OK, so my team, including myself, has all of our commlinks slaved to my external commlink running battle-tac.
The street sam has skinlink on and all cyberware set to DNI only. Meaning that his cyberware only accepts commands from his commlink, and his commlink only accepts commands from my commlink.
The only way he can be messed with wirelessly is to hack the master commlink, right?

As in, spoof doesn't work against his gear, because it's secured, and you can't get to his commlink without going through my commlink. Sounds too simple.

A only accepts commands from B, and B only accepts commands from C. If you spoof to look like C, then B accepts commands because it thinks the spoof is C. Also, chaining the slaving is pointless, because if a hacker gets control of C or spoofs C, it commands A just as easily as it commands B.

slaved devices are not unhackable or unspoofable afaik. slaving just gives a negative dice modifier

They are unhackable actually. They have to be spoofed. Well, unless you can get a direct physical line to the device in question, and even then it throws on a serious penalty.

I was under the impression that you couldn't spoof commands to commlinks. It doesn't have a pilot rating. Is it considered a peripheral device?

Basically every device is a node, yes. A commlink is a node, a cyberarm is a node, a fridge is a node.

Sorry, I edited before you answered

One can Spoof commands to his commlink if they have your Access ID, something they can get with a Detect Wireless Signal check.
The downside here is that you can't spoof your Access ID because, if you do, the other commlinks won't be able to do anything. They do all their stuff through your commlink and, if they no longer recognize your commlink(because it's running a different Access ID) they aren't receiving or giving any commands to anything they recognize.
The other drawback is that your subscription limit is severely clogged up with all the team's commlinks.
It also means that if someone gets into your commlink, they have access to everybody on the team and don't have to hack one person at a time.

As with anything, when you increase security, you decrees access. Same goes for physical and Astral security.

everything's a node. and Unwired p55 says the slave is a node and can be spoofed. and there isn't even the modifier I believed there was.
So if B is slaved to A, I can spoof A's ID. If B is a commlink I can tell it to shut down/restart/play AR-Porn/etc

Unwired, pg55 under "Slaving".


And one more thing: DNI is a device-to-brain interface. The samurai dont need to connect his cyber to any commlink.

My impression is, to spoof a command, you have to be sending the command to something that accepts commands. The pilot in a drone, or the equivalent in a coffee maker or or taxi. If there isn't a pilot type program running, you can't tell it what to do, so you can't send it a spoofed command.

Example: You can't spoof a command to a gun. There's nothing there to accept the command. You can spoof a command to a smartlink, it's got just enough of a brain to accept commands like, full-auto or eject clip.

I don't believe a commlink has anything built in to accept and act on commands, but I'd be happy if some one showed me where I'm wrong.

Everything in a commlink is built to accept and act on commands. Shut down, load attack program, give admin privilage to access ID 4372469, change master to ID 4372469, etc.

From pg. 236 BBB

You are turning the commlink to a peripheral device by making it slaved.

Well, 'Peripheral device' isn't defined anywhere in the book, other than mentioning a couple of particular examples. I take 'peripheral device' to mean 'anything capable of accepting and acting on electronic commands', which would include commlinks along with everything on your list. I think the reason that it mentions pilot/agent in particular is that they aren't devices, they're computer constructs, and so wouldn't be affected by spoof if it only said devices.

However, regardless of trying to define peripheral device, as myself and three other people have quoted, the rules say very directly that spoof is an acceptable means of defeating slaving. This could mean that a commlink is a peripheral device (Which I believe to be the case) or it could mean that a slaved commlink is a particular exception of some kind.

FYI I define peripheral device as any device that is connected (or could be connected) to another device in some way.

So....having cyberware is stupid?
If any jackass with a rating 3 commlink and an off the rack agent can completely shut you down, what's the point?

You need to check out Unwired. It gives a great many detail on things like this.
Much of your cyberware can be made without wireless.
Spoofing also means that you are only giving one command per action, as opposed to hacking, in which case you have complete access to the device.
You also have to be within mutual signal range of the device you are spoofing. Most cyberware, when it is wireless, has a Signal range of 0.

