Help - Search - Members - Calendar
Full Version: Hacking proof Metalinks?
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2
Hamsnibit
Last session i had an idea which might provide an absolute hacksafe link.
Setup would be the following:
Set up a favoured number of proxies.
Let one of them be a Meta Link or any other Standard Node with System 1.
A Sys1 Node can only support 2 subscriptions one would be your own, the other could be filled with a drone idling in the node a another link you have so that the subscription limit is reached.
Any attempt to access the node without above data request level requires a subscription, hacking attempts require a subscription.
So any attempt to hack this node would incredibly slow down any matrix traffic or completely crash it by RAW so there would be no way to slip into it unnoticed.
Any hooks or flaw i might have overseen?
_Pax._
(1) Capture Wireless Signal on the Metalink, determine which subscriptions are which.

(2) Spoof a "log off and unsubscribe" command from the Drone. Note that you can Spoof a command without an account on either node.

(3) Hack the metalink at your liesure.

...

I'm assuming your "real" comlink it directly wired to the "bottleneck" link, or that the hack is coming from beyond your "real" comlink's signal range.

...

Really, there's no such thing as a "hack proof" system, if it EVER connects to ANYTHING outside itself. What there is, however, is "sufficiently protected" or "hack resistant". And it doesn't have to cost a zillion Nuyen, either.

Start with a Hermes Ikon (Response 4; Signal 3; 3,000 nuyen.gif ).

Add the Novatech NAVI operating system (System 4; Firewall 3; 1,500 nuyen.gif ).

Upgrade the firewall all the way to 6 (3,000 nuyen.gif ).

Install Analyze 4 (400 nuyen.gif ) and Encrypt 4 (400 nuyen.gif ). These will be running always.

If you have access to Unwired, have the comlink "Optimised" for Frewall (500 nuyen.gif ).

Finally, set the number of User and Security accounts to zero. You've spent 8,800 nuyen.gif so far (and may want to buy a few additional useful programs - Browse, Edit, Command, and so on).

...

Anyone trying to Hack on the fly to get in, will face a threshold of 12 (Firewall 6, +6 for an Admin account). They also face the problem of the entire node being encrypted - hence that rating 4 Encryption program you paid for. That adds another couple of combat turns, maybe 2 or 3, before they can DO anything with their shiny new Admin account, once they manage to get in.

And your 'link will be trying to otie them, too - that's what the Analyze 4 progam is for. If they hack on the fly, then EVERY COMBAT TURN, the 'link gets to roll Firewall + Analyze (+1 due to optimisation) to detect them, against a threshold of the Hacker's Stealth program, if any. If they take a slower approach, the 'link gets only one roll ... but, the hacker needs TIME to do it that way, and you can just habitually reboot your link at semirandom intervals to voil THAT.

If and when the Hacker is detected, the 'link can simply be scripted to automatically disconnect them. That's a Firewall + System (again, +1 for Optimisation) roll. And almost certainly, +4 more due to a Restricted Alert being triggered against the Hacker!

...

What it boils down to is this: for under 9,000 nuyen.gif, you've got a 'link that will take at least 3 to 5 combat turns to hack into. Combat turns during which you can be shooting at the hacker, if you're in combat. smile.gif
CanRay
Daisychain Commlinks. Use a bunch of MetaLinks with random "Paydata" (virus filled POS files that Fixers will hate the person they bought them from), until you get to your REAL commlink. nyahnyah.gif
SpellBinder
Either people forget it, overlook it, or just plain ignore it from Unwired, page 55: "... A persona can only maintain a number of subscriptions equal to the size of its subscription list (System x 2). If more subscriptions are assigned, each additional subscription over the limit counts as an additional program run on the node and may lead to Response degradation."

But I like CanRay's idea of infected paydata. Also, you don't need to habitually reboot your commlink as Pax suggested. Install a spoof chip (found in Arsenal, page 105), and use it to change your access ID, which will sever all connections (Unwired, page 53, "Behind The Scenes"), and is substantially much faster.
CanRay
Hit the people who hack you where it hurts: Their Connections.
toturi
QUOTE (CanRay @ May 28 2012, 09:17 AM) *
Hit the people who hack you where it hurts: Their Connections.

If they have any.
CanRay
QUOTE (toturi @ May 27 2012, 09:12 PM) *
If they have any.
People, even E-Ghosts, don't exist in a vacuum. The viruses I think of would affect contact lists.

Or, even worse, turn a high-end Commlink into a Spam Bot that has the user locked out. He has to hack his own 'link with a POS from Stuffer Shack just to get it back. biggrin.gif

Meanwhile, that really big troll coming his way is really, really upset about all the Humanis Policlub spam that's flying out of his Commlink, and wants to have a few "words" with him as they take a trip "around the block".
Thirty Second Artbomb
Every time the subject of defending against being hacked is brought up, I always remember SR4A p.314.
QUOTE
Any device's wireless capability can be turned off with a simple command. Of course, that means it needs to be turned back on manually, unless you set it to reactivate at a specified time.

