Hacking in 2e

6 posts / 0 new
Last post
ubik2 ubik2's picture
Hacking in 2e

I wanted to run through a potential flow of Hacking in 2e. I'm interested to know if people think I've interpreted the rules correctly, and if there's better options that I've overlooked.

First, the defense team:
Alice is an Infomorph sleeved in an Agent. The morph doesn't matter much, except that it provides her with 4 Insight pool points. She has Infosec 80 with a specialization in Security. She's hosted on her own Enhanced Server (p. 331).
Alice creates an Alpha fork. She's purchased a second copy of the Agent morph so that she can fork without resleeving. Her fork goes by Bob.
Alice has convinced the rest of her team to use her Enhanced server as the master for a PAN to better secure their systems. They're on a VPN as well, but since the server needs to talk to the outside world (it's forwarding everyone's traffic), it's still available from the mesh.

Alice spends 2 of her Insight pool to increase her COG linked skills by 10. Her effective skill for Infosec (Security) is now 100.
Bob spends 2 of his Insight pool to increase his COG linked skills by 10. His effective skill for Infosec (Security) is now 100.
Bob starts his work, which is essentially sitting on Active Defense. This will take his complex action every turn (which is why he's a fork, so Alice can still participate). This gives the defense a skill of 100 instead of 70 (from Firewall rating).
I think this is about as optimal as it can get for the defense team.

Now, the offense team:
Moriarty is a hacker with an Infosec skill of 80.
This is a little better than a typical NPC hacker. An optimized player would have their effective skill at 100 between specializations and COG linked Insight boosts.

Since Moriarty is attacking an Enhanced Server, his effective skill is 70.

It's not entirely clear how initiative is supposed to work with Subtle Intrusion, but I've assumed that Moriarty goes first, and then the others go. Bob has declared that he'll be engaging in active defense, so he won't get his first action.

Both Bob and Moriarty will use pools to flip dice when it's worthwhile.

Bob has a 1% chance to get a critical failure on his defense roll. If that happens, there's no alert, and we can just assume Moriarty manages to achieve his goals. Otherwise, Bob will succeed on his defense roll, but it may not be good enough to win.

Turn 1, Action 1
Moriarty is going to attempt a Subtle Intrusion (p. 258).
Bob is engaged in Active Defense (p. 259)

  • 6.58% of the time, Moriarty succeeds with a critical success. In this case, he's able to log into the system with hidden status. The rules text is a bit unclear here, but I'm going to give Bob the benefit of the doubt and say that since the defense roll was successful (but lost), the system still goes on passive alert.

  • 13.24% of the time, Moriarty succeeds, but does not get a critical success. In this case, since Bob was successful on the defense roll, he will get a Passive alert. Moriarty will have covert status. It's possible that he has admin privilege, but unlikely.

  • 80.18% of the time, Bob is able to prevent Moriarty's attack. Bob will get a passive alert. We'll still need to try to find the intruder, because we don't know.


Our passive alert has automatically triggered a re-authentication, but that's not going to trigger for 1d6 action turns, which is forever when there's an intruder. It will also reduce privileges, but Moriarty was going to hack anyhow, so he really doesn't care about his permissions.
Bob's muse sees the passive alert. It uses the Trigger Alert (p. 249) option to put the system on Active Alert. In all likelyhood, there's no intruder, but it would rather be safe than sorry. This will automatically terminate all connections at the end of the turn. If Moriarty is in, he'll be able to spend Insight pool to get 2 more actions before that happens.
Alice sees the passive alert. She could look through the user lists to try to identify the intruder, but the intruder may be hidden. Instead, she'll use Zeroing In (p. 259). This will be an opposed test vs. Moriarty.
Alice has a skill of 80 and I'll assume her Security specialization still applies. She's also got the +10 for COG linked skills. If Moriarty is hidden, she has a -30 penalty to find him. This leaves her with an effective skill of 70.
Moriarty has a skill of 80. I think that he's not making a test to hack the Enhanced Server, so that -10 doesn't apply (he's defending, which isn't a Hacking Test). At the same time, I'm not counting his attempt to stay hidden as an effort to subvert the system, so he doesn't get that +10 (the -30 modifier to Alice seems to cover this). His effective skill is 80.
  • 35.03% of the time, Alice will locate Moriarty.

  • 64.97% of the time, Alice doesn't find anyone.


If Moriarty wasn't hidden, Alice would have better odds
  • 70.68% of the time, Alice will locate Moriarty.

  • 29.32% of the time, Alice doesn't find anyone.


At this point, Bob and Alice have to make a difficult choice. Do they burn Insight pool for extra actions to try to find someone who may or may not be there?

