While this is mostly for my personal edification, I want it to be good. See, I love the wireless matrix in concept, and in the fluff, but there are just a few things that bother me. I know others agree, and I figured I'd give rewriting it a shot.

My goals are simple. Stay with the spirit of the current Matrix rules, but make it easier to use, take fewer rolls, and better follow computing logic. There are a few key points that I feel have to change:

1. My commlink should never run another person's software without my permission, so I'm throwing out the entire concept of moving through the matrix meaning you're actually operating on another device. It now more closely resembles how the Internet works.

2. Remove rolls that don't add to the fun of the game.

3. Unify it with other mechanics better. Attribute + Skill, with hits limited by software. Variety in attack programs and an attempt to make them feel more like weapons.

4. The return of the cyberdeck because I want to, and because there's room for a device bigger than a cell phone but smaller than a server.

5. The document should be able to stand entirely on its own, as a replacement for the current system.

This is a first draft, and I wouldn't consider it finished, but it's at a stage where I want some feedback. Please, by kind but critical.


Shadowrun Matrix Redesign

(Terms are subject to change. In many cases, I'm working with real world terms while I sort this out.)

After the crash of '64, a new Matrix was designed. Many of the developments that occurred slowly within the original Matrix were codified in the basic protocols of this new matrix. This included a wireless mesh network, Augmented and Virtual Reality, GPS locational data, authentication, and social profiles.


Locational Matrix

While often referred to as the Wireless Matrix, it is also known as the Locational Matrix. Central to the communication protocols of the Locational Matrix is the tracking and sending of location data, collected either from the Global Position System or other, local tracking systems.

By utilizing locational data, virtual objects in the matrix can be considered to have a physical location.


Augmented Reality

Augmented Reality allows a person using the right equipment to interact with virtual objects as if they were part of the real world. This can include reading digital signs that float in the air, or handling merchandise in a store and seeing information and reviews next to everything she looks at.

Wherever she is, the matrix user is surrounded by virtual objects. This is made possible by the locational nature of the new Matrix. In reality, these objects exist as data on a server that might be in another part of the world.

The hardware required for Augmented Reality is so cheap and easy to use, that most people have some level of AR on at all times, either watching trid show, listening to music, or even reading a book, all without having to handle physical objects or sit in front of a screen.


Virtual Reality

Sometimes, reality bites, and you want to leave it behind. Or, maybe, taking the bus to a meeting is too much effort. Why not go virtually? With Virtual Reality, you can block out your surroundings and travel the world in the blink of an eye.


The Cybersphere

Virtual Reality is old technology for people in the 2070's, but it has learned some new tricks. Part of the redesign of the matrix was a virtual recreation of the Earth called the Cybersphere, which acts in synergy with Augmented Reality. A matrix user traveling the Cybersphere in Virtual Reality may be sitting at home, but her avatar is moving about. Once again, locational data means that her avatar is considered to have a real world location, which means that not only can she interact with the same virtual objects that AR users can, but she is also an AR object herself, capable of interacting with real people, so long as they have AR gear. Of course, a VR user in the Cybersphere does not have to be visible to others, and can even choose to whom she is visible. Also, there are some locations, such as the middle of a freeway, where virtual people showing up would cause dangerous distractions, and so all virtual objects are hidden.

Travel in the Cybersphere mostly unlike travel in reality. Avatars may travel as quickly as they like, and aren't limited by gravity if they choose not to be. Moreover, simply entering a specific location, either through GPS coordinates or a Matrix domain name, will immediately transport a user to a specific location or private server.

People in the Cybersphere can travel in public spaces, but they cannot enter private property without permission. In fact, all public property technically doesn't exist in the Cybersphere. It may render a building and any public AR objects located in that space, but entering a private location automatically connects a user with a private server.


Private Realities

Any server or personal commlink can run a Virtual Reality construct and produce AR objects. Many corporations create VR constructs of their offices so that people telecommuting still have a presence in the office. Some clubs and stadiums do the same, while others frown on the presence of virtual people and either don't run any construct, or create a separate experience for those people.

Perhaps more common for most people are AR subscriptions. A restaurant isn't going to post negative reviews on their front door. Subscribe to a local food review blog, and you'll see their ratings in big glowing stars hovering over the door with a link to the review.

You don't necessarily have to be going through the Matrix to access private constructs, though. Walking into an office building will present you private AR objects, and commlinks can generate AR objects that can only be accessed by devices in wireless range. The most common private construct, though, is the RFID tag, often called a hypertag, which can store a non-interactive AR object or a hyperlink to an interactive one stored elsewhere on the matrix. These are commonly used for cheap advertising or signs. Their ability to be placed anywhere means that they have become a new form of tagging, often used by gangs. Most people simply filter out all hypertags from their AR display.


