "fake" the origin of the Hacking signal considering it acts as a negative DP modifier on the Track test. However, I don't think it would be terribly game breaking to let a Hacker make a single Redirect Trace test before the Hack begins to try and scramble the origin of their signal (like what Whistler did to the phone call in Sneakers). In this case I would let the PC make a single test and add the hits to the base threshold of 10 to Trace the Hacker's physical location.

Your accessID is based on your hardware. If someone spoofs your accessID, that does not keep you from connecting to the matrix, but your AccessID Accounts will be compromised. So you get a few new chips to install (a hardware+logic(2) test), and change the account data.

Routing through a node: Proxy Servers, Unwired pg 104. Easier: Clustering with the Commlink and choosing the other devices AccessID, as per the Errata for Unwired pg. 55.

And what if the hacker is technomancer? What about there AccessIDs?

To me both of those seem to be doing things that are different to what I'm talking about. Redirect Trace is about throwing Spoofed Packets at the Trace in an attempt to mislead it. Stealth just makes it difficult to identify where the route is because it uses some protocol abuse to get the packets transferred through the network in 5-6 different streams, or something. Stealth is an exceptionally fuzzily defined program. Either way, they use Hacking (or just work) and that means that they're not concerned with the real world in their application.

The trick I described involves actually making it pretty difficult to know where you really are by ensuring that they can't triangulate you, and by maximising your location envelope. They can know how far away you might be on the basis of the gain of the aerial on the Node(s) you've got LOS to. If you're as far away as possible (or you ignore signals beneath a certain strength to persuade the other device to increase gain) then the radius of the sphere that determines your possible position increases. This makes it a real annoyance to find you. Especially since the centre of that sphere is in a random direction away from you - meaning that half the time a guess on your location will take them further away from you than if they just went to the location of that actual node.

EW also needs uses that Hackers care about. Stated uses that can be relied on instead of the GM punishing you out of the blue for not taking it. It has precisely three actions in the BBB. THREE! That's ridiculous. We're meant to care about it, but we seriously don't, because BPs are tight. There ought to be more than one way to achieve an end in any system, but in the Matrix there's usually one option and it's almost always Software. The Matrix is far too real world agnostic, such that we don't see the socially impaired nerdy hacker doing standing on bollards because he needs LOS to a camera. That apparently wasn't enough of a concern to include sections on dealing with Signal LOS and how it affects you in either of the two books that claimed to cover hacking.

We've had a Matrix book and a "Wireless World" section that don't actually cover important things like, well, the fucking wireless. That's criminal.


TigerEyes, an actual Dev, has told me that their AID automatically gets spoofed every time they connect to the Matrix. Which is basically every time they wake up or choose it.

A techno can be traced exactly the same as a hacker, and as Heath points out, Technos spoof every morning (as should any hacker), so the mechanics are the same.

A couple of thoughts I've had:

1) If the node you are on is too hardcore for you to edit the Access Log, what you could do is swim down the current and hack a smaller, easier node down the chain. Any trace action would stop at that node.

2) You could maintain a node somewhere and remotely log in to it. A trace would lead back to it, but not to "you". I don't think that's especially cost effective or really all that advantageous, but you could do it.

I have a rigger , and I like to change my access ID via hardware + Logic (2). Mostly for flavor, but I'm also slightly better at it that way. And I agree that the Electronic warfare could be more usefull. That being said, the Hardware skill is pretty all encompassing.

OK, I keep seeing this, and I think there is a serious mis-understanding about what's hardware, what's firmware, and what's software going on that we went on in some detail in the thread about hacking comlinks for fun and profit: http://forums.dumpshock.com/index.php?showtopic=26495

Per descriptions of hacking in the books, one of the first things a hacker does is utilize her comlink (hardware) to access the LTG and convince it to grant them an Access ID (software). Since that ID is granted TO the hardware, a modern comparison would be an IP address assigned to a Network device by it's MAC ID number, which IS hard coded into the device. Essentially, any traffic addressed to the Access ID would be routed to the physically nearest wireless device exchanging communications directly with the MAC ID in question. Now, a ComCode is a phone number. It is just a simpler (and fixed) version of an Access ID, but the two do not necessarilly have anything to do with one another. Now it IS possible to spoof the MAC the 'link presents to the network, but as long as it acknowledges the traffic for the bogus ID, it's all AOK. And the 'decker can spoof the rest of their data trail by making similar changes along the route. So if they are at all smart, even worst case the access logs will show nothing but a bogus MAC to a hacked IP should it beat all the redirects. To get the REAL MAC off the 'link, another 'decker or agent (or sprite or T'mancer or whatever) would need to gain access to the 'link's home node and look back out towards the incoming connection to get that information. And it's only really useful from a prosecutorial standpoint. In actuallity, the biggest problem is having them trace the open link to the final device communicating with your 'link wirelessly and jam it open then triangulate the signal back to the 'link/you. The access logs will show information about your "virtual" self, depending on the security of the system. Low level systems would just have the useless data I already mentioned and of course proof SOMEBODY had been there, which would help let them undo whatever you did. In a high security system, it might have kept enough data to be able to identify the unique avatar you crafted for yourself so they will know you if they see you again. That part's conjecture and up to GM interpretation. But if the 'decker spoofed their MAC (smart) while spoofing their data trail (prudent and often assumed), the logs themselves aren't much use in the case above unless there was sabotage of some kind of a back door added or the like. You should never need to change out the chips unless the real MAC gets compromised. Now, for a normal user whose COMCODE gets compromised, it's registered to the actual MAC (unless your friendly neighborhood 'decker fiddled it for you) in which case it's a good idea to change them up.

