This is probably down to my Matrix-conceptualisation ineptitude flaw, but what exactly is the point in crashing programs?
It takes a complex action to crash a program and it takes a complex action for the victim to run it again, so how do you gain by it?

From my caveman perspective either
- the victim reloads it on their next complex action, you've both lost a turn and you can keep yourselves locked in this cycle until you fail a roll
or
- the victim doesn't care and gets a free action to attack you.

How can the crash program action be of any real gain?

crash the os on the node. Crash his armor or prog or stealth os the IC can see the intruder.

Crash IC. Unless they have yet another program checking if the IC is running, someone or something has to restart it.

Crashing programs is better when the "victim" is not there to notice you did it.

If you have 5 actions per turn, and your enemy has one, you can crash a lot more programs then he can load. Use your crashes to strip away his ability to interfere with / hurt you / defend himself.

Read more carefully:



Basically, all it seems good for is shutting down nodes, and even that is hard.

If you have access to your opponents node, and more passes, or an agent with access - you can do worse than crash. You can use exploit to crash a program, and edit(edit action, use with edit program: Edit allows you to create, change, or delete any kind of file) to delete it. Now it can't be reloaded.

Consider that most casual users are AR users - 1 pass, maybe 2 or 3 if they're augmented. But for standard people, just one. Sim users get 2. Hot simmers, which you hacker(or spider) is pretty much always going to be gets 3. A simsense booster implant lets you get 3 cold/4 hot, and a simsense accelerator for your commlink nets you +1 in hotsim. Also that most competent hackers will run with an agent of some sort, which has another 3. I don't see a lot of people use it, but you can spend edge to either go first, or take another pass.

Yes, crashing takes a comples action. So does loading a program. If you can crash more than one, you're ahead in the race. If you can gain access to your opponents hardware to delete the program after you crash it, whether by having more passes or by having a minion do it for you, you're even more ahead. Some tests take Combat Turns to pull off. Such as data corruption, or decrypting. Crashing those programs hinders the tests greatly.

Then there's situational uses. In drone combat with heavy jamming, crashing ECCM programs can drop people off the matrix completely, sever subscriptions, and boot riggers from their drones. Crashing a tacnet - especially if its centalized - can gimp your opposition. If its not centralized, you can lower their bonuses by dropping people and their sensor channels out of it, in addition to the usual tricks with tacnet spoof games. Without an analyzer program running, you have to rely on matrix nodes and icons to tell you what they are. Remove the analyzer, and suddenly your foe can't see past your Stealth program anymore - and when they reload it, they might blow the opposed perception test. Crashing a black IC program that's jammed you ought to let you jack out(a free action!) freely, or do it much easier, depending on how the rules are worded.

Then it has implications for cybercombat, which too many people overlook as useless. Cyberdamage does something very important: It gives people dice pool penalties. With stealth programs out there, and relying on analyzers to see past it, its much more akin to submarine warfare..... mixed with chess. You never know who's out there, and you never know who's watching. Getting the first shot in should be easy. If you don't mind waiting until your target doesn't have any passes left, crashing their armor or biofeedback filter makes your first strike all that more effective.

So yeah. Hope that helps. Crashing isn't a bread and butter tool, but its implications shouldn't be overlooked.

Not quite. 4th Anniversary split crash program and crash OS into seperate actions. Crash program is a complex action now, which makes it much more viable. Also, you may not be able to crash IC, but you can crash the programs they carry just fine.

Crashing someone's decrypt while they're listening in on a conversation can cause them to lose an important bit of information, for example... or crashing an armor program can buy your friend some time to bust up the sechacker's icon. In fact, it's a great teamwork too: ganging up on Ice to crash that Black Hammer program makes it a lot less scary for your friends to tangle with in Matrix combat.

So in other words, we're talking highly situational uses?

- J.

Pretty much, yeah.

Any time you have more IPs than your opponent it is potentially worthwhile because you can crash their stuff faster than they can re-upload it. You can in fact avoid cyber combat entirely with this if you do it right by continually disabling their attack program, then using whatever extra IPs you have to do what you actually came into the node for. Or keep crashing their analyze program as they're looking for you. They'll know you're in the node, but won't ever be able to find you.

I can see alot of potential uses for this, especially if you have a low cybercombat skill.

Just wanted to say, this is an excellent thread.

