Whew, I think I've worked through everything. Haven't been able to perform any serious testing with the rules, but I don't see any problems at the moment. I would like to have a few more things to spend AP on as well as a few more hacking strategies (preferably 2 more general strategies to bring the total up to 5 general, 5 attacker, 5 defender). I also need to print a formatted copy (rather than a BBC markup copy) to take with me to my game tomorrow.

Also take a look at the poll, does it solve the Matrix Problems? I've intentionally left some detail out, such as encrypted files, but I feel that anything that is encrypted is not crackable except by GM fiat (that is, Mr J supplies a decrypter or password for a given plot, or files can be decrypted by gaining System Control: eg. access as the user that encrypted them) or through Black Bag cryptography. As allowing anything to be cracked in minutes only causes issues with "why don't I just spoof a credstick to give me money?"

Cinematic Hacking

Hacking comes down to 3 types of hacking:
Software Hacking (computer programs, viruses, virtual attacks on severs)
Hardware Hacking (taking something apart and rewiring it, interacting with a command console)
Black Bag Hacking (aka Lead Pipe Hacking, Rubber-hose Hacking, Phishing)

Bypassing Locked Doors

Hardware Hacking leaves traces that something's happened. Deal with it.

Most hardware hacking involves getting through a locked door into a secure area, there are several ways one can go about "busting the lock."

Maglock Passkeys
Maglock passkeys are pre-purchased, reasonably reliable, swipe-and-go B&D tools that confuse the lock mechanism into thinking that the passkey is a valid ID and opening the door.
Maglock passkeys come in ratings from 1 to 6, availability R * 4. Maglocks come in ratings from 1 (local stuffer shack) to 6 (high security vault of a secret research base of a AAA megacorp).

Mechanically this is an opposed test between the maglock passkey and the lock, each rolling their rating. However, a maglock passkey will automatically bypass any lock with a rating less than half of the maglock passkey, so a R3 maglock passkey will automatically bypass any R1 lock (congrats, you can break into the stuffer shack when no one's looking).

Additionally, if a legitimate ID can be obtained and the maglock passkey can access the data on that ID and use the information to better spoof the system. Having a legitimate ID adds a +1 dice pool bonus to the attempt.

Forged Passkeys
Using a passkey forging device, a character can create their own (hopefully) valid ID that the system will recognize and allow passage. These passkeys take time to forge and are eventually detected by the system and flagged as invalid.

Mechanically a character spends 5 minutes, rolls Logic + Computers + Keycard Forge Rating and notes the number of successes. This is the forged passkey's rating, up to a maximum of the character's base Computers skill rank. Any time it is used the lock rolls its rating and reduces the forged passkey's rating by its hits. If the key is reduced below Rating 0, then the key fails to open the lock and is useless.

Additionally, if a legitimate ID can be obtained the character can use the information on it to better forge his own passkey, such keys are much harder to detect by the system. Multiply the number of hits the character gets on his test by 2 for the rating of the forged passkey and increase the maximum rating by 2.

Legitimate ID
Legitimate IDs can be pilfered from the building's employees. These IDs can also be copied with the right hardware, although mechanically they are detected and flagged in the same way a single-copy original (the guy's going to notice eventually that it's missing, or the security network noticed abnormal behavior of the ID, or it notices the ID being used in two different areas at nearly the same time) how the ID is detected is up to GM discretion, but mechanically the security node makes an extended test with its System Rating (6, 15 minutes). When this threshold is reached, the ID will continue to function as a Rating 3 forged ID, until its rating is reduced below 0, due to the amount of time it takes for the red flag to propagate to each door's maglock.

"Break it open already!"
Additionally, a maglock can be bypassed by cracking open the case and shorting the wires simply bypassing all the software and forcing the door open.
To do this a character needs the right tools (namely a screw driver and a pair of wire cutters, though any reasonable alternatives may be used, such as a monofilament chainsaw or a crowbar and a knife) and a few minutes.