Why bother loading your commlink with a bunch of specialized software when you can just turn your wireless off entirely and make the opposition have to plug an optical cable into your datajack to hack you? Just run a second, cheap-as-hell commlink for your fake SIN, check your messages on your personal 'link once a day or so, and you're golden.
SpellBinder
Because you can't always run your SOTA commlink with the WiFi turned off all the time, and you could alienate your fixers (and other contacts) if they can't get in touch with you on their schedule.
Umidori
@Thirty Second Artbomb

Well having a wireless enabled commlink really helps on runs and in combat. Unless you wanna carry around old fashioned walky-talkies to communicate during a running gun battle, I guess. nyahnyah.gif

~Umi
kzt
QUOTE (Umidori @ May 27 2012, 11:54 PM) *
Well having a wireless enabled commlink really helps on runs and in combat. Unless you wanna carry around old fashioned walky-talkies to communicate during a running gun battle, I guess. nyahnyah.gif

Do your players also run around with DocWagon's tracking devices clamped to their wrists too? The ones that continually feed DocWagon your location in real-time? Just like you can trust DocWagon promises that it won't make use of any of that data, nor allow anyone else access to it, I'm sure the nobody in the company that you are buying your wireless service from won't do any correlation between their hi-resolution location data and news reports of "terrorist incidents" for which sizable anonymous rewards are offered. sarcastic.gif
Umidori
I was under the assumption that they didn't transmit anything until they were triggered by severe wounding? I've never actually bothered to get any of my characters a DocWagon subscripton anyway.

~Umi
SpellBinder
Well, if you're really that concerned about the WiFi of your possessions, don't forget to kill the tags in your underwear wink.gif

And I too was under the impression that tags from DocWagon included a biomonitor that signaled only after the bearer was severely hurt.
Koekepan
You can't really get an entirely hacking-proof system. Even if the commlink is somehow inaccessible, links to and from it can be spoofed, jammed, or generally interfered with. Anything which reduces it to a state in which it doesn't do what you got it for is a meaningful attack on some level. If you're a hacker feeding tactical data to your team, or waiting for tactical data from your hacker, that can be a major problem.

If you really want to interfere with attackers, you need to employ all of the classic approaches: defence in depth, misdirection, counterattack and alternative plans. Can your commlink communicate via visible light? Ultrasonics? Steganography? Tunneling through a link to a waveguide? Highly directional antennae? Probably, you just need to find a way to hook it up. Have two extra commlinks: one which is cheap and nasty (the obvious fake) and one a little more serious-looking (the honeypot). Monitor the honeypot and you know that any connections into it are uninvited. Work something out for virtualisation, whether physical (a directly attached extra operational system, running code under supervision) or a true virtual system. Use a client/server approach with your real heavy lifting happening remotely. Have alternative remote systems.

Really, you don't have to go too far down the rabbithole to totally frustrate most attackers, and if what you're buying is time, you usually don't need much. If what you want is a dedicated, single-purpose system then removing all nonvolatile writable storage (or removing the write functions in hardware) means that a power off/on cycle is all that's needed to restore it to a known state, and this is the sort of thing a creative player of a hacker could absolutely find a way to do within the rules.
kzt
QUOTE (SpellBinder @ May 28 2012, 01:10 AM) *
And I too was under the impression that tags from DocWagon included a biomonitor that signaled only after the bearer was severely hurt.

I don't think they actually say that, now do they? Are you willing to bet your life on that? Any system like this needs to be sending data whenever it sees anything "interesting", or when the central system polls it to see if it's properly operating, and it needs to know exactly where it is all the time so it can send that immediately.

So I suspect it's like Lojack in cars. Which is actually transmitting the tracking signal all the time, not just when it gets reported stolen. (Though it transmits a lot more when remotely activated by the company).

So yeah, don't take that on a run.

And tracking your comlink is easy. Given that people calling you have to get routed to the right transmitter to talk to you, your communications provider knows precisely where you are. It's exactly like the cops tracking your cell phone, though with much higher precision. Your cell phone carrier maintains at least a 90 day track of your movements every few seconds based on the cell towers it hits, so you can be tracked to a minimum of 50 meters in cities and a few miles in the sticks. With more modern gear it's more like 10 meters in cities and 50 meters in the sticks. I suspect in SR it's meter accuracy.

So don't take a comlink that you actually use outside of runs on runs either. (After all, do you really need or want to have your fixer call you as you are hacking the target's security system?) Because the cops will pull the records to find all the comlinks that were present during the time of the crime, subtract all the ones that belong to people who were supposed to be there, and then see where the comlinks that they can't explain are right now.
SpellBinder
Just checked, and actually it does say there's a biomonitor with the tag (along with other important info). However I never said I had characters (or players, for that matter) who had DocWagon contracts. No bets made.

As for tracking your commlink, well, there's already been posts saying to have multiple, so what if you have your day-to-day use commlink in public mode (as is likely required in many parts of the city), but your SOTA commlink (which you may carry as you have no idea when a job calls) is in hidden mode? Simple cursory scans are gonna turn up your publicly active commlink, and unless you're doing something rather stupid (like carrying around a Panther XXL), the local LEOs aren't likely to give you a second look. When you're going to meet the Johnson, just switch that D2D commlink off completely, or edit the data later.

