Shadows over Baltimore Matrix Actions |
|||||
|
||||||||||||||||||||||||||
Matrix
2.0 Basics The Matrix of 2050 is composed of a
near-infinite number of overlapping wireless mesh networks used to control nearly every aspect of modern life. The new Matrix
is built to ensure that it is omnipresent, accessible from all locations, and integrated into daily life. Augmented
world Augmented reality (AR) includes all
types of sensory enhancements overlaid on a user’s normal real-world perceptions. This allows the average citizen to
see, hear, touch, and even smell the Matrix continuously while still interacting with the normal everyday world around them.
AR is not to be confused with virtual reality (VR), where artificial sensations from the
Matrix overwhelm your real-world perceptions and immerse you in a simulated reality—mentally separating you from your
physical body. Unless otherwise noted, this chapter refers to augmented reality—the most common way of using the Matrix—rather
than virtual. Matrix
Topology The Matrix a complex organism, a vast
collection of billions of nodes all linked together in various networks that are themselves linked together. At the
bottom layer of the pyramid are individual users with their commlinks and personal area networks. These users and PANs wirelessly interact
with other PANs and devices all around them in a wireless mesh network. Homes and offices are integrated through a terminal—or
term
for
short—that tends to serve as its multimedia center (image scanner, full-size printer, video screen or holo display,
larger speakers, and so on). This network connects through numerous gateways and hardwired base stations to the local Matrix
infrastructure; together, they form a telecommunications grid. These grids are, in turn, interlinked, forming the backbone
of the Matrix itself. Device
and software Ratings Every computerized electronic device—from
commlinks to cyberware to vidcams to mainagents—has a set of basic attributes for use in certain Matrix interactions.
Some of these attributes—Response, and Signal—are determined by the machine’s hardware capabilities. Others—Firewall
and System—are determined by the device’s operating system (OS) software. For simplicity, however, most devices
in SR4
are
given a standard Device rating that bundles all of these attributes together. These attributes are detailed under Matrix Attributes. Software also comes
with specific Program ratings that determine how effective that particular program is. Software is detailed under Programs. Using
the Matrix Every Shadowrun character possesses basic computer
and electronics skills (unless you possess the Incompetent or Uneducated negative qualities) and
has personal experience with networking, searching for data, and using the Matrix in general. Standard denizens
of the Sixth World use their commlinks/PANs on a constant basis to make telecom calls, experience augmented reality, search
for data, keep in touch with teammates, and manage their finances. This, of course, does not make them hackers or technomancers.
For characters who want to maximize their Matrix use, however, the skills of Computer (see Using Computer Skill) and Data Search
(see Using
Data Search Skill)
are invaluable. Interface You are represented in the Matrix by
your persona,
the
graphical user interface that executes all of your commands. Your persona icon is what other Matrix
users see when they interact with you online (see Persona). Commcodes,
Accounts, and Datatrails Everyone who uses the Matrix has an
access code. Your access code is like a phone number: its how others know where to reach you online. It’s
also a way in which you may be tracked—something of concern to all shadowrunners. Details on your datatrail and protecting
your privacy are covered under Getting Online. Many parts of the Matrix are open to
public access, just like a web page—anyone can go there and view the contents. In order to enter some nodes (devices or networks),
however—especially private ones—you must actually log in to an account. The type of account you have determines
what actions you can legitimately take on that particular node (see Authorized Access). Matrix
Actions A number of actions are available to
anyone interacting with the Matrix (see Using the Matrix). When accessing by AR, these actions may be interchanged
with standard physical actions. Matrix
Tests The gamemaster may call for a test
to see how well your character can achieve something in the Matrix, such as digging up a profile on Mr. Johnson. Matrix skill
tests use the same skill + attribute dice pool as other tests, except that since you are interfacing with the machine world,
you use an appropriate device or program attribute in place of your character’s attribute. If your character is examining
a stolen datafile to determine what corporate databank it came from, for example, you roll your Computer skill + Analyze program. Hacking
the Matrix For hackers and technomancers, it’s
not enough to merely use and understand technology and the Matrix—they must explore and exploit it to its full potential.
