So in the game I was playing in up to a couple of weeks ago, I played the hacker. I rolled 19 dice for pretty much all hacking related tests, and edge of 5 and 5 initiative passes. No military grade software or hardware. I was just getting to the point of going after the good stuff.
But seriously, I need 12 successes on a hacking test to own your system? 19 dice gets me 6 successes, so 2 of my 5 IPs are spent hacking. If I don't choose to use edge. You get 2 rolls with 13 dice to get 6 hits, so it's possible you might detect me, if I don't use edge. But you're not going to win the fight to dump me.
But you might get the alert and shut down your commlink. OK, I win. No communication with your team, no Battle-tac, no smart link. If that's loosing the battle, imagine what I get for winning. As the hacker, if we get ambushed or something where I don't have time to do any real damage, if I can kill the oppositions comm's, I've done my job. Then I pull out my Predator and look for targets of opportunity.

The only problem with this is that, by the rules, the spoofer does NOT need to have captured ANY wireless traffic, if he's somehow obtained the Access ID by other means.

This implies that the spoofer is just sending out standardized commands rather than tailoring the syntax to the specific target.

In any case, drones should definately be set to ignore commands telling them to re-subscribe to someone else, or disable their firewalls/security, and the like. There's just no good reason the owner would ever send those sorts of commands remotely.

Of course, the most paranoid could pre-program a list of instructions to be executed on specific triggers. Like, "Fire on any targets I'm marking with this coded target designator, when the coding changes from Pattern A to Pattern B", or "send me an alert if you see 'people with weapons' that are not on this list." Then disable remote command access to the drone entirely.

Really, drone interception should be damn near impossible if the owner is using something like a rotating personal cipher, but the rules don't really support that sort of encryption, at least for signal traffic.




-k

Actually, there sort of IS. And even better, it's not a Program, it's a hardware plug-in. "Nonstandard Wireless Link", from Unwired. It functions to make Scan attempts harder (by adding it's rating to the Threshold IIRC). Any character can start with one of these modules at Rating 3 (1,500 , Availability 12). Advanced characters can go all the way to rating 6 (3,000 , Availability 24). Or, with Restricted Gear, you could get a single Rating 5 unit (2,500 , Availability 20).

As an aside, I would probably houserule that system with a "weakest link" limitation: the lowest rated NSWL module in use, determines how resistant ALL devices in that PAN or "team-area network" are to detection. So if I've got a R2, and you have an R4, and we're connected to each other ... your module has had to downgrade itself to match mine .... mostly because mine has a more limited suite of alternate frequencies it can even SEE.

...

Anyway, my point was: it's entirely possible to achieve reasonable resistance to mid-combat hacking, if your character is simply forward-thinking enough to PLAN for it, and spends some nuyen accordingly. It could be taken a step further, too, if you build the example I listed as a firewall proxy. With a program limit of 5, it's got 3 spaces left. Enough to load an Agent with some Black IC onto it, and give the hacker something to REALLY think about while the proxy tries to dump them back out ...!!

...

Cheap 500-nuyen comlinks are for middle-school children, NOT "freelance black-ops specialists" ... a.k.a. Shadowrunners.

I think the problem is that the system is an abstraction. The Spoof command abstracts the work needed to tailor the commands in the correct format. Perhaps it's listening in to traffic to and from the device, perhaps it's analyzing feedback from standardized matrix signals (i.e. logistical commands for maintaining the mesh network), etc. etc. It's why spoofing can fail; sometimes you don't get the formating correct.

Likewise, the rotating personal cipher is abstracted with the Encrypt program, specifically comms encryption. Perhaps it is doing that, but the Decrypt program has found a way to circumvent it, or to break it by looking at repeating standard carrier formating for cryptanalysis to identify the algorithm to vary said rotating cipher.

Either way, those are abstracted into the Spoof and Encrypt/Decrypt functions.

I agree that any intelligent rigger would disable those commands. Intelligence, however, is a rare and valuable commodity often in short supply.

