Serbitar’s guide to the matrix v1.

Serbitar

January 8, 2007
2
Contents

0.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Basic Rules 7
1.1 Matrix 101 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.2 Basic Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.3 Rules concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.4 Advanced concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4.1 Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4.2 Personae/Agents/IC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4.3 Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5 Getting Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.1 Cold VR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.2 Hot VR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.5.3 AR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.6 Basic Interactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.6.1 Matrix Perception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.6.2 Jacking out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.6.3 Sending Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.6.4 Spoofing AIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.6.5 Resisting damage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.6.6 Running Stealth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.7 Interaction with nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.7.1 Log on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.7.2 Probing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.7.3 Searching for Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.7.4 Editing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.7.5 Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.7.6 Executing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.7.7 Intercepting traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.7.8 Editing traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.7.9 Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.8 Interaction with personae . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.8.1 Spoofing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.8.2 Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.8.3 Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.8.4 Tracking personae . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.8.5 Redirect Data Trail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.9 Interaction with data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.9.1 Defuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3
CONTENTS CONTENTS

1.9.2 Encrypt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.9.3 Decrypt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.10 Interactions with WiFi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.10.1 Scanning for nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.10.2 Intercepting traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.11 Node actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.11.1 Scripted Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.11.2 Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.11.3 Terminate Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.11.4 Active Alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.12 Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.12.1 IC and Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.12.2 Subscription, hacking in and obtaining AIDs . . . . . . . . . . . . . . . . . . . . . 15
1.12.3 Alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.12.4 Secret connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.12.5 Hardwired Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.12.6 Hardwired Subscription Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.13 Additional Cyberware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.13.1 Encephalon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.13.2 Heuristic Neural Connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.13.3 Autosoft Interpreter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2 Balancing and Baseline 17

2.1 SOTA and security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.2 Sample devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.2.1 Credstick . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.2.2 Standard Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.2.3 Security Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.3 Sample systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.3.1 Middle Class House . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.3.2 Standard corporate facility network . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.3.3 Secure corporate facility network . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.4 What matrix perception can tell you . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.5 What results can you expect from matrix searches . . . . . . . . . . . . . . . . . . . . . . 22
2.6 Sample Action Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.6.1 Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.6.2 Browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.6.3 Sniffing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.6.4 Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.7 Security measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.8 Sample hacking runs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.8.1 Hacking into a host and performing a data steal . . . . . . . . . . . . . . . . . . . 24
2.8.2 Hacking through a relay of linked nodes . . . . . . . . . . . . . . . . . . . . . . . . 26
2.8.3 Hacking into a camera and performing overwatch . . . . . . . . . . . . . . . . . . . 29
2.8.4 Commanding an enemy drone and taking it over . . . . . . . . . . . . . . . . . . . 30

4
CONTENTS CONTENTS

3 Augmented Reality 33
3.1 Why AR? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.2 Using AR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.2.1 AR representations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.2.2 AR interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.3 AR samples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

4 Rigging 37
4.1 Attributes and tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.1.1 Sensor assisted gunnery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.2 Vehicle nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.3 Autosofts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.4 Drone Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

5 Technomancers 39
5.1 Creating a Technomancer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2.1 The living Persona . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2.2 Threading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2.3 Sprites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.3 Day to day life . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.4 Technomancer technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

5
0.1. INTRODUCTION CONTENTS

0.1 Introduction
The matrix is an integral part of SR4. Society has
changed so much that it can not even be described
by the social revolution the internet and cell phone
has introduced to our modern society 2006. 2070
everybody is able to shape the world around him to
his liking. Agents plan most of the social life, make
it a richer and better experience and save you a lot
of time. The 2070 society would not work without
VR, AR and the matrix just like the 2006 society
would not work without electricity.
This makes hackers and Technomancers ex-
tremely important. No SR4 team can live without
a hacker and in a world, where every bit of informa-
tion is available somewhere in the matrix, hackers
seem almost almighty.
Unfortunately the SR4 ruleset for this important
field is quite vague. Lots of things are open to in-
terpretation and some aspects of VR and AR are
still unclear.
Contrary to the SGM v0.9 this is a complete
overhaul of the matrix rules. I try to stick as much
as possible to given SR4 rules, but skip them every-
time there is a considerable advantage in doing so.
The benchmarks on whom the advantage is judged
are:

• fast

• balanced

• and fun

Sometimes, realism had to stand back a little to

achieve these goals.
Finally I want to thank the numerous people on
the official FanPro forums as well as the Dump-
shock forums who contributed quite a lot to this
document with their ideas and comments.

6
Chapter 1

Basic Rules

1.1 Matrix 101 Network” which means that every node, that is
not hidden, is used as a router. If, for exam-
First, some things about the matrix and how the ple, John wants to call his friend two kilometers
matrix works have to be said. As soon as anything away, but both comlinks only have a signal range
logs into the matrix, it is provided with an Ac- of one kilometer they will automatically use the
cess ID (AID). This ID (similar to the IP numbers several comlinks in between as routers to pipe the
today) is used to distinguish matrix entities from data through. However, this case is very unlikely
another and lets the traffic routers of the matrix 2070, as most of every city is littered with wire-
know where to deliver which data packages. Ev- less access points to the matrix, that work just like
erytime a matrix entity interacts with something it the cell phone networks today. This also works
is sending its AID, which can be logged. This is for drones and every other type of data connec-
why hackers spoof their AID afters some time, so tion. If something is in signal range of some-
that nobody can figure out that the guy who just thing that is connected to the matrix, you can ac-
bought the concert tickets is also the guy who just cess/command/manipulate it. One exception are
downloaded a file from shadowland. hidden comlinks and most devices (guns, cred-
The AID is given by one of the various Matrix sticks, your jacket) which have wireless capability
Service Providers (MSPs). Most of the time, an but are not used as routers.
AID is related to a phone number, so an incoming Of course, a large fraction of the matrix is still
call is automatically routed to the entity with the wired. The large data highways between cities and
AID connected to the phone number. This con- even inner city are still glass-fiber cables that con-
nection is done via the database of the MSP, where nect the various wireless networks. However, due
the phone number and the Access ID are registered. to the mesh like nature of the wireless network, the
The AID can also be used to track and triangulate matrix would not break down if major wired con-
a matrix entity, for example a comlink. To change nections were taken out.
ones AID, one has to change his MSP contract.
Hackers (and most Runners) usually have several
MSP accounts at hand, so they can log on to the 1.2 Basic Concepts
matrix with different AIDs.
As a rule of thumb: To interact with some matrix These rules are based on three fundamental con-
entity you have to know its AID. A matrix percep- cepts:
tion test automatically reveals the AID of a node
one is in or the persona one is facing. As mentioned I. Everything that is not allowed is disal-
before, phone numbers are automatically routed to lowed This is needed to prevent the 1001 tricks
the proper AID via the database of the MSP. Active out there you can do with computers. All these
and passive comlinks broadcast their AID, hidden tricks should already be covered in some rating.
nodes do not. For example, you can not get better security by
The wired part of the matrix is a so called ”Mesh saying: My node is sounding an alarm every time

7
1.3. RULES CONCEPTS CHAPTER 1. BASIC RULES

a persona enters it that does not look like X. Such should be appropriate.
things are already included in the firewall rating
and in the stealth program. This prevents people
C. To determine the outcome of a legal ac-
from having to learn real life computer mechanics
tion, the player rolls Logic + Computer (sometimes
to get an edge and keeps things fair and simple.
Data Search or even Electronic Warfare) test, or
extended test. The number of hits determine the
II. There are only three kinds of con-
quality of the test per SR4 standard rules. The
structs in the Matrix Nodes, personae (includ-
hits are restricted by the appropriate program rat-
ing agents,sprites, and AI), and data. Everything
ing. Any hits above the program rating are halved
else falls into one of these categories. Members of
(round normally, that is up).
one category only differ by their ratings and pro-
grams (for example devices, comlinks, full blown
matrix hosts and such are all nodes but differ in D. To determine the outcome of an illegal ac-
their response rating). tion, roll Logic + Hacking vs System + Firewall
test or extended test. The outcome is determined
III. Every decision is a dice roll The idea is, by standard SR4 rules. The hits are restricted by
that dice should only then be rolled when a decision the appropriate program rating. Any hits above the
has been made so something has changed. I do not program rating are halved (round normally, that is
want to have roll several times when there is no up)
decision between the rolls. If this is the case, all The node is collecting all its net hits in hacking
these rolls can easily be transformed into one roll. tests in your security tally. Once it exceeds the
This can not be done in the “real world” rules of hackers stealth program rating, the hacker is found
SR4, as you have to obey physical processes. But to perform illegal actions and the node will take
in the matrix, the rules define the reality, and you actions (as defined by the owner of the node)
can set them however you want. One good example
is hacking into a subscribed node. One would have
E. Personae and Agents can only act against
to find the ID of another node that is transferring
other Personae/Agents that they found via matrix
traffic to that node, spoof the ID and then hack
perception or that have taken any action against
in. That’s several rolls, that have no decision in
them (which automatically reveals a stealthed Per-
between and will always have to be carried out that
sona/Agent to the affected Persona/Agent).
way. Instead I am using only the normal hack in
roll, with a threshold modifier.
F. Actions directed against another construct
are determined by rolling an opposed test using the
1.3 Rules concepts relevant skill for the action + the relevant program
for the action vs the relevant skill of the defensive
A. Everybody in a node is using an account
action (if any) + the relative program for the de-
with certain rights (even a hacker is using a per-
fensive action (if any).
fectly valid account, which he got through hacking
in, though he does not know the password of this
account and can not transfer it to others). The ad- G. Extended matrix tests are capped at
min account has unlimited rights. A matrix action skill+1 rolls.
that is allowed by account rights is a legal action,
one that is not allowed is an illegal action. What is Note that some actions are so easy, that the test
allowed or for standard or security accounts is dif- can be skipped (like loading or unloading programs,
ferent from node to node as the administrator can uploading agents and so on) if they are done legally.
define what is the case. But even if an action was so easy, the test was
skipped using an account that covers the action,
B. To perform a certain matrix action a pro- it still needs a test when performing the action il-
gram is needed. There is always a program that legally.