Devices

The matrix, at it's base level, is just a bunch of computers that talk to each other. Every computerized device has a unique number, or address, associated with it called an AccessID. Knowledge of a device's AccessID is necessary for communication with it.

Most devices also have a wireless router that allow communication with other devices within range or over the Matrix. Many devices also have datajacks that permit communication by fiber optic cable, and some have other forms of data transfer.


Device Attributes

All devices have three attributes, Firewall, Response, and Signal. Like physical and mental attributes, they are normally limited to 6, and are used in a number of Matrix tests. Commlinks, being small, are limited to 2 in all attributes, whereas a cyberdeck, being a larger device, is limited to 4. Ratings of 5 and 6 are usually limited to large, non-portable devices that require external power.

Of course, those that don't want to lug around a cyberdeck aren't necessarily vulnerable. PAN devices, such as a signal booster or a hardware firewall, are available for boosting the attributes of a commlink up to 4.

Some devices aren't significant enough to track all three attributes. Each of these will have a Device Rating and is considered to have a Firewall, Response, and Signal equal to the Device Rating.

Firewall: Firewall is the defensive ability of a device. See Firewalls below.

Response: A device's response is its processing power. This determines how many programs a device can run and can affect the performance of certain matrix activities. It is also used for Matrix Initiative.

Signal: Signal represents the wireless signal strength of a device.


Primary Devices

Primary devices include commlinks and cyberdecks. They can run a wide variety of software. Commlinks have limited processing and signal capacity, but are more easily portable.


Peripheral Devices

Most devices are Peripheral Devices. They have specific purposes and run specific software. Because they are simpler and dedicated devices, allowing software less freedom, Peripheral devices can be more difficult to hack. They impose a -2 dice pool penalty to hacking and cybercombat tests against them.


Autonomous Devices

These include Drones and Agents. While autonomous devices may be either peripheral, such as most drones, or primary, such as cyberdecks running agents, they all require a special piece of hardware called an Analysis Accelerator. This expensive processor allows pilot programs to operate at the speeds necessary to react to real-time situations based on observation. It's what gives a drone's dog brain some "common sense" decision making.

Nexi

These large computers are the servers that operate major parts of the Matrix. They cybersphere, corporate offices, and countless Matrix sites operate off of them, as they're designed to handle the connections and processing necessary to for thousands of users.


Domains

Domains are fundamental to making the Matrix a usable entity. AccessID's are convoluted strings of seemingly random characters. There's little chance of remembering more than a few. A Matrix Domain is a unique, human readable name given to an AccessID. Anyone can buy one for enough money. Just type Ares into your Matrix browser or VR location bar, and you're surfing the Ares Corporation Matrix site or walking in their public VR construct, and you never need to know the AccessID.

But a Domain is more than just a name. In the Locational Matrix, a domain can also include Global Positioning System coordinates. Anyone in the Cybersphere who enters the purchased coordinates is immediately transferred to the corresponding server as if they had entered the text domain.

Domains are part of the Matrix Domain Name System, which is managed by the Matrix Domain Name System Authority. Unregistered domains may be purchased from them for a nominal fee. GPS coordinates can be purchased only by offering proof of ownership of the real-world property.

The Matrix Domain Name System Authority may operate the MDNS, but requests don't go through them. The actual domain information is distributed into the mesh network of the Matrix.


Profiles

The Matrix 2.0 comes with a standard system for managing identities, both real and fake. The system has a standard protocol for creating, storing, and requesting a user's profile.

A profile, at minimum, has a name, though it can be a pseudonym. It may also include the user's SIN, licenses, bank accounts, Commcode, Avatar, resume, favorite bands, and just about any other piece of information one might want about a person. Permissions regarding who has access to what information is a basic part of the protocol. In addition, a profile can include a verification signature that allows a trusted third party to confirm the legitimacy of that profile.

People with a SIN always have at least one profile with their real name and SIN attached. It's used for purchases, loans, and licensing. In many places, a person is required to carry a copy of that profile on their commlink, with their Name, SIN, and applicable licenses set to public so they can be accessed by anyone in wireless range.

In some places or forums, pseudonyms are expected, but users need to be able to trust that the person using a pseudonym is always the same person. In this case, the location could use a locally stored profile system requiring a log-on, and many do, but there's another option. There are services dedicated to privacy that will verify profiles for pseudonyms, guaranteeing that wherever a person using that name shows up, it's the same person.