Turn 1, Action 2
Moriarty installs a backdoor. He suspects he's triggered an alert, and the system will be kicking him off shortly (either because he's found, or because of the terminate connections). Before that happens, he wants an easy way to get back in later. With his skill of 80, a +10 for being hidden, a -10 for hacking an Enhanced Server, and a -10 for the active alert, his effective skill is 70.
Bob's active defense continues to apply with an effective skill of 100.
As with the initial hacking attempt, Moriarty has about a 20% chance of success.
If Alice successfully noticed Moriarty, she'll attempt to crash his shell. She doesn't really have enough time to do this, but she can cause him some wounds, which will make it less likely his attempt to install a backdoor will succeed.
Otherwise, Alice won't burn a pool point to go here, since it's much more likely that there's not an intruder (80% of the time, we got the passive alert, but no intrusion).

Turn 1, Action 3
Between this and action 3, Moriarty has a total chance of about 36% to get a good backdoor. Even if he fails, he'll still have a +30 on his next attempt, giving him about even odds to get back in.

Turn 2, Action 1
Now that the server is disconnected, Alice and Bob can View Logs (p. 249). If Moriarty wasn't hidden (or Alice found him), they'll now have his mesh ID, and can Lockout (p. 248) to prevent him from accessing the system. He'll probably use a burner mesh ID or an Ecto to get around this, though.

Alice will probably bring the server back online. Checking for a backdoor with a Security Audit (p. 261) will take 24 hours (a little less with superior successes and Digital Speed), and we can't wait that long. Our team lost us as security, and are all somewhat vulnerable right now. If they needed access to the mesh, they'll probably have reset their PANs to be local for now. If they can wait a turn (probably the case), they'll reconnect when we come back online.

A lot of this changes if Alice knows Moriarty's rolls. While the player probably knows (since these things are usually rolled where they're visible), I don't think the character is supposed to.

I'm interested in anything the defense team can do to make their outcome better. Overall, after a 1 hour probe, they have about a 6% chance to be compromised. There's no decent way to prevent the attacker from repeating this over 24 hours, meaning given a day, a good hacker can probably get into any system.

Edit: I realized I'm giving Moriarty too many pool points. While he can get back in later, and I still think this is problematic, he won't be able to keep buying actions to install backdoors.

Edit 2: Alice's Locate Intruder step can be automatically triggered by a script, based on the passive alert. I'm not certain if Moriarty can take advantage of this. If he needs a Hacking test to load the script, he may as well directly pursue the backdoor. If his existing permissions allow him to load the script (which Alice may be able to limit to admin accounts), he can avoid spending pool points.

Edit 3: It's entirely possible that Moriarty is unable to locate Alice/Bob's server. The team's devices send all their mesh communications to this anonymous cloud. Since Moriarty has no way of tracking the exit point of that cloud to the Alice/Bob server, he has no reason to attack that server.

Urthdigger Urthdigger's picture
I'd say having a mere 6%

I'd say having a mere 6% chance to be compromised is pretty good odds. You can't really improve on that by a meaningful amount short of making it literally impossible to hack them, which is the only way you'd likely feel a hacker can't brute force their way into anything.

Keep in mind two things: First, that anything the players can do, the NPCs can do as well. Secondly, if it's borderline impossible to hack into a given system, what even is the point of hacking? There should be a chance of failure.

Now, what your defenders SHOULD be doing is tracing the target to track down their physical location (Even infomorphs have a server they live in). This means the failures have actual repercussions, and as a result your hacker can't just hammer away for 24 hours with no problems. Essentially, saying that a hacker can just try for 24 hours until they get in is about as likely as saying someone can just shoot at your morph for 24 hours until they get enough bullets in. The answer is to hit them back.

ubik2 ubik2's picture
Assuming the hacker is using

Assuming the hacker is using an anonymous proxy service, the trace will just end there, so that's not particularly useful.

I don't have any problem with the 6%. I just don't know how to prevent the attacker from attacking over and over until they succeed. It's possible that the -10 for each additional attempt should apply, but generally I don't think that's appropriate for opposed tests.

I think the root of this problem is that it's easy to get a new mesh ID and try again. Lockout would otherwise keep the attacker's from easily compromising any system.

The problem is the attacker gets to shoot, but the defender can't shoot back.

This also shows up with mesh attacks on servers. After 6 hits, the server OS is crashed, and it's unlikely that the server's defenders will ever have any ability to find you or attack you.

Edit: Also, the attacker in that example is pretty non-optimized. An optimized attacker (PC) will generally end up closer to 40% likely to compromise the most secure server, in an hour.

Edit 2: In Shadowrun, there was a desire to let the hacker do things, so they let the hacker have a lot of influence. As a result, player teams end up in this strange place where they turned everything off. It goes against the theme, but making things vulnerable meant that since the players didn't want to be so vulnerable, they just opted out of the theme of having everything connected. I don't want to see the same thing here, so would rather see defense have more advantages.

ubik2 ubik2's picture
Team security improvements

The team would be more secure each running their own PAN. They can each purchase a skinlink to network their devices (and disable wireless), and purchase a laser/microwave link to relay all communications to a portable host. That host acts as the relay to the mesh. In order to attack any player's PAN, the intruder must first compromise that host, which slows them down. Since that host can terminate connections, the attacker is very unlikely to be able to compromise a player's system in time.

