Hey guys,

I'm trying to build a cheat sheet for one of my hacker players and I am all screwed up.
I'd like a step by step explanation of how hacking works.

For example...
Hackdaddy is in a van trying to get his team into a house across the street.
1. Hack daddy needs to locate the House's node/nexus.
-Firstly, I know everything on the matrix has a node, but what determines if it is a nexus or a node?
-What skills and programs should Hackdaddy use to find the node?
-Is it a "Matrix Perception" test (Computer + Analyze) or should he be using Data Search or Electronic Warfare?
-Should he be using Analyze, Scan, Browse, Sniff?
-What will successes on that roll provide? Does it list every node in the area? What about hidden nodes?

I guess I'll just start there.
How does a hacker locate and interact with a node/nexus?

Removed for being to simple.

A nexus *is* a node, and not a particularly special one.

If the node is 'Active Mode', then you automatically know it's there, and public info about it, because you can connect to the 'lobby'. Passive Mode means you still know it's there, but it doesn't accept connections (from you). Hidden Mode nodes have to be Scanned for, because they're online by hidden.

Matrix Perception can be used on nodes, files, etc., and gives you information about them (there's a list of example bits of info in SR4A). Net hits give you more bits.

Data Search is for searching for specific information, often across the Matrix or a specific Data Haven.

Scanning for Hidden Nodes (because all the others are automatically known, Free Action) is divided into two options: specific and general. A 'specific' scan is when you know there's a node 'right there' (e.g., under that guy's jacket), but it's Hidden or off (which you know because it's not Active or Passive). 'General' is if you scan the whole immediate area (*mutual* signal range) for Hidden nodes.

Specific: "To find the node, make a Electronic Warfare + Scan (4) Test."
General: "In this case, the test is an Electronic Warfare + Scan (15+, 1 Combat Turn) Extended Test, rather than a Complex Action."

So, in your example, unless the person is very security conscious (most people aren't) the house node will be in passive mode, so can be instantly found by the hacker, no tests required.

To get into the node the hacker would have to roll extended Hacking + Exploit (Firewall) to get in, and the node gets to roll an extended Firewall + Analyze (Stealth) to detect the hacker.

Yera gave a good explanation of finding hidden nodes.

So if it's a public node, (somebody's house would normally show up right?) it wouldn't even require a roll?

Let's say there are 2 cars in the garage which are hidden nodes.
Hackdaddy, who can see them physically and knows they would have nodes, would roll a Electronic Warfare + Scan target 4?
Is the target always 4, or shouldn't it be the target's stealth program + firewall?

Always 4. The cars probably wouldn't be Hidden either, though. Very few things are, in 'normal' society. Cars, for example, need GridGuide.

Stealth + Firewall is the DP to defend against Matrix Perception.

Would you want to leave your car, or even your house, just swinging in the breeze waiting for a hacker to exploit it?

The only time you're likely to have a node in hidden mode is if it is involved in something illegal. Most private nodes will be passive, or even active, and public nodes will be active.

Ok so...

Step 1. Locate node. Since it's probably public and passive, they shouldn't need a test.
If they believe there is a hidden node, they can search for it generally (Electronic Warfare + Scan (15+, 1 Combat Turn) or specifically (Electronic Warfare + Scan (4) Test)?

What is step 2?

Depends. There's Matrix Perception to find out what the node is, if it's the one you're looking for, etc. This is important, because there could be plenty of nodes found, and you can 't tell them apart. It's sort of like the Wifi list on your laptop: plenty of nodes with funny names/serial numbers/whatever. (Aside: *technically*, Active and Passive are like that wifi list, and Hidden is if the router's SSID broadcast is disabled).

Then you can try to log in. Hidden means it's not accepting connections from you, so that's hacking.

So step 1 would be a Matrix Perception test to determine if the node you're looking at is the right one?

I think so, yes. You'd look silly if you hacked into the wrong place. This is actually Step *2* if the node was Hidden, because you had to find it first.

In the case of a house, the node is probably Passive (i.e., Wifi with a Password and/or MAC control list). With Passive mode, the node *may* be configured to identify itself already. Continuing with the analogy, this is like a wifi setup with an SSID of 'Bob's Wifi' or '221 B Baker St.'… or, god forbid, 'NETGEAR'.