Don't see enough talk about cybercombat tactics, especally some straight up bully/pester tactics like this.
Just keep knocking out their teeth and then go for the squishy bits.
Take what you want, edit the logs and then ghost out, all under the spinning red lights.

I like it.

That changes something, but is the threshold still System + Firewall? Because that's pretty high..

Note that crashing the OS is like basically nuking the node. Any program running in the node will be crashed too, including the hacker's own icon if still present. That's instant dumpshock if the hacker is present in the node and in VR. Better thing to do is have an agent crash the OS after the hacker has left.

You use Disarm for that - and they'll never even notice something's wrong.

They might twig after a couple of IPs of swinging their black hammer while you completely ignore them/fry their icon/poke your tongue out singing nah-nah!

It really is – thanks for all the great suggestions and illustrations guys, I'm now buzzing with ideas.
If there's any more out there then keep 'em coming.

Sure, but its an opposed test. No matter how many dice you roll, you or your opponent can always whiff. Between the hotsim bonus(+2) and the Hacking(exploit +2) bonus which -every- hacker worth their salt should have, thats a 4 dice pool advantage over the defender. In 4A, crashing is now based on exploit, not attack. You can grab another +2 from the Shredder program option, and things stop looking so bad.

Sure - it was more about disarming Analyse.

Funny - that's what people say about Hacking (Stealth), too.

You asked. Here's an asshole trick, and a way to make singularity encore hilariously useful. I have dibs on this one, by the way. I call it the Self-Loading Jack In The Box. Its a tactic for protecting an encrypted node, and for changing encryption from a roadblock to an annoying, reoccuring slap in the face. With an e-peen.

You need two IC. The Encryption Perscription out of unwired. All it does is encrypt things. And Singularity Encore. All it does is reload crashed programs. These IC are very affordable. Now that you have these IC, you change their settings a bit. They still operate within their limits, just differently. You'll also need a decently high rated Stealth program, and an analyzer is good too, and cheap.

Alright. Step back. Check out Encryption. You can encrypt commlinks and nodes so people have to break the encryption before accessing it. Pretty standard. You can password protect files, or even multiple files. In this case, we're taking that a step further, and encrypting EVERYTHING in one file. When you encrypt a file(a simple action) you may also put some sort of security on it. Everyone's heard of the databomb. We're being meaner. Check out unwired 66 and 111. You may load an IC(the jack) in the file archive(the box), but only one, or a corrupt program that acts like a databomb. Corrupt gets the file backups, but we're using the IC. In goes the Encryption Perscription.

The Setup: (this would work a lot better if you could put two ic in one node. I'm going to use abbreviations for length)
The EP ic idles in the file archive until its opened, where it pops out. It takes a Free Action to announce its presence, and promptly re-encrypts everythign and itself, resealing all the files back up.
The node's security settings note the EC ice activate, and loads an SE ice running a high-rated stealth and analyze, and hoping the hacker won't spot it. This happens while the encroaching hacker is re-decrypting everything. The SE IC is set to idle, so as not to trigger automated-setting-analyzers, to reload the EP IC, and look for icons that don't belong, trigger an alert, and start trying to boot people off the system.

Lets look at alerts. There are a few alert types and responses. A restricted alert gives the defending node +4 firewall. Thats useful. Calling for help and letting the admin know there's a problem is pretty standard. The real gem is Terminate Connection. It takes an Opposed Test. Firewall + System against the intruder's Hacking + Exploit. Terminator gets +1 for each IC running, hacker gets +2 for security access, +4 for admin, and if they're using a legit account they're automatically booted. Check Unwired 67 - any spider or user with an admin account may Terminate Connection as a complex action. Doesn't need an alert to do, but you don't get the bonus either. More importantly, it doesn't need a program to do. Which means anyone with the right access can do it. Like the our dear little, mostly-harmless Encore Singularity - which just put an upper time limit on the amount of time the intruding hacker can spend in the node, while they're on a time deadline to decrypt files and steal data.