That being said, having cyberware makes you vulnerable to hackers. In this way hackers are not toothless in combat.

Mutual signal range includes any and all devices that you can bounce the connection off of, it doesn't have to be a direct mutual signal range.

It isn't bad to have cyberware though, all you have to do is turn off the wireless when you don't actively need its wireless to be on (such as running a diagnoses every so often).

Also, while you can only spoof one command at a time, your first command can be 'accept me as the new master' and then you have full admin access. So slaving a device can be potentially dangerous.

Edit: Well, what I said about mutual signal range isn't quite right, but there are -very- few applications in which routing can't accomplish the same thing as mutual signal range, and spoofing access to someone's cyberware isn't one of those exceptions.

It's actually defined pretty clearly. A commlink is most definitely not a peripheral device.



A commlink is a device intended for matrix interfacing and processing, ergo it ain't one.

Basically the only really effective way to not be hacked is not have data connections to outside your PAN.



-k

Only if the Access ID you are spoofing has admin privileges. Even then "Accept me as the new master" is a bit of a misnomer.
The first thing you would need to do is delete the enslavement. Then you would need to hack in and create a legit account for yourself, probably an admin account. Once you have a legit admin account you can slave the device to yourself.
This cannot be done in one command.

You can't just give the command "Be enslaved to X Access ID" because X Access ID doesn't have an account.

Unwired more clearly defines what you can and cannot Spoof that overrides the BBB.

Cool. I was responding specifically to the claim that peripheral devices aren't defined (hence my only quoting that portion).

Yeah, Peripheral Nodes are clearly defined on p. 48 of Unwired.

I don't understand.
1) hack in directly requires a physical (wired) connection to the device. If this is the option available to by the "jackass" you're in enough trouble already.
2) hack the master node. If your master node can be hacked with a rating 3 commlink and an off the shelf agent, you need to quick spending money on your hairstylist and upgrade your gear.
3) spoof the access ID of the master node and then spoof commands to the slave. - Assuming your got the access ID, you're facing a Device Rating x 2 check at -6 dice. (because I cannot, for the life of me, think of a single reason why the admin bonus would not apply here). Again, the rating 3 commlink and off-the-rack are not going to be successful here)

I will agree that of the 3, #3 is by far the problem child. Spoofing was written for a power level in line with SRA4 and with every expansion the power creep has upset the balance of power even more.

If you choose not to have your broadcasting Access ID have Admin Access to aforementioned cyberware, then those Spoofing that Access ID can't delete your enslavement.
Not the best reason, but a reason.

Because of the vulnerability to spoofing I think the strategy outlined in the first post is a poor one. Don't slave everyone's comlink to the hacker. The hacker should have an access code in case any matrix shenanigans start to go down and he has to jump in there and trash someone, but I think the best overall strategy is for EVEYRONE to always run Firewall 6 on their comlinks, to have the very best response and system they can possibly afford, have the best Analyse program you can afford and run it 24/7 to check for attempts to break in, and add a Steath program for when you are on a run and need to go into hidden mode. With firewall 6 and a high end stealth program its going to be hard for the badguys to even find your comlinks in the first place if you are running in hidden. Getting into a well secured comlink is not as easy as it sounds, and once in you are in you are subject to connection termination or an old fashioned system restart. Plus, if they never tried to hack you how is your own hacker supposed to feel like a hero?

In general, don't connect cyberware to your pan. Once in a while you should to get firmware updates and such, but there really isn't a reason to have cyberware subscribed mid run. You have a DNI to all your own cyberware, turn the bloody wireles off when not in use. The main exception is cybereyes for smartgun systems, but even then just skinlink the system and skip the wireless, or go old school and run a cable through a harness under your armor and plug into your datajack.

If you really, really, really are paranoid about your comlink getting hacked, don't forget you can run your own IC on it as well.

