I keep having little questions and for some I find answers pretty quickly but i figured I'd start this post to help me get some input and clarification on these things.

1. if I spoof a command for a drone to slave itself to my commlink instead of it's current node... and it works, he is now slaved to my commlink, does this mean that he now recognized my personal commlink admin account as his master? or would I still need to spoof commands or hack an account in order to control him? also, when the drone switches to be slaved to my commlink what happens from the security riggers point of view? does the drone just dissappear from his network so that he would need to scan for the signal and start from scratch to get that drone back?

2. can spoofed commands be given a timer? so you could spoof a series of drones to all slave themselves to your commlink in 20 seconds giving you time to issue the orders to all your targets and then setup a jammer so that all the drones switch to your control and then a jammer goes off hopefully killing the security riggers connection? if you give a spoofed command a 20 second timer, is there a reasonable chance that security personel might notice the spoofed command before it goes off? or would it not register as anything unusual until after it went off?

3. If I have hacked into a node and want to checkout what forms of protection is has and how they are configured how would I do this? a simple matrix perception test? at what level? my main goal would probably be to find out if there is an active security hacker or rigger, and if so where he is physically and what programs he has available... so how would I go about that without setting any alarms off?

4. for run assistance, lets say a stereotypical warehouse break in, lets say there's a spider with a network of security camera's, door controls, and various freight drones and maybe 1-2 surveilance or combat drones. so we're planning the run and I'm the hacker going to clear the way for the party... is it possible to hack in, make an account, and then do things like loop camera's, open and close doors, have a drone load our cargo for us... without the spider noticing? I dont see how but I'm curious.. and if I'm right and it's not really feasable(sp?) then what's my best option for taking out the spider, or atleast taking control long enough to do the run?

Thanks for your input, you guys are really helping me understand the whole matrix section much better

I'll be adding more questions as they come up

1. I don't think you can spoof a slave command, but if you could, then it would most likely be slaved to both devices and accept commands from both equally.

2. No

3. Matrix Perception Test, yes. The more successes you get, the more information you get, as you'll need to surpass the stealth rating of anything with it running to detect what it is.

4. Depends on the spider, some are on the ball and looking for stuff like that, others not so much.

spoofing a slave command is an example given in unwired, in the advanced spoofing section, can 1 thing be slaved to 2 devices

While we're at it, I've been having some thoughts on data bombs. Can you put them in pretty much...anything? Like, a data bomb in a drone? Someone's cyberware? How about a smartlinked gun or even a missile launcher? Further, how does one deal with a data bomb attached to a node? Do you do a matrix perception test on the node itself before trying to hack it, disarming any bomb you find, and THEN hacking an account?

You can indeed attach a Data Bomb to either a File or Hardware... though only a single bomb to a file or access point/port...

Dealing with a Data Bomb attached to a node is pretty easy in concept... First, you find the node, then you decrypt the node, then you scan the port on the node (Matrix perception, looking for any Data Bombs that you might encounter upon passage through the port) and if there is one (Hopefully, it is not Stealthed), then you defuse it... if you win the defuse test, the bomb is defused... you may now attempt to enter the actual node via a hack...

If the Data Bomb is fairly powerful and your Defuse Program is not, this becomes a very risky proposition...

Keep the Faith

Awesome, my rigger will be planting rating 5 pavlov data bombs in his drones and his team's PANs and nodes to help keep them safe.

Remember, though, they are really only speed bumps to the skilled Hacker... I would also recommend keeping an IC program handy and in teh nodes to deal with anything that comes through... Maybe something that monitors the state of the Data Bomb and if it is disabled alerts your IC (Or Spider) about the Intrusion Attempt... still may not be effective, though, especially with someone using a good Stealth Program...

Pavlov is a good option, but if the Data Bomb is actually defused, Pavlov will have no real function... There is an IC package out there (called the Singularity Encore) that is used to counter that very problem... it monitors a program package (generally IC) and then reactivates it the pass after it goes down... which makes hacking it a bitch, as the Hacker has only that single pass to gain access before the IC reactivates the program...

Expect something like a Disarm Program to be utilized against the Data Bomb if you use this tactic...

