If I am a hacker and I am being hassled by a drone that is being slaved from elsewhere what are my options and what die do I roll?

The SR4a rule book has a long list of matrix actions, but I am a little confused when it comes to which ones to use.

My current belief is that I have two options:
Option 1: Hack on the fly

• Scan for hidden nodes (its obviously hidden right)
• Hack on the fly the master node (I think I get redirected straight there)
• Once I have hacked the master, I can spoof the slave using the slaves capabilities

Option 2: Spoof

• Scan for hidden nodes
• Track the master node (extended test 10+ successes required, with stealth as a negative, and they get to run redirect..and it takes ages)
• Once I have the master node's access ID...
• Spoof the slave

The problem with option 2 seems that it takes ages, which isn't the way that the fluff reads.

Is there a simpler way to deal with the drone, other than getting lots of ranks of heavy weapons?

Once you've hacked the master you don't need to spoof, you are for all intents and purposes the master.

The system doesn't do a very good job representing how hacking is "fast as thought" when it still moves int eh same IP system as everyone else which is why spoof is only a nominal time savigns in most cases. Usually you want to spoof drones or other objects that arn't slaved to their parent.

Minor error as I understand the rules. You don't have to hack the master node to spoof the drone.

If he's in the same node, you have to find him (hidden node) then make a Matrix Perception test (SR4A 228)

If he isn't running stealth, then besides him being an idiot your hits from Computer + Analyze determine how many pieces of information you can get. One of those pieces is "Access ID".

If he is running stealth it's an opposed test: his Hacking+Stealth against your matrix perception. You need to get net hits to get that Access ID.

If he's not in your node you have to trace him. However, once you find him you know his Access ID (page 232). Again, no hacking of the master node is required.

Now the hard question is under what conditions the Master is in your node. I've seen multiple discussions, some rather acrimonious. My general rule at this time is that if he's in the same general physical location as you (same building) he's "in" the same node. If he's running a gateway or two between the drone and himself you aren't in the same node.

But it's a lot easier than you thought to get the Access ID, and once you have that sending the spoof is (relatively) easy.

Note that a slaved non-peripheral has to be spoofed as Admin and therefore spoofed at -6 dice.

Spoofing is simply not worth it. Too much work for too little result post-Unwired.

Shouldn't that be that the drone gets +6 for the opposed test?

A "normal" security drone with rating 4 gets to roll 14 dice. All you need is one hit for the spoof to succeed. If you're a hacker (TM or mundane) I'd think you could get a few dice of an edge.

No the hacker gets -6. see quote below.


I don't understand this point. I read the section p98-99 in Unwired, and I believe that you are mis applying it (watch the flame wars start!). Note also that you don't like the result of your interpretation, and with it are implying that spoofing is useless. I propose to you that actually spoofing might still be useful.

So lets look at the relevant bits (p55 Unwired):

OK that's simple. The slave now has given up all security and delegated it to the master. Any commands from the master have full admin priviledges. This doesn't mean that you need an admin account on the master. As a corporate drone rigger slaving all your drones through a hardened hacker heavy node, try asking for admin priviledges to that node and see what happens to you. A curt "Over your dead body" is probably the nicest thing, and an investigation by the security goons is far more likely. You don't let users have Admin access unless they need it, and then you rearchitect your entire system to minimize the new gaping security hole.


OK that's clear enough. If I am logged into the master, as an admin (on master) then spoofing commands to the drone needs to be at -6. If I am logged in to the master as a normal user, then I just need normal user level spoofing

This view is mildly supported by the following (p98). It is supported in that this is the section on what you can do with spoofing different accounts. Given that drones are usually slaved using them as an example of a difference between admin and users would be pointless.