Mechanically the character rolls an extended test Logic + Hardware (rating of the lock times 2, 3 combat rounds). For every 3 hits the character gets above this threshold the last interval is reduced by 1 combat round. If this would reduce the interval to less than 1 combat round, the duration is still 1 round, but the character achieves a critical success and is awarded a point of edge, as per normal.

Hacking the System

Hacking a computer is primarily a Software Hack, although it is possible that legitimate access can be achieved to a system and the character simply needs to do a Console Hack. In this case, substitute the Computers skill for the Hacking skill. If the system is an obscure device (such as the controls for a nuclear reactor or the flight deck of an aircraft) Hardware or a Vehicle skill may be more appropriate, illustrating needing to know what button does what without causing a catastrophic failure of the device. However the rules below deal with software hacks for illegitimate control of a system.

The Basics

Hacking is measured in terms of Authority Points and Lead. Authority Points measure how much a character can do in a system, or how much the system can keep the character out. The difference between the attacker and the defender's Authority Points is the Lead. As long as the lead is greater than 0, the defender is still in control. The higher the lead, the harder it is to break into a system, though most times it is unnecessary to gain complete control (reducing Lead to 0).

The defender gets their Firewall rating as their initial Authority Points, while the attacker starts at 0. If the system does not have a Firewall, use its Device Rating divided by two, round up.

Multiple entities may participate in a single hack, though they are treated as a single party, except where noted (eg. one participant might log out and another jump into a drone, while the third continues attacking or defending the system).

How long each hack action takes is dependent on the Lead, the higher the lead, the longer it takes. As the defender loses its advantage over the attacker, each side is making spit second moves to keep or gain control of the system. Not that on the table below, it assumes the attacker has two initiative passes, which a character always gets in Augmented Reality. For Virtual Reality a character always gets four passes, so halve the times listed, but opens up the hacker to stun damage. Additionally a hacker can go Hot Sim, increasing his Response by 1 and granting a +2 dice pool bonus on all hack attempts, but this opens the hacker up to physical damage. Moving from Cold Sim to Hot Sim and back takes 1 minute and requires that the hacker be logged out of all systems. For leads greater than the table lists, double the time of the previous entry (so a lead of 12 takes twice as long as 11, which is twice as long as 10, etc) until an entry can be found on the table. It is unlikely that such a hack would take place, as the conditions for Prey victory are met (see Core Commands below).

A good response benefits the attacker and the effective Lead is reduced, however a good Response also benefits the defender. The difference defender - attack is used as a modifier when consulting the table below. This does not alter the actual Lead, but simply reduces the amount of time for each hack action.

Remote hacking is generally inadvisable due to only being able to access publicly available networks and systems. Even in a largely wireless world, these oublic systems are not connected to vital security equipment and generally have little information worth stealing (although examples can be found). As such, hackers need to be on site during a run in order to open doors, cancel alarms, and deactivate drones.

For example, if the Breaker's comlink has a Response rating of 5 and the Stuffer Shack's node has a 4, then the effective Lead is the current Lead - 1. So if at the start of the hack, the Stuffer Shack has a firewall of 3, then the Lead when compared to the table would be 2: each hack action takes 4 complex actions. In AR it would take the attacker approximately 6 seconds before the next hacking round.



Authority Points

Authority Points are gained by rolling System + Hacking (Agents, such as IC, roll System + Rating, Spyders roll System + Hacking, and other devices, roll their Device Rating*2) and adding the hits to the attacker/defender's Authority Points. The time it takes for this action to complete is listed in the table above.

Edge and Authority Points: always roll Edge dice separately, all rerolled dice count as Edge dice. These dice only determine success or failure and do not add Authority Points. Edge that does not grant additional dice, however, does grant the hacker 1 additional AP. There is a very careful balance of powers here, a lot of Edge could allow an attacker to take over a system in 1 action by spending Edge, as a single Authority Point is quite powerful. 6 Edge dice on a pool of 12 turns an average 4 AP into 7, which would reduce the next hack time 75% or more: each point roughly cuts the time in half.