8
CHAPTER 1. BASIC RULES 1.4. ADVANCED CONCEPTS

1.4 Advanced concepts the concept of a script might be introduced that is

basically a very stupid agent.
1.4.1 Nodes A node does not have damage boxes. If a node
crashes, all the pesonae and programs run by the
Nodes are the places of the matrix. Everything node crash, too.
that happens, happens in a node. Even when you There are three different categories of nodes,
are flying through virtual Seattle, watching all the which all use the same rules but mostly have dif-
different constructs for coporations, bars, shops and ferent purposes:
personal sites, you are still in a node (to be exact
in the local backbone cluster that is providing this
infrastructure for Seattle) and you could hack this Devices This are the nodes which are present
node. in almost everything that exists 2070. Trousers,
Each node has exactly four attributes that define glasses, jackets, fridges, coffee machines and much
it. All node ratings are independent and do not more. Generally they have very low ratings and are
restrict each other. not used to route traffic through them.

Response only determines how many pro- Nodes This are the standard nodes in drones,
grams can run. A node can run Response programs cars, commlinks and other things that normally run
without losing Response. programs and other stuff.
Every multiple of Response +1 programs, the
Persona loses 1 IP. A Persona with Response 5 run- Clusters This are lots of nodes stacked to-
ning 15 programs would have a penalty of 2 IPs. If gether to provide workspace for a lot of people.
the IPs dropped to 0, the Persona could only act They do not suffer from response degradation as
every X combat turns, where X is the degradation they are supposed to have much more processing
below 1 plus 1. A hot VR hacker using a Response power, but have an effective Response attribute in-
1 commlink, running 4 programs could only act ev- stead. They also have no restrictions concerning
ery 2nd combat turn. the maximum number of subscriptions. A cluster
Every persona (for example multiple agents) run- is defined to behave just like a normal node, which
ning on a node keeps track of his own response re- means you do not notice the transition between the
duction. Only if the number of agents on a node nods and have to log in only once.
exceed the Response rating, the overall Response Clusters cost about 10 times the money in system
of the node is reduced. programs and hardware and are not easily portable.
Full blown matrix hosts only have an ”effective
response”. They do not suffer from response degra- 1.4.2 Personae/Agents/IC
dation, as their real response is much higher than
6. Personae are the acting agents of the matrix, its in-
telligence. This includes personae representing real
System only determines the maximum rating persons as well as agents and security agents often
of the programs to run and node consistency checks referred to as IC. Furthermore the living persona of
concerning hack attacks. A node can not run pro- a Technomancer and even AI. A Persona uses the
grams higher than its System rating (excluding attributes of the node that is executing the per-
Firewall). sona. Agents have a logic attribute equal to their
rating concerning matrix tests and a matrix skill
rating equal to the program they use.
Firewall only determines the power of the Everytime a persona is rolling for any action, its
checking routines concerning hacking attacks. hits are capped by the used program. Every hits
above this rating are halved (round normally, that’s
Signal only determines the radio capacities. up).
Nodes can run programs, but they can not oper- A persona has damage boxes equal to 8 + sys-
ate them. A Persona is needed for that. In Unwired tem/2. If a persona crashes, the node running the

9
1.6. BASIC INTERACTIONS CHAPTER 1. BASIC RULES

persona is not affected.

Table 1.1: VR - AR conversion times
pass
turn
1.4.3 Data 15 seconds
Data is just that. It also includes inactive Agents minute
or programs, and even saved memories from dead 10 minutes
hackers. Data comes in two flavors, static data and hour
traffic. 6 hours
day
Data does not have damage boxes.
week
month
year
1.5 Getting Online
There are several ways to interact with the matrix: 1.6 Basic Interactions
Basically there are two ways to interact with some-
thing: Per direct connection, where both partici-
1.5.1 Cold VR
pants interchange their access ID. Or via a relay
This is the normal VR access mode. To use it node, where the node is acting as an anonymizer
one needs a sim-module and a direct neural inter- and relays the traffic. For the latter to take
face (DNI). An internal sim-module and an internal place, both personae have to be in the same node.
comlink, or an external comlink and trodes provide This is automatically done when a telecom call is
this. With cold VR you have two initiative passes. routed through an anonymizer node, though the
One can only get stun damage from Black Hammer user might not be aware of that if he is not in full
attacks. VR.

1.6.1 Matrix Perception

1.5.2 Hot VR
VR on BTL levels is called hot VR. Just like cold
VR you need a sim-module and a DNI to use hot
VR. Hot VR gives you a total of three initiative
passes and a +2 dice pool modifier for all actions
while in the matrix (including vehicle actions while
jumped in with hot VR). One can get physical dam-
age from Black Hammer attacks.
1.5.3 AR
One only needs output devices like glasses, image
links, or earplugs to experience AR (though a sim-
module can provide AR, too) and input devices like
a AR glove, keyboard or again a DNI. While us-
ing AR the physical initiative is used and one is
completely immune to any effects of Blackout and
Black Hammer. However every action or interval is
taking one category longer.
All times in this ruleset are given as VR times.
Program: Analyze (Computer)
Simple Action
Matrix perception includes both filtering the rel-
evant information from the huge amount if data
each node is feeding a persona and also active prob-
ing for certain quasi-hidden information like at-
tributes of nodes. The latter point is the reason
why only one persona can analyze a certain persona
at a time without penalty. Every further attempt
from another persona at the same pass introduces
a cumulative modifier of -2.
Thresholds for the analyze test vary with what
the level of information you want to get. Matrix
perception tests are never extended tests.
1.6.2 Jacking out
Program: -
Simple Action
Turning VR off without dumpshock.

10
CHAPTER 1. BASIC RULES
1.6.3 Sending Data
Program: Edit (Computer)
Simple Action
Sending data out of the node to another node.
Note that a hacker does not have to send from the
node he is in, but can instead send from the node
that is operating his persona. A data package al-
ways carries the access ID of the sending node.
Communications between two hackers in the
same node can be done via the node they are in.
In this case the “real” access IDs are not revealed
to the participants, but it can be overheard by oth-
ers in the connecting or anonymizig node with an
intercept traffic test. Or it can be done via direct
connection, where the “real” access ID is revealed,
and it can not be overheard without hacking into
one of the nodes running the hackers personae, and
intercepting the traffic there.
1.6.4 Spoofing AIDs
Program: Spoof (Hacking)
Complex Action
Spoofing your AID gives people who are interact-
ing with you only via the node they are in (like in a where
matrix bar, or two persona randomly meeting in a
node) a wrong access ID. This does not work with
people you are directly interacting with, as you au-
tomatically send them your access ID. People who
do not have your AID can not intercept your en-
crypted traffic can not hack into your node and can
not track you, once you have left the node they are
in.
To change your “real” AID you will have to
switch to another MSP account.
The hits achieved by the spoofing test are the
threshold for a persona to notice your real AID via
a matrix perception test.
1.6.5 Resisting damage
Matrix damage is resisted with System + Armor.
Black Hammer attacks are resisted with Willpower
+ Biofeedback Filter
1.6.6 Running Stealth
Program: Stealth (Hacking)
1.7. INTERACTION WITH NODES
A persona running stealth can oppose any ma-
trix perception test with its own stealth test (which
does not take an action). Only if the observer
achieves any net hits the stealthed persona is de-
tected. For ease of gameplay the GM should roll
the stealth tests for players.
If a stealthed persona interacts with something in
any way (attacking, sending transmission ...), the
target instantly becomes aware of the hacker with-
out having to perform any test.
1.7 Interaction with nodes
Interactions with nodes are governed by the users
access rights in the node. The node resists all illegal
tests with System+Firewall.
An asterisk denotes that you do not need a pro-
gram to perform the action legally.
1.7.1 Log on
Program: Exploit* (Computer)
Complex Action (1 pass)
Everytime you are entering a node or cluster of
nodes, you have to log on first. This is the point
log-in and password have to be provided.
Lots of public nodes like matrix bars have anony-
mous public accounts.
The Threshold for an illegal log on is the nodes
firewall. The interval is 1 pass. Note that in the
case of a fast hack in, the security tally of the hacker
rises by one for every roll even if no net hit was
achieved. If you want to go for security access in-
stead of normal user access, the node may add 2
dice to his System + Firewall tests, in the case of
admin access even 4.
If a user has a valid account, but his access ID is
not on the subscription list, he would still have to
hack in like an illegal user. Though, once inside the
node he might just claim security or admin rights
if the has the necessary pass codes.
1.7.2 Probing
Program: Exploit (Hacking)
Complex Action (1 hour)
This is the slow way of hacking into a node, send-
ing packages and probing long hours for weakness
in the node security.
11
1.7. INTERACTION WITH NODES CHAPTER 1. BASIC RULES

The threshold for an illegal probe is the nodes 1.7.5 Command

Firewall. The interval is 1 hour (VR) or 1 day
(AR). If you want to go for security access instead Program: Command (Computer)
of normal user access, the node may add 2 dice to Complex Action
his System + Firewall tests, in the case of admin
access even 4. Command is used to give orders to anything that
does not have an agent rating.
Thresholds vary with the complexity of the order.
1.7.3 Searching for Data Command tests are never extended tests.
Program: Browse (Data Search)
Complex Action (variable) 1.7.6 Executing Data
Searching for data can be done on several lev- Program: Exploit* (Computer)
els. Throughout the whole matrix using existing Simple Action
accounts or public accounts on databases and pub-
lic sites like blogs, vlogs, newssites and search sites. This is used to execute programs on a node
Or one could look for data in a matrix node that (loading them) or shutting down programs (un-
has several data storage devices connected to it. load them). Note that there is a difference between
Or one could browse only one specific data stor- crashing or unloading a program.
age device, which might even be a thing like a gun Thresholds for executing data illegally vary with
camera. the desired (or used) access rights of the program
The GM should be aware of the fact that almost or agent in question.
everything anybody has ever done is stored some-
where in the matrix, but not everything is freely
available (though the huge amount of data collected 1.7.7 Intercepting traffic
by billions of people running around with cameras,
Program: Sniffer (Hacking)
sensor-RFIDs and similar stuff should not be ne-
glected). Thus a successfull search on some specific Complex Action (1 turn)
kind of data might only lead to a clue in which
security node one might have to look to find that To intercept traffic between two nodes one has to
data. be in either the sending or the receiving node. In
The threshold for data search varies according 2070 the datatrail is routed dynamically over a lots
to the information searched for. The interval is 1 of nodes and can thus not be intercepted by hacking
turn/ 1 minute/ 1 hour for searching a node/ a relay nodes. However, if a node is explicitly used to
cluster / the whole matrix. anonymize the traffic between the two nodes, this
node can be accessed or hacked to intercept the
traffic there.
1.7.4 Editing Data A successfull sniffer test finds you the traffic you
are looking for. Note that you do not have to de-
Program: Edit (Computer) crypt the traffic only if you are not in the sending
Complex Action (variable) or receiving node, as they do this for you.
The threshold for the sniffing test depends on the
This includes editing data in the node, as well as complexity of the parameters you are searching for.
uploading and downloading data to and from the If the traffic does not have to be decrypted (or is
node. Even system data like accounts can be edited decrypted already), you can look for various things
in this way. Furthermore live data, like a camera like a voice pattern (audio traffic) or a certain face
or microphone streams can be edited. (video traffic). If the traffic is decrypted you can
Thresholds and times vary with the kind and only look for traffic with a certain access ID. The
amount of data involved. interval is one turn.