These wireless wizards find the skills of Hacking and Electronic Warfare necessary
to truly reach the beating heart of the machine world. The skills of Hardware and Software are
also useful for hackers who want to create their own tools. Hacking
In The primary task of hacking is breaking
into the target node. This is the main point of contest between the hacker and system security, pitting the hacker’s
skills and programs against the target’s Firewall and IC (intrusion countermeasures). Hackers can accomplish this in
two ways: on the fly or slowly probing for an exploitable weakness. The first is more likely to raise alarms and trigger countermeasures;
the second is more effective but takes time to accomplish
properly. For full details, see Hacking. Once a hacker has penetrated a node,
he can go about his business without having to compete with security anymore—unless he has triggered an alarm. If the system
is alerted to the intrusion, he will have to deal with whatever IC and other countermeasures the gamemaster throws at him. Other
Hacker Tricks Naturally, hackers have a wide repertoire
of tricks up their digital sleeves, from covering their tracks to intercepting data to turning that street samurai’s
own cyberarm against him. Many of these are detailed under Using Hacking Skill (p. 223), Using Electronic Warfare Skill (p. 225), and What Every Runner Needs to Know About
Hacking. Matrix
Combat Cybercombat is the use of offensive
programs against other icons in the Matrix. Cybercombat follows the same Opposed Test procedure as standard combat, pitting
the attacker’s Cybercombat + attack program versus the target’s Response + Stealth. Programs substitute System
for Cybercombat skill. For more details, see Cybercombat. Rigging Just as hackers can manipulate devices
and security systems through the Matrix (or through a direct wired/wireless link), they can also control unmanned
vehicles known asdrones. Thanks to simsense, you can even “jump into” certain devices, effectively “becoming”
that device—a process known as “rigging.” In effect, the rigger “possesses” the drone/device,
sensing the real world through the device’s sensors, and manipulates the device as if it were an extension of his own
body.
Comlinks
and Networking Commlinks are the ultimate personal
networking tool, used by almost everyone. They are a combination wireless router, cellphone, vidcam, PDA, GPS unit, chip reader,
wallet/ credstick, and mobile gaming device—all in one easy-to carry package that fits inside a pocket, belt-clip, or
wrist-clip. Commlinks come in a dizzying area of shapes, sizes, and colors, from stylized head-sets or faux jewelry to cranial
implants and commlinks woven into the fabric of your jacket. Commlinks serve as the primary hub
for your PAN, allowing you to access and manipulate all of your PAN-connected electronics through your commlink. Need to make
a call? Review a video file you took yesterday? Scan the diagnostics on your cyberlimb? Check the fuel on your drone? Program
your alarm clock? You can do all of this and more through your
commlink. Commlinks also provide you with instant wireless access to the world around you. Not only can
you send messages, make calls, transfer files, or access data via the Matrix, but you can access the wireless devices
and networks all around, from the store’s sales catalog to your friend’s PAN to the lamppost tourist-info RFID tag
to the social networking profile of anyone else looking to play a game of chess in the park. Commlinks typically carry all of your
personal data, replacing the registered credsticks of old. Your ID, SIN, licenses, passport, medical history, insurance data,
educational diplomas, credit balance, and far more can be securely stored on your commlink and instantly beamed over for transaction
purposes—with proper authorization, of course. Many people openly broadcast certain portions of their personal data
via their PAN for others to access. This is often done for convenience and consumer purposes—for example, your favorite
stores can access your purchasing history and wishlists as soon as you walk in, and offer specials tailored specifically to
you. Some data is broadcast for social networking and gaming services, notifying you if someone single with your same hobbies
and interests is in the same bar, or allowing you to engage random opponents in virtual battles in public spaces. Of course, most users carefully control
how much information they make publicly available, but the law often requires certain core pieces of data to be accessible
in certain areas (SIN and ID must be broadcast on UCAS federal property, for ex- ample), or for certain data to be accessible
by security officers who attempt to access it with authorized security codes. In high-security neighborhoods, it is common
practice for police drones to scan the PANs of random people on the street—those with something to hide are usually
up to no good. PAN