Keep the Faith

But isn't it hazardous? Enemy hacker/spider is still connected to the drone, and he can track you using your connection.

that's really what my question is... can the drone be slaved to both at once? or does doing this cut the riggers connection forcing him to start from scratch with searching for the signal?

how about spoofing a command for the drone to change itself to your frequency instead of the riggers so that you could spoof the command and then use a jammer allowing your communications still ( and your new drone friend)

Well, the rigger is also more or less the team spider (he's primarily hacker but is also the only one who does rigging), so that shouldn't be an issue. A little IC to help watch things is a good idea though.

The FAQ (I believe) states that Data Bombs only count as running once they are activated. So you need something like a custom IC that'd know about the Data Bomb and check if it's still there once in a while.

how would putting data bombs into these odd locations work? like putting it in a smartlinked gun, or a drone, or a piece of cyberware?

would it go off upon that devices activation or would it act as security only going off if a hacker attempted to enter that node?

also, is there a situation where a hacker would benefit from having a nexus over a standard commlink? it seems like having the extra process limit would be beneficial but I'm still learning the system so there may be some reason why for security or some other reason i wouldn't want one.

there was an example somewhere (can't remember where now) of making an audio recording of a busy street for a full hour, and then using that as your encryption key for your signal, ensuring that you have atleast 1 hour of unhindered signal because it takes atleast an hour for the encryption key to cycle and thus be recognized...

if that's true then am I to assume that attempts to decrypt most secure site wireless transmissions would be in prolonged intervals of hours or so? or did I misread this somehow?

Which is indeed what happens... An Analysis of the file or port will tell you if one is there, though hopefully, it is not being hidden... there is nothing more rude than having a hidden Data Bomb ruin your day... we had our Technomancer set one off (he did not look for it) for a peasly 12 boxes of Damage (GM rolled a 2; I believe that the Data Bomb was rated at 6, so it could have been a lot worse)

Keep the Faith

Basically, if someone tries to access a bombed node (anything with a computer connected to a PAN) or file via matrix, their icon takes 5d6 boxes of damage unless they enter a password. 5d6 averages out to 17-18DV which means you generally end up with an icon crash.

If I was REALLY nasty, I could add a psychotrophic mod.

That's assuming it's rating 5, a starter data bomb might not be as high, deemed a less important program (and TMs rarely start with it, instead threading when necessary). Also keep in mind, that damage can still be resisted, which is again an area where the rating of the system, armor, etc of the person hit takes effect.

Actually, the question here, the one I was answering to, is how to make a node IC act on the bomb being disarmed, not how to detect one as the intruder. And my point is - Singularity Encore doesn't work for that, you need custom IC.

Well, true. I was just going with my rating 5 pavlov databomb. A rating 6 system with 6 armor is going to roll 12 dice to stage down icon damage, which usually amounts to 4 hits. That means the bomb would still do 13-14 damage on average, which will crash just about any icon not running on milspec commlinks.

how about my question about the use of a nexus? it seems handy to have such a high process limit, is there a real downside to it?

Not exceptionally portable...


Keep the Faith

Why would a Singularity Encore IC not work... it reactivates programs that have been deactivated... says so right in the description... it would not work while it is being deactivated, sine it happens (or not) in a single pass, but once the program goes down, the IC can Reactivate it on its turn... I am pretty sure that a system will notice when a program goes down, as those are generally tracked (ie... they are allocated a slot in the response limit, when that slot free's up, the system knows that the program has stopped running, and the SE can then reactivate it)... simplified explanation, I know, but essentially what happens as descriptive...

Keep the Faith

You can enable what is known as Strong Encryption, which has a varying interval... if you want 1 Hour Strong Encryption, the interval becomes 1 Hour... I believe that it can go as high as 24 hours/Interval... but that is a ludicrous increment in my opinion, as any system failure that requires a reboot would require 24 hours for the encryption to once again take hold... you would never get any real work done...

Keep the Faith

ahha thanks for pointing out that that type of encryption would require that amount of time added to reboots and such, this is the downside I was looking for, without which it didn't make sense for every corp to have 24hr cycle encryptions.

although thinking from current real life situations it still doesn't make sense

since most of these corps could afford a backup server or 2 so they could afford to power cycle the gateway machines to implement the 24 hour encryption over a course of time without any onsite interruption...

but we'll assume this is too cost prohibitive or ineffective for some reason.