12
CHAPTER 1. BASIC RULES 1.8. INTERACTION WITH PERSONAE

1.7.8 Editing traffic a persona to spoof a command, but you need its
access ID and the access ID you want to spoof.
Program: Edit (Computer)
Spoofing a command is resisted with Sys-
Complex Action (variable)
tem+Firewall.
Due to the protocol nature of information trans- One net hit is normally enough to successfully
formation, one is only able to edit the content spoof a command. Spoofing command tests are
of intercepted traffic in a strict sense. Via this never extended tests.
method, one can only change real content data,
like visual, audio or text information. One is not 1.8.2 Attack
able to change commands (like the command to
a drone to attack something) or system commands Program: Attack, Black Hammer, Blackout, Lag
(like the system command to change the subscriber (Cybercombat)
list). However, one can delete both of them in the Complex Action
edited traffic. To change commands or system vari-
ables one has to hack into the node. You have to be in a node with a persona to en-
If it is not obvious that the traffic exists (like gage it in matrix combat as you are using its con-
a video feed in a camera node or a VR feed from nection to the node to send malicious data. There
a drone node) one has to find the traffic first by are 4 types of attack programs: Attack, which
intercepting it. causes normal matrix damage and crash the per-
Thresholds and times vary with the kind and sona/node. Black Hammer and Blackout, which
amount of data involved. can only be used on hackers and deal Stun damage
(that can overflow into physical in the case of Black
Hammer). Lag, which can only be used against
1.7.9 Attack
agents and does not crash them but leaves them in
Program: Attack (Hacking) a continuous loop where the agent still uses system
Complex Action (1 pass) resources.
An attack is resisted with System + Firewall. Or
You can attack the node itself (to crash it) or a System+Firewall+Hacking (the governing hacking
program running on the node. The program or the skill for agents is given by the Attack program)
node crashes if the attack is successfull. in full defense. Similar to matrix perception tests,
The threshold is system rating. The interval is 1 only one persona can attack a certain persona at a
pass. time without penalty. Every further attempt from
another persona at the same pass introduces a cu-
mulative modifier of -2.
1.8 Interaction with personae The damage is equal to the attack program plus
any net hits of the attacker.
For every interaction with a persona, you have to
Attacking something is never an extended test.
first detect it using a matrix perception test (or do
it automatically when the persona is not stealthed
and there are not a lot of them). Interactions with 1.8.3 Repair
personae are often opposed tests.
Program: Medic (Computer)
Complex Action
1.8.1 Spoofing commands
Program: Spoof (Hacking) Only personae running in the node where the re-
Complex Action pair program is running can be repaired by the re-
pair program and only while the persona is not per-
Spoof comands to issue commands to personae forming any actions including matrix perceptions.
(mostly agents) without having them subscribed to Any hits reduce the damage done to the persona.
your node. You do not have to be in a node with Repairing something is never an extended test.

13
1.10. INTERACTIONS WITH WIFI
1.8.4 Tracking personae
Program: Track (Computer)
Complex Action (1 turn)
Once you have identified a personae with a suc-
cessfull matrix perception test (this might not be
necessary if the persona does not have a running
stealth program) you can track it. By a success-
ful track you get the exact physical location of the
originating node, if it is wired, or the triangulated
location down to 50 meters, if it is wireless. Fur-
thermore you get the “real” Access ID if the user
had a spoofed one.
The threshold for tracking is 10 with an interval
of 1 turn. Stealth programs run by the target act
as negative dicepool modifiers.
1.8.5 Redirect Data Trail
Program: Spoof (Hacking)
Complex Action
Spoofing is the countermeasure to tracking. It is
an opposed Spoofing vs Tracking test, where any
net hits of the spoofer are added to the trackers
tracking threshold. Only ongoing traces can be
redirected.
Redirecting your data trail is never an extended
test, but can be done multiple times during a trace.
1.9 Interaction with data
Interactions with data are independent of the node
they are performed in, as long as the data is there.
The data itself decides (via passwords) whether
acessing them using the actions mentioned in this
section is legal or illegal.
1.9.1 Defuse
Program: Defuse* (Computer)
Complex Action
This eliminates data bombs from data files. A
data bomb explodes when the file is being accessed
without the appropriate password. A matrix per-
ception test with a threshold equal to the data
bomb rating is needed to find the bomb if one does
not know it is there. The threshold do defuse the
bomb is the rating of the bomb. If the defuse action
14
CHAPTER 1. BASIC RULES
fails, the bomb explodes, dealing 2x rating matrix
damage and can trigger alerts (if in home node) or
delete the file.
1.9.2 Encrypt
Program: Encrypt
Encrypting any kind of data. This includes send-
ing and receiving encrypted data (live data) as well
as stored data files (static data). You can not en-
crypt running programs, nodes or personae.
1.9.3 Decrypt
Program: Decrypt (Electronic Warfare)
Complex Action (1 minute/1 hour)
Decrypting is the act of decrypting data without
the proper key. This includes live as well as static
data.
The threshold is 4 times the rating of the low-
est involved encryption program. The interval is 1
minute for live data and 1 hour for static data (as
more powerfull algorithms can be used there).
1.10 Interactions with WiFi
WiFi interactions are performed in physical space.
One needs access to a node within signal range of
the desired target and the desired target has to have
enough signal rating to broadcast back to perform
a WiFi interaction. Note that public access points
are available allmost everywhere.
1.10.1 Scanning for nodes
Program: Scan (Electronic Warfare)
Complex Action (1 pass)
A successful scan finds you the wireless node in
a certain physical location you are looking for, or
find the physical location of a node with a known
access ID. The threshold depends on the status of
the node the dice pool is modified due to the overall
traffic in the area and other things.
CHAPTER 1. BASIC RULES 1.12. SECURITY CONCEPTS

1.10.2 Intercepting traffic 1.11.4 Active Alert

Program: Sniffer (Electronic Warfare) A node can go on active alert. This adds +4 to
Complex Action (1 turn) the firewall rating concerning all test with access
IDs marked as intruders. During active alert, the
system rating is reduced by 1 (to a minimum of 1).
To intercept traffic between two wireless nodes
one has to know the access ID of one of the nodes.
A successfull sniffer test finds you the traffic you 1.12 Security Concepts
are looking for. Note that you might have to de-
crypt the traffic if you are interested in the content There are a couple of things aside from highs Sys-
of the traffic. tem and Firewall ratings that can keep a node from
The threshold for the sniffing test depends on the being hacked.
complexity of the parameters you are searching for.
The interval is one turn. 1.12.1 IC and Scanning
A node can use agents to patrol around and find
1.11 Node actions hackers. Everytime a hacker engages in a hacking
action in the node, the IC can try to spot this.
As mentioned before, nodes have no rudimentary IC/agents have to successfully detect a stealthed
intelligence like personae have. The can thus react hacker to engage in actions (including analyzing
to threats only in a certain pre-defined way. Node hack attempts) against him. This does not mean
actions take place one phase after the event that he is invisible, but that he successfully disguises as
triggered the action. A node rolls System + Re- something else. If a stealthed hacker interacts with
sponse for every action it undertakes. something in any way (attacking, sending transmis-
sion ...), the target instantly becomes aware of the
hacker without having to perform any test. Note
1.11.1 Scripted Actions that more than one matrix perception test will lead
to negative dice pool modifiers.
Scripted actions tell the node what to do in certain
situations. For example what to do, when a hacker
is found for the first time, or when a patrolling IC
1.12.2 Subscription, hacking in and
found something suspicious. obtaining AIDs
If a device is subscribed to another device, one can
not hack into this device, as it would just not ac-
1.11.2 Reboot cept the traffic from ones comlink. To bypass this,
Rebooting puts the system back into a pre defined one has to get the AID of something the device is
state severing all the connections in the process. accepting from and spoof ones ID. In this version
Reboot is a test with a threshold of 10 and an in- of the rules, this is simply simulated by a threshold
terval of 1 turn. modifier of +1 for the initial hack in.

1.12.3 Alert
1.11.3 Terminate Connection
The node can go into active alert and make life for
Normally a connection can only be terminated a hacker more difficult. But this uses resources and
when a transaction is finished. Hackers can use should not be done too often.
this security measure to fight against the node ter-
minating their connection. To do so, the hacker
1.12.4 Secret connections
has to engage in a redirect action every turn. If
he scores less hits than the node in its terminate A node can run a stealth program to conceal a con-
connection test, the connection is terminated. nection to another node from any personae in the

15
1.13. ADDITIONAL CYBERWARE CHAPTER 1. BASIC RULES

node. The connection is only then identified, when like a normal DNI but is also able to extract mean-
a hacker beats the rating of the stealth program in ing and subconscious context of thoughts, greatly
a matrix perception test. shortening the execution time of mental commands.
The HNC provides an additional IP when using VR
1.12.5 Hardwired Accounts up to a total of 4.

In certain high security systems, or nodes where

loss of control is not acceptable, hardwired accounts
may exist. A hardwired account can not be deleted
or changed without physically accessing the node.
As maintenance can get very tedious, this strat-
egy is seldom used and then mostly in nodes where
control is absolutely necessary like combat drones.
1.12.6 Hardwired Subscription Lists
1.13.3 Autosoft Interpreter
The Autosoft Interpreter is an add on to the Con-
trol Rig (can not be installed without it) and acts
as a gateway between the brain and autosoft. It
allows a rigger to use autosoft up to a rating of 4
when jumped into a vehicle. The autosoft acts ex-
actly like skillsoft in the real world. Autosoft must
be running on the comlink the rigger is using.

It is a widely known hackers trick to edit the sub-

scription list of a node so that it can not be accessed Table 1.2: Additional Cyberware
from the outside, even with a valid account, so that Item Essence Availability Nuyen
that even a legitimate user would have to hack into
the node. Thus, sometimes subscription lists are Encephalon 0.7 8 35,000
hardwired, so that they can only be changed by Heuristic Neural
physically accessing the node. This technique is Connector 0.5 14R 20,000
even less often employed than hardwired accounts, Autosoft
because access IDs are a very dynamic thing and Interpreter 0.3 4 5,000
vary quite a bit.