Each hack action is done by choosing an attack or defense listed below (it should be noted that Agents have a more limited list of options, including unique commands, and are listed in the Agent's description), provided that the character/system/agent meets any listed prerequisites and taking the indicated modifier. The character who gets more hits than the opposition succeeds at their action and additionally gets to perform one of the listed benefits for that action.

After the round is resolved, the attacker and defender may spend Authority Points to perform any special actions (the amount of points is listed under each ability, as well as additional requirements) that represent short term gain at the expense of overall or long term system control.

Teamwork: if there are more than one participants on any side, they roll the appropriate pool, limited to Response, System whichever is lowest and add their hits to the leader's roll. If additional participants are Agents, such as IC, they simply add a +1 modifier to the highest rated Agent, or to the defending spyder (if present).

Hacking Strategies


Breaker chooses to do an Index Snatch against the Shack's system, which he can do because the Lead is currently 3. The Shack isn't very well defended, but there isn't much Breaker could steal if he manages to get in. The system goes for an Inverse Query, it wants to know who's attacking it. Both roll. Breaker has a Hacking skill of 2 and his comm has a System rating of 3. He gets 7 dice (plus 2 for his strategy) and makes 2 hits. The shack is running on IC Agent with a rating of 3 and the node's System is 4. It gets 5 dice as well (-2 strategy modifier) and gets an amazing 3 hits. The Shack wins the check and gets its advantage: a +1 modifier to all Trace attempts.

Magic Bullets and Core Commands aka Spending Authority Points

At the end of each hack action, the attacker and defender may spend some of their system control in order to pull of a short term gain in exchange for long term progress. Each participant chooses an action (if they so desire) and spends the points before knowing what the opposition does. Some of these actions are Core Commands. These actions cost the defender nothing and have no prerequisites, as they are in control of the system, however for an attacker to pull them off they need to both meet the prerequisites as well as spend one or more Authority Points (AP). The loss of AP is the result of diverting some time or system resources away from the direct attack or defense of a system.



Breaker lost the opposed check, but did gain 2 AP which he can spend, but the system has 6, making the effective lead 3. If both don't spend any points, then the next hack attempt will take 8 complex actions, or about 12 seconds in AR. Breaker is trying to gain enough AP so that he can spend a round Commanding a device, so he chooses not to spend any. The Shack on the other hand was using IC and won its check. Breaker is in AR so it could spend some AP to try and knock him out, but it doesn't have a great lead to cause any effective harm. Instead it decides to initiate a Trace, and it gets a +1 to that test. It does so and rolls 5 dice and gets 2 hits towards Breaker's Firewall*2 of 6.

Next round Breaker decides to Insert Packets, which gets him a +1 modifier: he needs to recoup some Lead. The system goes for a Security Alert. Breaker gets 6 dice versus the Shack's 5 dice. Breaker wins 3 to 1, dropping the Lead to 2 and leaving Breaker with 5 AP; the system was unable to effectively alert any on-duty guards. He decides to Use a Peripheral Device--the door lock--and commands it to unlock. The system gets its extended Trace test--another 1 hit--and takes no other special actions. Effective Lead is now 1, so 3 seconds later Breaker has the door unlocked, but the system gets to roll to defend. It performs Core Counter Measures and gets 9 dice and snags 4 hits. Breaker still has his 5, but the system now has 10, bringing the Lead to 5, but Breaker has what he wanted performs a graceful Log Out, severing the Trace. Had the Shack been running illegal Black IC it would have jammed open his connection, allowing the trace to continue.

A Round Quick Summary
1: Determine Lead and hacking time
2: Predator and Prey pick a strategy and perform an opposed test, adding hits to their Authority Points.
3: Choose to spend AP on additional actions
4: Roll traces

Black Bag / Lead Pipe / Rubber Hose Hacking

While these methods are entirely feasible within the ShadowRun universe, they are not the dominion of the Hacking rules, they are the dominion of Breaking and Entering, Theft and Robery, Social Encounters, Roleplaying, or through mission objectives. How a GM should run this kind of cracking should be up to them and up to player creativity. I offer no rules for this kind of dramatic conflict, however, if a legitimate account can be obtained to a system, treat the PC as having System Control, but limit the actions they can perform with a boundary on "what this NPC would likely have access to."