At this point it boils down more to "don't look like you're trouble and the cops won't give you trouble" and what should be a standard CYA policy regarding the data in any/all commlinks (and other wireless devices) you possess.
Aerospider
QUOTE (kzt @ May 28 2012, 08:46 AM) *
I don't think they actually say that, now do they? Are you willing to bet your life on that? Any system like this needs to be sending data whenever it sees anything "interesting", or when the central system polls it to see if it's properly operating, and it needs to know exactly where it is all the time so it can send that immediately.

So I suspect it's like Lojack in cars. Which is actually transmitting the tracking signal all the time, not just when it gets reported stolen. (Though it transmits a lot more when remotely activated by the company).

So yeah, don't take that on a run.

The description does specify that it needs to be activated. Honestly, if DW wasn't throwing straight dice with these things it would be public knowledge in short order and both sales and market confidence would fall through the floor. What kind of runner doesn't very quickly realise he's constantly feeding incriminating evidence wirelessly from his own person?

QUOTE (kzt @ May 28 2012, 08:46 AM) *
And tracking your comlink is easy. Given that people calling you have to get routed to the right transmitter to talk to you, your communications provider knows precisely where you are. It's exactly like the cops tracking your cell phone, though with much higher precision. Your cell phone carrier maintains at least a 90 day track of your movements every few seconds based on the cell towers it hits, so you can be tracked to a minimum of 50 meters in cities and a few miles in the sticks. With more modern gear it's more like 10 meters in cities and 50 meters in the sticks. I suspect in SR it's meter accuracy.

Nope, 50 metres.
P.232 Track User
Aerospider
QUOTE (_Pax._ @ May 27 2012, 11:58 PM) *
And your 'link will be trying to otie them, too - that's what the Analyze 4 progam is for. If they hack on the fly, then EVERY COMBAT TURN, the 'link gets to roll Firewall + Analyze (+1 due to optimisation) to detect them, against a threshold of the Hacker's Stealth program, if any.

Better than that - the node rolls once for every Hack on the Fly action. So could be multiple times a turn and some turns it might not roll at all.

QUOTE (_Pax._ @ May 27 2012, 11:58 PM) *
If they take a slower approach, the 'link gets only one roll ... but, the hacker needs TIME to do it that way, and you can just habitually reboot your link at semirandom intervals to voil THAT.

I would dispute this notion. The probing method does not have to be done in one continuous sitting (nor does on the fly, really, but why not probe if you have the time?), so can you offer sound logic or citation that indicates a reboot will undo all the hacker's progress?
hobgoblin
QUOTE (SpellBinder @ May 28 2012, 03:03 AM) *
Either people forget it, overlook it, or just plain ignore it from Unwired, page 55: "... A persona can only maintain a number of subscriptions equal to the size of its subscription list (System x 2). If more subscriptions are assigned, each additional subscription over the limit counts as an additional program run on the node and may lead to Response degradation."

There is also the issue that subscriptions are persona related, not node related. As such, it appears that they only count for outgoing connections, not incoming.
_Pax._
QUOTE (Aerospider @ May 28 2012, 08:32 AM) *
I would dispute this notion. The probing method does not have to be done in one continuous sitting (nor does on the fly, really, but why not probe if you have the time?), so can you offer sound logic or citation that indicates a reboot will undo all the hacker's progress?

*shrug* Set the link to completely purge all accounts except the root account accessed by physically holding the 'link. Also set it to refresh/replace every password, security code, etc. Voila, all their probing is for naught. smile.gif Doubly-so, if you have Spoof Chips, which would even generate a new AccessID upon rebooting the 'link.
hobgoblin
QUOTE (_Pax._ @ May 28 2012, 02:50 PM) *
*shrug* Set the link to completely purge all accounts except the root account accessed by physically holding the 'link. Also set it to refresh/replace every password, security code, etc. Voila, all their probing is for naught. smile.gif Doubly-so, if you have Spoof Chips, which would even generate a new AccessID upon rebooting the 'link.

Probing or on the fly hacks do not provide access to a pre-existing account, just rights equivalent to the desired level set before starting the hack.
Aerospider
QUOTE (_Pax._ @ May 28 2012, 01:50 PM) *
*shrug* Set the link to completely purge all accounts except the root account accessed by physically holding the 'link. Also set it to refresh/replace every password, security code, etc. Voila, all their probing is for naught. smile.gif Doubly-so, if you have Spoof Chips, which would even generate a new AccessID upon rebooting the 'link.

That won't work either. As hobgoblin rightly said, no account is provided either during or after hacking either way. When probing the hacker is laboriously traipsing through the code to find a re-usable exploit. You can reboot as often as you like and mess around with any and all settings and passcodes, but you can't make the hacker forget what he's already learned and ruled out. Nor can you plug the gap before he finds it because there will always be other gaps to find.
Koekepan
QUOTE (Aerospider @ May 28 2012, 04:03 PM) *
That won't work either. As hobgoblin rightly said, no account is provided either during or after hacking either way. When probing the hacker is laboriously traipsing through the code to find a re-usable exploit. You can reboot as often as you like and mess around with any and all settings and passcodes, but you can't make the hacker forget what he's already learned and ruled out. Nor can you plug the gap before he finds it because there will always be other gaps to find.