1.13 Additional Cyberware

1.13.1 Encephalon
The Encephalon is a processing unit highly inte-
grated into the human brain. It helps the user to
absorb and process VR information much more effi-
ciently than normally possible and assits the brain
in complex processing tasks, most often used in ma-
trix interactions. It adds 1 to every program rat-
ing (even above 6) used and generates 1 additional
automatic hit in any matrix action (excluding ve-
hicle actions). As a side effect the user can act as
a human calculator as he instantly is aware of the
solution of complex equations.

1.13.2 Heuristic Neural Connector

The Heuristic Neural Connector enables the user
to unleash the full potential of VR. Consisting of
an array of direct neural connections and a high
performance processor, the HNC does to not only
translate thoughts into machine executable code

16
Chapter 2

Balancing and Baseline

2.1 SOTA and security 2.2 Sample devices

Why is not everybody and his brother running 2.2.1 Credstick
around with firewall 6? Maintenance! Today’s sys- Firewall: 6
tem admins spend a considerable amount of time System: 6
fixing security holes and trying to stay on top of Signal: 0
everything. Response: 1
This section will give a short overview on how Note: Credsticks are maintained by the corpora-
one can balance things and give examples if one tion that issued them.
wants to micromange this fact.
2.2.2 Standard Device
Maintenance times per month Shoes, glasses, guns, trousers, coffee-machines,
Programs (everything except firewall): 1 hour per Normally these devices only have admin access.
5 points
Firewall 6: 10/100 hours per node/cluster Firewall: 2
System: 1
Firewall 5: 3/30 hours per node/cluster Signal: 1
Firewall 4: 1/10 hours per node/cluster Response: 0
Firewall 3: 10 minutes/2 hours per node/cluster
2.2.3 Security Device
A whole group of similar devices (for example Security cameras, motion sensors, maglocks, finger-
security cameras) can be treated like a cluster of print scanners, cyberware. Normally these devices
nodes. Firewall ratings of 2 and 1 need virtually only have admin access.
no maintenance. If the needed amount of time is
not spent in a month, the rating decreases by one. Firewall: 3
This can be reversed if the needed time is spent in System: 2
the next month, otherwise, the reduction becomes Signal: 0
permanent. Response: 1
If the hacking skill is not of the program rating,
the time needed is doubled. If its only half the 2.3 Sample systems
rating, it is quadrupled.
A typical hacker in Shadowrun works 200 hours Sometimes it is quite hard for a GM to find a good
a month (9 hours work day). With sleep regulator matrix power baseline. The GM has so much free-
this can be increased to 250 hours (11 hours work dom in interpreting things, that sometimes it does
day). not seem necessary to find such a baseline at all.

17
2.3. SAMPLE SYSTEMS CHAPTER 2. BALANCING AND BASELINE

However there is something that forces the GM to

do so. The players. They all (hopefully) have com-
links which can be hacked, and they will want to do
something about it. They will want to know how
hard it is to hack their defenses (to optimize them)
and thus hard rules are needed for that including a
power baseline. This section will give some example
systems as a guideline. Together with the sample
actions in the next section a baseline is established.
N1
With every example a network architecture chart
is given. A big round circle denotes WiFi connec-
tions. All the nodes in the big circle can communi-
cate with each other wirelessly. A gray circle stands
for an open WiFi-network. It is not blocked by ra-
dio blocking paint and the nodes are mostly not
hidden and subscribed to another. A black circle
means that it is a closed WiFi-network. Nodes are
subscribed to one another and WiFi-blocking paint
is used to constrain WiFi to a certain area. The
small circle denotes the rest of the matrix and is of-
ten connected to a WiFi network with a line, which Figure 2.1: Network architecture of the middle
represents wired connections. class house.
Nodes that controll other devices are drawn as six
sided polygons, while nodes that are only connected
System: 3
to other nodes in the diagram and to no other de- Signal: 2
vices are drawn as cubes. Hexnodes normally func- Response: 3
tion as device controller or “do all” nodes, while
cubes normally function as security gateways or Loaded programs:
data bases.
Agent: Servicebot
As mentioned before, as a general guideline, if
• Pilot 3(2)
something is allowed by the current account rights, • Analyze 2
computer is used and if its forbidden hacking is • Browse 2
used and opposed by the system. There are some • Command 2
exceptions, like relocating your data trail, which • Edit 2
uses hacking regardless of whether it is allowed or
Not loaded programs
not. However, there is an important point: Only
the actions that are forbidden require the opposed Agent: Patrolbot
hacking test. If you want a camera you have just • Pilot 3
hacked in to show elaborate computer graphics, like • Analyze 2
virtual dog walking on two legs, you only have to • Track 2
make the hacking opposed hacking test to insert
the feed into the camera stream. The test to gen- The basic middle class node comes with a
erate the dog image beforewards would be a Com- state of the art firewall, an advanced ser-
puter+Edit test, as this has nothing to do with the vice bot and a patrol bot for increased se-
node. curity and privacy.
Enjoy a house full of comfort. Heat sen-
sors and RFID scanners control the light,
2.3.1 Middle Class House
audio and video equipment of your home,
Node 1 transferring your preferred entertainment
Firewall: 3 to your location. Unobtrusive cameras let

18
CHAPTER 2. BALANCING AND BASELINE 2.3. SAMPLE SYSTEMS

you watch your children in every room

of the house. Chemical detectors manage
your climate and air conditioning, deliv-
ering your preferred odor seconds before
you would want to have it. Feel comfort-
able in the house that really cares.
The service bot is you personal house
N1
manager. It keeps track of your food sup-
ply, regulates heating and lighting accord- N3
ing to your moods and coordinates the
drones in your household. It searches
the matrix for specialties like movies you N2
might like or concerts and other exciting
events taking place in the near future. It
automatically finds the fastest route be-
tween your different appointments that are
managed for you. It keeps your friends list
and tries to cross correlate their interests
with yours. Multiply your life experience
with your personal service bot.
Figure 2.2: Network architecture of a standard cor-
Everybody is using agents to do the planning for porate facility.
them. Hack their database, and you know basi-
cally everything about the user. Furthermore, the
node controls everything there is in the apartment Nodecluster 2
or house, including but not limited to: Kitchen de- Firewall: 4
System: 4
vices, lighting, heating, windows, doorlocks, clean-
Signal: 2
ing drones. Note that the agents response is low- Response: 4
ered from 2 to 2 due to its amount of programs.
Loaded programs:
2.3.2 Standard corporate facility • Data Bomb 4
network IC: Patrol
• Pilot 3
Nodecluster 1 • Analyze 3
Firewall: 2 • Track 3
System: 4
Signal: 3 Not loaded programs
Response: 4 IC: Defender
Loaded programs: • Pilot 4
• Analyze 3
Not loaded programs • Attack 3
IC: Patrol • Armor 3
• Pilot 3
• Analyze 3 Nodecluster 2 is the database for the facility.
• Track 3 Everything that is of some importance is stored
here. Most of the files are encrypted, here. Encryp-
Nodecluster 1 functions as the workhorse of the tion is only used to encrypt files and not to encrypt
facility. Everything from the coffee machine and traffic. Especially important files are protected by
climate control to lights and user comlink connec- a data bomb.
tions is run here. Thus, security is not very high in
here. Nodecluster 3

19
2.3. SAMPLE SYSTEMS CHAPTER 2. BALANCING AND BASELINE

Firewall: 4
System: 4
Signal: 4
Response: 4

Loaded programs:
• Encrypt 4
IC: Patrol
N2
• Pilot 3
• Analyze 3
• Track 3
N3
Not loaded programs
IC: Defender
• Pilot 4
• Analyze 4
• Attack 4
• Armor 4
N1
Nodecluster 3 functions as the security center.
Cameras, door locks and other security related stuff
is run here. Note that most of the time security de- Figure 2.3: Network architecture for the secure cor-
vices are subscribed to the security host and the porate facility.
connection is always encrypted. Note also that
most devices can only run an encryption of 3 and • Medic 4
that the lowest encryption rating is used when two
devices communicate. IC: Patrol 2
As mentioned earlier, the matrix hosts given here • Pilot 4
• Analyze 4
are full blown matrix hosts. They represent the
• Track 4
processing power of some 10-100 comlinks and can • Medic 4
run a lot of programs and stuff. Thus only the ”ef-
fective” rating are given here. Also only programs Not loaded programs
and IC used for hacking purposes are given here. IC: Killer
In reality a lot of other agents and programs might • Pilot 5
be running on the node. • Analyze 5
• Attack 5
• Armor 5
2.3.3 Secure corporate facility net- • Track 5
work
Nodecluster 1 Nodecluster 1 is a security gateway. It has two
Firewall: 5 patrolling IC that constantly scan the area. If
System: 5 something is discovered, the killer IC is launched.
Signal: - The gateway to the closed WiFi-network is pro-
Response: 5 tected by a stealth program. The hacker has to suc-
ceed in a Computer+Analyze vs. Firewall+Stealth
Loaded programs: test (normally the GM should roll automatically
• Stealth 4 for this. Only allow a second roll with the -2 mod-
IC: Patrol 1 ifier for trying again if the hacker is intentionally
• Pilot 4 looking for another way out of the node).
• Analyze 4
• Track 4 Nodecluster 2

20
CHAPTER 2. BALANCING AND BASELINE
2.4. WHAT MATRIX PERCEPTION CAN TELL YOU

Firewall: 3 2.4 What matrix perception

System: 4
Signal: 2 can tell you
Response: 4
To use matrix perception on something you have
Loaded programs: to be in the same node with it. But you can also
• Encrypt 4 get information about a persona in the node that
IC: Patrol is running it. Note that personae or nodes running
• Pilot 4 stealth may choose to oppose the test to conceal
• Analyze 4 certain kinds of information (A node could conceal
• Track 4 a connection to another node, a persona may con-
Not loaded programs ceal what program it is using at the moment, or
that it is there alltogether).
IC: Defender
• Pilot 4 general:
• Analyze 4 • data bombs (rating)
• Attack 4 • stealthed connection (stealth rating)
• Armor 4 • stealthed personae (hits in stealth test)
• spoofed AID (hits in spoof test)
Nodecluster 2 does its work as control and se-
curity center. Cameras, heat sensors, ultrasound 0 hits (automaticall if not stealthed):
sensors and other security related stuff is run here. • category (node, persona, data)
All security devices are subscribed to the security
host and the connection is always encrypted. Note 1 hit:
that most devices can only run an encryption of 3 • connections to other nodes (if not stealthed)
and that the lowest encryption rating is used when • node type (device, node, cluster)
• persona type (hacker, agent)
two devices communicate.
• data type (if not encrypted, text, audio, video,
Nodecluster 3 program, agent . . . )
Firewall: 3 • file size (2 hours of video, 500 books of text
System: 4 ...)
Signal: 2 • what program a persona is using actively at
Response: 4 the moment (if any)