So doping up the secretary might get her login to the computer, but it won't let you access top secret research data. Even gaining the sysadmin rights might not let you access those files. In such an event, the system will simply throw a Restricted error. If the PC would like to continue anyway and start hacking, use the rules as they are outlined here. Once the system has identified you as an illegitimate user it doesn't matter how you gained the access you did: you start in the same place (admin rights don't help when the system realizes that the admin is in fact not the admin, or at least trying to do something the admin has no right to do).

Equipment

Software is cheap to copy and easy to distribute, pirate networks abound providing a knowledgeable hacker with all the software tools he could ever need. And free music, movies, games, and porn. Hardware on the other hand is a truely limited resource. You can't just make more without having raw materials. You have to ship it from factory to warehouse to outlet. This is hard and expensive.

It's.. interesting. It's shorter than my current plan, which is good. On the other hand, it doesn't address everything. The most important thing I'm missing is how to conceal your activities instead of straightforwardly trying to beat the target system in a fight?

That's a good point, but there's a level of abstraction here that makes it difficult to deal with. I think however the best way to deal with it is through Traces: if you're not traced the system has no idea who you are (at best it only knows there was an attempted break in*).

A trace should take less time to complete than it takes for the system to win through Lead, though I didn't do any direct comparison to hacker winning vs. trace completing. I figure that hackers should know how to cover their tracks and if they win before a trace completes they can cancel it and erase their tracks. Though having system control can still be obvious. If you've kicked out an NPC defending hacker he's going to know that someone booted him out. A pure computerized system that gets taken over? Why the hacker can send an "all clear" signal.

Anyway, it's supposed to be Dramatic Conflict, not Cloak and Dagger stealth games.**

*Real world connection: the Pentagon is attacked tens of thousands of times every day. Most are just pings, testing the armor looking for cracks, not worthy of being noted as anything more than a statistic. How many are actual breaches? Pentagon won't say. And of course, undetected hacks are, well, unknown even to the Pentagon. But we can be reasonably sure these don't happen often.

**Rules as Written hacking is so dependent on Stealth it's fucking hilarious. No stealth? No hacking. Lots of stealth? You win all the time, every time, without the system ever realizing you were there. Stealth logs you in, stealth avoids cybercombat, stealth avoids other detection. Have it and win, don't and lose.

I agree that the RAW stealth system is absolutely horrible. But I'd still like to differentiate between hacking a system that's aware of your attempts, and one that isn't. Covering it up after the hacking is another matter altogether.

The holy grail of shadowrunner hacking is usually to breach a system without anyone realizing it; so that even afterwards the intrusion won't be discovered. That requires that no alert was sent to anyone, just erasing what and how you did from the hacked system afterwards isn't enough if the news got out.



I appreciate your system for comparison, but I'm still working on my own. It'll carry a lot of similarities, but it'll be a bit bigger because I prefer to err on the side of thoroughness.

Another thing I'm missing in your system is hardware-hacking as an approach to regular systems. One of the reasons for hackers to go on-site should be that software security just has a very very hard time defending a system against someone who cracks open the case and subverts the system's hardware.

I'm trying to enable different hacking styles by having quite varied tests for different "strategies"; systems that try to be strong at everything will be prohibitively expensive. Also, no level of software can mimic Intuition in my system, reserving certain strategies for meatpeople only.

You mean like this section?



Technically that would apply to any device, though rarely will you need complex rules for it. Popping the hard drive out of a computer? Simple. So simple in fact I wouldn't even bother requiring a roll. Getting that far is another mater entirely.

Back when I did some tech support there were servers. Getting access to these servers after hours required getting through 1 electronically locked door, through 1 mechanically (and electronically--it was a standard key door that had a magnetic swing plate so it could be opened with a keycard too) locked door, through a mechanical punch-code door, and finally through a second electronically locked door. Not to mention bypassing a minimum of 3 cameras.