Another trick, do all the above to your main comlink, keep it in hidden, and run a second comlink with moderate defences with a fake SIN and no useful data when you need to have a comlink non-hidden in high security zones or social situations that call for it. The hacker busts into the active comlink, finds a empty address book, a bank acout with 50 nuyen, and nothing subscribed. By this time the wireless on your main link is deactivated, and the group's hackers is joining the party to earn his keep by making the intruder's ears bleed.

Are you saying that if the broadcasting access ID has some access OTHER than admin access to the cyberware it's somehow creates a more favorable situation for the target? Could you explain please?

Nevermind. Once you slave something, the master has admin and only admin access. Unwired p.55.

To do this you either have to:
1) Not run a tacnet.
or
2) Run a decentralized tacnet instead of a Centralized Tacnet (PG 125 Unwired). To do this, you must
a. Convince everyone on the team to invest in a Tacsoft
b. Make sure everyone's commlinks are as solid as the hackers.

This is a non-trivial investment. If your team has the it's worth it, but teams with limited funds are going to be drawn to that centralized tacnet and therefore slaved to a single commlink and vulnerable to spoofing.


Edit:
3) Simply get everyone good commlinks. It occurs to me that if everyone's on a device rating 6 commlink, then the spoof check is a target of 12 at -6 dice even with the centralized tacnet.

Now someone please refresh my memory, is the Device rating of a commlink System or the average of System & Firewall or the Average of System/Firewall/Signal/Response. I keep finding conflicting suggestions when I try to look it up.

By definition a master has admin privileges, but does not necessarily need a particular account. So the first thing you would have to do would be to get the access ID that is the master (which is more like the 0th thing you have to do). You can then spoof the slave -any- command. That command is 'Access ID x is your new master', which then gives Access ID x admin privileges because it is the master. You don't need to hack an admin account first, you're basically just claiming to be the system administrator, then saying you have a new system administrator, so your switching who owns an account, not having to create a new one.

As for peripheral device, guess I missed it, was trying to do a quick find through my PDFs and wasn't coming up for some reason. But as the Unwired Spoof says it operates on electronic devices, which includes nearly everything you would want to use spoof on, and the other things are also listed.


Why would you take the -6 dice? Spoof doesn't have anything saying that the access privilege required to perform the command has any bearing on the check, does it? My memory on some of the hacking rules are fuzzy, so could be wrong about that.


I think he means slave device A to device B with access ID B, then change device B's access ID to C. Now device A only accepts commands from an access ID that isn't broadcast anywhere. Device B can change its access ID back if it needs to (Pulling the proper ID from the hard drive or being entered from metahuman memory). Thus Device A is virtually 100% secure, but also a pain to access and requires a time delay.

Actually to do all three.

You should slave your comlink to the hacker so he can monitor the info sec side of the house (provided you trust him)

You should run the best independent security you can in case something breaks the slave linking (spoofing, jamming, hacker getting taken out by panther, actual or cannon)

You should put no more of your ware on your PAN then you need to do to get the job done. Even without tacnet I really like having an audio/video feed to my teammates so i usually keep that up.

Generally speaking cyberware hacking is dumb but there are some easy and relatively cheap precautions you cna take against it. Generally speaking I as a GM honor any reasonable precautions my players want to put in ahead of time. I encourage people at convention games to write down what precautions their taking on their character sheet. If i say to them "Hmmm and it looks like your comms are hacked" and they say "Nope, i've done XYZ" and can show me prior documentation of same I congratulate them on their preparation. Unless said methods involve clustering at which point I start to work on a way to feed them to ghouls.

Firstly "Access ID X is your new master" isn't a command you can give. A slaved account can only have one master at a time as it will only accept commands from that node. So the first thing you would have to do is delete that enslavement, otherwise the node will still only accept commands from it's original master.
Secondly, the Command "slave to Access ID X" cannot work because Access ID X has no valid account. A device does not recognize commands from any Access ID that isn't in it's account database. That's what hacking is. You are fooling the device into thinking you have legit access.
To slave the device to your Access ID, you would need to create an account. To do this, you need to hack into the system and create one using a Software or Hacking + Edit test.