Loaded programs: 2 hits:

• Data Bomb 4 • general purpose of the node (if any, security,
IC: Patrol device management, workhorse, public ser-
• Pilot 4 vices, data storage . . . )
• Analyze 4 • connected devices
• Track 4 • what program rating a persona is using ac-
Not loaded programs tively at the moment (if any)

IC: Defender 3 hits:

• Pilot 4 • which programs and personae the node is run-
• Analyze 4 ning
• Attack 4 • what the persona is doing at the moment (edit-
• Armor 4 ing a file, hacking into a node, spoofing a com-
mand)
Nodecluster 3 is the database for the facil- • access rights of a persona
ity. Everything of some importance is stored here.
Most of the files are encrypted. Encryption used to 4 hits:
encrypt files as well as traffic. Especially important • node attribute ratings
files are protected by a data bomb. • persona attribute ratings

21
2.6. SAMPLE ACTION THRESHOLDS CHAPTER 2. BALANCING AND BASELINE

5 hits: a picture or video and posted it somewhere, or the

• ratings of the programs and agents the node is RFID chip data in the trousers was logged, or the
running cleaning company logged their trouser input. . . One
just has to find the data.
6 hits: Remember that sensors and cameras are virtu-
• location (AIDs of the nodes) of the personae ally everywhere. Think of the rise of cell phone
run by a node cameras just today.

2.5 What results can you ex- 2.6 Sample Action Thresholds
pect from matrix searches
How difficult is it to loop a videofeed? Is it easy to
There are large amounts of data in the matrix. And search a whole database for one file? When do I use
to give thresholds for the data you could find in hacking, computer and data search? This section
certain node is impossible. But there are certain will answer these questions. Note that all of the
kind of things a hacker will allways want to find. given thresholds and modifiers are just suggestions.
These are just some examples what a search for a The GM should feel free to modify them according
person might show up: to the situation.

General Data (blogs, vlogs, forums, home- 2.6.1 Editing

pages) Full name, birthplace, nationality, pic-
ture, videos, family, school history, grades, resi-
dential history, occupation, style of living, housing,
hobbies . . .
Commercial Consumer Databases - pay for
access what he buys, where he buys, when he
buys, where he eats, movement profiles from con-
sumer data, hobbies, preferred food . . .
Editing security account data
Health databases - restricted access Fin-
gerprint, retina scan, DNA print, health history,
diseases, chances to get disease X, medication his-
tory . . .
Social databases - public access Hobbies,
interests, personal psychological profile, picture,
videos, friends, meeting times, personal agent con-
Editing admin account data
tact codes . . .
From the personal comlink All of the
above, banking data, telephone calls (normally
saved for years), email data, permits, drivers license
...
All of this is basic stuff and should not have too
high thresholds if the source in question is accessi-
ble. Special questions like “Which trousers did the Deleting logs
guy over there wear last Christmas” mark the high-
est thresholds. But most certainly somebody took
Editing user account data
Legal: Normally no test is needed for that (com-
plex action)
Illegal: Logic + Hacking [Edit] (2, 1 pass)
Description: To edit one user account. This in-
cludes creating, reading and deleting a user ac-
count including passwords and other security
data.
Legal: Normally no test is needed for that (com-
plex action)
Illegal: Logic + Hacking [Edit] (4, 1 pass)
Description: To edit one security account. This
includes creating, reading and deleting a se-
curity account including passwords and other
security data.
Legal: Normally no test is needed for that (com-
plex action)
Illegal: Logic + Hacking [Edit] (6, 1 pass)
Description: To edit one admin account. This in-
cludes creating, reading and deleting an admin
account including passwords and other secu-
rity data.
Legal: Logic + Computer [Edit] (1, 1 turn)
Illegal: Logic + Hacking [Edit] (1, 1 turn)

22
CHAPTER 2. BALANCING AND BASELINE
Description: To erase all the traces of the hacking
activities one has left in the node, the log files
must be edited. Every hit deletes ”edit pro-
gram rating” hits worth of traces left behind.
If traces are left behind, a security hacker can
find out that the system was hacked and what
AID was used in the process.
Changing subscription list
Legal: Normally no test is needed for that (simple
action)
Illegal: Logic + Hacking [Edit] (4, 1 pass)
Description: To change the list of devices the node
is accepting input from.
Editing a data stream
Legal: Logic + Computer [Edit] (1, 1 pass)
Illegal: Logic + Hacking [Edit] (1, 1 pass)
Description: To edit a continuous data stream
(text, audio, video, whatever) with prepared
data.
Modifying streamed data
Logic + Computer [Edit]
Dice pool modifiers:
-1 per sense (audio, video)
-0 easy tasks (muting one person, changing
colours)
-3 medium tasks (erasing one person, changing
voice pattern)
-6 difficult tasks (interchanging one person for an- 2.6.3 Sniffing
other)
Description: To modify a continuous data stream
(text, audio, video, whatever) on the fly. Like
erasing a certain person from a feed. The re-
sulting hits are the threshold for a perception
test to notice the modification. Note that only
the act of editing the stream can be illegal, not complex search terms (topic, object group): 18
the test for the quality of the modification.
2.6.2 Browsing
Finding a file
Legal: Normally no test is needed for that (com-
plex action)
Illegal: Logic + Hacking [Browse] (1, 1 pass)
Description: To find a file. Searched by name or
part of the name.
Finding Data in a Node/Cluster
Legal: Logic + Data Search [Browse] (1 turn/1
minute)
2.6. SAMPLE ACTION THRESHOLDS
Illegal: Logic + Hacking [Browse] (1 turn/1
minute)
Thresholds:
simple search terms (word, picture): 4
medium search terms (voice, face, phrase): 8
complex search terms (topic, object group): 12
very complex search terms (complex topic): 16
Finding Data in the matrix
Logic + Data Search [Browse] (1 hour)
Thresholds:
simple search terms (name, picture, curriculum vi-
tae): 6
medium search terms (commercial data): 12
complex search terms (biometrical data): 18
very complex search terms (complex, special ques-
tions, protected data): 24
Dice pool modifiers:
data is confidential: -3
data is highly confidential: -6
The thresholds given above vary much with the
lifestyle of a person or the sought topic. Police
records and above should be considered confi-
dential. Security and research data are highly
confidential. A failed test does not necessarily
mean that the hacker found nothing, but might
have some clues where to look, depending on
the hits he got.
Sniffing for patterns
Legal: Logic + Computer [Sniffer] (1 turn)
Illegal: Logic + Hacking [Sniffer] (1 turn)
Thresholds:
simple search terms (word, picture): 6
medium search terms (voice pattern, face): 12
Dice pool modifiers:
access ID is known: +6
low traffic in node/area: -0
medium traffic in node/area: -3
high traffic in node/area: -6
Description: Sniffing is used to monitor traffic and
find certain patterns in the data. To monitor
encrypted data, one has to decrypt the data
first. The sniffing action can be sustained to
monitor traffic for a longer period of time. The
used time for the test should be noted down,
as it will be the time the hacker finds the pat-
tern in the monitored traffic after it actually
occurred.
23
2.8. SAMPLE HACKING RUNS CHAPTER 2. BALANCING AND BASELINE

2.6.4 Scanning 2.8 Sample hacking runs

Scanning for Nodes To show how a consistent interpretation of the SR4
Logic + Electronic Warfare [Scan] (1 pass) rules work I give some examples of various hacking
Thresholds: runs.
Active and Passive Node: 1
Hidden Node: 10
Dice pool modifiers: 2.8.1 Hacking into a host and per-
access ID is known: +6 forming a data steal
location known to 1 meter: 0
The first example is about a hacker who is hacking
location known to 10 meters: -3
location known to 50 meters: -6 into a heavily secured node to perform a data steal.
low traffic area: -0 He knows exactly what file he wants to steal and is
medium traffic area: -3 already in front of this node.
high traffic area: -6
Description: Scanning is used for two purposes: (H) Hacker
Logic: 4(6) (with Cerebral Booster)
To find the exact physical location of a node
Hacking: 5 (specialization stealth)
with known access ID, or to find the access ID Data Search: 5
of a node with known location. To scan a node Hot-SIM: +2 dice
one has to be in signal range of the node and
vice versa. • Firewall: 5
Note that active and passive nodes automat- • Response: 5
ically establish a connection when in signal • Firewall: 5
• Signal: 5
range.
Loaded programs:
• Exploit 5
2.7 Security measures • Analyze 5
• Browse 5
What does a node do after it achieved net hits in • Stealth 5
an opposed hacking test, or during the initial hack
in? Not loaded programs:
As mentioned before, the node will only then take • Edit 5
extreme measures when the hits are equal to the
stealth program the hacker is running. Before that, (N) Node
it will try to futher evaluate the situation and take Firewall: 4
some passive security measures. After the node is System: 4
sure of the hack, it will take active security mea- Signal: 4
sures. Response: 4

Passive measures: Loaded programs:

• Analyze 4
• track the suspicious persona
• load additional IC (IC1) IC: Patrol-1
• inform security hackers • Pilot 4
• Analyze 4
Active measures: • Attack 4
• go into active alert • Armor 4
• attack the suspicious persona (IC2) IC: Patrol-2
• terminate the connection of the suspicious per- • Pilot 4
sona • Analyze 4
• load additional IC • Attack 4
• shot down the node • Armor 4