Not entirely true. If you have offline logging (or logging to a separate system) as would be the case if you'd set up a honeypot, then you have the hacker's attack vector. In other words, you know where he's coming from, in terms of direction, ID or whatever. An immediate approach to a defence against that is to lock out those sources. Bam, doesn't matter what he learned or how he wrote it on his cortex in words of fire, he now needs a whole new connection vector or he's wasting his time.

You can even pre-emptively sort that out, in a fire team control scenario, by locking acceptable input and output vectors to pre-arranged connections, i.e. your team's commlinks. Your attacker is forced to start with the inherent challenge of finding an ID, medium and other combination to which your commlinks will even listen. Even if he's a complete stud who somehow manages to force one of the systems to accept his communications by insert-deus-ex-machina-here, that at best gives him a door through which to try hacking and hope he doesn't get identified. If everyone in your team has a throwaway and a honeypot, he can savagely dominate every single honeypot the team has, forcing them to do his bidding and play the macarena ... while your boys get their jobs done.

And frankly, if you're stupid enough not to have a go-dark-protocol because you just assume that all your gear will work perfectly and never suffer interference, you deserve to lose, and lose hard. After all, at worst the hacker of the team shuts off his gear and pulls out a medkit, while the sammie laughs, tosses off the broken electronics, and prepares to bring the real pain.

I mean, I hope teams make contingency plans. I certainly plan for them when I lay out corporate security teams. This isn't speculation, this is standard real world stuff.
Aerospider
@Koekepan
interesting. Doesn't contradict anything I've said, but still interesting.
LurkerOutThere
*sigh*

Ok here's the deal kids, hacking is an abstract system for what is ultimately a very complex process. As a GM when a player wants to start futzing around with subscription limits, processors, honeypots, proxies, etc the very first thing i'm going to do is look at your character sheet and see if you have pretty significant levels of in the related computers and hacking skills. If you don't your attempts automatically do nothing. If you do i'm going to apply some level of situational modifiers or reasonable hoops to jump through for my incoming hack roll and then succeed or fail using the existing system. That is the whole point of hacking, you find a way through the other guys systems. If Joe on the street Hacker can find a way to make his teams comms "unhackable" then you can certainly believe that the corps with orders of magnitude more resources can do the same. A whole section of the game shuts down and more people end up playing mages.

TLDR Version:
1) Hacking must be possible, always. It's a basic facet of the game world and the system.
2) Nothing your character can do is completely to them. Therefore any nifty trick that you can come up with other people can use or discover independantly. When many people do this it becomes a new standard and then ways are invented to beat it.
3) Play the game, don't game the game.
_Pax._
QUOTE (LurkerOutThere @ May 28 2012, 01:05 PM) *
TLDR Version:
1) Hacking must be possible, always. It's a basic facet of the game world and the system.

Yes and no.

If you're wiling to forgo communications and such, you can turn off wireless and/or rely solely on skinlink, to manage your PAN. You can even use the throwaways to manage communications.

No street-samurai of mine is ever going to have his smartlink/smartgun hacked, because he's always going to either (a) run a wire, or (b) go with skinlink. Same for his cybereyes, cyberlimbs, etc. All wireless functionality switched off - and perhaps cut/burned out entirely.

...

And yes, I expect any competent NPCs to do exactly the same. IC and OOC, I will shake my head and "tsk, tsk" at anyone foolish enough to do otherwise. smile.gif
Aerospider
QUOTE (LurkerOutThere @ May 28 2012, 07:05 PM) *
*sigh*

Ok here's the deal kids, hacking is an abstract system for what is ultimately a very complex process. As a GM when a player wants to start futzing around with subscription limits, processors, honeypots, proxies, etc the very first thing i'm going to do is look at your character sheet and see if you have pretty significant levels of in the related computers and hacking skills. If you don't your attempts automatically do nothing. If you do i'm going to apply some level of situational modifiers or reasonable hoops to jump through for my incoming hack roll and then succeed or fail using the existing system. That is the whole point of hacking, you find a way through the other guys systems. If Joe on the street Hacker can find a way to make his teams comms "unhackable" then you can certainly believe that the corps with orders of magnitude more resources can do the same. A whole section of the game shuts down and more people end up playing mages.

TLDR Version:
1) Hacking must be possible, always. It's a basic facet of the game world and the system.
2) Nothing your character can do is completely to them. Therefore any nifty trick that you can come up with other people can use or discover independantly. When many people do this it becomes a new standard and then ways are invented to beat it.
3) Play the game, don't game the game.

Hear hear.
Koekepan
QUOTE (LurkerOutThere @ May 28 2012, 08:05 PM) *
*sigh*

Ok here's the deal kids, hacking is an abstract system for what is ultimately a very complex process. As a GM when a player wants to start futzing around with subscription limits, processors, honeypots, proxies, etc the very first thing i'm going to do is look at your character sheet and see if you have pretty significant levels of in the related computers and hacking skills. If you don't your attempts automatically do nothing. If you do i'm going to apply some level of situational modifiers or reasonable hoops to jump through for my incoming hack roll and then succeed or fail using the existing system.