In any case, that would fall under the purview of Black Bag Hacking.

Not exactly, I didn't mean hacking maglocks; I meant circumventing software defenses on a normal computer by compromising its hardware. I'm thinking something along the lines of a Logic+Hardware test to gain Authority, that is nearly impossible to oppose. And all you need is physical access...

Also, I'm somewhat disturbed by the differing time scale depending on Lead.. I think I prefer a more constant time scale.

The problem lies in the fact that simple hacks need to be quick. But if simple hacks are quick, then complex hacks are merely two or three times longer (takes 3 times as many rolls, takes 3 times as long) which is really undesirable, as it means any device on the planet is hackable in seconds if your basic maglock is hackable in a round or two.

I see your point, but I don't like the method.

I'm making hardware costs closer to exponential; having all cameras super-secure is insanely expensive, but having just a few secure servers is a realistic option. Slightly better hardware also makes systems a lot harder to hack. If for example Firewall is a threshold to enter a system, having a Firewall of 4 instead of 3 will have a definite effect on security. Likewise, if the computer has 3 IPs instead of 2, it suddenly becomes a lot more dangerous.

So that means it's pretty hard to hack superior systems, but it can indeed be done, and when it's done, it happens quickly. I don't think that's bad; the response can be equally fast (hardware reset button). Like a shadowrun, you have to be quick and out before the HTR arrives.

That doesn't stop data theft, but abuse of a system controlling some utility is hard to continue for more than a couple of minutes at best. Those occasional sudden failures do fit a cyberpunk world though; hacking GridGuide during a car chase for example should be doable. Sudden failures that injure civilians fit the dystopian athmosphere. (To a point.)

On the other side, I'm working to develop tracking so that tracing someone back is also easier; sending troops to arrest the hacker becomes something that could actually succeed.

If you actually run the numbers here, almost all hacks take place under 2 minutes. Its only when you start exceeding a Firewall of 7 that time starts really becoming an issue. Unless your Response is greater than the target's. Rating 6 everything hacker on a Rating 6 everything system the entire showdown lasts 72 seconds, IIRC.*

*I didn't factor into account increased/decreased time intervals, just did a raw "how many rounds" guess and multiplied by the first interval. If the hacker is going to ultimately lose, then the time ramps up, but it should be pretty clear that he's going to get booted. Like I said, I haven't had a chance to really try the rules out in practice. Also "all 6 vs all 6" would end in a stalemate. Neither has a die advantage (which puts the timer on the Trace and how well the hacker can avoid being traced and accomplish his goal--assuming the goal isn't System Control).

I'm going to have to re-read the lead vs. AP portion a couple of times, but beyond that...

The more lead the defending system has... the longer it takes it to trace? That seems backwards. The trace shouldn't occur once per lead pass. The hacker should have a better chance to beat the trace the less lead exists. As it stands the more the hacker breaks down the system the faster the trace finds him.

I made it per hacking round just to leave it consistent, but I could change it. Suggested interval?

A 'quick fix' I initially thought of would be to multiply trace hits by lead. At least then it's closer to consistent, but you're still kinda penalized for getting faster in the system. The real way to do it would be for every 3 seconds, the server gets a roll. You can equate this to the multipliers, but you just have to have a separate multiplier column for the different leads.

Yes, this means something with high lead is practically going to know what you ate for breakfast and your favorite sweater color before you get to take your next action. If it's taking 20 minutes to do *anything* in the system, if it's looking for you, you're screwed anyway.

Multiplying by Lead (hell, even adding Lead as auto-hits) means that you would be traced always, every time, before you could do anything. You could not hack a system unless your Firewall was double or triple its System + Signal.

Remember, getting Traced means the system locks you out. It has enough info to know who you are and completely shut you out (See the Magic Bullet Authorize/Restrict User). If it can't just block you, then what good is a trace? Sic'ing (slow) meat security on you while you keep raping the system?

