If a technomancer/sprite hacked into a normal rigger/hacker's drone, and said drone wasn't running analyze, and the Technomancer/sprite had stealth of coarse. Would the Hacker/Rigger be alerted to the new subscription on his/her drone, or would the Techno/sprite be able to do so without being caught by the drones owner?

That question might not make a lot of sence, but in a nutshell. My team encountered a bound and gagged prisoner, the person they are sent to retreive and kill in a very wet manner. They left said person bound and gagged, took a few hours to search the compound they had just liberated from the opposition. Their team hacker had multiple drones all armed and doing overwatch to provide for a Tacnet. The said bound prisoner is a technomancer and they left them concious and able to listen in on their conversation about killing said Techno. Now is it fair to say that the technomancer with the help of their sprites, hack into the drones and use them to attack the team without the Hacker's knowledge, until they deleted their subscribtion and targeted the team members? Would the Hacker have been alerted to the Techno's/sprited hacking attempt before hand, and the droned where not running analyze or any detection program. Would the 2nd subscription have alerted the Hacker? I would think not, but I want to be fair to the hacker.

If the hacker left his drones that exposed, knowing there was a techno, he deserves to get hacked. If the techno/sprite is using stealth, then they only thing the hacker or any IC would notice is a new Icon inside the VR, and have to analyze it to know more. That said, the Firewall should get a chance to recognize the intrusion as well, even if it has a lower chance then firewall+analyze.

This happened similarily to a player I had. Forgot to run the drone in Hidden mode, got hacked and ignored the Civil war soldier inside the node shooting him, until he got dumpshocked. It was not a smart move, at all.

And they left him there for "a few hours" so the bound and gagged TM could have threaded Exploit up, probed the target for a while, then threaded Stealth up for his login.

The whole point of the stealth program is to make your icon look like something that belongs to the node. So you'll look like any other thing in the VR.

Now however, the firewall may have seen the sprite. The firewall gets to roll firewall + analyze every time the sprite (or hacker) tries to exploite in (assuming your hacking on the fly) with a threshold equal to the sprite's (or whom ever is hacking's) stealth program. So if the firewall goes off, alarms go off, and the firewall suddenly gets a +4. The person can keep trying to hack in, but it'd be pretty obvious who they are when they enter.

Assuming the sprite made it past the firewall. The owner of the node would need to get a successful analysis on it to notice the intruder. Unless the intruder starts attacking the owner. Or maybe if he starts to notice files being edited or something...maybe then... Or the owner could have an agent or ice always going around analyzing every icon to see if it belongs. But once you're in a node, you're..."kind of" safe to poke around.

Definitely. Sounds both fair and fun.
Especially if the rigger is a hackers as well, he should have known better.

Be sure to have the techno call in a Registered Fault sprite patrol one or two of the drones if you think they can take the pressure for a bit. Maybe even be as audacious as to copy a pirated copy of Analyze off his fingernail/tooth compartment data storage onto the drones. And some IC if they can really take the pressure.

Oh, the pain of choosing between duking it out as long as it takes to get them back, and shooting the drones outright. I like it!

Unfortunatly for my Hacker he did not have analyze loaded onto his drones so it was just the Firewall the techno had to by-pass. My hacker was upset that he wasn't able to detect the techno on the drones node before I had the drones targert the team. He fealt he should have been alerted to the techno's presence in his drones, but with twop hours to set up the drones the techno had all the time they needed to hack in and gain control of the nodes. Plus, the Techno had 5 points of edge to spend on hacking/threading. The hacker left his guard done with his drones and the techno took advantage

Which is how it should be. If he wants to complain, remind him they left the techno conscious.

The OP doesn't say if the PC team knew their prisoner was a TM. One of my tablemates playing the supercybered street sam would have had serviced him the moment we had him secure and pumped all the info we could get out of him, none of this holding him for a couple of hours to deal with later.

Your hacker was not following standard matrix/rigging operating procedures:

1. All nodes are hidden, this includes the drones, smartlinks, as well as commlinks. In high secure areas you have one commlink (usually a disposable one) public with the ID of one of your FAKE IDs.

2.All communications go through the most secure node in the party (Usually the hacker/rigger's). This includes the drones. This means for the Techno in your situation to hack the drones must go through the Hackers commlink to get access to the drone. The Tecno must de-slave the drone from the hacker's/commlink.

3.All nodes shout have an agent with attack and analyze.

4.All nodes should be encrypted and or data bombed.