Now lets examine the impact of this interpretation:

• The point of the rule section on Advanced Spoofing was to make it so that different commands had different difficulties. For example the difficulty to reboot a drone should be harder than sending a legitimate command. Let us apply the normal usage (an admin on master is required to reboot, a security on admin can add / delete / remove accounts, a user on admin can issue movement and target designation commands).
• Slaving is to make it harder to hack the drone: this goal is accomplished
• Sadly slaving doesn't help vs spoofing, so you still need to invest in stuff in the drone.

I like these game effects.

• The time taken to spoof a drone is still significant. 1+ to find the hidden node, 1+ to find the master access ID and 1 to spoof. After the first master access ID has been found, you might only need 2 actions. This can be compared in effectiveness to the samurai firing 3 short and 3 long bursts.
• There is a point in spoofing realistic commands, rather than just rebooting the drone, or powering it into the ground,
• There is a point in players having to spend money to buff up their drones firewalls

Who's this 'he' you're referring to? You need the AID of the master node (the node to which the drone is slaved) and nodes cannot take advantage of the stealth program and cannot be "in your node".

Nope. If you're logged into the master with admin privileges you don't need to spoof. Spoofing is an alternative to hacking into the master node. The slaved drone will consider any command coming from the master node to have admin privileges, so if you're in the master node all you need there is sufficient privileges to send commands to the drone. This is determined by the configuration of the master node and would usually be security-level, but could be any (even public-level).

As per Suoq's post, any spoof command attempt to a non-peripheral slaved node is at -6 because the master node has admin privileges and admin-issued commands are harder to impersonate. The reason peripherals do not have this penalty (and kudos to Suoq because it took me a fair bit of digging to find he was not wrong like I thought) is that they only ever have admin accounts but these accounts are treated as standard accounts for security purposes.


This is not the case either I'm afraid. Unwired p.99: "Spoofing commands from a user with security or admin privileges is more difficult...". It's the access level of the user, not the command, and since the master of a slaved device has admin privileges all commands have at the -6 penalty. Only if the drone is not slaved would you be able to reduce this penalty (to -3 if the AID you've nabbed has security access and no penalty if it has user access).

Only legitmate commands can be spoofed. Unwired p.99: "Spoofing commands for for actions that are illegal for those access privileges is simply not possible". This makes perfect sense when you think about it - you're pretending to be someone from whom the drone will accept certain commands, so giving a non-legitimate command won't work for you any more than it would for the guy you're pretending to be. Now a slaved drone only accepts commands from the master node and the master node has admin privileges, but sometimes there are things that even admins are not allowed to do.


-6 to spoof a slaved drone is a pretty big help.

Honestly, if you've slaved your drones to your 'link you've already broken the rules of good matrix security. A slaved node forwards all attempts to access it to it's master node, which gives the hacker the access ID of the master node, thus allowing the hacker to spoof the node.

If the drone is unslaved, you either need to brute force hack your way in(which carries risks and you can always cybercombat them out of your drone if they do get in), or they have to use sniffer to try to figure out which access ID is controlling the drone, which takes time...time in which you can use the drone to kill the hacker.

This is correct except for the third point, which should be simply removed. There are lots of different restrictions the master node may have on who can make it command the slave, but needing to spoof the slave is not one of them.


This is also correct, but before you can trace the master node you need to get a read on it. Without hacking into the slave node (which is impossible) you can't perceive the master node's icon so you need to capture the the wireless signal and run a trace on that. It gets even more complicated in that the master and slave may well not be communicating with each other at the time (in fact they usually won't if the drone pilot is at all trusted to operate independently). It's like in the story Game Set Match (might be SR4a only) where Slamm-O! gets the drone's attention in meat space to trick it inot sending a communication to the rigger so that he could run a trace on the signal after capturing it.

Stealth is not an issue because with slaving you're after the AID of a node not an icon. I don't believe nodes can perform the Redirect Trace action either.

Gotcha. Command should just do it. (or jumping in...)


* The drone is almost certainly sending a picture back to the operator.
* Good point on the stealth.



