Make your own free website on

Shadows over Baltimore

Matrix Actions

Home | Map | Log In

Links at Bottom

Matrix 2.0 Basics

The Matrix of 2050 is composed of a near-infinite number of overlapping wireless mesh networks used to control nearly every aspect of modern life. The new Matrix is built to ensure that it is omnipresent, accessible from all locations, and integrated into daily life.


Augmented world

Augmented reality (AR) includes all types of sensory enhancements overlaid on a user’s normal real-world perceptions. This allows the average citizen to see, hear, touch, and even smell the Matrix continuously while still interacting with the normal everyday world around them. AR is not to be confused with virtual reality (VR),

where artificial sensations from the Matrix overwhelm your real-world perceptions and immerse you in a simulated reality—mentally separating you from your physical body. Unless otherwise noted, this chapter refers to augmented reality—the most common way of using the Matrix—rather than virtual.


Matrix Topology

The Matrix a complex organism, a vast collection of billions of nodes all linked together in various networks that are

themselves linked together. At the bottom layer of the pyramid are individual users with their commlinks and personal area networks. These users and PANs wirelessly interact with other PANs and devices all around them in a wireless mesh network. Homes and offices are integrated through a terminal—or term for short—that tends to serve as its multimedia center (image scanner, full-size printer, video screen or holo display, larger speakers, and so on). This network connects through numerous gateways and hardwired base stations to the local Matrix infrastructure; together, they form a telecommunications grid. These grids are, in turn, interlinked, forming the backbone of the Matrix itself.


Device and software Ratings

Every computerized electronic device—from commlinks to cyberware to vidcams to mainagents—has a set of basic attributes for use in certain Matrix interactions. Some of these attributes—Response, and Signal—are determined by the machine’s hardware capabilities. Others—Firewall and System—are determined by the device’s operating system (OS) software. For simplicity, however, most devices in SR4 are given a standard Device rating that bundles all of these attributes together. These attributes are detailed under Matrix Attributes. Software also comes with specific Program ratings that determine how effective that particular program is. Software is detailed under Programs.


Using the Matrix

Every Shadowrun character possesses basic computer and electronics skills (unless you possess the Incompetent or

Uneducated negative qualities) and has personal experience with networking, searching for data, and using the

Matrix in general. Standard denizens of the Sixth World use their commlinks/PANs on a constant basis to make telecom calls, experience augmented reality, search for data, keep in touch with teammates, and manage their finances. This, of course, does not make them hackers or technomancers. For characters who want to maximize their Matrix use, however, the skills of Computer (see Using Computer Skill) and Data Search (see Using Data Search Skill) are invaluable.



You are represented in the Matrix by your persona, the graphical user interface that executes all of your commands.

Your persona icon is what other Matrix users see when they interact with you online (see Persona).


Commcodes, Accounts, and Datatrails

Everyone who uses the Matrix has an access code. Your access code is like a phone number: its how others know

where to reach you online. It’s also a way in which you may be tracked—something of concern to all shadowrunners. Details on your datatrail and protecting your privacy are covered under Getting Online.

Many parts of the Matrix are open to public access, just like a web page—anyone can go there and view the contents. In order to enter some nodes (devices or networks), however—especially private ones—you must actually log in to an account. The type of account you have determines what actions you can legitimately take on that particular node (see Authorized Access).


Matrix Actions

A number of actions are available to anyone interacting with the Matrix (see Using the Matrix). When accessing

by AR, these actions may be interchanged with standard physical actions.


Matrix Tests

The gamemaster may call for a test to see how well your character can achieve something in the Matrix, such as digging up a profile on Mr. Johnson. Matrix skill tests use the same skill + attribute dice pool as other tests, except that since you are interfacing with the machine world, you use an appropriate device or program attribute in place of your character’s attribute. If your character is examining a stolen datafile to determine what corporate databank it came from, for example, you roll your Computer skill + Analyze program.