If he is not doing these things, he should probably reread the matrix section....also I find that it helps for persons new to hacking that he has program ratings of the same value for most things. It helps in determining the number of dice rolled. Also--programs can be bought once and loaded on multiple nodes (see the Archetypes and not one of them has multiple programs of the same kind.

Not unless you remove the copy protection first, which is described in SR4A somewhere. Unwired states programs without copy protection start degrading at a rate of one point per two months, or one month for hacking programs, unless you take the time to acquire or code patches.

Well, assuming you bought the original legitimately, that shouldn't be an issue.

And I assume that the Hacker PC has all these things cracked from the getgo. Also I do not use the program degredation rules, hacking is complicated enough as it is--my assumption there is that it is one of those things automatically done during downtime.

Essentially it is NERPS (Non-Essential Roleplaying Stuf).

Indeed. Those, however, are registered to the SIN you bought them with. If you would ever have to burn this SIN, the programs should start degrading.
Also, they significantly increase the difficulty of your hackjobs, and the danger to yourself, since the Threshold to track you is lowered by 1 for each legal (Registered) program, and the threshold to purge the log of your activities is increased by 1 for every registered program.


Having them cracked, sure.
Program degradation is what offsets the cheap initial cost of pirated programs vs the steep initial cost of legal programs. It's not at all complicated to keep track of. You just sit down as GM and say it's going to cost someone an x ammount of money per month to keep them patched, and factor that into lifestyle cost. Or you're assume he's buying successes during downtime coding to keep them patched himself, and have a little calculation on how much time this will cost him each month. Mind that this can be a lot.
Because 'something for nothing' is something not everyone will let fly.

How I handle it may not be exactly RAW, but it simplifies both the players and GM's bookkeeping. It doesn't take or add to the story in any significant way I find. However they do pay standard book prices for the programs at chracter gen.

As they Should...

Unfortunatly the team mage only got a 4 on his assensing test so they didn't know the bound and gagged target was a technomancer. As for cracked programs/degredation, I ignore those rules. Now I did have my hacker pay a pretty penny for his programs, but I don't care about degredation rules as stated before it's NERPS. My hackers DP is high enough that is a non issue during downtime

Sounds like your rigger needs to imrprove his system security but no, ther'es nothing by the book that makes him automagicly aware of a new presence on the node.

The downside to slaving is of course if the enemy can get the master node they've got everybody.

Yeah, that's what I was thinking and what I did, I had the team role initiative once the drones targeted them, that seemed like the logical place to do it, once their Tacnet feeds showed that they where the ones being targeted. My hacker was just upset that someone could hack it his drones without him being alerted or not seeing the extra subscription on the drones. Nothing I've ever read says that he would be alerted until the drones paint a bullseye on the back of his head. Of course the drones were only armes with light pistols so I only ended up hurting my cat shaman who's got low body/armor but end the end they stopped the drones rampage of doom and nearly killed the techno with butt strokes and power bolts. Plus I'm a nice GM and let them my mage spend his last 2 points of edge to save her life with a heal spell, working in conjunction with their medic. Of course I had the techno end up being in a coma

Hmm, you know I think it might be possible. It's not spelled out in RAW, but couldn't one configure a node to report on all subscriptions as and when they are established? Whilst Stealth will make an icon appear legitimate (particularly in a node without Analyse) surely the node must be constantly aware of how many devices it's communicating with and even be able to distinguish them? If the owner has it IM his link every time someone/something logs on he'll know about the intrusion before any mischief can occur. He might have to burn a simple action to ascertain that the newcomer is an unknown though.

Does that work?

Could one even set a maximum number of subscriptions and fill them with friendly connections?

The maximum number of subscriptions is System x2 for normal nodes. But I don't see anything about limiting it further, except through slaving. I would assume you can set up an alert if someone sets up a subscription, and I would allow it. It does give a little bit of extra security to the team hacker/rigger, even if they now need to find the invasive party (I would say Analyze +Computer (Stealth x2, one pass), maybe.)

I would definitely not allow that. I assume that programming your nodes with variants of "Tell me if someone logs on" and "don't get hacked" are a standard part of Firewall. If you allow Simon Says type arbitrary rules, you quickly wind up with "set Hacking to 'No.'" And then why don't NPCs do it?

The way to stop yourself from getting hacked is run in hidden, high Firewall, high Analyze, agent running Analyze checks.

One thing you can legitimately do is to set all permissions as "Off" except in Admin. You can ban people with insufficient access from taking certain actions (this is explicitly states in Unwired), so you bar anyone without Admin access from doing anything at all. This does, at least, force people to get Admin accounts to do anything meaningful to you.