I don't see the problem. If the team's hacker doesn't have at least the related skillgroups at a nontrivial level, what on earth did he spend his points on? Synchronised swimming? (Actually, he could within the standard build point rules be an epic synchronised swimmer and still a kickass hacker.) Also, between runs there's often a lot of downtime. If he's not using that time futzing around with commlinks, networking, and all the rest of it, I'd like to know why I shouldn't start docking his skills for being rusty. In my book, setting up the systems to be utterly ready for the next run is a perfectly reasonable thing to do, in character in both the roleplay and systems environments. So he makes a few extended checks - this is normal and expected. I'd expect that the adept would spend quite a bit of time in the gym, and the magician in a lodge.

Also, most of what has been discussed in this thread has pretty explicit mentions in the books, if not specific rules. When something is part of the common vocabulary of people in any peripherally related field (like logs, and virtual machines), I can't blame an enterprising, creative player for using these concepts in the planning of the game, abstractions or not. I would similarly expect a sammie who wanted to leave no meaningful ballistic information to consider shotshells, sintered rounds or possibly breaching rounds, and I wouldn't be at all surprised if a magician were to consider brewing up some kind of awakened yeast and keeping it in a spray bottle for some kind of magical interference.

So sure, call it a modifier, but if I were playing in a game where I arranged a honeypot and somehow mysteriously it never got touched, I'd want a darned good OOC explanation from the GM on what looks like a completely cheeseball move.

QUOTE (LurkerOutThere @ May 28 2012, 08:05 PM) *
That is the whole point of hacking, you find a way through the other guys systems. If Joe on the street Hacker can find a way to make his teams comms "unhackable" then you can certainly believe that the corps with orders of magnitude more resources can do the same. A whole section of the game shuts down and more people end up playing mages.


As I said above, everything can ultimately be hacked on some level, but there's always a context. For instance, if you go into every run with kit you'll fling into Puget Sound on the way out, then an ultra-genius hacker being able to steamroll through all your clever plots in the timeframe of six hours is largely irrelevant. You can't stop the professionals, but you can slow them down, and if that's all you need, you win. An entire part of the hacking skillset relates closely to extended effort preparing backdoors, decrypting passwords, tapping communications, laying your plans ahead of time. If someone who's playing a hacker can't, or doesn't want to play the long game, they're shortchanging themselves and the team.

By analogy, if you go to a shop and you buy a firesafe for your documents, you'll see on the side a label which says what its rating is. You can't put it in a pottery kiln for five years and expect your documents to survive, but you can probably protect them for 45 minutes, by which time the fire is either out, or the topic is probably moot.

QUOTE (LurkerOutThere @ May 28 2012, 08:05 PM) *
TLDR Version:
1) Hacking must be possible, always. It's a basic facet of the game world and the system.
2) Nothing your character can do is completely to them. Therefore any nifty trick that you can come up with other people can use or discover independantly. When many people do this it becomes a new standard and then ways are invented to beat it.
3) Play the game, don't game the game.


TLDR rebuttal:
1) Hacking can be possible, always. It can, with some forethought, be made irrelevantly difficult for a targeted window of time. Finding ways of shaping that window of time and making it difficult is an explicit part of planning. The corps don't have that luxury, because they're all about continuity.
2) Sure. I do this stuff all the time when the opposition are heavy hitters. It's why they're heavy hitters, and not more dumb mooks. The offline log thing is a very sensible, real world approach which also has nasty consequences for runners who think they're too slick to ever leave traces.
3) Ingenuity is the game. It has to be the game. If it's not the game, why do four nutjobs from the wrong side of the tracks think they can break in to a megacorp's HQ and make it out?

To go one meta-level higher, if the opposition manages to clobber one of the team, grab their commlink and hook it up for the benefit of their security hackers, a lot of oh-so-cunning plots run into problems. Don't try to defeat guns with more guns - defeat them with fog. Can't hit what you can't see. Don't defeat infosec with hacking - defeat it with a baseball bat and brass knuckles. Don't fight the mage's magic with more magic - just geek him first.
Koekepan
QUOTE (_Pax._ @ May 28 2012, 08:16 PM) *
Yes and no.

If you're wiling to forgo communications and such, you can turn off wireless and/or rely solely on skinlink, to manage your PAN. You can even use the throwaways to manage communications.

No street-samurai of mine is ever going to have his smartlink/smartgun hacked, because he's always going to either (a) run a wire, or (b) go with skinlink. Same for his cybereyes, cyberlimbs, etc. All wireless functionality switched off - and perhaps cut/burned out entirely.

...

And yes, I expect any competent NPCs to do exactly the same. IC and OOC, I will shake my head and "tsk, tsk" at anyone foolish enough to do otherwise. smile.gif


Precisely. It's all about managing windows of vulnerability. Now, if someone sneaked into your street samurai's basement apartment and planted something wicked in his equipment, all that changes, but why would they do that? Maybe they have their reasons. This is why it becomes a truly deep game, which is what I like about it.

It's very hard to hack a crossbow and a katana.
kzt
Basically the rules suck. They have in all editions. They were designed to replicate the way this dude described computer hacking - who BTW wrote his computer hacking novels on a manual typewriter and had never actually used a computer. Everyone playing the game knows hugely more about how computers work than he did. Having computer rules that only make sense if you have never actually used a computer is kind of nuts.