Dealing with the Box:
Fortunately, dealing with the box is relatively simple.
First, Initiate Cryptanalysis takes an entire Combat Turn. Thats important. Its normally a speedbump. Each time the box self-loads, it takes another Turn(at the very minimum) to unpack. As an extended test, it CAN be rush jobbed down to half time - depending on your GM, thats a pass or two - and with Edge the chance of clitching isn't too bad.
The hacker has to decrypt the node itself to get in. Thats pretty standard, though, especially on drones. No biggie.
The hacker may win initiative, and try to deal with the EP ice. Unload it, or frag it. It has no way to heal damage, so it'll get worse until it crashes and burns - at with point it pops back into existance at full hp thanks to the SE. Heh.
The hacker may get lucky on their analyze check, see the SE, and deal with it right then and there, taking the reloading out of the picture - but its a singularity encore? why bother.
If the hacker don't spot the SE until after it reloads the EP, they will most definitely be looking for it. Its pretty easy to deal with once spotted. Win initiative, cyber frag it, or if they have the right access just unload it.
Once both IC are dealt with, the hacker can plunder the nodes riches to their heart's desire.

Making It Meaner(Salt and Pepper to taste)
A hacker comes in, decrypts everything(wastes a combat turn), out pops two ic, one of which he can't see, and everything seals up again.(argh!). So he decrypts everything again(another combat turn). Meanwhile, the Singularity Encore is trying to spot the hacker - and probably at a disadvantage doing so, because an IC will only ever roll 12 dice or so, and a metahuman hacker can go above that pretty easily with hotsim and specialties. Still, its an opposed test, so he'll lose eventually. At which point it starts repeatedly trying to kick the hacker off the node, until its found and neutralized. This is while the hacker's dealing with the encryption.
When the decryption finishes, the Encrpytion Perscription comes out, and Terminate Connection attempts get another dice. It could also join in, and try to boot users with an Alert, or even reboot the Singularity Encore.
Raising the ratings - IC com in flavors from 1 to 6. So do programs. Adjusting that to suit the opposition is fairly easy, from a gm perspective.


So, there you have it. Self-loading Encryption Jack in the Box. A way to own people with the most worthless IC in the book.

Hacking(stealth) IS useful. But only for opposed tests, if you follow the book. It won't help with the defender's threshold when you hack on the fly or probe. Your stealth is the threshold, so adding +2 dice doesn't help, and I'd rather have two extra dice to get in faster than two dice to not be seen while I'm there.

Yes, your GM will probably give you some slack there - hell, I would - but its basically a houserule.

..only? That's the most important test when hacking. And you get no other boni.

Do you ever even make a Hacking(stealth) roll? Without looking at the rules I can't remember a single instance of this off hand. It is always just vs a threshold based on your stealth program rating.

Every time someone is making a Matrix Perception test - you know, the IC or Spider looking for intruders.

@Udoshi - The main problem with your tactic is that a hacker can bypass the program loaded into an encrypted file. They can bypass databombs and they can bypass the EP that keeps popping back up. All they have to do is go in with the assumption that there is likely some security on the encrypted file (who wouldn't?) and bypass it and the entire complex trap breaks down. So yeah, amazing for catching script kiddies and small time hackers, but won't even get a chance to touch a real hacker.

The other option is the hacker can go after the SE if they find themselves in the trap, which allows them to break the cycle. Also, since you're using all these fancy programs, don't forget the hacker could easily have an agent tagging along which will once again decrease the usefulness of the trap.

It is a reasonably nasty trap, but it isn't fool-proof.

It actually can't be bypassed via defuse. Thats an option for Databombs and Corrupt, but not for IC loaded into encrypted files. If you read the relevant entry, the passcode to stop the IC from activating when the passcode is used is -optional-. You pretty much have it right, though. A real hacker will realize what's goin on very quickly, and put a stop to it, but its going to waste his time. Sometimes its nice to throw a curve ball, though.

Except no mainframe would have this without a passcode because it would be impossible for a non-hacker to access a file. Even official users would simply keep springing the trap and be unable to ever actually access any file they were looking for.

I don't have SR4A, in SR4 it's not opposed, you just have to reach the threshold on the extended test. It's also not listed in the core rule errata. Does it work differently in SR4A?

Yes, people have said it is now a complex action which is an opposed test instead of a threshold thing.

Checking the errata leaves me still with massive questions.

For instance, Crash OS has an interval of one complex action. That's still a threshold test though.
And Crash Program has been made a separate action, but how is that handled? Is it a threshold based also on the System + Firewall and kept to the old interval of one combat turn? Is it somehow easier to crash the OS than a single program?

The SR4a changelog needs errata..

The changelog is woefully incomplete. Crash Program is a non-extended, complex action opposed test. Pass/fail. It either works or it doesn't.

And so it all comes together...

Almost like they want you to actually buy the new book.