Make sense?

I hate your font

Me too it hurts me eyes T__T

Right, I understand. If you hack from a spot where you are connected by only a small (one ideally) number of wireless access points then it becomes much more difficult to determine a physical location because you only have the attenuation from one signal to guess the location instead of the attenuation from multiple sources. I have a degree in Electronic Engineering so I'm well familiar with all that wireless stuff, and I don't think its really necessary to put all of that into the rules. People need to know that for one-way communication, you only need to be within signal range of the sender, and for bi-directional communication you need to be within both device's signal range, which equates to the lower of the two involved in the communication. I have seen people have a difficult enough time with the aforementioned concept, burdening them and the rules with detailed explanations of the "hidden station" problem or what to do about increased packet loss or crosstalk would serve no useful purpose in the game. The groups that want that kind of detail probably already have people in the group with enough RL knowledge on the topic to craft their own rules for it. I suspect the majority of people simply don't care.


I had always equated the Access ID to the MAC ID of a device and the Commcode as a combination IP Address and phone number. The Access ID is part of the hardware (or firmware I suppose) of the wireless device which is why it requires a test using the Hardware skill in order to change permanently.

It was worse when it was green text....

I'd wager this is the right interpretation.
An access ID is described as a unique number you can only permanently change at the hardware level, so it's much closer to a modern-day MAC address or even a fullblown hardware serial number than a simple IP address.
Even if you don't have a MSP, you still have an access ID and you can still surf the matrix (unlike the internet, where if you don't have an ISP and thus, no IP, you're out of luck), while you don't have a comcode.
That tells me that the first is a property of your comlink, while the second is assigned through the network.
The rules never specify if the access ID is part of the hard- or firmware, but in game terms, that doesn't actually matter.

This has always confused me. If all you need to get online is an access ID, and the access ID in intrinsic to your commlink, what the hell is a commcode for (other than routing a query to a number of registered devices)?

You'll get nowhere expecting stuff to make sense.

kzt: you're starting to sound like a malcontent.

Moi?

A comcode is for other people to be able to reach you, basically.
If everything you know of another person is his access ID, your browse program would have to check the whole world for your physical location and in a world of constantly changing decentralised nodes, that'll take quite some time even with 2070s tech.
If you know his comcode, you can look up which MSP issued that and ask them where the recipient is. A comlink supposedly tells and updates the MSP on its location or simply connects to the MSP node and checks for incoming calls about every second, so it's easy to reroute the call.

At least, that explanation is consistent with the fluff and makes enough sense to use.
Alternatively "it's a game, dammit!"

Explanation #1 makes sense I guess.

<double post>

Oh, I will give you that. But that's not what this thread seems to be discussing, or at least where the thread meandered to.


Now, where are you getting that from? I'm not being argumenative, I want to know. As I said, if an "Access ID" is issued BY SYSTEM, which is what I thought i remembered reading, then it CAN'T be from the hardware, which is why I likened it to an IP. (This was also in that other thread I mentioned.) But if you can give me a book/page reference I am more than willing to go re-read.


OK, second person, same rough verbiage. Can I get a page? What I understood was that gaining an Access ID was done by hacking the local MSO and convincing them to give you an address, which is why any self-respecting "Don't need no steenkin' MSP contract".


This is the other half of the above quote. A comcode is really what we'd call a phone number these days, but it's got more attached to it. More like a Yahoo ID, where there is Email, chat and voice functions tied to the same ID, but addressable from various points (Access IDs, if my own understanding holds). A comcode has to know where to dial to be useful, and it's got to be "public" to some extent, at least in the routing and formatting, like a ten-digit phone number (area-3, exchange-3, number-4) today. So it's "contact BobTheRunner" and the 'link prompts "Call, text, message or mail?". Geez, I'm describing a damned BlackBerry^TM! The modern cell "MAC" equivalent is loaded as firmware on the SIM card, which tells the phone hardware what ID to broadcast and on what network(s).

So it comes down to if you folks are actually citing verbatim what SR4 actually says and I'm combining old Matrix pre-crash rules with the new stuff in my own head, or I have it right and the thing's (likely) poorly worded. From a RL mechanics standpoint, combined with fluff (does the fluff agree with the crunch here?) I think what I described still fits better. But I want to see it myself, in any case. Thanks!