Modes Via the commlink, PANs can be set to
operate in three different modes. You can change the mode of your PAN as a Free Action (see Change Linked Device Mode. Active: This mode is the
default for most PANs. In active mode, you can both access and be accessed by other nodes (PANs, devices, and networks). Certain
areas may require your PAN to be in active mode (airports, corp facilities, etc.) Passive: A PAN in this mode
can access nodes but cannot be accessed by them without your approval. PANs in passive mode will still show up as active networks
if searched for. This mode is useful for operating in high traffic areas, where advertising nets or spammers abound. Passive
mode allows you to automatically filter out the noise, only alerting you if specific pre-authorized nodes request access. Hidden: In this mode, your
PAN is invisible to other nodes unless you access or authorize them. PAN users in hidden mode are said to be “ghosting,”
since there is no way for other users to see them. Using hidden mode is discouraged in some high-class social situations,
where it is considered rude. In other areas, however—particularly tech-free zones or shadow establishments where privacy
is expected—the opposite is true. Certain secure areas and high-class
establishments prohibit users from operating in hidden mode, and will punish those doing so with expulsion, arrest, or worse. Persona The persona represents your Matrix
alter ego. It is a combination of programs that you use, in conjunction with your device’s OS, to represent yourself
to other users and nodes in the Matrix. Your persona’s attributes are determined by the attributes of whatever device/OS
you are using to access the Matrix—usually your commlink or terminal, though you may sometimes access via other devices. Your persona’s Firewall, Response,
Signal, and System attributes are equal to the device and OS you are using to access the Matrix. Attacks made against your
persona affect the device/ OS, though Black IC programs affect the actual user directly. Icon Your persona’s icon graphically
represents you in augmented reality (and especially in virtual reality), and in most forms of Matrix communications (email,
messaging, phone calls, etc). Whether you bought your icon off the shelf or programmed your own, icons
are easily customizable with a library of features and you can trick them out on the fly with different animated movements,
color schemes, mutable design elements, and other digital skin effects. Icons take many shapes and forms, from animated characters
and anthropomorphic creatures to more artsy or abstract designs like mobile waterfalls or swirling color patterns. All Matrix-capable
devices have default icons loaded in case the user doesn’t have his own—usually simple blank-white anonymous anthroform
shapes, often emblazoned with the device manufacturer’s stylized logo. Occasionally, programs you have loaded will add additional elements to your logo’s
look, such as the glowing green force field of an Armor program or the blurring effects of a Stealth program. Altering or swapping out your icon
takes a Free Action. Linking
and Subscribing Now, just because all of your devices
can
talk
to other devices doesn’t mean that they will. For simplicity, privacy, and security, you may configure your devices so that they
only interact with another specific device (usually your commlink, as your PAN’s hub) or a specific network (your PAN).
This prevents confusion between users (am I accessing my guncam or yours?) and also offers a degree of protection from snoopers
and hackers. Rather than allowing any stranger access to all of your electronics, anyone that wants to interact with your
PAN must connect to your commlink first. In game terms, your persona maintains
a subscription list of nodes that you are accessing and that are allowed to establish communication with you. The subscription
list may be unlimited in size, but the number of nodes, agents, or drones that a persona may actively subscribe to (access)
at any one time is limited to the persona’s System x 2. Signal Rating Signal Range 0 3m 1 40m 2 100m 3 400m 4 1km 5 4km 6 10km 7 40km 8 100km 9 400km Matrix
Attributes Matrix attributes generally range in
scale from 1 to 6, with the lower ratings indicating cheap, outdated, or salvaged components/ software and higher ratings
reflecting well-made parts/code. Some cutting-edge and prototype models may exceed rating 6 attributes, but these are exceptionally
rare and hard to come by. Response
(Hardware) Response is the device’s processing
power, or how quickly it reacts to input and processes commands and information. Combine Response with your Intuition to determine
your Matrix Initiative. Response may be affected if you run too many programs. For every x number of programs you have actively
running, where x = System rating, your Response is reduced by 1. So if you’re running 10 programs with a System 5, your
Response will be reduced by 2. Signal