24
CHAPTER 2. BALANCING AND BASELINE 2.8. SAMPLE HACKING RUNS

Steps (in the case of back doors) of the used Stealth pro-
(H) Hacking In gram to find stealthed backdoors. IC would resist
(N) Noticing the Hack with Pilot (representing Logic) and Stealth (repre-
(H) Matrix Perception senting the hacking skill for stealth) [Stealth].
(IC1) Matrix Perception For ease of gameplay, the GM is only rolling this
(H) Stealth roll test for stealthed objects. If the hacker wants to
(IC2) Matrix Perception
further examine something he has already detected
(H) Stealth roll
to gain further information he must explicitly say
(H) Unload Exploit
(H) Load Edit so. As the two patrolling IC are not stealthed, the
(H) Browsing for Data hacker sees them without performing any test. The
(H) Browsing for Data GM does not have to roll for stealthed objects,
(N) Noticing the Hack as neither the IC, nor the node, are running any
(IC2) Noticing the Hack stealth programs.
(H) Stealth roll
(H) Downloading the Data (IC1) Matrix Perception Pilot + Analyze
(N) Noticing the Hack
[Analyze]: 4+4 = 3 hits
(IC2) Noticing the Hack
(H) Stealth roll The patrolling IC Patrol-1 is set to constantly
(H) Logging off analyze the node for intruders. As the hacker has
a valid user account for this session, he is no in-
truder, but the IC will have to detect the presence
Explained
of the hacker to note any hacking actions he might
(H) Hacking In Logic + Hacking [Exploit] undertake. As the hacker is running a stealth pro-
(Firewall, 1 Turn): 6+5+2 = 4 hits, 7 hits (reduced gram, the IC must undertake an opposed test to
to 5+2/2 = 6 hits) detect him. For ease of gameplay, this test should
The hacker is trying to hack into the node on be rolled by the GM.
the fly. He is going for a user account. He has to
engage in a Logic + Hacking [Exploit] (Firewall, 1 (H) Stealth roll Logic + Computer [Stealth]:
Turn) test, to do so. 6+5+2+2 = 4 hits
The GM rolls 4 hits for the hacker. The IC does
(N) Noticing the Hack System + Firewall: not detect the presence of the hacker. Unless some-
4+4 = 2 hits, 3 hits thing happens, the IC will not attempt again to de-
The node is trying to notice that somebody is tect the hacker. If the IC tries again, it will have a
hacking in. It rolls System + Firewall, as in every -2 dice penalty for trying again, but normally only
test when a node resists a hacking attempt. Be- one perception test is rolled.
cause this is a ”hack on the fly” attempt, for every
roll 1 is added to the security tally, even if no net
(IC2) Matrix Perception Pilot + Analyze
hits were generated.
[Analyze]: 4+4 = 5 hits (reduced to 4+1/2=5 hits)
In the hackers first try node scores 2 hits, which
The second IC (Patrol-2) is trying to detect the
leaves the hacker with 2 net hits. That’s still 2 to
hacker, too.
go. In the hackers second try, the node scores an-
other 3 hits, leaving the hacker with a sum of 6
hits and beating the threshold. The hackers secu- (H) Stealth roll Logic + Computer [Stealth]:
rity tally is 2 now. 6+5+2+2 = 5 hits
The IC has hit the threshold in this opposed test.
(H) Matrix Perception Logic + Computer It has detected the hacker. As the hacker has a
[Analyze] (Stealth) valid user account for this session, the IC does noth-
The hacker is setting his analyze program to ing else.
constantly analyze his surroundings. He is rolling
Logic + Computer [Analyze] to beat a threshold (H) Unload Exploit Simple Action

25
2.8. SAMPLE HACKING RUNS CHAPTER 2. BALANCING AND BASELINE

The hacker is unloading his Exploit utility. He IC2 is constantly scanning the node for intruders.
can only have 4 programs running without a re- As the hacker is now trying to o something, that
sponse penalty and wants to load an edit tool. is not covered by his access rights, the IC might
notice it. The GM is rolling an opposed Matrix
(H) Load Edit Complex Action Perception test.
The hacker is loading his edit tool.
(H) Stealth roll Logic + Hacking [Stealth]:
6+5+2+2 = 3 hits
(H) Browsing for Data Logic + Data Search The IC does not notice the hacking attempt of
[Browse] (5, 1 pass): 6+5+2 = 3 hits, 8 hits the hacker.
The hacker is using his user account to browse
for the file he seeks. The GM knows that the file
(H) Downloading the Data Logic + Hacking
is not listed in the directories that are accessible
[Edit] (1, 1 pass): 6+5+2 = 4 hits
for normal users. He decides, that it will need an
The hacker is trying to download the data. As
extended test (5, 1 pass) for the hacker to find, that
the file can only be read (and downloaded) with
the file is not listed in the directories. As this is a
security access, he has to perform a hack to do it.
legitimate action, the hacker uses his data search
In his first try, he rolls 4 hits.
skill. After 2 passes the hacker accumulates 8 hits
and is informed that the file is not listed. IC2 is
constantly analyzing the hacker, but as he is doing (N) Noticing the Hack System + Firewall:
nothing wrong, nothing happens. IC1 is not even 4+4 = 2 hits
aware that the hacker is in the node. The node again tries to detect the hack. It rolls
(Note: Some very high security system might 2 hits, which means the hacker achieves 2 net hits
synchronize the detections of their IC, but this trig- and downloads the file.
gers wrong alarms, very often. In such systems, the
hacker can decide to not conceal his presence, but (IC2) Noticing the Hack Pilot + Analyze [An-
only his actions with his stealth program.) alyze]: 4+4 = 4 hits
As the hacker is again trying to o something, that
is not covered by his access rights, the IC might
(H) Browsing for Data Logic + Hacking
notice it. The GM is rolling an opposed Matrix
[Browse] (1, 1 pass): 6+5+2 = 3 hits
Perception test.
The hacker has not found the files in the user ac-
cessible indexes. He knows that the file is there, so
(H) Stealth roll Logic + Hacking [Stealth]:
he tries to hack into the full file index. This is an il-
6+5+2+2 = 5 hits
legitimate action, as accessing the full file directory
Phew, that was a close one. The IC does not
would need security access. The GM decides that
notice the hacking attempt of the hacker.
finding a simple file in an index is an (1, 1 pass)
extended test.
(H) Logging off The hacker is logging off. Note
that the node accumulated a security tally of 5 and
(N) Noticing the Hack System + Firewall: 4 hits during the hack. This means, the hacker left
8+8 = 2 hits lots of evidence of his activities in the node.
The node is trying to detect that somebody is
hacking into the file system. As the hacker achieves
1 net hit, he is finding the file in 1 pass. he GM may 2.8.2 Hacking through a relay of
note down the 2 hits, as they may act as an addi- linked nodes
tional threshold added to the security tally for the It was discussed a couple of times: What can be
hacker to clear the system logs of his hack attempt. done against a network where several nodes are
linked, using the subscriber rule, together to pre-
(IC2) Noticing the Hack Pilot + Analyze [An- vent, or delay, hacking. A very good example would
alyze]: 4+4 = 1 hit be this:

26
CHAPTER 2. BALANCING AND BASELINE 2.8. SAMPLE HACKING RUNS

A runners has a main comlink A, he uses for Logic: 4(6) (with Cerebral Booster)
normal communication, and 5 ”relay” comlinks Hacking: 5 (specialization stealth)
B,C,D,E,F. Only comlink F has wireless capabil- Computer: 5
ity. The runner uses his main comlink to commu- Hot-SIM: +2 dice
nicate, comlink B only accepts input from A and
C, comlink C only accepts input from B and D and • Firewall: 5
• Response: 5
so forth:
• Firewall: 5
• Signal: 5
A - B - C - D - E - F - WiFi-World

To get to A, a hacker has to hack B,C,D,E, and Loaded programs:

• Stealth 5
F first. But then, in SR4, everything has a device
• Analyze 5
rating. Even our clothes are nodes, as they have • Spoof 5
built in climate control and such. They might only • Sniffer 5
have a device rating of 1, but they would also have
to be hacked. So the runner could do the following: Not loaded programs:
• Exploit 5
A - B - C - D - E - cyberleg - smartgun -
trousers - jacket - glasses - F - WiFi-World (C1) Node
Firewall: 6
This is perfectly acceptable under standard SR4 System: 6
rules, and the first example isn’t even illogical, but Signal: -
a very sensible thing to do. So what to do about Response: 6
this? Just let hackers go through everything?
I propose a rules interpretation that circumvents (C2) Node
possible dice orgies, is fast and understandable: Firewall: 1
A by using Spoof a hacker can disguise as a data System: 1
packet and exploit a node to relay him to his des- Signal: -
Response: 1
tination. He needs the network ID of the host he
wants to be relayed to. If he wants to also spoof (C3) Node
the ID he originated from, he can do so in a sep- Firewall: 3
arate test. Every host, that the hacker is being System: 3
relayed to, may roll against the spoof test with Sys- Signal: -
tem+Firewall If the hacker has at least 1 net suc- Response: 3
cess, he is relayed to the next host in the chain, or
he may chose to hack into the node that is relaying (C4) Node
him using normal ”hacking on the fly” procedures. Firewall: 6
In both cases he may choose to analyze the node to System: 6
get information about the system ratings only. If he Signal: 6
does not have any net successes, he may decide to Response: 6
immediately hack the node in question using stan-
dard ”hacking in on the fly” procedures, use legit Steps
access rights to access the node, or be catapulted (H) Sniffing Traffic
back to the node he started the spoof attempt from. (H)Matrix Perception
When he is relayed to his destination, he may hack (H) Spoofing relay
into the node on the fly, or access it with legit user (C4) Detecting relay spoof
rights. Note that if the relay host, scores any net (H) Analyze action
hits in the opposed test, it has detected that some- (C3) Detecting relay spoof
thing is wrong and may launch security measures. (H) Analyze action
(C2) Detecting relay spoof
(H) Hacker (H) Analyze action

27
2.8. SAMPLE HACKING RUNS CHAPTER 2. BALANCING AND BASELINE

(H) Spoofing relay Logic + Hacking [Spoof]:

6+5+2 = 5 hits
Now, the hacker wants to hide as a communi-
cations data package. He spoofs the ID of such a
package and virtually knocks on the door of the
Johnsons gateway host C4.
C1 C2
(C4) Detecting relay spoof System + Fire-
C3 wall: 6+6 = 4 hits
The C4 chokepoint comlink scans the traffic for
validity before relaying it. It achieves 4 hits in its
C4 test, which leaves the hacker with 1 net success.
The node automatically relays the ”hacker pack-
age” down the subscriber line. If the roll was a
draw, nothing wold have happened. The hacker
would be in a loop for one pass and the node would
then try again.