For most people, their various profiles they use are stored on their commlink, though they don't need to be. It's common practice to keep a copy of a profile elsewhere, often a social network, in case a user loses his or her commlink, or is using another terminal.

As mentioned before, a user can set the permissions on various aspects of a profile. What information is available can differ by person, location, time of day, or device used to access. This includes avatars. A user can have a professional avatar while at work, and have it automatically change into something more fashionable when visiting the local cyberclub.


Commcodes

Every Matrix user needs a commcode. It is the primary method of communicating through the Matrix. If a user gives someone their commcode, they can send a text or voice messages, give a call, or jump to the user's location in VR to communicate face to face, depending on permissions.

There are many commcode providers. Most Matrix Service Providers give one for free, and anyone can host a commcode server at their domain.


Firewalls

A firewall is a complex suite of software, often with dedicated hardware, that is responsible for device security. It watches wireless traffic, commands, file structures, and access rights. It keeps logs of activities and sends alerts when something is wrong.


Network Firewalls

A firewall is capable of securing more than a single device. When devices are networked together, they can all benefit from the security provided by a single, powerful firewall. For most personal area networks, this means that every device in the pan is protected by the commlink's firewall, and in a corporate network, the whole network is protected, usually by an dedicated, hardware firewall.

Of course, a network firewall only works with devices that are actively connected to the network and have granted access permissions to the network. If a device is separated from the network, such as by turning off its wireless, it must depend on its own firewall.


Firewall Ratings

Pure software firewalls are limited to a rating of 2. Cyberdecks can be equipped with a hardware firewall up to rating 4, and a portable external firewall of up to rating 4 can be added to any network. Firewalls of rating 5 and 6 require large and power-hungry hardware and are only found in fixed networks.


Hacking

Hacking into a device or network is a game of stealth and finesse. The intent is to get the device to allow you access to it's files and systems despite it's security settings.


Exploit Action

Hacking a device or network requires and exploit action. This a complex action and requires an opposed test between the hacker's Logic + Hacking versus the device's Response + Firewall. The total number of hits on this roll is limited to the rating of the hacker's Exploit program. If the hacker glitches on this roll, then she triggers an alarm. If the device glitches, the hacker is granted administrative access.

Success on this test does not mean a hacker has full access to a device. It simply means that the device has granted the hacker user level access.


Restricted Access

In a complex system, many files, programs, and settings will have restricted access. Access to files or networked devices can be based on account, group, or even location. It can even have multiple requirements. For example, in order for an employee to access work files, not only must he have account access, but he must also be in his cubical, either physically or in VR.

In order to access restricted files, a hacker must grant his account access rights. This requires the hacker to take an additional exploit action. This test must be made for each new set of permissions.


Administrative Access

It is much easier to set permissions if a hacker has administrative access to a device or network. Getting admin rights is tricky, though, because administrative access is the most carefully watched and secured area of any device. The hacker must take an exploit action, but the system gets a +2 bonus to its dice pool. If the device wins the opposed test, an alarm is automatically triggered.

Hacking Programs

• Data Bomb
• Decrypt
• Defuse
• ECCM
• Exploit
• Sniffer
• Stealth
• Track

Agents and IC

Agents are autonomous programs requiring dedicated hardware called a Analysis Accelerator, which grants them a certain degree of intuition. They are designed to run programs and function for matrix users in much the same way drones function in the real world. IC (Intrusion Countermeasures) are a specific form of Agent used for matrix security.

Agents have a pilot program, which stands in for their mental attributes when making Matrix tests. They are also equipped with various autosofts that function as skills, and a number of programs they use in the same manner any Matrix user would. Pilot and autosoft ratings for Agents and IC are limited to 3.

Agents, because they have no body, alway operate in VR, and their VR avatar can have a location like any user and can see and interact with VR objects. In fact, IC rely heavily on this fact, which allows them to patrol virtual reality as an independent security force that isn't compromised when the network is hacked.


Cybercombat

If hacking is about finesse, cybercombat is about brute force. Cybercombat doesn't open up access to a device, but instead forces the device to run a single, destructive piece of software called an offensive program. There are many types of attack programs, each having a different effect on the device.

Attacking a device requires an opposed Logic + Cybercombat versus Response + Firewall test. Agents and IC use their Pilot rating in place of Logic. If the attacker wins, the program is launched. Either way, unless the device is shut down by the attack, it launches an alert.

Cybercombat programs can also be run on a device where the user has access without triggering an alert, so long as it only operates on files that the user also has access to.