I don't understand this point, sorry. I have to slave the drones to something... and that gives the access ID of the master node. Slaving means that they are much more resiliant to hacking and as far as I can see exactly as vulnerable to spoofing as they were before.



I quoted this too and had a different interpretation as I said above. The user on the master does NOT have an admin account (unless they don't care about security) so to spoof them I don't need admin spoofing. The drone has basically given over it's security needs to the master...and will accept any old thing. The point of the rule about admin spoofing is to make it hard to do something that need admin privileges.

But the user you are spoofing is the master node, not someone with access to the master node. The slave won't listen to the security rigger's AID any more than it will listen to yours. It will only take orders from the AID of the master node and the only difference is that the spider can command the master node to command the slave whilst you have to pretend your node is the master node.

It's OK I have stated my case which is a strong one. I understand your point but believe you are wrong (and have quoted why). More I don't like the game effect (as a GM, player or game designer) of you being correct.

In the real world we could perform an experiment and see which view was correct. In rules we can only read and reread the rules and predict the consequences. Having done that I prefer my interpretation of RAW to yours. I understand that you feel yours is better, but I just don't like the impact on the game which is all negative.

A slaved node does forward any attempts to access it, but you still have to pull a perception check to gain the AccessID. The redirect isn't a Track program so you don't get the auto-benefit of a Trace action. And a smart rigger that's using slaves is probably going to have a Stealth program running on his commlink.

Slaving is useful, but has it's drawbacks.

Pros:
*Much less resource-intensive. Tacnets can be run off the master without requiring everything else to run it's own copy. The matrix defenses of the slaves need not all be jacked up to protect from hacking, just the master, which is often a spider's home, and allows for concentrated IC.

Cons:
*Makes finding the rigger's node easier, allowing spoofing attempts faster as you don't need an extended test to track them anymore, just a perception check after being forwarded over.

*Eggs in one basket. If the 'more secure' node does get hacked, it's all hacked.

*Still limited by the master's Subscription limits.

Slaving isn't really a big gain in security or anything. It's about effeciency and resource management. It's cheaper to use base drones and slave a few to the rigger then it is to buff up thier individual systems. Although it's still likely limited to small teams due to typical subscription limits be relatively small.

I'm afraid I don't even see my version as an interpretation, but if you've got a version you like then that's all fine and dandy.

That's pretty much the point I was making(and a good hacker should be able to make that perception check easily). Slaving is great for the devices in your PAN, but the security vulnerabilities can easily outweigh the benefits if you're using it with drones are others commlinks. If you have the resources, putting a good firewall and analyze program on drones is a much better option, and you can even keep an instance of your persona on board to brainfry anyone who tries to break in.

This thread reminds me that the interaction between trace and access id is a bit wonky. This because supposedly access id is used as the connection address (much like a ip address on the net). As such, one should be able to pluck the access id out of the traffic generated by any node. Yet one only learn the access ID at the end of the trace (unless one have made a matrix perception test towards the trace target beforehand and asked for the ID that way).

For your basic PAN of peripheral devices, you can also hook them together as a Cluster (which acts as a single node) then slave that cluster to your commlink and only use up a single subscription slot.

And if you're feeling a bit silly, you can cluster mutliple commlinks together and effectively bump up the number of programs you can run without slowing down. Just gotta cluster 3+ links to make it happen. (hello IC-spamming commlink super-cluster of silly expensiveness!)

Now here's a related item where I haven't been able to peg down a definate answer. If I want to upgrade the firewall on my drones, do I have to purchase it seperately, or can I crack one firewall software package and copy it to them all for free? (then mess with fighting the degredation and all that jazz). Unwired pg94 clearly shows it can indeed be cracked, however...

System is described in more detail in Unwired pg 52 as being device-specific much like Pilot programs. Firewall is never touched on directly one way or the other that I have found. The assumption becomes that it is not device specific as I have yet to find anyplace where it says it is, although the other 3 matrix attributes are all device-specific, so that gives me doubt on the assumption.