(H) Analyze action Logic + Hacking [Analyze]:

Figure 2.4: Network architecture of the relay sys- 6+5+2 = 3 hits
tem The hacker wants to know what node he is being
relayed through. He rolls only 3 hits and does not
get the exact attributes of the node, but the Gm
Explained tells him “Looks like security choke point”. With a
mumbling on his virtual lips the hacker is relayed
(H) Sniffing Traffic Logic + Hacking [Sniffer]: to the next node.
6+5+2 = 3 hits
The hacker wants to hack into Johnsons comlink. (C3) Detecting relay spoof System + Fire-
He knows Johnson is extremely paranoid and might wall: 3+3 = 3 hits
have several layers of relay comlinks. He phones The C3 relayhost comlink scans the traffic for
the Johnson to give a status report. As he does validity before relaying it. It achieves 3 hits in its
not want to hack into the MSPs database to get test, which leaves the hacker with 2 net success.
the AID that is correlated to the Johnsons phone The node automatically relays the ”hacker pack-
number and acts as an anonymizer, he is simply age” down the subscriber line.
monitoring the wireless traffic going in and out of
the Johnsons comlink (he has to have access to a
node within signal range of the Johnsons commlink (H) Analyze action Logic + Hacking [Analyze]:
to do that). To intercept the traffic and find out 5+5+2 = 4 hits
which packages are the comm-call he has to succeed The hacker wants to know what node he is be-
in a Hacking+Sniffer test. With 3 hits, he easily ing relayed through. He rolls 4 hits and gets the
intercepts the traffic and finds the right packages. system attributes. The GM tells him the ratings.
The hacker is mumbling “getting better” while he
is relayed to the next node.
(H)Matrix Perception Logic + Computer [An-
alyze] (C2) Detecting relay spoof System + Fire-
As the traffic is not encrypted, the hacker au- wall: 1+1 = 2 hit
tomatically gets the access ID out of the traffic The C2 relayhost comlink scans the traffic for
(threshold 0). If the traffic was encrypted, it had validity before relaying it. It achieves 2 hits in its
to be decrypted first. test, which leaves the hacker with 2 net success.

28
CHAPTER 2. BALANCING AND BASELINE
The node automatically relays the ”hacker pack-
age” down the subscriber line to C1.
(H) Analyze action Logic + Hacking [Analyze]: Signal: 1
6+5+2 = 4 hits
The hacker wants to know what node he is be-
ing relayed through. He rolls 4 hits and get the
nodes attributes. The hacker thinks ”big mistake”
and notes the ID of this node. He might hack in Steps
here later to get some admin privileges and install
a backdoor right in the Johnsons subscriber line.
The hacker is then relayed to the final C1 com-
link, where he may try to hack in, with a Logic +
Hacking [Exploit] vs System + Firewall (Firewall, 1
pass) extended test. But his best choice is to do the (H) Analyze action
whole procedure again and hack, the weak C2 com-
link, get some admin privileges and then sit there
and probe the hell out of the heavily fortified C1
comlink to avoid detection in his exploit attempt.
2.8.3 Hacking into a camera and (H) Locating the node Logic + Electronic
performing overwatch Warfare + [Scan] (6): 6+5+2 = 4 hits, 3 hits
Today the hacker is running with his fellow runners
in a security facility. They have to cross a room
that is protected by a security camera. The hacker
decides to hack into the camera and and use it for
his own purposes. The hacker knows that 90% of
the security cameras are subscribed to a security
node virtually all security devices only have an ad-
min account and thus does not try to hack in going
for user or security access.
(H) Hacker
Logic: 4(6) (with Cerebral Booster)
Hacking: 5 (specialization stealth)
Computer: 5
Electronic Warfare: 5
Hot-SIM: +2 dice
• Firewall: 5
• Response: 5
• Firewall: 5
• Signal: 5
Loaded programs:
• Stealth 5
• Exploit 5
• Edit 5
• Analyze 5
• Agent 5
29
2.8. SAMPLE HACKING RUNS
(C) Camera
Firewall: 3
System: 2
Response: 1
Loaded programs:
(H) Locating the node
(H) Hacking in
(C) Detecting the hack
(H) Unload program
(H) Load program
(H) Edit camera output
(H) Uploading Agent
Explanation
First, the hacker has to find the hidden node of
the camera. He has to succeed in a Scan(6) test
to find the hidden node first. After two turns, the
hacker finds it.
(H) Hacking In Logic + Hacking [Exploit]
(Firewall+1, 1 Turn): 6+5+2 = 4 hits, 3 hits, 6
hits
The hacker is trying to hack into the node. He
is going for an admin account, which will give the
node 4 additional dice to resist. Furthermore, the
node is subscribed to a security host to only receive
data from this one, which raises the threshold for
the hack by one to 5. He has to engage in a Logic
+ Hacking [Exploit] (Firewall+1, 1 turn) test, to
do so.
(C) Noticing the hack System + Firewall + 4:
2+4+4 = 3 hits, 3 hits, 2 hits
The node is trying to notice that somebody is
hacking in. It rolls System + Firewall and can add
4 dice, because the hacker is going for admin access.
As this is a ”hack on the fly” attempt, the node
adds 1 to the security tally, even if no net hits were
scored. As it takers the hacker 3 tries to get in, the
security tally is now 3.
2.8. SAMPLE HACKING RUNS CHAPTER 2. BALANCING AND BASELINE

(H) Matrix Perception Logic + Computer • Exploit 5

[Analyze] • Sniffer 5
The hacker is now in with admin access. He auto- • Stealth 5
matically gets all the information available for the
node. Not loaded programs:
• Edit 5
• Spoof 5
(H) Edit camera output Hacking + Browse vs
System + Firewall (1, 1 pass): 5+5+2 = 3 hits (D) Drone
Although he has admin access, and can do what- Firewall: 3
ever he wants with the node, some actions still need System: 3
tests, which are in this case not resisted by the Signal: 3
node. The hacker wants to edit the camera output Response: 3
such, that it always shows an empty room. The
GM decides that this is a very easy task and will Loaded programs:
need one net hit to do this. Note that the hacker • Encrypt 3 Combat Autosoft 3
does not need to sniff and find the video stream
Steps
first, as there is not much other traffic going out of (H) Locating the Node
the node. (H) Scanning Traffic
(H) Matrix Perception
(H) Uploading Agent The hacker decides to (H) Unload programs
leave an agent in the camera for further servic- (H) Load programs
ing. The agent is instructed to analyze the cam- (H) Spoof Command
era stream for threats, constantly send enemy po- (D) Noticing the Hack
sitions to the hacker and change the camera output (H) Hacking in
if needed. To do this the Agent needs an analyze (C) Detecting the hack
program and and Edit program to change camera
output. Explanation
As the hacker has admin access to the node, no (H) Locating the node Logic + Electronic
test is needed to upload the agent. Warfare [Scan] (6): 6+5+2 = 5 hits, 4 hits
First, the hacker has to find the hidden node of
2.8.4 Commanding an enemy drone the drone. He has to succeed in an Logic + Elec-
and taking it over tronic Warfare [Scan] (6) test to find the hidden
node. With 11 hits he finds it after 2 turnsand has
The hacker has found an enemy combat drone cir- its access ID.
cling over his head, he wants it to stop attacking
him and to take it over afterwards.
(H) Sniffing Traffic Logic + Electronic Warfare
(H) Hacker [Sniffer] (3): 6+5+2 = 4 hits
Logic: 4(6) (with Cerebral Booster) To intercept the traffic from the drone to the con-
Hacking: 5 (specialization stealth) trolling hacker the hacker has to succeed in a Logic
Electronic Warfare: 5 + Electronic Warfare [Sniffer] (3) test. With 4 hits,
Hot-SIM: +2 dice he did it and intercepts the traffic. Note that the
hacker can not read the traffic, as it is encrypted,
• Firewall: 5 but as he is only interested in the AID, he just does
• Response: 5 not care.
• Firewall: 5
• Signal: 5
(H) Matrix Perception Logic + Computer
Loaded programs: [Analyze]
• Analyze 5 The hacker automatically gets the AID of both
• Scan 5 nodes involved in the traffic exchange.

30
CHAPTER 2. BALANCING AND BASELINE 2.8. SAMPLE HACKING RUNS

(H) Unload programs Simple Action

The hacker wants to unload Scan, and Sniffer as
he needs Spoof and Edit for his next move.

(H) Load programs Simple Action

The hacker loads two programs with his simple
action, Exploit and Stealth.

(H) Spoofing Command Logic + Hacking

[Spoof]: 6+5+2 = 4 hits
Now, the hacker wants to spoof a command. He
wants the drone to stop firing at him. To do this
he must succeed in an opposed Logic + Hacking
[Spoof] vs. System + Firewall. He rolls 4 hits.

(C) Detecting spoofed Command System +

Firewall: 3+3 = 1 hit
The Drone tries to validate the command and
rolls System + Firewall. With only one hit, the
drone obeys the hackers command and stops firing.

(H) Hacking In Hacking + Exploit (Fire-

wall+1, 1 Turn): 6+5+2 = 2 hits, 5 hits, 3 hits,
4 hits, 2 hits, 3 hits
The hacker is trying to hack into the node of
the drone. He wants to fully overtake the drone
and goes for admin account. He has to engage in
a Logic + Hacking [Exploit] (Firewall+1, 1 turn)
test to do so, because the drone is subscribed to
only receive input from the original node.

(C) Noticing the Hack System + Firewall +4:

3+3+4 = 4 hits, 4 hits, 3 hits, 5 hits, 3 hits, 4 hits
The node is trying to notice that somebody is
hacking in. It rolls, System + Firewall every time
the hacker is rolling his exploit test. As this is
a ”hack on the fly” attempt, the security tally is
increasing by 1, even if the node got no hits.
Unfortunately for the hacker, the node scores 2
net hits in the first try, 2 automatic increases be-
cause of “hack on the fly” in the second and third
try, and 3 net hits in the fourth, fifth and sixth
try. This exceeds the rating of the hackers stealth
program. Furthermore, the hacker was not able to
score the 5 net hits needed to brake in, in his 6 tries
allowed for a skill of 5.
So the hacker is left with an alarmed rigger and
a failed hack in attempt. Maybe he will go for a
less difficult user access next time.