If we want to be silly, we can chain three hosts, so that even if every hacking action succeeds, at the end of the turn, the attacker has only compromised the three hosts (and not any of the player PANs). I'd be pretty annoyed if I came up against that as a player, though.

ubik2 ubik2's picture
Attacking an enemy team

I wanted to take a look at what it would look like from the other side, when there isn't a top level PAN protecting the team.

Option 1: Hacking
Moriarty is an Infomorph sleeved in an Agent. The morph doesn't matter much, except that it provides him with 4 pool points. He has Infosec 80 with a specialization in Brute-Force Hack. He's hosted on his own Specialized Server (p. 331) with +10 to Infosec.
Moriarty spends 2 of his Insight pool to increase her COG linked skills by 10. His effective skill for Infosec (Brute-Force Hack) is now 110.
Alice is a biomorph not specialized in Infosec, with a standard Muse.

Turn 1, Action 1
Moriarty is taking the Brute-Force Attack action, so he takes a -30 penalty.
Moriarty's effective skill is 80 vs PAN of 50. Moriarty can use pool points to flip, but won't, since it's unlikely to be worthwhile. Alice's Firewall cannot.
Moriarty succeeds around 66% of the time
Alice's Muse takes the Lockout action to prevent Moriarty from reconnecting after the end of this round.

Turn 1, Action 2
Moriarty burns a pool point to go again. He's spotted with an active alert, so has a -10, and his specialization doesn't apply. He has an effective skill of 90.
Moriarty loads a script that will use the Control Ware action to eject the smartgun magazine as long as the script runs. In this case, to shut him down, Alice needs to kill his account shell (which is running this script).
Moriarty needs to load and run that script, which will require the Hacking Test (75% success), but when he is subsequently disconnected and locked out, the script will continue to run. This one actually will take a *long* time for Alice's Muse (Infosec 30) to shut down. If Alice has a good Infosec, she can assist, but she's more likely to just leave her mesh inserts offline until she can reboot (which will clear the script). She'll be offline for around 7 turns, but will only lose the one action. For the other 6 turns, she'll have -10 to shoot with her non-Smartgun.

Turn 1, Action 3
If Moriarty failed to load and run the script, he'll try again here. This is more efficient than using the point to flip his die.

This represents a tradeoff of ~3 Moriarty actions to 1 Alice action (given the 66% and 75% success rates). Alice loses 7 turn of communication, which may be important, and is noticably less effective. The battle may only last 3 turns, but this penalty is probably about as valuable as another action. With that estimate, we've traded 3 Moriarty actions for 2 Alice actions. This is quite effective for a non-combat focused character, that doesn't have to worry about being hit.

Option 2: Jamming
Moriarty is as before, but now he has Interface 80 (Jam 90). As before, he spends pool points for +10 to COG linked skills.
He'll target Alice with Jamming instead. This is an unopposed Interface test, and he will succeed (99%). At this point, Alice's Muse attempts to Bypass Jamming (with a skill of 60) to get back in contact with the team, and to connect to her smartgun. This only has a 21% chance of success; taking into account superior successes, she may have around 30% connectivity. Over the next 3 rounds, she'll be penalized for ~2 of them. This isn't quite as efficient as the Hacking option, but it's easy. If the fight lasts longer, this gets more efficient, since Moriarty doesn't need to do anything else. Each round, he'll add another enemy to his list of jammed targets.
If Moriarty is smart, he's probably scouted ahead using the sensors on scattered motes, and seen the enemy team before they're in line of sight to the rest of his team. He can launch his attack before combat starts.
Note that the Enhanced Server with Bob as an Alpha fork doesn't really help this team in this scenario.
A more sophisticated team, using skinlink and microwave links, wouldn't be vulnerable to this attack.

There's some benefit in Moriarty launching the Hacking attack before the groups meet, too. In that case, though, the Lockout means that he's only got a small window between when he should start and when he's no longer effective.

If Alice were in a synthmorph, Turn 1, Action 2 would look different for Option 1 above.
Now that Moriarty has compromised her PAN, he can Shutdown (p. 267) her cyberbrain. He has a -30 on this test, since it's against a cyberbrain, so he has an effective skill of 60. He has about a 47% chance of taking Alice out. This lines up with ~4 actions to take out Alice.

Xagroth Xagroth's picture
Please do remember that the

Please do remember that the first line of defense in a system against hacking is a firewall, but that is not the last, and not everything is functional, relevant, or true: honeypots where to lure attackers in and make them think they achieved something are a somewhat cheap and easy way to divert the technically adept but not really experienced, and to do what "antihacking" passive measures do better: detect the intrusion and keep it entertained long enough to be tracked and, as has been mentioned, send a physical team to "recruit" or "neutralize". Even if that team is a bunch of mercs/gangbangers you want to go and break stuff.