You can't create any kind of network without access to all the nodes within that network.

EDIT: You could always just Spoof the device to add an account, but that is more difficult.

Unwired, Pg 99. I think it's somewhere else as well but searching the PDFs gets frustrating.

-----------------

While we're on the subject. Does a loaded agent program count as IC or not? Any guidelines? Do I need to buy an agent program that's ONLY good for IC for it to count as IC? I get confused with that (much like I get confused with device rating and commlinks). If you're running IC as a hacker, what do you have loaded and running on your commlink at any one time?

All IC are Agents. Not all Agents are IC. For the most part, treat them as one and the same. They are both SK personas and treated the same for rules purposes.

As for device ratings, the BBB says that if the device is playing an important role, then it's Matrix attributes should be filled out. Device ratings are really just for GMs.

Sure it is. First off nothing in the book says a slave can't have more than one Master (But that doesn't really mater, never wanted it to). Second, Access IDs don't have accounts, so you can't set up an account for Access ID X, and thus don't require an account for Access ID X. Third, you don't need to delete the old enslavement, because that enslavement is how you are accessing the slave in the first place, and so deleting it would only be useful if you then planned to do a normal hack, but that's fairly pointless since you already more or less have admin access.

Device A is slave to Device B, Device C spoofs as Device B, Device C changes the value of the Master's Access ID to that of Device C. Device A is now slave to Device C. There is no need to make a new account, because accounts are just username/password, accounts have nothing to do with access ID. It may be true that after making this switch you'll need to crack the password on the 'Master Account', but it is a bit fuzzy from the description means that it requires an admin account (in which case you're just taking over the one that the old master used) or that the master is automatically given full admin access without an account (It basically gives admin level access automatically to anything coming from the master). I don't see spoofing working if it is the former though, because you'd send a command as the master, but it would be blocked if the master didn't happen to be logged in at that moment.

It seems instead that the slave goes "Oh look, an incoming connection/command, if it isn't from my master, I'll ignore it and send my master an update. Oh, it is from my master, I'll go ahead and do whatever it says, because it is from my master. Oh, it says that my master is now Bob instead of Joe. That's weird, but it is my Master, so I'll do what it says. Oh look, a command from Bob, I better do what he says."

Alas, tests like Spoofing go vs Device ratings so I need to convert Matrix Attributes back to Device Ratings. Can't recall if there's a consistent way I should be doing it.

Add the stats together and divide by 4? Might create some oddities with high signal stuff being oddly hard to spoof, but whatever. Might also consider doing a direct substitution of firewall for the device rating.

If you slave a CommLink, you better watch out for the Abraham Lincoln AI... He's a nasty bugger!

Unwired does. "the slaved node does not accept any Matrix connections from any other node but the master." If it could have more than one master, it could accept more than one connection.


Access ID Account. Unwired p. 52.
In this scenario you aren't connected to any other node with access to the device, nor are you inputting a password, so you've got to have an Access ID account.


Yes, but you have to beat that device in a Spoof check for every Command you give. Hardly full access.
In addition, deleting the enslavement doesn't delete the Admin access of the master's ID. It simply frees up the device to be slaved to another. You can still Spoof the original Access ID.


You can't say accounts have nothing to do with Access IDs when Spoofing a device requires an Access ID.

I'm not saying it's not something you can do, it's just not something you can do in a single action. The device will indeed do whatever Joe says, but if the command from Joe is "Only listen to Bob" you are giving it conflicting info. One of it's basic structures is "Only listen to people on this list." That is integral to all Matrix interaction. Then someone on that list gave the command "Only listen to Joe."
You first have to put Bob on that list. Then say "Don't only listen to me(Joe)." Then say "Only listen to Bob."
Devices need to have things spelled out and can't have conflicting information.