Hacking the Matrix

For hackers and technomancers, it’s not enough to merely use and understand technology and the Matrix—they must explore and exploit it to its full potential. These wireless wizards find the skills of Hacking and Electronic Warfare  necessary to truly reach the beating heart of the machine world. The skills of Hardware and Software  are also useful for hackers who want to create their own tools.


Hacking In

The primary task of hacking is breaking into the target node. This is the main point of contest between the hacker and system security, pitting the hacker’s skills and programs against the target’s Firewall and IC (intrusion countermeasures). Hackers can accomplish this in two ways: on the fly or slowly probing for an exploitable weakness. The first is more likely to raise alarms and trigger countermeasures; the second is more

effective but takes time to accomplish properly. For full details, see Hacking.


Once a hacker has penetrated a node, he can go about his business without having to compete with security anymore—unless he has triggered an alarm. If the system is alerted to the intrusion, he will have to deal with whatever IC and other countermeasures the gamemaster throws at him.


Other Hacker Tricks

Naturally, hackers have a wide repertoire of tricks up their digital sleeves, from covering their tracks to intercepting data to turning that street samurai’s own cyberarm against him. Many of these are detailed under Using Hacking Skill (p. 223), Using Electronic Warfare Skill (p. 225), and What Every Runner Needs to Know About Hacking.


Matrix Combat

Cybercombat is the use of offensive programs against other icons in the Matrix. Cybercombat follows the same Opposed Test procedure as standard combat, pitting the attacker’s Cybercombat + attack program versus the target’s Response + Stealth. Programs substitute System for Cybercombat skill. For more details, see Cybercombat.



Just as hackers can manipulate devices and security systems through the Matrix (or through a direct wired/wireless

link), they can also control unmanned vehicles known asdrones. Thanks to simsense, you can even “jump into” certain devices, effectively “becoming” that device—a process known as “rigging.” In effect, the rigger “possesses” the drone/device, sensing the real world through the device’s sensors, and manipulates the device as if it were an extension of his own body.

Comlinks and Networking

Commlinks are the ultimate personal networking tool, used by almost everyone. They are a combination wireless router, cellphone, vidcam, PDA, GPS unit, chip reader, wallet/ credstick, and mobile gaming device—all in one easy-to carry package that fits inside a pocket, belt-clip, or wrist-clip. Commlinks come in a dizzying area of shapes, sizes, and colors, from stylized head-sets or faux jewelry to cranial implants and commlinks woven into the fabric of your jacket.


Commlinks serve as the primary hub for your PAN, allowing you to access and manipulate all of your PAN-connected electronics through your commlink. Need to make a call? Review a video file you took yesterday? Scan the diagnostics on your cyberlimb? Check the fuel on your drone? Program your alarm clock? You can

do all of this and more through your commlink. Commlinks also provide you with instant wireless access

to the world around you. Not only can you send messages, make calls, transfer files, or access data via the Matrix,

but you can access the wireless devices and networks all around, from the store’s sales catalog to your friend’s PAN

to the lamppost tourist-info RFID tag to the social networking profile of anyone else looking to play a game of

chess in the park.


Commlinks typically carry all of your personal data, replacing the registered credsticks of old. Your ID, SIN, licenses, passport, medical history, insurance data, educational diplomas, credit balance, and far more can be securely stored on your commlink and instantly beamed over for transaction purposes—with proper authorization, of course. Many people openly broadcast certain portions of their personal data via their PAN for others to access. This is often done for convenience and consumer purposes—for example, your favorite stores can access your purchasing history and wishlists as soon as you walk in, and offer specials tailored specifically to you. Some data is broadcast for social networking and gaming services, notifying you if someone single with your same hobbies and interests is in the same bar, or allowing you to engage random opponents in virtual battles in public spaces.

Of course, most users carefully control how much information they make publicly available, but the law often requires certain core pieces of data to be accessible in certain areas (SIN and ID must be broadcast on UCAS federal property, for ex- ample), or for certain data to be accessible by security officers who attempt to access it with authorized security codes. In high-security neighborhoods, it is common practice for police drones to scan the PANs of random people on the street—those with something to hide are usually up to no good.