It's like writing an auto racing game where the critical attributes of a winning race car are how many camels can your treadmill accommodate and what color the car is painted.
Koekepan
QUOTE (kzt @ May 28 2012, 09:30 PM) *
Basically the rules suck. They have in all editions. They were designed to replicate the way this dude described computer hacking - who BTW wrote his computer hacking novels on a manual typewriter and had never actually used a computer. Everyone playing the game knows hugely more about how computers work than he did. Having computer rules that only make sense if you have never actually used a computer is kind of nuts.

It's like writing an auto racing game where the critical attributes of a winning race car are how many camels can your treadmill accommodate and what color the car is painted.


True, but I think that in fourth edition they've used the most recent crash historical elment to evolve the principle and the ruleset. AR? That's a real thing, on an experimental level, and rapidly becoming more real, courtesy of folks like Google. Visual metaphors for computer interactions? Real, if not so advanced, and with no current technological equivalent of simsense. Agents? Real. Scripts? Real. Wireless comms? Real. Add some handwaving abstractions for things like quantum computing implications for decryption and you're practically there. I don't expect my players to know, or use symbolic logic or chip tape-outs, but if someone tells me that they're kitting out with three antennae on the roof of their van which acts as a relay for all their comms, and uses timing measurements to ensure directional consistency so as to identify spurious signals, I won't gnash my teeth and disallow it because the book doesn't mention it. I'll make them use their knowledges and skills to actually build that in-game.

After all, remember that there is supposedly a world of context, things we assume to be real because of analogy and similarity to the world we know. We assume that the tyres of vehicles will be made of rubber owing to engineering compromises relating to ride quality, coefficient of friction and materials availability. These assumptions are not merely a good idea and a great time-saver, but also contribute massively to suspension of disbelief and a shared, relatable experience. In the case of computers this means that we assume computers are good at automating data transfer, decisions and calculations because that's why people bother with them in the first place, but we also assume that to hack a computer you need to be able to connect to it on some level.

Actually, come to think of it, you could get a very much more real experience (if this matters to you in your games) by simply dropping the VR hacking metaphor outright. Do it all by AR work.
LurkerOutThere
I think that's mostly where they were headed with it but didn't want to alienate the grognards. Further once you have VR it makes a lot of sense to keep it and improve on it, telepresence, teleoperation etc means there's a lot of places for work, and therefore hacking in the VR realm. What they utterly fail at is how slow full on VR hacking is. Full VR should really be two to three times faster then meat world actions. Not just multiple IP passes but literally three actions (or more) for every one in the meat world. I started to mess with a house rule to reflect this but you run into "Decker's doing stuff, everyone else go on a food run" scenario.
kzt
Yeah, the fact that the rules suck doesn't mean that there are easy and simple alternatives. But my preference would be to purge the game of Tron and Mr. Mechanical Typewriter and start over from there.
Koekepan
QUOTE (LurkerOutThere @ May 28 2012, 10:40 PM) *
I think that's mostly where they were headed with it but didn't want to alienate the grognards. Further once you have VR it makes a lot of sense to keep it and improve on it, telepresence, teleoperation etc means there's a lot of places for work, and therefore hacking in the VR realm. What they utterly fail at is how slow full on VR hacking is. Full VR should really be two to three times faster then meat world actions. Not just multiple IP passes but literally three actions (or more) for every one in the meat world. I started to mess with a house rule to reflect this but you run into "Decker's doing stuff, everyone else go on a food run" scenario.


It turns out, if you look into what we know about psychology these days, human ability to make decisions is highly restricted at the sub half second level, and decisions founded in actual reasoning, much more so. The equivalent in today's technology would be a script kiddie flinging prewritten attacks at a server - quick, requires little or no planning, as fast as he can type in a command, or click an icon. If you use a visual metaphor, it's like playing Quake.

That approach breaks down when you have an actual intellectual challenge on a higher plane than what a twitch game requires. Gary Kasparov wouldn't be a significantly better player if someone gave him cyberfingers for grasping the pieces. He'd just be shinier.

Assuming your hacker is basically a poo-flinging scriptkiddie, sure, have him work at the Speed Of Thought. If you're having the player actually think about what he's doing and you figure that the hacker is in game automating things (such as by throwing together scripts to search files for him because he won't do it fast enough manually, or better yet throwing together the scripts and having his agents execute them) then the idea of the meatshields buying him time suddenly becomes critical.

I usually combine the two approaches: Metaphor combat as a twitch game, actual decision-making as a slower process.
Sengir
QUOTE (_Pax._ @ May 27 2012, 11:58 PM) *
Really, there's no such thing as a "hack proof" system, if it EVER connects to ANYTHING outside itself. What there is, however, is "sufficiently protected" or "hack resistant". And it doesn't have to cost a zillion Nuyen, either.

Start with a Hermes Ikon (Response 4; Signal 3; 3,000 nuyen.gif ).

Add the Novatech NAVI operating system (System 4; Firewall 3; 1,500 nuyen.gif ).

Upgrade the firewall all the way to 6 (3,000 nuyen.gif ).

Install Analyze 4 (400 nuyen.gif ) and Encrypt 4 (400 nuyen.gif ). These will be running always.