(Hardware) Signal represents a device’s
raw broadcasting power. The higher the Signal, the farther the device can transmit. Though many factors can affect a device’s
Signal rating, the most important are antenna size and raw electrical power. Consequently, a device’s size tends to
limit how high its Signal rating can be. Implanted cyberware may be limited to a Signal of 1 or 2, while giant vehicle-mounted
sensors can have a Signal as high as 8 or 9. Sample Signal ratings and ranges are listed on the Signal Rating Table. Note
that for two devices to communicate with each other (as opposed to one-way communication),
the devices must be within the range of the weakest signal rating involved. Firewall
(Software) Firewall is the OS’s built-in
security. It protects against unauthorized access. The better a device’s Firewall rating, the more likely it is to fend
off hostile access attempts and exploits. Firewall is also used to defend against Matrix attacks in cybercombat. System
(Software) System is the capability of the OS—its
stability, multitasking properties, ability to control hardware, resources, and the general quality of it code. System
also measures the OS’s ability to run other programs—an OS cannot run a program with a rating higher than the
OS rating. A System program is limited by the Response rating of the device it is on; a System run on a
device with a lower Response rating functions at the Response rating instead. System serves as the limiter for the
maximum rating a program can be run on that node (a higher rating program functions at the System rating instead), as well
as the number of subscriptions allowed (System x 2, see Linking and Subscribing. System also determines the number of programs that may be run before the system
is overloaded and Response is affected (see Response). Matrix
Condition Monitor: System is also a reflection of the OS’s ability to hold up against hostile code and errors—in
other words, it determines the how much Matrix damage the device can take. The Matrix Condition Monitor is equal to System
÷ 2 (rounded up), plus 8. This is how many boxes of Matrix damage the device can take before its system crashes. Device
Rating (Universal) There are far too many electronics
in the world of Shadowrun for a gamemaster to keep track of their individual Matrix attributes. Instead, each device
is simply given a Device rating. Unless it has been customized or changed in some way, assume that each of the Matrix attributes
listed above for a particular device equals its Device rating. If a particular device plays an important
role in an adventure, the gamemaster should assign a full complement of Matrix attributes to it. If the item
only plays a passing role, then a simple Device rating will suffice. The Sample Devices table lists typical Device ratings
for common electronics. Pilot
Programs Pilot programs represent a special
type of OS—a system with specialized functions featuring semi-autonomous decision-making algorithms. Pilot is for devices
that must be able to assess situations, make decisions, adapt, and ultimately func tion independently of a (meta)human operator
for extended periods. The higher the Pilot rating, the “smarter” it is. Pilot is used in place of System for vehicles,
drones, and agents, but otherwise has the same function as System. In game terms, the Pilot attribute
stands in for Computer, Cybercombat, Data Search, and Hacking skills, as called for. It may also represent an agent, IC, or
drone’s “Mental attributes” when called for (usually Intuition and Logic, and sometimes Willpower). A gamemaster
may also make a Pilot + Response Test as a “common sense” test whenever the drone or agent has to make a decision. Accessories There are all sorts of interesting
accessories available for your commlink. A few deserve specific mention here: Sim
Module The sim-module accessory coverts simsense
data into neural signals, so that you can experience other people’s experiences (or programmed sensations)—including
emotion. Sim modules are necessary to access virtual reality. Getting
Online Though accessing the Matrix is as simple
as turning on your commlink, there is much going on behind the scenes. This section discusses commcodes, accounts, and datatrails. Commcodes Everyone using the Matrix has a personal
commcode,
or
Matrix address—the equivalent of a cell phone number or email address—to which their
calls and messages are directed. Your commcode is usually registered with a paid Matrix service provider, though numerous
free (if unreliable) and anonymous shadow-sites offer the same service. Hackers and shadowrunners—and other criminals—typically
pay extra for the anonymity and extra security of a black commcode. When you’re online (and when aren’t you?),
your commlink is usually set to automatically link to your provider(s) so that all calls and messages are immediately forwarded
to you. You can choose to cut this link and “run silent” in order to avoid the risk of someone tracing that link