The above, and the fact that you need the Hardware skill to permanently change your Access ID.

Incidentally, on the nature of Commcodes:

Another reading suggestion: Unwired on Matrix Topology, with special consideration for Personas, AccessID accounts, Commcodes. Unwired errata on clusters.

Well, they have the AccessID the hacker used. The Access Log has a detailed trail of everything that AccessID did. So it logged in, copied a file, created an admin account...whatever. And then logged out. Now, it and of itself, no biggie. Someone reviewing the log can see what the hacker did. If they deleted a file, maybe they can get a backup. If they copied a file, they take a look at what it is...maybe keeping an eye open if anyone tries to sell it, set up a meet and bust the hacker up...that's all up to the GM.

As to what you can do with the AccessID...well, a trace can't be done, as the hacker left the node. But if the AccessID is still being used and is active on the matrix, they can search for it and find out where it is. Hacking the node or sending physical goons to the location are both options. If the hacker changes the AccessID, well, then nothing can be done, really. If the hacker uses the same AccessID again, maybe they find the hacker, but I doubt it.

Not true, actually:

However, it's all semantics because you stated that the Spider can just "search the Matrix" for that Access ID, which is essentially what the Trace User action does anyway.

Ok, on the comcodes, you really didn't say anything I didn't. So that's all shiny. But where does it say you need Hardware to permanently change the Access ID? BBB? Unwired? I guess that's what I was looking for. Just a page number will suffice, I want to (re)read the whole section and see what I am apparently missing. Thanks!

It's in the BBB. The new one, at least.


Emphasis mine.

Old BBB, p. 224, bottom right under Spoofing the Datatrail. SR4A clarifies that the Software test only changes the ID until the Commlink is rebooted, while the Hardware test permanently changes the Access ID (there's a lot more to SR4A than OR threshold changes people!).

Regarding access logs: I'm fairly certain that any user that engages 3 IC will be flagged for review. They won't likly be able to find him if he's spoofing his access ID, but they will know someone was there. Not a major point except that any back doors or user accounts he created will likely be locked and there could be other ramifications (increased security during a later stage of the run for example).

Even if the intruder is using a Spoofed Access ID that they then change immediately afterward, the Security Spider(s) can still run a trace on the old Access ID and find the last place that Access ID was before it disappeared from the Matrix. If the corp your going against is particularly vindictive, or if you stole something they're going to want back, they may use that information as the first clue in a search for your physical location. Bottom line: even if you're Spoofing your Access ID, never hack something from your apartment.

And howdy...

On the subject of Spoofing the Access ID, there is a third, sort of hybrid way, to achieve the effect:



I think most people tend to use these only for vehicles because of the section they are in, but as per the highlighted section above, they are perfectly viable for commlinks as well. Which allows you to make the same sort of hardware roll once, then later, change the AID at the push of a button (or other easily chosen AR/VR simulacrum). Very handy for quasi-hackers and others with only a sideline in Matrix goings on...

Sure, that's handy. It means you get to make one Hardware test to install it, and then never need to make on again to change your AID. Still, you can't change your ID mid-hack, so the same rules still apply.

Nope and yep (respectively), ne'er did I make allusions otherwise. But it's handy for the lazy hacker who wants to be a little more like a techno...

*sighs in frustration and pulls out the credstick to pre-order the dead trees and download the fragging PDF, tired of flying blind here.*

OK, THAT explains why I feel like I am behind the curve. When it was software only it was an IP. That clarification actually CHANGES it quite a bit. With that speciffic clarification, I can agree it's a MAC. And that means the ComCode is actually the IP you're hacking to get online (not the number you give out, but the actual account for outbound access). Joyous.

Thanks.

You won't be disappointed. It's a gorgeous book just to look at (I love the art), and there are a lot of little "clarification" things that were put in all over the place, fixed and much more reasonable archetypes, a nice buff of all the sample opponents in the Friends and Foes section, along with having all previous errata included. I read the entire thing almost 3 complete times while I was proofing it and enjoyed it each time. I'm looking forward to my print copy with much anticipation.

Not quite. You can get online without a MSP, as the S do not include basic matrix access.

The MSP provides all kinds of other services, in a single spot. Its your cable company, phone company, dating/social networking service and a whole host of other things...

The genius of the IP part of the TCP/IP protocol was/is that its virtual. Its a virtual network that can be stacked on top of a number of physical networks.

Therefor a IP connection could jump from ethernet to PPP, T1 and others. As long as it could carry binary between two points, it could carry IP.

The SR matrix on the other hand is more like how it would be if everything was ethernet, and the internet was made up of a gigantic stack of ethernet switches.

Your comcode is nothing more then a voip service, one you can access from a nexus at one time, a comlink in your pocket another, and the car or home node if so wanted. Hell, you may even have it hooked up to all of them, so that when someone calls, you can answer on whats most convenient at that time.