The non-standard wireless link only raises the threshold for detection by 1. It's rating becomes the Signal of the device into which it is installed.



I agree. A reasonably defended system is relatively affordable.

Sort of... A Non-Standard Wireless Link is just a non-standard frequency module. Mechanically, It raises the threshold to be detected (on a Scan) from 4 to 5. Not easy, but not impossible, either. The Rating is just how powerful a Signal it produces. It essentially replaces the Signal Rating of your Comlink with a Non-Standard Signal Rating.

NSWL is awesome. All Security and Military communications should be on NSWL's.

EDIT: Ninja'ed by Eratosthenes...

Sorry!

I agree, NSWL is awesome. And it's possible to get Signal 6 at Chargen with it (if you feel you need it).

If they're *all* on NS… it's then standard.

I agree that is the way it SHOULD work. A hijacker should be required to Capture Wireless Signal first, decrypt and analyze the signal, then attempt to spoof.

But that's not how the rules are written.

It is probably not unreasonable to postulate that the Spoof test includes all of this, but that's pure player/GM speculation.


Eh. The personal cipher is something off the top of my head as a classically "uncrackable" code method. It's not really modeled well in Shadowrun.

Personal ciphers are not good for standard communication. What they are consists of a word or words that mean entire concepts or ideas.

Best example I can think of right now is "Execute Order 66". Without knowing beforehand what specific orders that phrase is attached to, the words are meaningless.

Standard encryption works by transforming a message or data using math. Unless you know the math used, you can't transform it back. But because the transformation is based on math, it's based on a standardized known element, so it's possible to study the coded message for patterns to figure out that math.

There are no patterns in a personal cipher. Really, it's not encryption at all. It's a word-substitution cipher.

At it's simplest is this: You have a command known to both you and someone else. You assign a random word to this command. When the other person receives that cipher word from you, he executes the associated command.

The "rotating" part comes into play because, well, if you just used the one cipher word, anyone listening to you could eventually figure it out. So instead of one word, you generate a list of words. Once you have used the first word, both you and the other person switch to the second, and so on. You generate a different list for each command you want protected.

The practical upshot is, you need the word list to crack this sort of cipher.

Which you cannot get by merely listening.

If it were a rigger and a drone using this system, you'd have to hack one or the other to get the list, but by that point, why bother with the list, you've already hacked into their system.



This is completely true, especially considering the vast majority of "hacks" in the world today exploit the fact that so many people don't keep their security updated.

You see software patches released all the time to close this or that security loophole. But looking around, a staggering number of systems don't have them applied.




-k

Rotating cyphers have been around for a long time, and are exactly the kind of thing computer code breaking was invented for. It's not that big of a deal. So far as I know, there's NOTHING that the big guys with the big computers can't break. And with Moore's Law, there's no reason to believe your commlink in 2072 won't be much faster than the big-ass systems the NSA uses now.
My point is, it's safe to assume that a decrypt program can handle any of that. And if someone comes up with a new system, 2 days later the crack will be on Shadowland, and 2 days after that it will be a standard part of the new decrypt program.

The problem is, there IS no breaking of that sort of cipher.

You either have the word list or you don't.

There is no math involved. You can have the most powerful god computer on ten planets and it won't matter.

It's like a One Time Pad. If executed properly, the cipher is simply impossible to crack.

It's not encryption. It's a cipher.



-k

Re: cipher

The problem with that is, that it severly limits your options. You can only use it for a limited number of preprogrammed command sets. At some point you can't manage the cipher list anymore without dedicated software, that uses algorithms to produce/use the ciphers (id say thats part of the encrypt utility), and that´s vulnerable to decrypt again.

So, if u use ciphers in game, I´d rule they are limited to very strickt preset commands, kind of like a trained dog. And definitly there will be no jumping in.

KI is right. There is no way to crack the code, as the code could just as likely mean one command as another.

In general; Don't be a dick. If you try to make your hacker completely invincible to every attack with god-like equipment and skills, then surpass that by rules lawyering and flip flopping between simulation and gamesmanship to give yourself the ultimate edge, then he's got a duty and right to send the Black Chopper teams after you, to counter this obvious war insurgent.