PAN Modes

Via the commlink, PANs can be set to operate in three different modes. You can change the mode of your PAN as a Free Action (see Change Linked Device Mode.

Active: This mode is the default for most PANs. In active mode, you can both access and be accessed by other nodes (PANs, devices, and networks). Certain areas may require your PAN to be in active mode (airports, corp facilities, etc.)

Passive: A PAN in this mode can access nodes but cannot be accessed by them without your approval. PANs in passive mode will still show up as active networks if searched for. This mode is useful for operating in high traffic areas, where advertising nets or spammers abound. Passive mode allows you to automatically filter out the noise, only alerting you if specific pre-authorized nodes request access.

Hidden: In this mode, your PAN is invisible to other nodes unless you access or authorize them. PAN users in hidden mode are said to be “ghosting,” since there is no way for other users to see them. Using hidden mode is discouraged in some high-class social situations, where it is considered rude. In other areas, however—particularly tech-free zones or shadow establishments where privacy is expected—the opposite is true.

Certain secure areas and high-class establishments prohibit users from operating in hidden mode, and will punish those doing so with expulsion, arrest, or worse.



The persona represents your Matrix alter ego. It is a combination of programs that you use, in conjunction with your

device’s OS, to represent yourself to other users and nodes in the Matrix. Your persona’s attributes are determined by the attributes of whatever device/OS you are using to access the Matrix—usually your commlink or terminal, though you may sometimes access via other devices.

Your persona’s Firewall, Response, Signal, and System attributes are equal to the device and OS you are using to access the Matrix. Attacks made against your persona affect the device/ OS, though Black IC programs affect the actual user directly.



Your persona’s icon graphically represents you in augmented reality (and especially in virtual reality), and in most forms of Matrix communications (email, messaging, phone calls, etc). Whether you bought your icon off the

shelf or programmed your own, icons are easily customizable with a library of features and you can trick them out on the fly with different animated movements, color schemes, mutable design elements, and other digital skin effects. Icons take many shapes and forms, from animated characters and anthropomorphic creatures to more artsy or abstract designs like mobile waterfalls or swirling color patterns. All Matrix-capable devices have default icons loaded in case the user doesn’t have his own—usually simple blank-white anonymous anthroform shapes, often emblazoned with the device manufacturer’s stylized logo. Occasionally, programs you have loaded will add

additional elements to your logo’s look, such as the glowing green force field of an Armor program or the blurring effects of a Stealth program.

Altering or swapping out your icon takes a Free Action.


Linking and Subscribing

Now, just because all of your devices can talk to other devices doesn’t mean that they will. For simplicity, privacy, and security, you may configure your devices so that they only interact with another specific device (usually your commlink, as your PAN’s hub) or a specific network (your PAN). This prevents confusion between users (am I accessing my guncam or yours?) and also offers a degree of protection from snoopers and hackers. Rather than allowing any stranger access to all of your electronics, anyone that wants to interact with your PAN must connect to your commlink first.

In game terms, your persona maintains a subscription list of nodes that you are accessing and that are allowed to establish communication with you. The subscription list may be unlimited in size, but the number of nodes, agents, or drones that a persona may actively subscribe to (access) at any one time is limited to the persona’s System x 2.

Signal Rating

Signal Range





















Matrix Attributes

Matrix attributes generally range in scale from 1 to 6, with the lower ratings indicating cheap, outdated, or salvaged components/ software and higher ratings reflecting well-made parts/code. Some cutting-edge and prototype models may exceed rating 6 attributes, but these are exceptionally rare and hard to come by.


Response (Hardware)

Response is the device’s processing power, or how quickly it reacts to input and processes commands and information. Combine Response with your Intuition to determine your Matrix Initiative. Response may be affected if you run too many programs. For every x number of programs you have actively running, where x = System rating, your Response is reduced by 1. So if you’re running 10 programs with a System 5, your Response will be reduced by 2.