to your current whereabouts (meaning your messages will be stored until retrieved later). You can also take advantage of encrypted
re-routing services that route your link through numerous shadow-operated “anonymizer nodes.” These nodes intentionally
strip all identifying data from the link and even stagger traffic that enters and leaves the node in order to stymie traffic
analysis attempts. These services add extra levels of security and anonymity that only the most dedicated and resourceful
data-trail hackers could overcome. Authorized
Access Every Matrix node has a set of authorized
users, people who have the proper accounts and passcodes and are granted privileges to take certain actions on the node as
legitimate users. Authorized users often don’t need to make tests when attempting certain tasks, whereas a hacker who
infiltrates the node would need to make tests in order to illicitly manipulate the node. Note that many nodes also have public
access areas (or may be entirely public)—the Matrix equivalent of websites. Passcodes Legitimate accounts are protected with
passcodes. Speaking metaphorically, a passcode is a key that allows you to open certain locked doors within a house; depending
on the privileges assigned to the passcode, the key will not work on certain doors, requiring you to pick the lock (what hackers
do). Passcodes come in various formats depending on the security needs of the provider. These can range from very simple to
exceedingly complex, though system designers have to keep in mind that the more complex the passcode, the less user-friendly
the system. Creating a good passcode system is often a struggle to find a compromise between security and ease of use. Basic
Passcodes
consist
of sets of symbols that you enter to log on. The most common passcodes are alphanumeric strings, but thanks to augmented and
virtual reality, passcode symbols can also consist of images, tunes, or even specific movements. Linked
Passcodes
requires
an extra bit of input from the user—an extra level of identification specific to a person or a device. This can be a
scan from a security scanner (retinal, fingerprint, palmprint, and so on) linked to the commlink/terminal or the correct signature
from the device’s OS or a unique RFID tag. If the scan or signature doesn’t match the records, access will be
denied. Passkeys are one of the most
secure ways of controlling access to a node. Passkeys are unique encrypted modules that plug into a commlink or terminal.
Many corporations require this accessory for telecommuting workers. When a logon is attempted, the node
queries the module; if it doesn’t receive the proper code, the user is denied access. Account
Privileges Most accounts have some sort of limitations;
after all, it doesn’t make sense to allow every user to read every other user’s email and access their personal
files. Likewise, system administrators and security hackers need privileges above and beyond those
of the basic user. Three types of account privileges exist: personal, security, and admin. If you have the
passcode for an account, you are considered a legitimate authorized user, unless you attempt an action that the
account does not have privileges for. Personal
accounts
provide basic privileges to access the files and devices you need to do your job, but that’s about it. The extent of
access typically depends on the user’s position in the organization: a supervisor will have wider access than a lowly
office temp. Sometimes personal accounts will be
grouped together, so that users in that group may access files marked for access by their group. Security
accounts
are given to senior management and the mid-level technical staff. Most security hackers also have security passcodes, though
some have been known to hack themselves up to admin access, depending on how strongly their corporation feels on this issue.
Security users are also often part of one or more user groups. Admin
status
is only granted to a few users. Also known as “root,” admin privilege gives you total access, so that any problems that come up in
the system can be solved. Admin access authorizes almost any activity, including destruction of important data or actions
that damage the system or render it inactive. Note that standard electronic devices only have admin accounts, as there is
no need for other accounts for their software. The
Datatrail Every time you are online—which
is usually all
of the time—your
presence is logged. Every wireless device, terminal, and wired jackpoint has a unique serial number assigned by the manufacturer
(and often registered with the local telecomm authorities as well). This access ID is associated with all of your online transactions
and typically logged by any device you access. This record is called your datatrail, and it may be used by hackers to track
you down or by law enforcement to link you to certain crimes or activities.