I'd prefer if you didn't try to use the real world as why it can't be done. Computer generated one time ciphers can be created in pages by the millions, in just a few seconds. It's more of an annoying game thing, in which case, you're completely correct.

The problem is, the theoretical super-computer could only tell you what the message possibly said, with no real certainty. Now, if you intercepted a message to a drone, and knew what language the drone was using, and had a reasonable guess as to what commands would be sent to the drone, you could get a fairly good set of guesses as to what command was sent, but that still doesn't allow you to determine which cipher is going to be sent next, and how to decrypt that one.

Actually, it does involve math. Or, more specifically, math can be used to represent it.

Boiled down, any command-action sequence boils down to:

Command A -> (maps to) Action A
Command B -> (maps to) Action B
Command C -> (maps to) Action C

With a standard cipher, be it standard text-replacement encryption, a word cipher, etc, you end up with:

Command X -> Action A
Command Y -> Action B
Command Z -> Action C

Throw in the rotating part:

Command G, M, or X -> Action A
Command H, N, or Y -> Action B
Command I, O, Z -> Action C

In effect, the system you describe is, mathematically speaking, no different than if they'd applied a Letter A = Letter X substitution cipher (though it is more complex, since you cannot do standard pattern distribution analysis). So in attempting to decipher the comms encryption, the Decrypt program would look for similarities corresponding to command-action. Perhaps there are some diagnostic bits that are transmitted to confirm the command, which would bely the encryption. Etc. Over time (which is why it's an extended test), the decrypt at least get a close approximation of the cipher used.

This differs from a one-time pad, in that a one-time pad uses a random sequence of mappings for each data bit (letter, byte, word, etc.) that does not repeat. This scheme uses a small list of terms to represent actions, that would, out of necessity, repeat occasionally.

You could argue that the list could be arbitrarily long, to defeat this, but I think that starts getting into the realm of the optional Strong Encryption rules, and would not be tenable for comms encryption.

Again, its an abstraction.

Not really. Civilian Communications is Standard. Anything else is Non-Standard.

Huh. Well, I've not had occasion to actually use them (yet), so ... learn soemthing new every day.


Absolutely concur. Every rigger should use them for their drones, as well.






No, really it's not.

Look at real life. For wireless computer networks, using one or another of the 802.11 protocol revisions, most networks use one or another fairly specific ranges of frequencies. 802.11b/g/n use 2.412GHz to 2.484GHz; 802.11y uses 3.6575GHz to 3.6900GHz (in half-megahertz steps); 802.11a/h/j/n use 4.915GHz to 5.825GHz (depending on the country you're in, the range can be much narrower on one or the other side).

So what happens if a corporation decides to put it's security systems on a few nonstandard frequencies? Say, Cameras around 1.8GHz, drones around 3.2GHz, security-personnel comlinks at 4.3GHz?

Scan will eventually find them - but it's going to look at the 2.4, 3.6,and 5.0 bands first, and it's going to check each band for any of their dozen (or more) possible channels ... listening to each for a fraction of a second, and then determining if there's a pattern to what it picks up. Only after it's exhausted those possibilities - the "easy, slow-moving targets" if you will - is it going to continue on to the nearby frequencies.

Andnot every corporation would necessarily use the same frequency ranges for the same gneral purposes. Even within a single corporation, those ranges can change. Hell, even within a SINGLE SITE, there might be differences (like maybe, the interior drones and cameras in Lab Seven are all on a 6GHz frequency ... 'cause even the normal site security isn't allowed to know what goes on in there!)

Thus, for a modest (in Corporate terms) investment, you slow down would-be hackers. Furthermore, since your security systems ARE on nonstandard channels, if you manage to CATCH some cheese-for-brains script kiddie hacking your cameras? They can't argue a lack of intent to hack 'em. Also also: less likely some wageslave will pick up the signal from the camera that just watched him in the bathroom. In his home. At midnight.

(Not every advantage to a corp has to come in terms of "stop shadowrunners", after all.)