Cybercombat Programs

• Black Hammer (does physical damage to hot-simmed targets)
• Blackout (does stun damage to VR users)
• Attack (does matrix damage by damaging system files)
• Spoof (forces the target to perform a single command)
• Locate (forces the device to divulge it's physical GPS location)
• Encrypt (searches for and Encrypts stored files)
• Burn (does physical damage to the hardware)
• Entrap (causes the system to not respond to log-off requests)
• Isolate (causes the system to not respond to log-on requests. Can be used to separate a device from a network.)
• Corrupt (searches for and corrupts stored files so they cannot be recovered)
• Nuke (forces a device to use up all it's response on a useless program, causing it to lock up.

Defensive Programs

• Armor
• Biofeedback Filter
• Medic

Honestly I like it. I have other things going on right now so I didn't read it in full detail (at least not enough to be critical) but I absorbed the meaning and idea behind what you are doing and I like it.

I'll have to keep an eye on this thread to see where it goes.

-D

Thoughts on Hacking

Determining how the Hacking roll should be handled is tricky. On the one hand, the idea of an extended test where a good hacker gets in quickly, and a poor hacker takes longer makes sense, at least conceptually. On the other, extended tests take a lot of time at the table and are generally boring.

As Hacking is something that I don't want to take a lot of time, I've gone with an opposed test, Logic + Hacking versus Response + Firewall. This way, there's a much greater chance that hacking into a system will only take one roll.

Similarly, I'm assuming that networking software is designed to help you easily find nodes in a crowded mesh network, so no test should be required unless a node is trying to hide. That removes another common roll.


Access and Accounts

While I've made hacking rolls simpler, I actually made account management more complicated for large networks.

Basically, most networks handle permissions based on groups. The research group has access to the files and devices it needs. Accounting to different files and devices. Management to yet others. Under this model, instead of a Security Level account, a security guard would be a member of the security group.

So, whenever you want to access a restricted file or device, you need grant your account permissions, usually by joining a group. Other restrictions can be placed on a file or device though, such as requiring a specific account or being in the right physical or matrix location. These are harder, if not impossible, to hack.

Administrative accounts still exist, but they're much more risky to attempt.

You haven't really changed the core rules on accounts, you've just taken a more detailed look into them. This is really how my group already looks at account access restrictions (of course both GMs work in the modern IT field).

If you have account access to a particular file you can simply access it (no roll needed), if you are trying to access a file that your current account does not have access to (under your system) I'd say the hacker rolls Logic + Hacking (max hits equal to Edit program) vs either a fixed threshold or opposed by Firewall + Response. Personally I'd say fixed threshold is better in this case basing the threshold on the difficulty of the system; perhaps using the Firewall as the threshold.

Just my thoughts.
-D

That's basically the direction I'm taking. I like the idea of a fixed threshold, but a fixed threshold of the target's firewall is actually more difficult than an opposed test with firewall + response, so I'm currently leaning toward the later.

Over all Firewall may be a tough sell as a threshold, however under this house rule, a comlink is limited to a Firewall of 2 (without dedicated hardware), and a CyberDeck is limited to 4. A threshold of 4 is stout, but 2 is actually pretty easy. If you are hacking a Nexus you should be headed for security or admin level access anyway and those should have most of the file access you will likely want.

-D

To make a decision on that, I would need to put together a list of what possible modifiers there are for a hacking roll. A hacker with a 3 logic and 3 hacking has a dice pool of 6 and can get 2 hits regularly. But it would take a dice pool of 18 to get the same level of skill for a rating 6 firewall. I'm fine with this, assuming it's possible to get a dice pool that high.

What gear and cyberware can boost the logic + hacking roll?

The difficulty with a Matrix redesign is that you have a lot of computer people who have a very set idea of how computers work.
Thus either you have an incredibly rigid and strict rule set which works, but everyone who has ever taken a Computer Science 101 class will dismiss as broken because it doesn't fit their idea of how computers work; or you have a rulings-not-rules system which slowly devolves into Computer Theory in which whoever has the greatest understanding of computers wins.
This means that either your system is "broken" and someone else will insist it needs a redesign or a hacker is unplayable to laymen.

It's a sub-system of Shadowrun which is quickly susceptible to grognards. Resist their urge.

Thank you for the warning, but I can't resist the urge. For me, it's an exercise in game design, since that is what I do for Apathy Games. My goal is to make the matrix rules easier to understand and play better at the table while staying with the spirit of the current system. If it succeeds, great. People can enjoy it. If it fails, nobody is hurt. I learn something either way.