Make your own free website on

Shadows over Baltimore


Home | Map | Log In


Programs are the software tools that you use to make things happen in the Matrix. Programs come in many types:

Attack programs for demolishing icons, Exploit programs to hack in to a protected system, Armor programs to protect against Matrix attacks, Browse search routines to locate the hottest paydata, and so on.


Programs have variable ratings, normally in the range from 1 to 6, though some cutting-edge or military-grade software can rank higher. A program’s rating is used to determine how effectively the program accomplishes its intended function.


Remember that a device cannot run a program at its full effect at a rating above its System rating (A Rating 5 program run on a System 3 device operates as if it were Rating 3). Additionally, if a device is running more programs at once than its System rating, reduce the Response on that device by 1 per (System) programs (ie, a System 5 device running 10 programs at once suffers –2 to its Response).


The skill used with the program to make tests is listed in parentheses after the program’s name below. Note that if a node, agent, IC program, or sprite is running the program, substitute System (rating) for skill.


Common Use Programs

These programs find common use among all users and nodes in the Matrix.


Analyze (Computer)

Analyze programs gather data about other “things” in the Matrix—nodes, users, programs, etc.—by issuing queries, analyzing system resources, performing registry look-ups, and so on. Use Analyze for Matrix Perception and for detecting hacking attempts.


Browse (Data Search)

Browse programs are specialized search routines that help track down information on a particular node or in the Matrix at large. Use Browse programs for Data Search actions.


Command (misc.)

Command programs allow the user to control a device through the Matrix, whether it be a surveillance camera, a drone, an agent, or an electronic system.


Edit (Computer/Hacking)

Edit is a combination word processor, graphic design tool, and layout and video/animation editor. You can use it to create, alter, and remove files of any media type: text, graphics, video, trideo, etc. Edit sees common usage in the corporate world, but hackers use it for their own subversive ends. Use Edit for the Edit action. Edit can also be used as a file transfer, text messaging, videoconferencing, and email program. You can use a Transfer Data action to transfer data and files of any media type: text, graphics, video, trideo, etc.


Encrypt (Electronic Warfare)

Encrypt programs utilize various cryptographic schemes and ciphers to secure files, access nodes, and communications between nodes. Encrypted items are accessed with the proper passcode (see Authorized Access); otherwise they are gibberish. Use Encrypt programs for the Encrypt action. Multiple files may be archived and encrypted together.


Reality Filter (Response)

A Reality Filter program translates a node’s VR simsense sculpting (see Virtual Reality, p. 228) into the metaphor of your choice. In order to determine which system’s metaphor dominates, make an Opposed Test pitting Reality Filter + Response versus the node’s System + Response. If the filter wins, your preprogrammed paradigm overrides the node’s signals and you receive a +1 Response bonus while in that node. If the node wins, or a tie results, its metaphor overwhelms the filter enough that you suffer –1 Response while in the node.


Scan (Electronic Warfare)

Scan programs allow you to locate wireless networks. Every wireless device OS has a built-in Scan program at rating 1, but users who want better access control may upgrade to a superior utility. Scan is used for Detecting Wireless Nodes.


Hacking Programs

The following programs are generally only used by hackers and security specialists. In some jurisdictions, these programs may be illegal without proper licensing. Hackers use these programs to exploit security flaws and attack icons. IC programs use them against intruders (see Intrusion Countermeasures).



Armor programs are software redundancy systems that protect icons from attacks that cause Matrix damage. See



Attack (Cybercombat/Hacking)

Attack programs are hostile code carriers that attempt to kill processes, introduce random input, create buffer overflows or program faults, and otherwise make a program/icon crash. See Cybercombat.


Biofeedback Filters

Biofeedback filters are software routines that monitor for and prevent dangerous simsense signals. Hackers specifically use biofeedback filters as a defense against Black Hammer and Blackout programs (see Cybercombat).


Black Hammer (Cybercombat/Hacking)

Black Hammer samples the command transactions between the target and his commlink and injects dangerous biofeedback responses into the target’s simsense interface. These aggravated BTL-level signals may overload the target’s neural connections and in turn render him unconscious, trigger psychological disorders, brainwash him, or cause death from stroke, heart failure, respiratory paralysis, aneurysm, or neurotransmitter autotoxicity—and those are just a few of the possible effects. For more details, see Cybercombat.


Black Hammer is intended as a weapon against hot-sim full-VR hackers; against cold-sim VR users it only inflicts Stun damage. It has no effect on programs, agents, IC, or sprites, nor will it affect AR users.


Blackout (Cybercombat/Hacking)

Blackout is a nonlethal version of Black Hammer—it causes Stun damage rather than physical. For more details, see



Data Bomb

Data Bombs are a specialized form of reactive attack program. A Data Bomb is attached to a specific file or device

and set to activate if someone accesses the file/device without authorization. When triggered, Data Bombs “explode” and attempt to crash the icon that illegally accessed the file/device. Data Bombs may also be instructed to erase the file, if the owner chooses.


Only one Data Bomb may be attached to a particular file or device. Data Bombs may be attached to icons that are also protected by Encrypt or Scramble programs. You can detect a Data Bomb with a successful Matrix Perception Test. You can defuse Data Bombs simply by entering the correct passcode (unfortunately, the person who set the Data Bomb is usually the only person who knows the passcode). Without the passcode, you can only disable a detected Data Bomb with a successful Disarm Data Bomb action. Undetected Data Bombs cannot be defused.