Another reason for the Matrix Perception test is that there are probably multiple Nodes in that house: home appliances, commlinks, cyberware, etc. in addition to the main home telecom that's going to be the one connecting to the Matrix.

So,
1: Roll Electronic Warfare + Scan (15+, 1 Combat Turn) to search for Hidden Nodes.
2: Analyze Nodes until you find the one you're looking for: Computer + Analyze vs. Firewall + Stealth. This should give you several pieces of data from the table on p. 228 of SR4A.

Programs used so far: Analyze, Scan
Skills used so far: Computer, Electronic Warfare

There are now a couple of different ways to log onto the Node, depending on what your Hacker came to the house with: Spoofing commands from legitimate users, brute force Hacking your way into the Node, or Probing the Target for a security hole.

Those will almost (not the commlinks) all be Peripheral Nodes, though, and therefore almost certainly in Passive mode. The commlinks are likely in Active, or off. Obviously, there are always exceptions to these predictions, though.

Ok so...thus far...

Hackdaddy:
1. Locates the nodes in his area (Computer + Analyze) (or Electronic Warfare + Scan if the node he wants is hidden)
2. Identifies the node he wants (Computer + Analyze)
3. Decides to spoof the doors open, so he makes a (Computer + Analyze) or (Electronic Warfare + Sniffer) roll to obtain the correct id
4. He gets the correct ID and then spoofs a command (Hacking + Spoofing vs. System + Firewall) losing 3-6 dice depending on the access level.
5. If he gets a successes, the doors pop open. If not, the command is ignored.

Is that about right so far?

@ 1: It's actually an automatic 'System-based' Free action, not a Computer + Analyze test.
@ 3: What ID are you getting? Presumably, you want the commlink of the owner. Is that commlink present?

Yup. But there almost might be a drug lab in the basement, ninjas hiding in the attic, or (more likely) security drones for the local neighborhood. Besides, unless you know where in the house the main home telecom is, you might end up hacking said coffee maker.

1. Automatically finds all of the nodes in the area, the Computer + Analyze is to zero in on the desired node.
3. Any user ID with access to the node would do. So I'd imagine any wireless activity or any data trail on the matrix would do to capture any ID that have used that node recently.

Wouldn't an active node tell you what it is without even needing a test? The matrix perception test (given that it is opposed by stealth) seems like it is needed for info that the node might not usually broadcast freely (like how good its firewall is). If you're looking at a list of public nodes, they should have some kind of basic data provided about them so that a normal (non-hacker) user can go "Oh, there is my washing machine." Otherwise a normal person would literally be unable to operate because they couldn't find their own nodes.

Step 3 requires listening in on someone who already has access - Electronic Warfare + Sniffer (3). No commands to listen to = no user to Spoof. But there's still Hacking on the Fly and Probing the Target.

Assuming there *is* someone to Spoof, Steps 4 and 5 are dead on. This is a house, so you probably don't need a Security Account to open the door.

Couldn't you search the data trail for any users who have accessed the node?
Or does a user need to be logged in to sniff their user ID?

yesferatu, it's not like the 'data trail' just sits there in the ether. Either you were there listening, or you hacked the node to *ask* it who'd used it recently.

Yes, active nodes are basically public web pages.

Actually...isn't the data trail just sitting there?
Doesn't every node keep a log of any IDs which have accessed them?
I thought that was the whole point of the stealth program and spoofing.
Isn't the idea to be able to issue commands and take control of systems without identifying yourself?

How do you get an authorized ID without catching that user in the act?

Just sitting *where*? Where is 'there'? You're Spoofing the node, you're not logged into it.

Technically, you can only Spoof Drones, Agents, and Peripheral Nodes, anyway. Not home terminals, commlinks, etc.

Well...if you're not logged into it, how do you get an authorized user's id?
Why wouldn't you be able to spoof a comlink?

Because Spoof Command doesn't work on commlinks.

You can get access IDs in many ways: surveillance, hacking nodes they come into contact with, tapping communications, etc. You just have to get them from *somewhere*. The Matrix is a network of devices, not an ocean.