Using
the Matrix The default method used to access the
Matrix is via augmented reality (as opposed to full-immersion virtual reality. When you utilize the Matrix with AR, you act
at regular meat-body speeds, using your character’s physical standard Reaction and Initiative, as normal. Matrix
Perception With augmented reality, you do not
perceive yourself as “within” the Matrix—you see aspects of the Matrix digitally overlaid upon the real
world around you. When you access a node, you do not “go there,” but you see (or otherwise perceive) an icon of
that node “projected” in your vision. In digital terms, your connection is passed from node to node until you
reach your destination. Perception within the Matrix is entirely
computer-generated. Because you do not actually see, you are reliant on your commlink and programs to tell you what is “around”
you in the Matrix. The vast majority of Matrix activity (data traffic, background processes, etc.) is highly uninteresting
and would quickly overwhelm your senses, so the bulk of it is filtered out. Instead, basic AR Matrix perception is usually
limited to a very narrow subset of things, such the icons of nodes/users you are interacting with, menus, dots, arrows, and
any display features you call up. Matrix
Perception Tests If you wish to specifically examine
an arrow, dot, or other Matrix object—users, programs, IC, nodes, files, etc.—take a Simple Action to Observe
in Detail. Make a Matrix Perception test using your Computer + Analyze program (rather than Perception + Intuition). The gamemaster
sets the threshold according to the difficulty of the situation. If your target is intentionally trying
to hide from you, this becomes an Opposed Test, with the target rolling Hacking + Stealth (or Firewall + Stealth for programs/
nodes). As a rule, anything running a Stealth program is considered to be hiding. Your net hits determine how successful
the examination is. For each net hit scored, you can ask for one piece of information about the object—this could be
type, rating, alert status, or any other pertinent information. You could learn, for example, any Matrix damage an icon has
taken, whether a file has been edited, if a file has a Data Bomb program attached to it, whether there’s a secret trap
door access node here to another network, or whether someone has tapped wired Matrix traffic through this node (see Intercept Traffic). When you are accessing a node, you
may set your Analyze program to automatically scan and detect other users/icons on that node with a Simple Action. A successful
scan will be reported to you. The program will maintain that task for as long as you are on that node or until you kill that
process. The gamemaster secretly conducts Matrix Perception Tests to determine if you detect other icons accessing the system. Accessing
Multiple Nodes It’s common practice for Matrix
users to connect to more than one node at the same time—this is just a matter of switching between open windows. There
is no penalty to switch your attention between accessed nodes, but you can only act in one node at a time (meaning each action
only applies to one node). There is also a limit to how many nodes
you can access at once: you can only connect to a maximum of System x 2 nodes at any one time. If there’s ever any need
to make a test for a persona in a node that the user has accessed but is not currently “active” in (in other words,
his attention is focused on his persona’s activities in another node), then the tests should only use the appropriate
program rating or computer attribute, and not the user’s skill. Note that your icon appears in each
node you access, and each “copy” icon may be attacked in Matrix combat. It is extremely bad news to be attacked
in more than one node at once, as you have to divide your attention between two fights. Any Matrix damage inflicted upon your
persona’s Condition Monitor affects all of the “copies” of your persona icon simultaneously. Matrix
Actions Standard Matrix users may also take
advantage of the following Matrix actions. Logging
On/Off Logging on to a node with the proper
passcodes does not require a test, but it does require a Complex Action (accessing a node without authorization requires hacking).
Logging off is a simple matter of severing your connection with a Simple Action. The only time logging off is difficult is
when Black IC is involved. Note that in order to log on to a wireless node, the user must be within the node’s Signal
range and vice versa, or else the user must leapfrog to the node through other nodes. Jacking
Out Rather than terminating your Matrix
session at any time by logging off or turning off the commlink, you can “jack out” by taking off the trodes, pulling
the plug on your datajack, or otherwise separating yourself from the commlink. This won’t necessarily disrupt the Matrix
connection (though connections may time out and end after long periods of inactivity), but it will disconnect you from your
persona (which is just a sitting duck in the meantime). Jacking out is a Free Action. Jacking
out is usually a last resort measure taken by hackers prevented from logging off by a Black IC program. Controlling
Devices You can control all sorts of Matrix-enabled
devices remotely through the Matrix, from simple automatic security doors and elevators to drones and agents
to entire automated factories full of robotic assemblers—virtually any device that can be electronically accessed. Note
that you must first gain access to the device before you can control it. At the gamemaster’s discretion,
some control tasks may be simple enough that no test is necessary, such as opening a locked door. Some tasks may require an
appropriate skill to be used—controlling a repair drone to remotely fix a car, for example, may call for a Mechanic
+ Command Test. Remotely controlling a drone would take a Command + vehicle skill Test, and so on. Note that remotely controlling a drone
in this matter is different from rigging a drone (requiring you to “jump into” the drone with full VR and “become”
the drone) or issuing commands to a drone (in which case it acts on its own accord). Issuing
Commands While online, you can issue commands
to an agent, drone, sprite, or other device under your control with a Simple Action. Note that you can issue the same command
to multiple agents, drones, or sprites at once with the same action; different commands, however, require separate actions.