Signal (Hardware)

Signal represents a device’s raw broadcasting power. The higher the Signal, the farther the device can transmit. Though many factors can affect a device’s Signal rating, the most important are antenna size and raw electrical power. Consequently, a device’s size tends to limit how high its Signal rating can be. Implanted cyberware may be limited to a Signal of 1 or 2, while giant vehicle-mounted sensors can have a Signal as high as 8 or 9. Sample Signal ratings and ranges are listed on the Signal Rating Table. Note that for two devices to communicate with each other

(as opposed to one-way communication), the devices must be within the range of the weakest signal rating involved.


Firewall (Software)

Firewall is the OS’s built-in security. It protects against unauthorized access. The better a device’s Firewall rating, the more likely it is to fend off hostile access attempts and exploits. Firewall is also used to defend against Matrix attacks in cybercombat.


System (Software)

System is the capability of the OS—its stability, multitasking properties, ability to control hardware, resources, and

the general quality of it code. System also measures the OS’s ability to run other programs—an OS cannot run a program with a rating higher than the OS rating. A System program is limited by the Response rating of the

device it is on; a System run on a device with a lower Response rating functions at the Response rating instead.

System serves as the limiter for the maximum rating a program can be run on that node (a higher rating program functions at the System rating instead), as well as the number of subscriptions allowed (System x 2, see Linking and Subscribing. System also determines the number of programs that may be run before the system is overloaded and Response is affected (see Response).


Matrix Condition Monitor: System is also a reflection of the OS’s ability to hold up against hostile code and errors—in other words, it determines the how much Matrix damage the device can take. The Matrix Condition Monitor is equal to System 2 (rounded up), plus 8. This is how many boxes of Matrix damage the device can take before its system crashes.


Device Rating (Universal)

There are far too many electronics in the world of Shadowrun for a gamemaster to keep track of their individual

Matrix attributes. Instead, each device is simply given a Device rating. Unless it has been customized or changed in some way, assume that each of the Matrix attributes listed above for a particular device equals its Device rating.

If a particular device plays an important role in an adventure, the gamemaster should assign a full complement of

Matrix attributes to it. If the item only plays a passing role, then a simple Device rating will suffice. The Sample Devices table lists typical Device ratings for common electronics.


Pilot Programs

Pilot programs represent a special type of OS—a system with specialized functions featuring semi-autonomous decision-making algorithms. Pilot is for devices that must be able to assess situations, make decisions, adapt, and ultimately func tion independently of a (meta)human operator for extended periods. The higher the Pilot rating, the “smarter” it is. Pilot is used in place of System for vehicles, drones, and agents, but otherwise has the same function as System.


In game terms, the Pilot attribute stands in for Computer, Cybercombat, Data Search, and Hacking skills, as called for. It may also represent an agent, IC, or drone’s “Mental attributes” when called for (usually Intuition and Logic, and sometimes Willpower). A gamemaster may also make a Pilot + Response Test as a “common sense” test whenever the drone or agent has to make a decision.



There are all sorts of interesting accessories available for your commlink. A few deserve specific mention



Sim Module

The sim-module accessory coverts simsense data into neural signals, so that you can experience other people’s experiences (or programmed sensations)—including emotion. Sim modules are necessary to access virtual reality.


Getting Online

Though accessing the Matrix is as simple as turning on your commlink, there is much going on behind the scenes. This section discusses commcodes, accounts, and datatrails.



Everyone using the Matrix has a personal commcode, or Matrix address—the equivalent of a cell phone number or

email address—to which their calls and messages are directed. Your commcode is usually registered with a paid Matrix service provider, though numerous free (if unreliable) and anonymous shadow-sites offer the same service. Hackers and shadowrunners—and other criminals—typically pay extra for the anonymity and extra security of a black commcode. When you’re online (and when aren’t you?), your commlink is usually set to automatically link to your provider(s) so that all calls and messages are immediately forwarded to you. You can choose to cut this link and “run silent” in order to avoid the risk of someone tracing that link to your current whereabouts (meaning your messages will be stored until retrieved later).