Have the TacNet on a separate network than your other gear. Just sensors, Smartlink, stuff that NEEDS to communicate with your teammates or outside devices.

Second personal network, hardwired, with everything else you carry that needs to talk to the PAN but not outside the PAN.



-k

Also, for people mentioning a smartlink being the one weak spot in an otherwise non-wireless activated cyberware character, remember the cyber safety from Augmentation. If you have one of those implanted, as well as an implanted smartlink (in cybereyes or on its own) and a gun with the appropriate safety chip, any wireless smartlink input is overriden, making your smartlink immune to hacking.

Nah, the smartlink should just be skinlinked anyway, like *all* your gear.

Why not just add a script to your slaved device. If the Master tells you to switch Access Id's, ignore the command and start an Alert?

I don't consider spoofing to be that much of a problem. I've only had NPCs do it to me once, and it's more likely that I am spoofing something. Thus it is actually in the players best interest for it to be possible to spoof anything.

You can make unhackable stuff, but I am not convinced you can make something unspoofable via slaving. Slaving something gives it a Master, and it accepts all orders from the master. If you pretend to be the master, and then give it an order it obeys. All of the scripting to prevent that is what the opposed rolls represent.

I'll admit. I'm not a fan of my gear being skinlinked.

Personally, I like the thought that when I have to leave my gun at the door, I've left a sensor at the door. It's my understanding that the camera on the smartgun (SR4A 322) is a guncam. (Please correct me if I'm wrong, but it certainly appears to make sense.). Since the guncam is trideo, that means I have a decent microphone reporting to my PAN as well as a camera that will let me know if someone is moving my gun. With a skinlink, once your gun is out of your sight, it's vulnerable.

MMmm, except that if it has more than one master, it still isn't accepting a connection that isn't from a master, but it does say the master, not a master. It isn't exactly spelled out, but I suppose only one master makes sense. Although that just supports my below argument all the more.


Okay, my bad, so that means I was indeed right about how the slave responds to a master.

True on the first part, and for the second part, my argument below.



You seem to be amazingly underestimating what a spoof command can do. You don't think that it can do three painfully simple things in one command? When commanding a drone you don't have to send thousands of commands of "move your left leg, now your right leg, now your left leg, now lift your gun, aim it at the target, pull the trigger, pull the trigger again, etc", you just send it the command of "Go there and engage enemies" Similarly you don't have to send the commands "Create account for ID X, Demaster from device B, master device X" You just say "Change master to X"

Also, I'm fairly sure that the account that device B would be using is simply the "Master account" ie. whoever is listed as the master always uses that account. So it isn't that Device B has an account and happens to be the master, it is that Device B is the master, and thus is using the account that is automatically used for the master.


Because if you really try, it's fairly easy to make something entirely unhackable, or a facility impossible to break into, but that really isn't in the spirit of being a game. Also, it isn't hard to imagine that the spoof program is able to bypass/defeat such a simple script.

suoq, skinlink doesn't remove the wireless option. It's just a better option when you do use it.

Ghost, I'm not sure. Drones have a Pilot. Commlinks don't. It's bad enough Unwired added the 'spoof commlink' loophole (apparently 'devices' and 'slaved nodes' are now valid targets for Spoof—they never were before).

No, but it does have an operating system, and in SR those seem to be designed to be as user friendly as possible, so that you have to do as little input as possible to get results. Like I'm sure you just hit 'call bob' and it automatically opens the phone app (or whatever), retrieves the number of bob, and dials it'. Similarly, I think if you hit 'Slave this device to X' it would simply do all the setup that might be required to do so, it wouldn't have you create accounts (Though I still contest that you don't need an account to do this, and simply uses a 'master' account for whoever happens to be the master), or add IDs to the accepted list (Again, not something I think really happens, because it would make all systems virtually unhackable on the fly), or do anything else manually. It'd simply do what is required to make X the master. Kind of like when you install a program, you don't have to unpack individual components and manually install them, you just hit install and the computer does the rest for you (with a couple questions that you can ignore like where to put the program).