...

Of course, taken to it's logical extreme, the cameras should all be using Laser or Microwave-beam directional links, not "scream at the whole world" omnidirectional wireless transmissions ...

It was a joke. Yes, 'non-standard' just means 'we use some random unexpected range/system'. If literally everyone does it, it just means that Threshold+1 is the new 'normal' Threshold, not that they all get easier again.

For once, I agree with yahoo, after finding one NSW signal, that freaq range is the first I'm going after.

That's actually why I suggested that (smart) corps might split their setups up across multiple frequency ranges.

...

For added cruel-bastardry: every camera is doubled. One on a standard frequency, one on a nonstandard frequency. Most hackers will find the standard one, and deal with it, no problem.

But the parallel "shadow" camera? Still feeding video to the security goons' systems. Sucks to be the runners THAT night, eh?

That's 'Yerameyahu' or 'Yera'. And my non-joke point was that you *couldn't* do that; they'd all be on various crazy freqs (presumably your computers keep it all straight somehow, that's what abstract rules are for).

Nodes as seen from the outside are icons too. SR4A p224.
Nodes can use stealth to oppose a matrix perception test to determine if an icon is: a node or a program or a user, a node on alert, a encrypted node, databombed... SR4A p228.

Nodes from the inside are places/surroundings containing other icons, such as the aformentioned sneaky IC.

Stealth usually won't stop a hacker from hacking your node, but it may slow him down.

"Arbitrarily long" is relative.

A list of two dozen words per command isn't much, especially if you have your commlink handling the substitutions. It just takes planning. It is unlikely that you'd execute the command often enough for the list to start repeating, at least not in the presence of anyone listening in to try and break the cipher.

If you never repeat the list, the system cannot be broken.

That said, I will agree that it's not tenable for regular comms, and I said as such. It's for the secure transmission of a limited set of commands, the kind that an ops team might communicate with hand signals.

I'd just like Shadowrun to be able to model this kinda thing, but I guess it'd make hacking as a role much less viable.



-k

Good find. You're right. I was thinking about how could a node disguise itself to something outside itself...but that's pretty much what your persona's doing with its Stealth program. The persona + stealth program's running on your commlink, yet disguising its actions on whatever node you're visiting.

And I can see a node, in this regard, being similar to a persona program. It's just another icon in the matrix.

So I guess if a node is running Stealth, and a piece of IC or Persona residing on that node is also running Stealth, you use the higher rated of the two?

I get what your saying. I'm not sure any game system could reliably abstract such a system. But there's no reason you couldn't work with the GM to work something up. Like set it up for only certain commands the drone/device might do. This would be very similar to disabling those commands, just not for you.

He might expect you to be remember your command words every time you want the device to do something, though. Which is one reason I don't think it would be entirely widespread: for one or a couple of devices, it's tenable, but too many and it becomes very unwieldy remembering or storing the various lists/lookups, and then those become the weak point, as you said.

What happens if a hacker Spoofs requests from the device to repeat the command, due to wireless data loss or just plain verification (something pretty common in communications schema)? Given data transmission speeds, they could easily burn through most any list for a complete rundown of command aliases. Perhaps that's one aspect of the Spoof command.

I think if the node itself is running stealth, it only works on its exterior icon. It hides it from outside viewing. If you are already inside, its a location. The IC would have to run stealth itself to hide its own icon.

You use subscription lists. In particular, a null list. To place or receive a call doesn't require allowing someone's icon on your box. You can still get out, they can't get in.

A hacker hacking in would ignore any subscription list. It bypasses normal controls, such as a subscription list/access ID list. Unwired, pg 65.

Actually, it doesn't say that it bypasses subscription lists. And what it says makes no sense. The access id is a fundamental component of an icon. If you can bypass a node noting your access id you also can't be tracked in any way because no node will ever detect your presence, much less log it.

Another example of the contradictory crap that passes for computer rules in SR4.

Prior to that entry (pg. 64), it notes using Access ID's to restrict access...which is what a subscription list is. It's a list of authorized access ID's.