You can also take advantage of encrypted re-routing services that route your link through numerous shadow-operated “anonymizer nodes.” These nodes intentionally strip all identifying data from the link and even stagger traffic that enters and leaves the node in order to stymie traffic analysis attempts. These services add extra levels of security and anonymity that only the most dedicated and resourceful data-trail hackers could overcome.


Authorized Access

Every Matrix node has a set of authorized users, people who have the proper accounts and passcodes and are granted privileges to take certain actions on the node as legitimate users. Authorized users often don’t need to make tests when attempting certain tasks, whereas a hacker who infiltrates the node would need to make tests in order to illicitly manipulate the node.

Note that many nodes also have public access areas (or may be entirely public)—the Matrix equivalent of websites.



Legitimate accounts are protected with passcodes. Speaking metaphorically, a passcode is a key that allows you to open certain locked doors within a house; depending on the privileges assigned to the passcode, the key will not work on certain doors, requiring you to pick the lock (what hackers do). Passcodes come in various formats depending on the security needs of the provider. These can range from very simple to exceedingly complex, though system designers have to keep in mind that the more complex the passcode, the less user-friendly the system. Creating a good passcode system is often a struggle to find a compromise between security and ease of use.

Basic Passcodes consist of sets of symbols that you enter to log on. The most common passcodes are alphanumeric

strings, but thanks to augmented and virtual reality, passcode symbols can also consist of images, tunes, or even specific movements.

Linked Passcodes requires an extra bit of input from the user—an extra level of identification specific to a person or a device. This can be a scan from a security scanner (retinal, fingerprint, palmprint, and so on) linked to the commlink/terminal or the correct signature from the device’s OS or a unique RFID tag. If the scan or signature doesn’t match the records, access will be denied.

Passkeys are one of the most secure ways of controlling access to a node. Passkeys are unique encrypted modules that plug into a commlink or terminal. Many corporations require this accessory for telecommuting workers.

When a logon is attempted, the node queries the module; if it doesn’t receive the proper code, the user is

denied access.


Account Privileges

Most accounts have some sort of limitations; after all, it doesn’t make sense to allow every user to read every other user’s email and access their personal files. Likewise, system administrators and security hackers

need privileges above and beyond those of the basic user. Three types of account privileges exist: personal,

security, and admin. If you have the passcode for an account, you are considered a legitimate authorized user,

unless you attempt an action that the account does not have privileges for.

Personal accounts provide basic privileges to access the files and devices you need to do your job, but that’s about it. The extent of access typically depends on the user’s position in the organization: a supervisor will have wider access than a lowly office temp.

Sometimes personal accounts will be grouped together, so that users in that group may access files marked

for access by their group.

Security accounts are given to senior management and the mid-level technical staff. Most security hackers also have security passcodes, though some have been known to hack themselves up to admin access, depending on how strongly their corporation feels on this issue. Security users are also often part of one or more user groups.

Admin status is only granted to a few users. Also known as “root,” admin privilege gives you total access,

so that any problems that come up in the system can be solved. Admin access authorizes almost any activity, including destruction of important data or actions that damage the system or render it inactive. Note that standard electronic devices only have admin accounts, as there is no need for other accounts for their software.


The Datatrail

Every time you are online—which is usually all of the time—your presence is logged. Every wireless device, terminal, and wired jackpoint has a unique serial number assigned by the manufacturer (and often registered with the local telecomm authorities as well). This access ID is associated with all of your online transactions and typically logged by any device you access. This record is called your datatrail, and it may be used by hackers to track you down or by law enforcement to link you to certain crimes or activities.

Using the Matrix

The default method used to access the Matrix is via augmented reality (as opposed to full-immersion virtual reality. When you utilize the Matrix with AR, you act at regular meat-body speeds, using your character’s physical standard Reaction and Initiative, as normal.


Matrix Perception

With augmented reality, you do not perceive yourself as “within” the Matrix—you see aspects of the Matrix digitally overlaid upon the real world around you. When you access a node, you do not “go there,” but you see (or otherwise perceive) an icon of that node “projected” in your vision. In digital terms, your connection is passed from node to node until you reach your destination.