Sorry, should have mentioned upping the trace threshhold to make it make sense.

But yeah, you get traced on a lead 9, you're pretty fragged. That's a LOT of time.

Problem with that is, a hacker with 9s in all his hardware too won't be able to hack the system either, despite being on even footing.

Then the time needs to be adjusted, or the trace system needs to be completely overhauled. As it stands right now there's no reason for me to get a better lead to 'beat' the trace. It just doesn't matter. Also, if the system can't find you as you sit there and monkey wrench with it over 20 minutes, that seems to run against common sense to me.

You're not monkey-wrenching over it for 20 minutes. You're making very cautious pokes into the system trying to find a weak point to exploit. And covering your tracks a lot.

First let me just say that I like the Authority Point idea as I think it has potential to add some flexibility. Not to overcomplicate things, but the way I sort of envisioned it was that a systems AP would be a little more fluid with a hacker trying to reduce the systems AP and increase their own while conversely the system would be trying to maintain their AP while reducing those of the hacker. So you would essentially have two separate AP scores, those of the system and those of the hacker. If the hacker needs to reduce the AP of a sytem to perform certain actions on it, then conversely the system could be trying to reduce the AP of the hacker in order to perform certain actions against them. The lower the systems AP, the more the hacker can do on the system and the lower the hackers AP the faster the system could trace them, or whatever else.

Conceivably the crunch could work like that, I didn't think of it that way, but you're right that it could. You could probably easily adapt the rules I presented here to work in that manner.

How about an interval depending on the distance between attacker node and defender node? You could say that most exploits depend on timing, and that short distances are ultra-important.

When I try my hand at creating house rules, the #1 question I ask myself is "is it fun?" Not to be rude or anything, but these rules don't sound fun at all. Not that the core rules do either, of course.

It's hard to come up with rules that allow you to hack at a distance while at the same time making it suboptimal. If you're just slower you'll always want to be closer to the target, which effectively is the same as "you can't hack long range."

The best I came up with--as a modification for the core rules--was to impose a DP penalty for every 2 nodes you're hacking through (that is, not counting you and the target) and an additional penalty for hacking or hacking through a Signal 0 device.

I've got the basic idea you present here, but I don't see this as a better system than RAW. Its just different. Based on RAW, I only have to track hits until the hacker enters the system, then there is either an alert or not (which could also include IC or other scripted actions or maybe even a spider).

But these rules cause me to continually track APs and Lead throughout the hack. So, there's more record keeping, which equates to more time.

I don't see non-participants being anymore into this than RAW. I don't think it reduces the hacking subgame.

I like your rules, but as I said above, they don't seem to be any better. It feels like just another system to have to learn and the basic problems are still there.

It would be the very idea to make hacking at a distance suboptimal. Hacking would need turns while onsite, several minutes in the general area of the target, and hours if you hack something on a different continent.

I meant suboptimal without making outright a terrible idea. The "well you can but you have to be good to pull it off."

If it's always going to take 1 minute per action from across the street regardless of hardware/software/skill and there's no way to bring that back down to combat turns no one would ever do it.

As opposed to applying a DP penalty, which could be compensated for (although it has to be significant enough that it's a disincentive).

Just another random thought here. I know one of the goals here was to reduce the importance of Programs but what if Programs gave small bonuses or helped to mitigate penalties for certain actions sort of like modifications to firearms or magical foci. You could even make them with a limited number of uses built in so the Hacker would need to buy or create a new ones more often. This would reflect the idea that security holes are constantly being patched and new exploits must be found. I still like the idea of most hacking being done in the same Skill+Attribute manner as the rest of the game, but I hate to see Programs dropped altogether. This way Programs would still be useful, but more of just an option rather than a requirement.

Its certainly an idea. There was the idea that you'd need to have some programs to perform certain actions (e.g. Trace software to do Traces) but doing it that way wasn't necessary.

But yeah, conceivably they could come back as tools, like medkits etc.