Spoofing is faster than hacking, and safer, but very limited in application.

Ok, so if a node has a single user, and that user is not currently online, you would have to hack the node in order to get that user's ID?
(Ignoring the social engineering/wiretapping options)
If you didn't have a day for surveillance and needed to get into a node, you'd be forced to hack it or probe it?
Spoofing wouldn't really be an option?

Well, again, you can't use Spoof Command on a standard node anyway (Drone, Agent, or Peripheral Node only). But yes, that's right.

So, a node is a building with a security front desk. You can't call that desk and pretend to be Bob Jones (an authorized visitor) if you don't know his name. You'd have to glance at the authorized user list, or at least the recent visitor list. Or, watch the door, or ask someone else (like the coffee shop across the street), etc. (Notice that Spoofing is like calling and claiming to be Bob, whereas hacking would be *entering* the lobby).

Someone should just make a matrix decision tree with the various rolls required. Starting for searching for a node through hacking.

Since when does spoofing give you access anyway? Spoofing just makes a node think that you are a particular other node. If you don't have the password/accesscode/whatever you still have to hack into it.

So again,

1. Locate the nodes in his area (Computer + Analyze) (or Electronic Warfare + Scan if the node he wants is hidden)
2. Identifies the node he wants (Computer + Analyze)
3. Hack on the Fly (Hacking + Exploit) vs. Firewall (+3-6) or Probe (Hacking + Exploit) Extended to create an id.
4. The node attempts to analyze the hacker either after each brute force attempt or after the initial probing attempt.
5. Creates an authorized ID & passcode, then initiates a command (Hacking + Command vs. System + Firewall) to open the door.
6. If the node fails to identify the hacker, nothing happens. If the node does detect the hacker, it can initiate whatever security it has.

Is that basically it?

Oh my god YOU LIVE BY MY HOUSE?! How did you know what my router was?!?!?!

Another detail, which I think we missed earlier, is that you can use a Data Search + Scan test to sort through many detected nodes. This is really for Active/Passive, unless you've already gotten Analyze info on a lot of Hidden Nodes (for example, if you had several Agents doing it for you). There is no circumstance in which you'll roll Computer + Analyze for locating nodes (your #1 above).

#5, you probably can just *have* authorization to open the door, no test required.

So...I hate to do it...but can you give me a 5 step outline of how this operation should work?
I still don't think I get it.

You're pretty close. I actually have to dash right now. I'll check back later, but I'm sure the others can help.

Aren't you just in at that point? No need to open any doors or anything, unless you're talking about a backdoor for later.

Pretty much. The trick is to lock out the people who are supposed to have that access.

Well, that aren't you.

No, Karoline, he's hacking a house to open the front door. The literal door.

Oh, right, forgot that part.

Unfortunately, you can't make a Matrix Decision Tree any more than you can make a Combat Decision Tree. There's lots of things you can account for, and lots of things you can't. Your best bet is to manually cross-reference the Matrix Skill and Program information.

For this situation, though:

The door is a Device. It's probably slaved to the house's Node, meaning that only someone with access to the Node can command the door. Of course, it's entirely possible the door is entirely mechanical and hacking the house's Node won't open the door at all. Still, hacking the house's Node will let you know what other security measures are involved.

1. Locate the nodes in his area
Automatically detect all Active and Passive Nodes. The house is probably one of these, but you can roll Electronic Warfare + Scan (15+, 1 Combat Turn) to look for Hidden Nodes.

2. Identify the Node he wants
It should be obvious. Roll Computer + Analyze to examine the right-looking Node to check it out.

3A. Spoofing. Spoofing is your way of saying "Hi, I'm a legitimate user. Perform this legitimate command." IF the door is a non-slaved Device (unlikely, but possible) and IF you see someone using it, you can roll Hacking + Sniffer to get their Access ID. If you happen to already know their Access ID, this will work, too. If all you want to do is open the door, this is the safest and easiest method. If you want to snoop around for long, however, getting yourself an account will probably be better.