Perception within the Matrix is entirely computer-generated. Because you do not actually see, you are reliant on your commlink and programs to tell you what is “around” you in the Matrix. The vast majority of Matrix activity (data traffic, background processes, etc.) is highly uninteresting and would quickly overwhelm your senses, so the bulk of it is filtered out. Instead, basic AR Matrix perception is usually limited to a very narrow subset of things, such the icons of nodes/users you are interacting with, menus, dots, arrows, and any display features you call up.


Matrix Perception Tests

If you wish to specifically examine an arrow, dot, or other Matrix object—users, programs, IC, nodes, files, etc.—take a Simple Action to Observe in Detail. Make a Matrix Perception test using your Computer + Analyze program (rather than Perception + Intuition). The gamemaster sets the threshold according to the difficulty of the situation.

If your target is intentionally trying to hide from you, this becomes an Opposed Test, with the target rolling Hacking + Stealth (or Firewall + Stealth for programs/ nodes). As a rule, anything running a Stealth program is considered to be hiding.


Your net hits determine how successful the examination is. For each net hit scored, you can ask for one piece of information about the object—this could be type, rating, alert status, or any other pertinent information. You could learn, for example, any Matrix damage an icon has taken, whether a file has been edited, if a file has a Data Bomb program attached to it, whether there’s a secret trap door access node here to another network, or whether someone has tapped wired Matrix traffic through this node (see Intercept Traffic).


When you are accessing a node, you may set your Analyze program to automatically scan and detect other users/icons on that node with a Simple Action. A successful scan will be reported to you. The program will maintain that task for as long as you are on that node or until you kill that process. The gamemaster secretly conducts Matrix Perception Tests to determine if you detect other icons accessing the system.


Accessing Multiple Nodes

It’s common practice for Matrix users to connect to more than one node at the same time—this is just a matter of switching between open windows. There is no penalty to switch your attention between accessed nodes, but you can only act in one node at a time (meaning each action only applies to one node).


There is also a limit to how many nodes you can access at once: you can only connect to a maximum of System x 2 nodes at any one time. If there’s ever any need to make a test for a persona in a node that the user has accessed but is not currently “active” in (in other words, his attention is focused on his persona’s activities in another node), then the tests should only use the appropriate program rating or computer attribute, and not the user’s skill.


Note that your icon appears in each node you access, and each “copy” icon may be attacked in Matrix combat. It is extremely bad news to be attacked in more than one node at once, as you have to divide your attention between two fights. Any Matrix damage inflicted upon your persona’s Condition Monitor affects all of the “copies” of your persona icon simultaneously.


Matrix Actions

Standard Matrix users may also take advantage of the following Matrix actions.


Logging On/Off

Logging on to a node with the proper passcodes does not require a test, but it does require a Complex Action (accessing a node without authorization requires hacking). Logging off is a simple matter of severing your connection with a Simple Action. The only time logging off is difficult is when Black IC is involved. Note that in order to log on to a wireless node, the user must be within the node’s Signal range and vice versa, or else the user must leapfrog to the node through other nodes.


Jacking Out

Rather than terminating your Matrix session at any time by logging off or turning off the commlink, you can “jack out” by taking off the trodes, pulling the plug on your datajack, or otherwise separating yourself from the commlink. This won’t necessarily disrupt the Matrix connection (though connections may time out and end after long periods of inactivity), but it will disconnect you from your persona (which is just a sitting duck in the meantime).


Jacking out is a Free Action. Jacking out is usually a last resort measure taken by hackers prevented from logging off by a Black IC program.


Controlling Devices

You can control all sorts of Matrix-enabled devices remotely through the Matrix, from simple automatic security

doors and elevators to drones and agents to entire automated factories full of robotic assemblers—virtually any device that can be electronically accessed. Note that you must first gain access to the device before you can control it.


At the gamemaster’s discretion, some control tasks may be simple enough that no test is necessary, such as opening a locked door. Some tasks may require an appropriate skill to be used—controlling a repair drone to remotely fix a car, for example, may call for a Mechanic + Command Test. Remotely controlling a drone would take a Command + vehicle skill Test, and so on.