More Correctly. The Maximum amount of Subscriptions BEFORE RESPONSE IS AFFECTED, is 2x System.
Additional Subscriptions after that point are treated as Additional Programs, and affect Response accordingly.

Fair enough.

However, If your hacker has lost control of his system, you are probably screwed matrix wise anyway. Bubba the love troll probably doesn't have much in the way of matrix protection. He spent all his money on Dwarf Troll porn and lube.

AFAIK, you can impose arbitrary controls on your node: a hard list of whitelisted subscriptions, for example, or a max total. I'm not sure it's useful (or, more accurately, worth the effort), but you *can* do many things not specifically in the book.

But again, most of that sort of thing would presumably already be taken into account by the mechanics of having a firewall - and defeating one.

There is no inherent reason why the team can implement security measures that the target cannot choose to implement as well.

When the team cannot be hurt, the target cannot be hurt.
When the team cannot be hacked, the target cannot be hacked.
When the team cannot be detected, the defenses cannot be detected.

If you allow "a hard list of whitelisted subscriptions" and the intruder does get access by finding the right subscription and a security hole to get that subscription access and the intruder then changes that hard list or adds a soft list that blocks all the subscriptions but the one he's occupied, your own security measure table rules become a liability to the team.

Secure your home well enough, and you'll be locked out of it yourself.

And the whole point of an Exploit test is to find a hole in such defences. If a machine got rooted, don't expect anything running on there to work as it should

Indeed... You can take all the precautions you want, but in the End, it all comes down to an Exploit vs Firewall test.

Well, there are some precautions not covered by that test

Very Few...

Yes and no, it's supposed to be an abstract system. As others, especially Suoq pointed out there could be stuff like out there but realistically none of our characters are special little snowflakes, anything they can think of to do someone else, especially the corp people paid to think about things like that 24/7 would come up with it first. So while there might be unusual setups on occasion at most they aught to impose some extra hoops to jump through or a dice pool penalty. Because at the end of the day the following is true:

Nearly everything is hackable in Shadowrun, it's just a matter of how much effort your willing to put in. Nothing is unhackable, otherwise the corps would have beat the hackers to it.

I was referring to security measures like data bombs or creative system sculpting. Lockpicking is abstracted, but that abstraction does not cover figuring out that the secret backdoor is a trap

A special consideration that seems to be either ignored or overlooked: system size WILL, inherently, change what an inherently better protection plan is. A personal commlink with a subscription limit and a notice every time a new subscription logs in can work, while a nexis or commonly accessed node with the same security protocol will find itself bogged down. So, you could easily tell your commlink to alert you when someone hacks in and logs into a new subscription, which will make it near impossible for anybody else to hack in without your knowledge.

The downside to such a plan, is that it is optimized against intrusion at the expense of vulnerability to DDoS attacks, as each new successful subscription increases the processor load more than a failed attempt. Once such a system is dropped, any devices subscribed to it can more easily be spoofed by an attacker.

Edit: perhaps, then, the best way to represent this is to have a system optimized for Firewall.

I would think that this would already be in the "fluff", just because a commlinks firewall:6 and a megacorps firewall:6 while numerically the same, doesnt mean they go about the job the same way.

One of the very few things W! did right is that Matrix ratings now can go from one to ten, with everything above six being prohibitively expensive (growing cubically with Rating).

Unless the fluff for my exploit attack is that it sets the subscription limit to one higher as it connects, or that it doesn't get recognised as a subscription by the subscription monitoring subroutine, or...

Never trust, expect, or believe in "fluff" to balance or protect against "crunch." Apples and Oranges. Even having higher standards for personal grooming can add a +1 or more to Influence SG checks.


Perhaps, but that begs the question of program optimization versus SYSTEM optimization (which does not yet have an active mechanic). Also, as I said, optimizing one way leaves vulnerabilities in other ways. EDIT: It'd be comparable to Lifestyle positive and negative qualities.

But what you're asking for is specifically, fluff. You want to say "my commlink does this, this and this" so I can never get hacked. And to that i say "sure it does that,that and that", but if the hacker beats your firewall test, they found away around each one of those things.

I'm not asking for fluff (you'd have to look at the OP for that). I've suggested a fundament for building such a mechanic as what's been talked about earlier, a mechanic already in place for a different aspect of the game. I haven't tried to refine it since it's not my particular interest. I ALSO have not discredited suggestions that an exploit program could disable or circumvent such a feature. I even suggested a vulnerability that it would potentially open up. Check my posts again.