So, is Firewall device-specific as well, or more universal and copyable?

If you crack the firewall it would start being subject to program degradation, so careful with that. I don't know how specific firewalls are, but I imagine you can't just copy the one you use on your 'link, you'd at least need one designed to work on a pilot program.

Regarding my earlier comment about Trace and Access ID, a closer reading of matrix perception produced something interesting.

If Stealth is being run, matrix perception becomes a opposed test (duh on me). As such, it may be down right impossible to get a accurate read on the icon (not sure why that would not be a immediate red flag by any sane node, but then i guess it could produce too many false alarms). In contrast, a trace can only be delayed via redirection, not defeated. So it may be a more reliable way of getting a Access ID from a cautious target.

Also, the sidebar on page 53 connects the Access ID to the persona, not the node. So it is likely that all nodes have some identification separate from the Access ID to deal with routing. And this is the chain that Trace walks, independent of knowing the Access ID of the target or not.

Building on that, Trace can and will fail. Extended tests are not infinite. SR4 limited them to a number of tests equal to the dice pool. SR4A suggests a harsher option of reducing the dice pool by 1 on every successive test. If you glitch, you also lose 1d6 accumulated hits (if this brings you to zero total hits, you fail) on top of some other minor difficulty. If you critical glitch, you fail.

On a Trace, Stealth also acts as a negative dice pool modifier, making it even more difficult to Track down a persona to snag that AccessID (and it makes glitches more likely).

Please note the bold. It is not an automatic reduction.

I've yet to find myself in a game with a GM who didn't use one of the two options, although the SR4 option seems to be the most common in my experience.

Read the Stealth description. Stealth makes you look like an innocuous file or bit of line noise. If your Analyze fails, you don't get "i dunno, lol" you get "System Log Archive 2071-06-16".

In a related story, a SUCCESSFUL Analyze might still give "System Log," which the scanner then tries to access to check something, blowing your cover. Same result.

SR4A 228 "Matrix Perception"- third paragraph

Funny thing is that this indicates a very Unix like system, where everything is a "file" (or icon in the case of SR). And likely backed by a system-wide database rather then a folder tree.

The low level code of it all must be very wonky indeed. Tho i think one of the corporate books indicate that Fuchi had some kind of storage tech that was incompatible with existing computing stuff, and that only with the crash where they able to push it as a market leader (likely with the claim that it was crash virus resistant or something).

So in SR a "duck" may look like a duck, but put it under a microscope and the DNA appears to twist the other way or something. But who bothers to dive that deep unless they are work in a academic or corporate setting?

I suspect that any failed perception check would come up with some random work file for a unrelated user, and produce some kind of access error when a read is attempted. That way it may look legit by perhaps corrupted, or in some other way messed up. So at best it may be flagged for cleanup once the digital triage crew reports for duty (you do not want to be arbitrary deleting a possible managers work files without getting it approved by someone first).

Hell, a age old classic is to hide the naughty bits in the garbage file

Edit: thinking about it a bit more makes me wonder if it is some kind of Plan9 FS. That when someone logs in they mount part of their local system into the folder tree of the remote system as part of the login process. Meh, i am thinking about it too much...

There is ongoing work about that:
http://en.wikipedia.org/wiki/Logic_File_System
There must be other similar projects, but I didn't work with the guys behind them

100% irrelevance. I mentioned no crunch beyond "If the Analyze test fails." That implies that the hacker's Hacking + Stealth hits exceeded the node's <whatever, I really don't care at this hour> + Analyze.

TL;DR: The hacker won, that was the point of my post. I was talking from an assumption that whoever was doing the Analyzing scored fewer hits than whoever was doing the Stealthing.

I apologize, on my first read, it looked to me as though you were disagreeing with the opposed test part of tthe post you were responding to. It was my mistake.