Note that remotely controlling a drone in this matter is different from rigging a drone (requiring you to “jump into” the drone with full VR and “become” the drone) or issuing commands to a drone (in which case it acts on its own accord).


Issuing Commands

While online, you can issue commands to an agent, drone, sprite, or other device under your control with a Simple Action. Note that you can issue the same command to multiple agents, drones, or sprites at once with the same action; different commands, however, require separate actions. Note that agents and drones will only take orders from their controlling persona, unless another persona spoofs an order (see Spoof Command). If the controlling character chooses, he can instruct the agent or drone to receive orders from other specified personas.



A persona or node can shut down and reboot, but the process takes time. Make an Extended System + Response Test (10, 1 Combat Turn) to determine how long. Initiating a reboot is a Complex Action. A rebooted persona starts again in its personal node, not wherever it was in the Matrix when it rebooted.


No shadowrunning team can expect to get by for long without a hacker (or technomancer) on their side. Hacking is called for whenever you wish to manipulate the programming of computers and electronics—especially Matrix nodes—in ways that are not authorized.


Hacking is centered around defeating a node’s firewall and breaking in. System security likewise focuses on employing intrusion countermeasures  to keep hackers out. If you successfully bypass security and infiltrate a node,

that system will generally treat you as a legitimate user and will not challenge everything you do. You will need to stay alert so that you do not run afoul of security hackers and patrolling IC (see Hacked!—Once Inside,) or accidentally trigger an alarm (see Intruder Alerts). If you raised an alert while breaking in, however, then the system is aware of your intrusion and will actively interfere with your activities while directing IC and/or security hackers your way, and may take even more drastic measures to block your hacking attempts.


Hacking and Accounts

Hackers can gain passcodes to accounts in many ways: stealing them, shoulder-surfing, or sniffing traffic online. Hackers can copy passkeys if they have the actual passkey or its schematics. Counterfeiting a key requires that the encryption be broken first. It then takes a Hardware + Logic Extended Test (10, 1 day). Hackers can also manipulate accounts on nodes they have compromised with an Edit action.


Note that many systems periodically require their users to change account passcodes for security reasons, so passcodes rarely last forever. Likewise, any accounts linked to security anomalies will typically be locked out until an investigation determines they are safe. If a hacker wants to get into a node but has not acquired a passcode, then he must break in.


Breaking In

There are two methods a hacker may employ to break in: on-the-fly hacking and probing for weaknesses.


Hacking on the Fly

On the streets or during a run, you will undoubtedly encounter situations where you need to hack into something without any sort of preparation. In circumstances like this, you pull out all of your hacker tricks and tools and do your best to quickly find an exploit that will get you in without alerting the node’s security—or you simply may not care if you trigger an alarm. Hacking on the fly tends to be a brute-force affair—success is more important than subtlety or finesse.


To hack on the fly, you spend a Complex Action and make a Hacking + Exploit (Firewall, 1 Initiative Pass) Extended Test. This will get you personal account access; if you want security level access, increase the threshold by +3, or +6 for admin access. If you beat the threshold, you have bypassed the security and now have access to the node.


Each time you make a test to hack in, however, the target node also gets to make a free Analyze + Firewall (Stealth) Extended Test. If the node detects you—whether you hack in or not—an alert is triggered.


Probing the Target

If you have the time to properly case your target, your hacking attempt is more likely to be successful and unnoticed.

Using this method, you discreetly probe your target over an extended timeframe, identifying system flaws that can be exploited for access.


Probing is handled as an Extended Hacking + Exploit Test with a threshold equal to the target’s System + Firewall. The interval is 1 hour if done in VR, 1 day if done by AR. This will get you personal account access; if you want security-level access, increase the threshold by +3, or +6 for admin access. Once you reach the threshold, you have found a crack in the system’s defenses that you can exploit to gain access. Using this exploit takes a Complex Action, but automatically succeeds. At the gamemaster’s discretion, such exploits may even work repeatedly (serving as an effective back door into the system), unless the node is somehow alerted to the weakness. Such back doors may also not last forever, as security upgrades or regular system audits may close off that access route.