If you have access to Unwired, have the comlink "Optimised" for Frewall (500 nuyen.gif ).

Finally, set the number of User and Security accounts to zero. You've spent 8,800 nuyen.gif so far (and may want to buy a few additional useful programs - Browse, Edit, Command, and so on).

As pointed out by others, hacking does not require a preexisting account.
Furthermore, Optimization only works on "Common, Hacking, Autosoft, Simsense" programs. A device matrix attribute is none of those, hence no.

QUOTE
Anyone trying to Hack on the fly to get in, will face a threshold of 12 (Firewall 6, +6 for an Admin account). They also face the problem of the entire node being encrypted - hence that rating 4 Encryption program you paid for. That adds another couple of combat turns, maybe 2 or 3, before they can DO anything with their shiny new Admin account, once they manage to get in.

And your 'link will be trying to otie them, too - that's what the Analyze 4 progam is for. If they hack on the fly, then EVERY COMBAT TURN, the 'link gets to roll Firewall + Analyze (+1 due to optimisation) to detect them, against a threshold of the Hacker's Stealth program, if any.

Not completely trivial, but considering that Firewall 6 is the hardest possible obstacle unless going milspec, it's still laughably easy:
Skill 6
Specialization 2
Exploit 6
VR Bonus 2
Encephalon 2

18 dice without bending over backwards, or even maxing out the potential pool. Chances are that 18 dice beat Firewall 6 faster than 10 (or even 12) dice beat Stealth 6.

QUOTE
If they take a slower approach, the 'link gets only one roll ... but, the hacker needs TIME to do it that way

Well, using probing means the intruder has time. And even a hacker with a crappy pool of 10 rolls 55 dice in total over a course of 10 hours, meaning that in 10 hours any system can be hacked. Including the R 10 Firewalls introduced in That Book.


QUOTE
What it boils down to is this: for under 9,000 nuyen.gif, you've got a 'link that will take at least 3 to 5 combat turns to hack into. Combat turns during which you can be shooting at the hacker, if you're in combat. smile.gif

Sure, in combat. But commlinks have to be reasonably safe to use at the local Starbuck's, too. If the average commlink can be hacked by the kid at the table next to you without any serious skills or programs, there is something wrong.
CanRay
Make it completely Hack Proof?

Take a hammer to it. Repeatedly.
Koekepan
QUOTE (CanRay @ May 29 2012, 12:37 AM) *
Make it completely Hack Proof?

Take a hammer to it. Repeatedly.



Takahara holstered his gun, and shook his head at the security team leader. "Negative, not a runner. Probably just a random lunatic, maybe a BTL junkie."

"How do you figure that? He was in a secured area. Nobody gets in there."

"Except, the pizza delivery guy, the uniform laundry truck, the sanitation team ..."

"I get it, sheesh! I still reckon he was pro, though."

"Doubt it, sir. The camera shows that the main gate man had gone to the restroom, so there was a window where anyone could have sneaked in. Last seen this guy was urinating on the remains of a smashed-up Stuffer Shack commlink before laughing like a hyaena and running off."

"Urinating ... darnit, he's a pro, and you let him go! I'll have your hide for this, Takahara!"

Working for the corps. A steady paycheck, and a steadier diet of shit.
CanRay
The data going to a limited ontime duration Disposable Commlink with a bit of Homemade Thermite hooked up to a series of laser-link networked systems (With drones that can be ordered to take off with them when done), which downloads the paydata to a harmless and generic household item.

"And here's your Paydata, Mr. Johnson."

"It's a toaster."

"Yes. The data is in it. We also have the toaster pre-set to your favorite settings."

"... How do you know my... Never mind, I don't want to know. Let me just confirm the data and get your Credsticks ready."
_Pax._
QUOTE (Sengir @ May 28 2012, 05:27 PM) *
As pointed out by others, hacking does not require a preexisting account.

Never said it does.

But if the system has a rule stating "There no Security accounts on this system", and one shows up? Trigger a Restricted Alert on that user, and begin terminating their connection.

QUOTE
Furthermore, Optimization only works on "Common, Hacking, Autosoft, Simsense" programs. A device matrix attribute is none of those, hence no.


"Optimization
This modification optimizes the device’s processor and components
to enhance one particular program, applying a +1 dice
pool modifier for all tests using that so ware. Each device may
only be optimized once."

(Unwired p198)

It's not the Program Option I meant; it's the Comlink modification I was talking about.

QUOTE
If the average commlink can be hacked by the kid at the table next to you without any serious skills or programs, there is something wrong.

Since when is a rating 6 program, and a rating 6 then spcialised skill, someone "without any serious skills or programs" ...???
LurkerOutThere
QUOTE (_Pax._ @ May 28 2012, 09:13 PM) *
But if the system has a rule stating "There no Security accounts on this system", and one shows up? Trigger a Restricted Alert on that user, and begin terminating their connection.


You realize hacking is basically bypassing system rules right? That didn't escape you at some point in your thought process, if you are being hacked the "system" is already failing to protect you.
_Pax._
QUOTE (LurkerOutThere @ May 28 2012, 09:40 PM) *
You realize hacking is basically bypassing system rules right? That didn't escape you at some point in your thought process, if you are being hacked the "system" is already failing to protect you.