Well, the biggest criticism of the hacking rules for Shadowrun is that they are unrealistic...

Having worked in the Industry for a few years (15 or so) I can understand this criticism... however, if you were to implement what many on these forums consider "adequate" security procedures, you would effectively eliminate 3 of the most interesting character archtypes in the game... The Hacker, Technomancer and Rigger... as a result, they went a different route in the game world... this route provided somewhat effective security that is ultimately "just not enough." It is effectively just a speed bump (though it can be pretty damn effective one) to the intruding Hackers... Hackers WILL eventually break into a system, given enough time

Hackers/Technomancers at the top of their games can be challenged, without having to completely overpower the newbie hacker... yes, a Rating 6 System should be tough, and it may seem that that is not actually the case... but even with the programs that I use (generally rated 6), and the skills I use (All rated at 3 by the way, after all I am a professional) I have been challenged fairly well (many will argue that it is because my dice pools are not in the high teens, but that is another topic entirely)... Hacks are not just a cake walk, and higher level environments are still challenging, even if I was to obtain skills rated at 6...

Layered defenses are the way to go in Shadowrun... not a single node with uber protection, but a multitude of nodes, each with their own unique twists applied. A well though out system can still be very difficult, as defense in depth is always a better strategy than an impenetrable wall (which is exceedingly costly). Layered defenses eliminate the time advantage that Hackers possess... if they have to spend all of their time breaking through the various layers, it will give the Target System more time to marshall its defenses, and thus protect its own assets. Simple steps, like Data Bombing every access port, are a very effective tool... and any time a Hacker fails to notice on of these little surprises, he gets a fairly rude awakening (After all, A Rating 5 Databomb provides a 5d6 (or 5*1d6 if you prefer) Rude Awakening, which is generally enough to offline the hacking attempt, or at least make him very, very wary of continuing) as well as possibly alerrting the System that a Hacking attempt is underway.

Keep the Faith

Of note, data bombs can also be used offensively. With black or psychotrophic data bombs, you can pretty much be a virtual mad bomber by planting them willy nilly among an unsuspecting node and not giving out the passwords.

Oh hey, with that in mind, if you can trick an IC, agent, or similar program to try accessing a bombed node/file, they'd take damage too, right?

As someone who plays the hacker in my current SR group, I can say without reservation that I hate Data Bombs. They add One More Thing to eat up my precious IPs.

That's not to say that they don't have their place -- just that it's Yet Another Matrix Rule that can be used by a GM to make the Matrix-based player a non-factor in any run. (There's nothing quite like ensuring that I have 5 IPs and being able to *actually* do something once every two combat turns because Every Goram Thing in the Matrix is Encrypted and Data Bombed™. I blame everyone on the Internet who points out that it would be irresponsible to not encrypt and data bomb basically anything that might be accessed via the Matrix.

Yeah, I know the feeling. This is why I find a hacker with some rigging background to be a bit more fun. It gives him something to do if the local matrix is too much of a PITA to do more than just crash/jam the local net wholesale.
Pre-run hacking clears the issue up pretty well though, and data bombs behind wi-fi inhibiting paint should be less common as you won't have every Tom, Dick, and Jane trying to hack into at all hours of the day.

Because it checks if a running program is crashed, and acts on that, while Data Bombs don't count as running while planted, and I'm not sure if count as crashed when disarmed (can't see why would they - after all, disarming can be just pretending you're a legitimate user after all).

Actually... A crashed program is no longer running... it has been crashed... at which point, the Singularity can re-initialize the program... A Data Bomb Program (a reactive Attack Program) can only be "activated" if it is running (even if it is in a "passive" state)... "Running" is a state that can de detected (A Matrix Perception test will do this for you if you are penetrating the node), and I would argue that the owner would notice the absense of it in the "List" of running Programs if it was defused, if he chose to look (Sort of like looking at the Task Manager in Windows)... Regardless of how the IC detects the state of the program, it can use the Run Program/Agent action (Since the last time I checked, Data Bomb is a Program)... As for a legitimate user, they do not have to "Defuse" the Data Bomb (They have the passcode), much like the owner of an Encrypted File System does not have to decrypt his node to work within it... he has the Encryption Key, and that will allow him to access it without turning off the Encryption.