Data Bombs inflict a number of boxes of Matrix damage equal to their rating. Once triggered, the Data Bomb program crashes.


Decrypt (Electronic Warfare)

Decrypt programs are designed to conduct a number of cipher-busting attacks—from pattern analysis to brute-force dictionary assaults to sophisticated mathematical tricks—to break into an encrypted system or service. Use Decrypt programs for Decrypt actions.


Defuse (Hacking)

The sole purpose of Defuse programs is to deactivate Data Bombs that are protecting files or devices. See Disarm Data Bomb.



Electronic counter-countermeasures (ECCM) filter out jamming signals that attempt to disrupt a wireless connection. ECCM adds its rating to a protected device’s Signal rating when defending against jamming.


Exploit (Hacking)

Exploit programs are constantly-evolving hacker tools specifically designed to take advantage of security flaws and weaknesses so that a hacker can gain unauthorized access to a node. Exploit programs are used for hacking in without authorized access.


Medic (Computer)

Use Medic to repair Matrix damage inflicted on icons. Though legitimate users sometimes use Medic to fix corrupted files, misbehaving programs, and other errors, hackers use Medic to keep functioning after a bout of cybercombat. Some IC programs carry Medic programs to repair themselves. Use Medic for the Repair Icon action.


Sniffer (Hacking/Electronic Warfare)

Use Sniffer programs to intercept data traffic and wireless signals and scan/capture the information. Sniffer programs are the ultimate Matrix spying utility, used for the Intercept Traffic  and Intercept Wireless Signal  actions.


Spoof (Hacking)

You can use Spoof programs to generate false access IDs and forge misleading data packets with the intent

of confusing Track programs. Use Spoof for the Redirect action.



Stealth is a clever hacker program that attempts to make the hacker as “invisible” as possible to other system processes by obfuscating his activities, erasing system tracks, and mimicking authorized traffic. Stealth hides the hacker from the Firewall’s watchful gaze as he breaks into a system (see Breaking In). Stealth also protects the hacker from prying Analyze actions and track attempts.


Track (Computer)

Track programs systematically analyze a user’s connection and follow the trail of packets back to the originating node. Track is commonly used as an intrusion countermeasure with the intent of identifying/locating a hacker or launching a counterattack. Track is used for the Track action.


Loading and Using Programs

In order to activate a program, the user must first have the program available (either on his commlink or on one of his networked devices). The program must then be loaded into the persona’s memory and run, which takes a Complex Action. Running too many programs at once may affect Response.


Agents are semi-autonomous programs capable of using other programs. Regular Matrix users employ agents as assistants or search-bots, while hackers also use them as hacking aides, decoys, watchdogs, or even weapons platforms. Agents exist independently of the user in the Matrix, and are the equivalent of Matrix drones. They are capable of piloting themselves to a degree and can comprehend complex orders.


Agents have a Pilot attribute just like drones (see Pilot Program) that determines just how “smart” the agent is.

Pilot acts as the agent’s brain, interpreting orders. Agents have their own built-in Firewall attribute, equal to their Pilot rating. Agents use the Response attribute of whatever node they are run on; this means that the attributes of an agent operating independently may vary as it moves from node to node.


Using Agents

Agents can be loaded into your persona like other programs (taking a Complex Action), allowing the agent to accompany you to any nodes you access. Agents can also access other nodes independently if instructed to and if they either have the passcodes or are carrying an Exploit program and can hack their own way in (as independent icons).


Agents loaded into your persona have the same datatrail, so Track programs that go after an agent will trace back to your own point of origin. If you wish for your agent to operate in the Matrix independently, you must load it on a particular node separate from your persona. The agent will continue to operate in the Matrix even if your persona goes offline. In this case, the agent doesn’t count toward your persona’s active program limits like running programs do, but it does count as a subscriber toward your subscription limit. See Issuing Commands, for details on sending orders to agents.



Agents can be loaded up with copies of your programs so that the agent may employ them on its own. If an agent is acting independently, any programs it’s carrying must be active, and so may affect its Response. Any program run by an agent is limited by the Pilot rating.


Intrusion Countermeasures

Though the term intrusion countermeasures (IC) is widely used to describe any of the defenses a node employs against intruders, it specifically refers to a specialized type of agent program that is used to defend a system. For all game purposes, IC programs are the equivalent to agents and function the same. IC programs typically are loaded with some of the following programs to employ against intruders: Analyze, Attack, Black Hammer, Blackout, and Track.


When an intruder alert is triggered, the node will launch an IC program and direct it to engage the intruder(s). Once launched, IC programs act independently of each other and the node. Each IC program has its own icon and Initiative (see Cybercombat). IC programs use their own Pilot rating in place of Computer, Hacking, or Cybercombat skill. More proactive IC programs may be loaded with additional utilities such as Exploit or Stealth, and may actively pursue intruders if they leave the node or even track the intruder back to his originating node and attack him there. IC programs are typically loaded with any necessary passcodes they may need to access any connected systems.


Note that nodes are careful not to run so many IC programs at once that it affects their performance (see Response).


Source Code and Piracy

Most legally-purchased programs are sold with built-in copy protection, so that the program cannot easily be duplicated without an access code. Hackers have invented many ways of circumventing these methods, however, to the point where piracy is the rule rather than the exception.

If a character wishes to duplicate a program that is copy-protected, he needs to break the protection. This requires

an Extended Software + Logic Test with a threshold between 10 and 20 (gamemaster’s discretion) and an interval of 1 hour.

Enter supporting content here