You do realise, I never said "so you can't get in at all". No, I said "so you're going to be recognised as an intruder, and then the node will take steps against you" ...?

A good hacker might still be able to use their User or Security account to create an Admin account. But you've still BOUGHT SOME TIME before they have the liesure of doing whatever action(s) they wanted to hack in for.
Koekepan
QUOTE (LurkerOutThere @ May 29 2012, 04:40 AM) *
You realize hacking is basically bypassing system rules right? That didn't escape you at some point in your thought process, if you are being hacked the "system" is already failing to protect you.


If you have multiple systems watching each other, even if one is blind to the fact that it is being penetrated, the others monitoring traffic will at least see the unauthorised stream of traffic from wherever. That's the whole point. If you're doing anything nefarious, or expecting nefarious things done unto you, and you rely on one system only, you're more or less bending over, grabbing your ankles and screaming for it.

Even physical fortifications have the same principles of design, with crossfire zones overlooking flanks and entries. So the guys behind the castle gate couldn't easily see or hit the people with the battering ram? Their buddies on the bastion towers surely could, and rain burning death on them.
kzt
Don't try to apply logic to SR's hacking. That leads only to madness.

Essentially the better you understand RW computers the harder it is to get your head around the the craziness that is the SR computer rules.
SpellBinder
QUOTE (kzt @ May 28 2012, 09:19 PM) *
Don't try to apply logic to SR's hacking. That leads only to madness.

Essentially the better you understand RW computers the harder it is to get your head around the the craziness that is the SR computer rules.

Not to mention that the whole networking infrastructure has been rebuilt twice in shadowrun history.
Koekepan
QUOTE (kzt @ May 29 2012, 06:19 AM) *
Don't try to apply logic to SR's hacking. That leads only to madness.

Essentially the better you understand RW computers the harder it is to get your head around the the craziness that is the SR computer rules.


I can follow the rules just fine, but I can't think of a faster way of killing off anyone's desire to play anything Matrix-oriented than to simply lock everything down to mindless recapitulation of the rules. Players want to find an edge, want to use their smarts. At some point I need to make a judgement call and say: "Yes, it is possible to monitor a signal to another commlink. Yes, given that commlink's auth keys/ID/Magic Widget, you can analyse the traffic to find things which don't belong, and yes, you can get the alerts sent to your high dollar goggles because that's your visual interface."

And just as much as they do that, I can turn around and use all that good stuff which the smart corp boys would figure out too.

In the big picture, I wouldn't want to limit a samurai who wanted to attack while bungie jumping. I wouldn't want to limit a rigger who wanted to find a way to rig a rat into a backhoe (although what that would achieve I can't imagine, right now). I wouldn't want to limit a shaman who was trying to find a way to summon a soykaf spirit, although I would have serious questions.

And if it's very useful, I might later have a wagemage summoning the spirit of the waterless urinal. Just to watch their expressions.
Tymeaus Jalynsfein
QUOTE (kzt @ May 28 2012, 10:19 PM) *
Don't try to apply logic to SR's hacking. That leads only to madness.

Essentially the better you understand RW computers the harder it is to get your head around the the craziness that is the SR computer rules.


Which is why you just ignore modern computing paradigms. Once you do that, SR4a Hacking is not that difficult.
Halinn
What happens when the response of a system goes to 0? Because if that shuts down the system, the original idea could still work, with the modification that the system has to be running at precisely maximum capacity, so any extra subscriptions will cause it to be shut down. Spoofing still works, but completely blocking one method of entry seems useful.
Tymeaus Jalynsfein
QUOTE (Halinn @ May 29 2012, 10:44 AM) *
What happens when the response of a system goes to 0? Because if that shuts down the system, the original idea could still work, with the modification that the system has to be running at precisely maximum capacity, so any extra subscriptions will cause it to be shut down. Spoofing still works, but completely blocking one method of entry seems useful.


Fluff wise, the system bogs down. Mechanics wise, you just do not add your Response for Initiative, or for anything that requires a Response Roll. Result: You tend to go last in every pass, as your Initiative is almost non-existant compared to a hacker/agent with remaining stats.
kzt
QUOTE (Tymeaus Jalynsfein @ May 29 2012, 08:07 AM) *
Which is why you just ignore modern computing paradigms. Once you do that, SR4a Hacking is not that difficult.

Sure. It still doesn't work, but it's less confusing as to why.

But people still want to do things like "I'll record the encrypted data stream, then break it offline" because that makes complete sense in the real world. The "because I say you can't" explanation that is provided by the game in these kind of situations doesn't help.
Tymeaus Jalynsfein
QUOTE (kzt @ May 29 2012, 03:28 PM) *
Sure. It still doesn't work, but it's less confusing as to why.

But people still want to do things like "I'll record the encrypted data stream, then break it offline" because that makes complete sense in the real world. The "because I say you can't" explanation that is provided by the game in these kind of situations doesn't help.


Again, that is in the real world. Shadowrun does not work that way. See, even you have a hard time getting out of the real world mindset... smile.gif
Purge your mind of the real world constraints and paradigms in regards to computers and you will be set free... smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012