Keep the Faith

I direct you to the FAQ again. A data bomb only counts as running when it has been activated. When it's just sitting there, it's not running (and not eating up resources), and thus my argument proceeds that a default Singularity Encore can't detect if it's still there. And yes, if it could detect if it's still there, it could launch another if this one is disarmed.

What is decryption if not acquiring a key similar to that of a legitimate owner via cryptoanalysis? By the same logic, what is disarming a data bomb if not finding the passcode?

The FAQ is extremely outdated...
So resorting to the FAQ does you no real good...

And if Matrix Perception Can detect a Data Bomb, it is active... and the rules state that Matrix Perception can indeed detect a Data Bomb... ergo, it is running... therefore your default argument does not work... If the Data Bomb was NOT active, it could not go off in the pass that it was bypassed (ie. you access the file, the databomb loads, and then goes off next pass)... That is obviously not how it works, therefore the data bomb must indeed be active... the Data Bomb is like an Attack Program... if you do not have it loaded, you cannot use it to attack... pretty simple I would think...

Keep the Faith

How does the way programs are run has changed since the FAQ was written?
Do you notice that if you say that armed Data Bombs count as running, they should be eating up your processor limit?

And indeed they do, at our table at least...

1 slot for each bomb on the system... Are you saying that they don't?
Please cite a source for me if that is the case...

Keep the Faith

FAQ.

Please cite an updated and relevant Source...
FAQ is outdated and generally unreliable...

Keep the Faith

It's still an official document written by the developer. Please point out the recent changes in the system invalidating that particular bit.

It could easily be a process on standby. Code waiting to be activated shouldn't be considered active code..

You could go that route, sure... but looking around a bit... a piece of code cannot "activate" unless it is running some routine to detect the trigger response (you cannot "Attack" an Icon if you do not have a "Attack Program" loaded and running... and the Data Bomb is just a specialized, Autonomous Attack Program at its basic Function, one that always hits and inflicts damage, and is automatic if not defused)... as such, I classify that as "Running"... You cannot detect inactive and non-loaded programs with a simple Matrix Perception test, that requires browsing the contents of the file system (A Browse Test)... as such, if it is noticed by Matrix Perception, it MUST be running...

Ergo, by that logic, Since Data Bombs are detected by Matrix Perception, they must be running... thus the intrpretation that it is active (at least in some way, shape or form) and thus the utilization of one of your program slots (measured for Response Degradation purposes)...

And yes, I include my Data Bomb Programs in my Program Limits to measure response Degradation... it is a Program, that is active...

Keep the Faith

having no specific book ruling or example to site about whether or not to consider a databomb a running process or not

I think I'd prefer tymeaus's ruling for a couple reasons

1. if they weren't processes and could be thrown around willie nillie then why wouldn't every single node and file on the matrix come equipped with one by default, because it only deters hackers so why wouldn't it be built into every stock operating system.

2. if included as a process, on top of keeping every goon from running them everywhere, it would also prevent them from being widely used on commlinks in general because of the process cap, not a big deal for businesses / corps / any large entity as they all use nexi as the backbones of their matrix environment (atleast in every game i've been in) so databombing all critical files isn't that big of a deal.

3. and this is just a generality, but in my opinion, anything that even has a remote chance of dealing 36 DAMAGE and that's before options and the possibility of r7+ programs, should take up a process


... and that's my 2 sense

There's absolutely no need to have a running process to detect the file being opened. A Data Bomb is basically a damaging code you unintentionally run once you open the file, same way, say, modern viruses can be launched when you access an infected file.

I can see your point of view, I just do not agree with it... I prefer something to balance the program... and that is the point... it is a program, either it is running or it is not, if it is not running, then it does not go off... it balances out the potential abuses that inherently exist otherwise... As Makari pointed out so much more eloquently than I did... Thanks Makari...

Keep the Faith

There should be some consistency to it. Singularity Encore only checks running programs, so it only checks Data Bombs if those are running programs. If they are, they eat a program slot from the system.

You could go both ways as a spider: the data bombs on the most important files are Running, and protected by the SE. Noncritical ones aren't on the SE list to cut down on system load.

Though I prefer the Data Bomb to be running to be effective, That could definitely work...

Keep the Faith