Note that agents and drones will only take orders from their controlling persona, unless another persona spoofs an order (see
Spoof
Command).
If the controlling character chooses, he can instruct the agent or drone to receive orders from other specified personas. Reboot A persona or node can shut down and
reboot, but the process takes time. Make an Extended System + Response Test (10, 1 Combat Turn) to determine how long. Initiating
a reboot is a Complex Action. A rebooted persona starts again in its personal node, not wherever it was in the Matrix when
it rebooted.
Hacking No shadowrunning team can expect to
get by for long without a hacker (or technomancer) on their side. Hacking is called for whenever you wish to manipulate the
programming of computers and electronics—especially Matrix nodes—in ways that are not authorized. Hacking is centered around defeating
a node’s firewall and breaking in. System security likewise focuses on employing intrusion countermeasures to keep hackers out. If you successfully bypass security and infiltrate a node, that system will generally treat you
as a legitimate user and will not challenge everything you do. You will need to stay alert so that you do not run afoul of
security hackers and patrolling IC (see Hacked!—Once Inside,) or accidentally trigger an alarm (see Intruder Alerts). If you raised
an alert while breaking in, however, then the system is aware of your intrusion and will actively interfere with your activities
while directing IC and/or security hackers your way, and may take even more drastic measures to block your hacking attempts. Hacking
and Accounts Hackers can gain passcodes to accounts
in many ways: stealing them, shoulder-surfing, or sniffing traffic online. Hackers can copy passkeys if they have the actual
passkey or its schematics. Counterfeiting a key requires that the encryption be broken first. It then takes a Hardware + Logic
Extended Test (10, 1 day). Hackers can also manipulate accounts on nodes they have compromised with an Edit action. Note that many systems periodically
require their users to change account passcodes for security reasons, so passcodes rarely last forever. Likewise, any accounts
linked to security anomalies will typically be locked out until an investigation determines they are safe. If a hacker wants
to get into a node but has not acquired a passcode, then he must break in. Breaking
In There are two methods a hacker may
employ to break in: on-the-fly hacking and probing for weaknesses. Hacking
on the Fly On the streets or during a run, you
will undoubtedly encounter situations where you need to hack into something without any sort of preparation. In circumstances
like this, you pull out all of your hacker tricks and tools and do your best to quickly find an exploit that will get you
in without alerting the node’s security—or you simply may not care if you trigger an alarm. Hacking on the fly
tends to be a brute-force affair—success is more important than subtlety or finesse. To hack on the fly, you spend a Complex
Action and make a Hacking + Exploit (Firewall, 1 Initiative Pass) Extended Test. This will get you personal account access;
if you want security level access, increase the threshold by +3, or +6 for admin access. If you beat the threshold, you have
bypassed the security and now have access to the node. Each time you make a test to hack in,
however, the target node also gets to make a free Analyze + Firewall (Stealth) Extended Test. If the node detects you—whether
you hack in or not—an alert is triggered. Probing
the Target If you have the time to properly case
your target, your hacking attempt is more likely to be successful and unnoticed. Using this method, you discreetly probe
your target over an extended timeframe, identifying system flaws that can be exploited for access. Probing is handled as an Extended Hacking
+ Exploit Test with a threshold equal to the target’s System + Firewall. The interval is 1 hour if done in VR, 1 day
if done by AR. This will get you personal account access; if you want security-level access, increase the threshold by +3,
or +6 for admin access. Once you reach the threshold, you have found a crack in the system’s defenses that you can exploit
to gain access. Using this exploit takes a Complex Action, but automatically succeeds. At the gamemaster’s discretion,
such exploits may even work repeatedly (serving as an effective back door into the system), unless the node is somehow alerted
to the weakness. Such back doors may also not last forever, as security upgrades or regular system audits may close off that
access route. Similar to hacking on the fly, the
target node gets one free Analyze + Firewall Test when you make the actual intrusion. The threshold for this test equals your