3B. Finding a security hole. If you have some time, you can roll an Extended Hacking + Exploit (target's System + Firewall [+3 for Security Access, +6 for Admin], 1 hour in VR/1 day in AR) test. Success will give you the ability to Log On once (unless the hole has been patched). When you do Log On, the Node gets one free Analyze + Firewall (your Stealth) roll. If the Node succeeds, it triggers an Alert.

3C. Brute force. Roll Hacking + Exploit (target's Firewall [+3 for Security Access, +6 for Admin.], Complex Action). Success logs you onto the Node.The Node gets a free roll on an Extended Analyze + Firewall (your Stealth) each time you roll. If the Node succeeds, it triggers an Alert.

4A. Roll Hacking + Spoof vs. System + Firewall to give the Door a command like "open".

4B/C. If you give yourself an Admin account and don't trigger an Alert (or squelch it quickly enough), you pretty much own the place.

Skills used: Computer, Electronic Warfare, Hacking

Programs used: Analyze, Exploit, Scan, Sniffer, Spoof

Edit: Added more detail.

That's exactly what I needed.
Soon I can add the "what if it goes wrong" thread.
Thanks

You've obviously never taken a programming class. I see no reason you can't make a matrix decision tree, or a combat decision tree. It might look a bit complicated, but it could certainly be done.

I think he meant that it would be uselessly large and complex, not that it was literally impossible.

For etherial's post, I would just reiterate that Admin access is probably not required for 'door open'. A likely setup is something like we theoretically see today: kids have authorized user accounts, dad and/or mom has a security account, and no one has an admin account (instead, the security company probably does).

Heh. I slept through the only one I took in college since it was just a repeat of the AP CS class I took in high school. You can certainly get *most* of it out of the way, but the rulebook itself doesn't handle every situation. How do you expect a decision tree to?

Yeah, a basic account will get you probably through the door, though that wasn't necessarily all yesferatu was looking for in this example.

Actually, it looks like that exactly what he was looking for. But yes, you're right. I just didn't want to mislead a learner with the idea that you need Admin (or even Security) access for everything.

Actually you don't need an admin (or even security) for anything. Only real difference between an account that can do something (admin) and one that can't (regular) is that admin rolls computer + something to make it happen, and regular rolls hacking + something. That or it happens automatically at the higher level and requires a hacking roll at the lower level.

I don't think that's true. Users can do user things, Security can do user+security things, and Admin can do anything… typically. These definitions can be manually tweaked, although it's a pain to do it often.

Are you guys just mixing up the Spoof Command rules? Hacking is used for Spoof Command, Spoof Access ID, Crash Program, Crash Node, Probe Target, Hack on the Fly, defending against Matrix Perception, Redirect Trace, Intercept Traffic, Disarm Data Bomb.

I think this thread has turned out to be pretty helpful.
My game has been oversimplifying our Matrix rules for way too long and I need everybody at the table comfortable with the process.
I finally got all of my new players running combat smoothly, I find it helps to have a short reference sheet.

I would probably encourage my hacker to get at least a security account so they can monitor and disable any alarm that might get tripped or even lock out a regular user should it become necessary.
Now, if I could just tell the difference between:
Computer and...Data Search...Electronic Warfare...Cybercombat...Hacking...
Scan...Analyze...Browse... Track...

I suppose I'll need to reread the Wireless section until it sinks in.

Another learning trick that makes the curve much less steep, is to have your hacker /teach/ you how to hack. Have him explian what actions and why he's doing them, why he's doing that node setup and slaving to his commlink, have him become the table's -and team's- technical expert. It worked on my table, he was teh one introducing new ideas which he would explain to me and I'd approve (in case of new gear) or disprove depending on my own learning curve. My answer usually was "No, you can't have that piece of gear/agent/malware, etc now, but you can try to start programming it, researching a place to steal it from, etc." while I understand the implications of said gear. I'd even try to use it with NPC's as a simple way to game test it.

It integrates the matrix system with the game, gives spotlight to player/character and gives you extra time preparing fluff instead of learning rules... which in my book go from: "fun" to "boring", respectively. And when the team gets their rating 4 tacsofts, they are a real prize: the ones they programmed, or they stole in that memorable run or tehy bought in that risky negotiation with a corrupt corp exec.