31
2.8. SAMPLE HACKING RUNS CHAPTER 2. BALANCING AND BASELINE

32
Chapter 3

Augmented Reality

3.1 Why AR? not use transducers comlinks, cameras and all the
stuff, the GM should be really strict and dissallow
Why should a runner use his comlink at all? Why any communication (sometimes even give false in-
not shut it down on a run and be unhackable? Be- formation) to make clear what the difference is.
cause most of the time, when you got a good com-
link defense, the advantages are worth much more
than the drawbacks. 3.2 Using AR
• live video (view from each teammate) fee from 3.2.1 AR representations
teammates (needs cameras)
A person with a comlink in active mode is con-
• live audio (voice communication) feed from tinuously broadcasting a lot of information: Sin-
teammates (needs microphones) gles are broadcasting their profile and the profile
• live bio (condition monitor) feed from team- they are looking for, in bars, they are broadcasting
mates (needs biomonitor) their drinking wished before they arrive, in sport
clubs they broadcast dates where they are looking
• live ballistic (targets, ammunition, ...) feed for sport partners and in night clubs they might
from teammates (needs smartgun) broadcast ambient lighting for themeselves. The
question is, how is all this represented in AR?
• live sensor (audio, video, heat, ultrasound, ...) There is essentially two types of information:
feed from drones nearby (needs drones) Data information information that can be displayed
• live sensor (audio, video, ultrasound, radar, ...) in any way the receiving user likes, and sense infor-
feed from nearby sensors (needs nearby sen- mation that is either accepted or not.
sors, hacked or open) For example, a shop could be sending out visual
information like price tags next to every item and
• live GPS overlay (position of friends, enemies, a small audio message explaining the advantages of
assets) the product once somebody steps close to it. Or
a guy in a bar could broadcast some music and a
• ”see through walls” (if video data from other
nice smell in his vicinity. The receiver has only
side available)
two options: Either accept the sense feed and let
• RFID signals overlay the AR equipment interpret the data, or block it.
As almost everybody and everything is trying to
If every teammember is equipped with the above, force their personal AR feed on others, it is very
the GM has a very good excuse to allow the usual important to have a good spam filter on what to
”out game” chatter that occurs during combat, be- allow and what not.
cause the players know everything and try to co- Data information, on the other hand, can be in-
ordinate. Now they officially can do it. If they do terpreted to the end users liking. In a night club,

33
3.3. AR SAMPLES
where all the singles are broadcasting their personal
profile with tons of data about them, one could pro-
gram ones comlink to display a three dimensional
heart over all those who’s profile is meeting ones
demands. Or the heart could be bigger or redder
the better the match is. It is also possible to play a
warning sound everytime somebody is coming close
who might be boring. All this depends on the cre-
ativity of the comlink user.
3.2.2 AR interaction
There are several devices you can use to output
your AR feed:
• Glasses, contact lenses, cybereyes: They pro-
vide visual data input
• Earbuds, cyberears: Let you experience audio
data input
• AR Gloves, touch link: Provides tactile per-
ception of input data
Note that a sim module does not only provide full
VR but can also supply every sense (video, audio,
smell,tactile perception...) with AR input.
There are two methods to interact with AR con-
structs:
• AR gloves, touchpads, keyboards, scroll wheels
and other hardware.
• A direct neural interface (DNI). A direct neu-
ral interface can be provides via trodes, an in-
ternal comlink, or a data jack.
3.3 AR samples
Some fast and dirty stuff to use as baseline for GM
creativity. AR possibilities are almost endless and
GMs should award creative AR use of their players.
On should also remember, that NPCs use AR, too
(and can be hacked to the PCs advantage). (Note:
If subject using the AR in question is being fed
wrong information, the GM should use double the
amount of dice given and subtract the result from
the players hits, resulting in an effective negative
modifier)
34
CHAPTER 3. AUGMENTED REALITY
Floor plan overlay
A floor plan is overlaid over the character’s vision.
He can “see” through walls getting polygon infor-
mation about what is beyond and zoom around. If
sensors are included, the “threat” area of each sen-
sor is marked in various color tones of red displaying
the field of vision of cameras, heat sensors, position
of ultrasound emitters and their sound projection
path, lasers and other stuff.
Needs:
• a detailed 3D floor plan
Advantages:
• + 1 die to athletic tests in the building
• + 1 die for shadowing tests in the building
• + 1 die for infiltration tests (+2 dice if sensors
are included)
Live room view
One or more live view(s) of the room from an ad-
vantageous position (other than the character) are
projected into the field of vision of the character.
Needs:
• live visual data from advantageous position
Advantages:
• + 2 dice for perception tests (only applies
when subject can be perceived via the supplied
sensor)
• + 1 die for shadowing tests
• + 1 die for melee combat
Tactical battle overview
The character has access to the position of enemies
and allies on a floor plan. The positions are overlaid
to his vision as blimps and the floor plan is overlaid
as a three dimensional grid. He can see the enemy
blips moving even through walls.
Needs:
• a detailed 3D floor plan
• positional data of all enemies (involved in the
test)
Advantages:
• + 3 dice for suprise tests
• + 1 dice for shadowing tests
• + 1 die for infiltration tests
• + 1 die for indirect fire
CHAPTER 3. AUGMENTED REALITY 3.3. AR SAMPLES

Full battle overview

The character has access to the position of enemies
and allies on a floor plan. Furthermore each enemy
is spotted by a camera supplying additional data
(posture,facing, weapon, armor) that is overlaid all
the time and will be projected even through walls.

Needs:
• a detailed 3D floor plan
• positional data of all enemies (involved in test)
• detailed visual data of all enemies (involved in
test)
Advantages:
• + 3 dice for suprise tests
• + 2 dice for shadowing tests
• + 1 die for infiltration tests
• + 1 die for indirect fire
• + 1 die for direct fire

35
3.3. AR SAMPLES CHAPTER 3. AUGMENTED REALITY

36
Chapter 4

Rigging

4.1 Attributes and tests 4.2 Vehicle nodes

Vehicle nodes are regular nodes with the usual at-
Rigging while jumped in work exactly like driving tributes. Most vehicles and all drones have an agent
a vehicle physically. Only the physical attributes running, the so called drone pilot. This pilot is
are exchanged with virtual rigging attributes: just a normal agent running not matrix software
but autosoftware that mimics physical skills. The
rating of the pilot is used when normally a mental
Table 4.1: VR Attribute Table attribute of the rigger was appropriate.
Typically vehicle nodes have attribute ratings of
Attribute VR (Drone) Attribute 3. But like all other nodes, they can be upgraded.
Agility Intuition (Pilot)
Intuition Drone Sensor
Willpower Object Resistance 4.3 Autosofts
Reaction Commlink (Drone) Response
Body Drone Body Autosofts act as the pilots skill. Without Autosoft,
Strength Body x Acceleration a pilot can perform only very basic actions, vital to
maneuvering and orienting in the physical world.
Autosofts with an asterisk can not be used by de-
Rigging actions are carried out exactly as real faulting to pilot. Available autosofts are:
world actions (using the appropriate attributes).
Additionally a rigger (or drone) has the following • Maneuver Ground Craft (Pilot Ground Craft)
options: • Maneuver Watercraft (Pilot Watercraft)
• Maneuver Aerospace* (Pilot Aerospace)
• Maneuver Aircraft* (Pilot Aircraft)
4.1.1 Sensor assisted gunnery
• Maneuver Anthroform* (Pilot Anthroform)
A rigger may chose to get an active lock on a tar-
• Maneuver Exotic Vehicle (Pilot Exotic Vehi-
get. To do this he must spend a complex action for
cle)
a Sensor + Perception test. Apply standard cover
modifiers and an additional -3 dice pool modifier • Targeting* (Gunnery)
for targets not powered by a combustion engine.
Any hits generated in the sensor test grant addi- • Defense (Dodge)
tional dice for any gunnery test directed against • Clearsight (Perception)
the locked on target as long as line of sight is main-
tained. • Evade* (Infiltration)

37
4.4. DRONE SECURITY CHAPTER 4. RIGGING

• Orientation (Navigate)

• Repair Aeronautics* (Aeronautics Mechanic)

• Repair Automotive* (Automotive Mechanic)

• Repair Industry* (Industrial Mechanic)

• Repair Nautical* (Nautical Mechanic)

• Biotech* (First Aid)

4.4 Drone Security

Drones are intrinsically very vulnerable to hacking
attacks. To avoid this, a number of measures can
be taken:

• hidden mode

• admin access only

• hardwired admin accounts

• hardwired subscription list

• patrolling IC

The hardwired admin accounts and subscription

list do not prevent hacking, but they prevent the
intruder from fully overtaking the drone as the le-
gitimate user will always be able to log into the
vehicle node and combat the intruder.

38
Chapter 5

Technomancers

5.1 Creating a Technomancer a +2 dice modifier for any matrix perception tests.

Creating a Technomancer works exactly like creat-

ing a magician, with the exception that the Techno-
mancers additional attribute is Resonance instead
of Magic and he is buying complex forms instead
of spells. The same restrictions for complex forms
apply as for spells.
5.2 Concepts
5.2.1 The living Persona
A Technomancers brain works just like a comlink,
with two exceptions: It does not have any kind of
storage. This is no problem as everything around
the Technomancer has it. Most optical datachips
are wireless these days, so the data can just be
transferred to it. The second expection is, that
the Technomancers brain can not be hacked, as it
is not a node. It is the only case of a pure persona,
without a node it is running on up to date.
The attributes of the persona depend on the
mental attributes of the Technomancer:
Table 5.1: Living Persona Table
Persona Attribute Mental Attributes
Firewall Willpower
System Logic
Response Intuition
Signal Resonance/2
Biofeedback Filter Charisma
A Technomancer accesses the matrix allways in to see, hear and feel data input streams just like
hot VR (with the related boni). In addition he gets everybody else with an internal comlink using AR.
5.2.2 Threading
A Technomancer is able to improvise or enhance
complex forms by threading. To do so he rolls Res-
onance + Software. The net hits are either the
rating of an improvise complex form, or bonus dice
to a test involving an existing complex form. While
a Technomancer is sustaining a thread he gets a cu-
mulative -2 dice pool modifier for any test not in-
volving this complex form. Furthermode the Tech-
nomancer is subject to Fading of a value equal to
the hits in the threading test.
5.2.3 Sprites
A Technomancer can compile/register/decompile
matrix sprites just like a magician can sum-
mon/bind/banish spirits. He just uses the appro-
priate skills and Resonance instead of Magic. Fur-
thermore he is subject to fading just like the magi-
cian is subject to drain.
5.3 Day to day life
There are several questions about what a Techno-
mancer can do and what he can not do.
The first thing to know is, that a Technomancer
does have an access ID. This means that he can be
called as long as this access ID is registered with a
matrix service provider, just as any other comlink.
This also means, that he can be triangulated.
Another important thing to note is that a Tech-
nomancer has a built in sim module. He is able

39
5.4. TECHNOMANCER TECHNOLOGY CHAPTER 5. TECHNOMANCERS

Technomancers can be jammed just like every

other electromagnetic wave receiver.

5.4 Technomancer technology

40