Similar to hacking on the fly, the target node gets one free Analyze + Firewall Test when you make the actual intrusion. The threshold for this test equals your full Stealth program rating. If the node detects you, an alert is triggered (see Intruder Alert).


Glitches: If you glitch while conducting your probing, the target node is alerted to your reconnaissance attempts. At the gamemaster’s discretion, you may need to start over, the node may be prepared for your exploit attempt (receiving a bonus on its detection test), or you may automatically trigger an alert when you break in.


Hacked !—Once Inside

A hacker who has successfully broken into a node undetected can go about his business like any user with the appropriate account privileges. This does not mean, however, that you have free rein to run amok—you must be

on guard against security hackers, patrolling IC, glitches, and other defenses:

Security Hackers: High-security systems will employ security hackers to monitor their networks and nodes and watch for signs of intrusion. The gamemaster decides if a node deserves this kind of overwatch, as well as their numbers, abilities, and alertness.

Patrolling IC: Highly secure systems might employ IC  to wander a node, scan users, and otherwise guard against interlopers. IC may be loaded with an Analyze or Track program and instructed to randomly check users to ensure

they are legitimate. Patrolling IC that discovers a hacker will put the system on alert and may attack if carrying any offensive programs.

Glitches: At the gamemaster’s call, a hacker who rolls a glitch while intruding on a node has inadvertently given away his presence to the system’s firewall. The node may send IC or a sec hacker to investigate, or may immediately go on alert and call out the cyberdogs.

Other Defenses: Nodes are typically equipped with other internal defenses to guard against unwanted snoopers. These include, but are not limited to: encrypted files, secret nodes, data bombs, red herring files, and anything else the gamemaster devises. In some cases, IC programs may be encrypted with sensitive files, so that when the files are decrypted, the IC will verify the user’s identity and attack or destroy the file if they are not authorized.


Intruder Alerts

If a node is aware that it has been hacked, it will immediately go on alert and initiate various countermeasures. These include launching IC, terminating connections, and—as an extreme measure—initiating a shutdown and rebooting. For gamemasters who want to randomly determine what a system’s alert response is, refer to the Random Alert Response table.


Active Alert

A node on alert status has verified an intrusion or other unauthorized activity. Most nodes are programmed to automatically alert security personnel or the owner/user of the device when an alert is triggered. If the node contains security hackers (or if there are any on call), they will be alerted and will come looking for the interloper. A node on alert receives a Firewall bonus of +4 against the intruder that triggered the alert. This applies to all tests made by or against the node’s Firewall.


Launch IC Program

Once an alert is triggered, the node will typically launch IC programs to attack or interfere with the intruder. The gamemaster determines which programs the node has on hand, and in what order it uses them. Secure corporate systems will have an entire library of IC to throw at hackers, whereas some goon’s cyberarm is only likely to have a single defensive program (if any). See Intrusion Countermeasures. If the intruder has been traced, the node may even send IC to launch its own hacking attempts on the intruder’s system.


Terminate Connection

Once an intruder is identified, a node may attempt to sever the hacker’s connection by shutting down the port through which he is accessing. On some isolated high-security nodes or hand-held devices that do not often rely on remote access, all outside connections may be severed. In order to sever a connection, the node immediately makes an Opposed Firewall + System Test against the hacker’s Exploit program + Hacking skill. If the hacker used a passcode and legitimate account to log on, rather than hacking his way in with an exploit program, then the Exploit program does not apply to the test. If the node achieves more hits, it disconnects the hacker. The hacker can attempt to log back on, but the node will be on alert (and may have closed down all outside connections).


System Reset

As a last resort, many nodes will simply reset themselves or shut down in order to purge an intruder before he wreaks too much havoc. Shutting down and rebooting takes an Extended System + Response Test (10, 1 Combat Turn). Anyone accessing the node when it shuts down is logged off; all active programs are saved and shut down.

Using Computer Skill

Enter supporting content here