full Stealth program rating. If the node detects you, an alert is triggered (see Intruder Alert). Glitches: If you glitch while
conducting your probing, the target node is alerted to your reconnaissance attempts. At the gamemaster’s discretion,
you may need to start over, the node may be prepared for your exploit attempt (receiving a bonus on its detection test), or
you may automatically trigger an alert when you break in. Hacked
!—Once Inside A hacker who has successfully broken
into a node undetected can go about his business like any user with the appropriate account privileges. This does not mean,
however, that you have free rein to run amok—you must be on guard against security hackers,
patrolling IC, glitches, and other defenses: Security
Hackers:
High-security
systems will employ security hackers to monitor their networks and nodes and watch for signs of intrusion. The gamemaster
decides if a node deserves this kind of overwatch, as well as their numbers, abilities, and alertness. Patrolling
IC:
Highly
secure systems might employ IC to wander a node, scan users, and otherwise guard
against interlopers. IC may be loaded with an Analyze or Track program and instructed to randomly check users to ensure they are legitimate. Patrolling IC
that discovers a hacker will put the system on alert and may attack if carrying any offensive programs. Glitches: At the gamemaster’s
call, a hacker who rolls a glitch while intruding on a node has inadvertently given away his presence to the system’s
firewall. The node may send IC or a sec hacker to investigate, or may immediately go on alert and call out the cyberdogs. Other
Defenses:
Nodes
are typically equipped with other internal defenses to guard against unwanted snoopers. These include, but are not limited
to: encrypted files, secret nodes, data bombs, red herring files, and anything else the gamemaster devises. In some cases,
IC programs may be encrypted with sensitive files, so that when the files are decrypted, the IC will verify the user’s
identity and attack or destroy the file if they are not authorized. Intruder
Alerts If a node is aware that it has been
hacked, it will immediately go on alert and initiate various countermeasures. These include launching IC, terminating connections,
and—as an extreme measure—initiating a shutdown and rebooting. For gamemasters who want to randomly determine
what a system’s alert response is, refer to the Random Alert Response table. Active
Alert A node on alert status has verified
an intrusion or other unauthorized activity. Most nodes are programmed to automatically alert security personnel or the owner/user
of the device when an alert is triggered. If the node contains security hackers (or if there are any on call), they will be
alerted and will come looking for the interloper. A node on alert receives a Firewall bonus of +4 against the intruder that
triggered the alert. This applies to all tests made by or against the node’s Firewall. Launch
IC Program Once an alert is triggered, the node
will typically launch IC programs to attack or interfere with the intruder. The gamemaster determines which programs the node
has on hand, and in what order it uses them. Secure corporate systems will have an entire library of IC to throw at hackers,
whereas some goon’s cyberarm is only likely to have a single defensive program (if any). See Intrusion Countermeasures. If the intruder
has been traced, the node may even send IC to launch its own hacking attempts on the intruder’s system. Terminate
Connection Once an intruder is identified, a node
may attempt to sever the hacker’s connection by shutting down the port through which he is accessing. On some isolated
high-security nodes or hand-held devices that do not often rely on remote access, all outside connections may be severed.
In order to sever a connection, the node immediately makes an Opposed Firewall + System Test against the hacker’s Exploit
program + Hacking skill. If the hacker used a passcode and legitimate account to log on, rather than hacking his way in with
an exploit program, then the Exploit program does not apply to the test. If the node achieves more hits, it disconnects the
hacker. The hacker can attempt to log back on, but the node will be on alert (and may have closed down all outside connections). System
Reset As a last resort, many nodes will simply
reset themselves or shut down in order to purge an intruder before he wreaks too much havoc. Shutting down and rebooting takes
an Extended System + Response Test (10, 1 Combat Turn). Anyone accessing the node when it shuts down is logged off; all active
programs are saved and shut down.
|
||||||||||||||||||||||||||
Enter supporting content here |
||||||||||||||||||||||||||