A hacker isn't logging in like a good normal user; they're exploiting some flaw to bypass the standard security routines. Like a buffer overflow, or stack violation, blah blah blah. Thus an access ID/subscription list wouldn't be checked.

It's not contradictory. Perhaps not completely clear, though.

So all the lines about how you need to change your access ID to avoid being tracked are all lies, because the systems you hack doesn't even note your access ID and hence there is no "datatrail"?

And these little notes from SR 4 are also lies?
"To connect to a node (aside from the one on which your persona is running), you must subscribe to it."

"The goal of hacking into a node is to create your own account on the target node. In
order to hack a node, you must either be within mutual Signal range of the target node’s
device or have an open subscription with the node through the Matrix."

You're speaking of different things. And who's saying anything about lies?



Yes, you must subscribe to it. But, as stated before, a hacked account bypasses security measures, like an authorized Access ID list. See page 97 in Unwired.



A device running a white list of Authorized Access ID's would effectively be running in Hidden mode. Either way, this just means the hacker needs to be in mutual signal range.



The systems you hack do indeed track your access ID, in the access log. So yes, you can be tracked. The hacked account gets you in the door, and bypasses most of the security. Things like a passkey (which someone else pointed out to me, last paragraph of page 64 of Unwired) checks against the access log periodically. Perhaps what you're thinking of is a an Access ID authorization list that does what a passkey does?

So, typically, what you'd find is:

1) Can you access the target via the matrix? I.e. can you subscribe via the matrix to the node? If yes, go to 3. If they're running hidden, then it's a no.
2) Can you get within mutual signal range? This may include simply getting in range of a slaved device of the target, or piggybacking on another device that can get within range (like a drone or friend's commlink). If no, no hacking.
3) Hack on the Fly or Probe the target. This creates an account that bypasses the normal security protocols.
4) Log on, using that account. Again, bypasses security protocols.
5) Access log begins tracking your Access ID. And your icon will get analyzed by all sorts of things.

The subscription/log on/hack stuff is obtuse, so I admit I may have missed some of the nuances of the wordings. But this is how I understand it.

If there is a subscription list you cannot subscribe to the node without an access Id that matches an entry on the subscription list.

Just because you keep repeating that doesn't make it true.

You've already agreed that you need to subscribe to hack. Which means the subscription must occur prior to hacking. Hence anything that prevents the subscription prevents hacking. A subscription list prevents subscription. So are the core computer rules wrong or are the rules in unwired wrong? Or are they both incoherent and contradictory morasses that are totally unusable without house-ruling like mad?

You do not need a subscription to hack. You need either mutual signal range, or a subscription. If you've mutual signal range, you can hack, thus creating an account with which you can subscribe that bypasses the subscription list.

Just to reiterate the rules:

"The goal of hacking into a node is to create your own account on the target node. In
order to hack a node, you must either be within mutual Signal range of the target node’s
device OR have an open subscription with the node through the Matrix."

How do you have an open subscription but not be in signal range? How does having that subscription help if you can't communicate to the node to hack anything?

Edit: Nevermind I think I get it. You've got signal range to the node but the node can't talk back, doesn't matter for some hacks/spoofs/commands.

...

Look, it's simple: when you hack a node, you're creating an account on it. Which means, you're slipping in via Exploits (<-- program name, hint hint) to add an Access ID to the node's "whitelist".

Then you use said Access ID to log in normally.

THE INTERNET. Er, I mean, the Matrix.

Your comlink <-===-> [ public matrix node A719234E <-===-> public matrix node D982763R <-===-> public matrix node L8810122L ] <-===-> target node

Everything in [ ]'s is "the Matrix".


No, not at all. You have to be in MUTUAL signal range ... or be subscribed, via the Matrix.

There could also be one (or more) nodes between you and the target.

If you've got mutual range from one node to another, I really fail to see how it should matter if it is your personal comlink or not.

That's why I stick to Rigging I guess, just encrypt your shit and use your own retrans and nothing silly like this ever comes up.