A N A L Y ZE

+ Computer (or Firewall)

COMMON USE

B R OW SE
+ Data Search

COMMON USE

C OM M A N D
+ (Varies)

COMMON USE

EDIT
+ Computer

COMMON USE

Use a Simple Action to Analyze Icon/Node. Make a Matrix Perception test using your Computer + Analyze program. For each hit scored, you can ask for one piece of information about the object (type, rating, alert status, etc., see pg 228). If your target is running a Stealth program, the test becomes an Opposed Test, with the target rolling Hacking + Stealth (or Firewall + Stealth for programs or nodes). Detect Hacking on the Fly attempt or Probing with a free roll using Analyze + Firewall (hackers Stealth) Extended Test. Use + Data Search to find all of the agents in a node.

Browse programs are specialized search routines that help track down information on a particular node or in the Matrix at large. Use Browse programs for Data Search actions (p. 230). Extended Test with a variable threshold and interval, depending on the general availability of the information in question and the area being searched, respectively.

Command programs give the user a modular and customizable control interface for various devices. This allows the user to control a device through the Matrix (p. 245), whether it be a surveillance camera, a drone, or any other Matrix-capable device.

Edit allows you to create, change, or delete any kind of file. A Complex Action is required to alter one detail of a file: about a sentence of text or a detail of an image or about a second of video or audio. This requires a successful Computer + Edit Test with a threshold set by the gamemaster. Continuous editing of a devices output requires the expenditure of a Simple Action every Initiative Phase for the duration. Note that controlling the device (via the Control Device action, p. 229) may allow you simple control similar to Edit (i.e., by freezing image capture at source or turning off audio reception).

E NC RY PT
+ Electronic Warfare

COMMON USE

R E A L IT Y F I L T E R
+ Response vs System + Response

COMMON USE

S C AN
+ Electronic Warfare (or Data Search)

COMMON USE

ARMOR
+ System

HACKING

Encrypt programs utilize various cryptographic schemes and ciphers to secure files, nodes, and communications. Encrypted items can be decrypted with the proper passcode, otherwise they are gibberish. Use a Simple action to encrypt a file, set of files, node, or communication link. You also choose a passcode that you or another user can use to decrypt the file. You may encrypt multiple files together into a single archive file. You may also attach a data bomb (p. 233) to an encrypted file.

A Reality Filter program translates a nodes VR sculpting into a metaphor of your choice by attempting to interpret the nodes algorithms. When you first run this program or enter a node while it is running, make an Opposed Test between your Reality Filter + Response and the nodes System + Response. If the filter wins, your preprogrammed paradigm overrides the nodes signals and you receive a +1 Response bonus while in that node. If the node wins, or a tie results, its metaphor overwhelms the filter enough that you suffer 1 Response while in the node.

Scan programs allow you to locate wireless networks. To attempt to locate a hidden node, you must be aware of the node, or at least have a good guess of where the device should be (for example, if your commlink is not detecting a node for Mr. Johnson but you are pretty sure he has a PAN, or when you can see the security drone but it is operating in Hidden mode). To find the node, make a Electronic Warfare + Scan (4) Complex Action. Or you may search for Hidden nodes with an Electronic Warfare + Scan (15+, 1 Combat Turn) Extended Test.

Armor programs are software redundancy and automatic backup systems that protect icons from attacks that cause Matrix damage (p. 237). Matrix damage to an icon from an Attack program is resisted with a System + Armor program Test. (Damage from a Black IC attack is resisted with Willpower + Biofeedback Filter). Deduct each hit scored on this test from the modified Damage Value; any DV left over is applied to the targets appropriate Condition Monitor.

ATTACK
+ Cybercombat vs Response + Firewall

HACKING

BIOFEEDBACK FILTER

HACKING

B L A C K H AM M E R
+ Cybercombat vs Response + Stealth

HACKING

B L A C KO U T
+ Cybercombat vs Response + Stealth

HACKING

+ Willpower
Damage from a Black IC attacks is resisted with Willpower + Biofeedback Filter. Deduct each hit scored on this test from the modified Damage Value; any DV left over is applied to the targets appropriate Condition Monitor. Any attempt by the user to jack while under attack by Black IC takes a Complex Action and an Opposed Test between the users Willpower + Biofeedback Filter and the Black IC rating + Response. If the Black IC ties or scores more hits, it prevents the user from jacking out. The Damage Value for dumpshock is 5S for cold sim users, 5P for hot sim users. Resist dumpshock damage with Willpower + Biofeedback Filter rating. You also suffer disorientation in addition to the damage: you suffer a -2 dice pool modifier on all actions for (10 - your Willpower) minutes.

Attack programs are hostile code carriers that attempt to kill processes, introduce random input, create program faults, and otherwise try to crash an icon or program and are used in cybercombat (p. 236). To attack another icon, make an Opposed Test. Hackers attack using Cybercombat skill + the rating of the program they are using. The defending icon rolls Response + Firewall. If the attacker scores more hits, the attack succeeds, otherwise the attack fails.

Black Hammer is a black IC program that samples the command transactions between the target and his commlink and injects dangerous biofeedback responses into the targets simsense interface. Black Hammer is intended as a weapon against hackers in full VR using hot sim causing Physical damage rather than Matrix damage in cybercombat (Opposed Test vs Response + Stealth, p. 237). Against cold sim VR users, it only inflicts Stun damage. It has no effect on programs, agents, IC, sprites, or AR users.

Blackout is black IC program that is a nonlethal version of Black Hammer. It causes Stun damage to both hot sim and cold sim VR users. Like Black Hammer, it is used with the Matrix Attack action (Opposed Test vs Response + Stealth, p. 231) and has no effect on programs, agents, IC, sprites, or AR users. Damage from Blackout does not overflow into the Physical Condition Monitor.

D A T A B OM B
Rating x 2 vs (Hacking + Disarm)

HACKING

DECRYPT
+ Electronic Warfare vs Encryption Rating x 2

HACKING

D E F U SE
+ Hacking vs Data Bomb Rating x 2

HACKING

ECCM
+ Signal rating (+ Electronic Warfare)

HACKING

To set a Data Bomb you must choose the rating (up to Program rating), whether or not it will delete the file or crash the node as a secondary effect, and the passcode required to deactivate it. To disarm a data bomb, make an Opposed Test between your Hacking + Disarm and the Data Bomb Rating x 2. If you score any net hits, the data bomb is removed and deleted. If not, the data bomb activates. Data bombs inflict a number of boxes of Matrix damage equal to (rating x 1D6), then the data bomb is deleted.

Cryptanalysis is an Electronic Warfare + Decrypt (encryption rating x 2, 1 Combat Turn) Extended Test. When you reach the threshold, the encryption is broken. When you break the encryption of a file, the file becomes decrypted. When you use this on a node, you may access that node, but it remains encrypted to others. Once you have initiated cryptanalysis, your Decrypt program takes over and runs autonomously, using your Electronic Warfare skill rating. A running Decrypt program can only work on one encryption at a time, but multiple Decrypt programs can work on different encryptions simultaneously; each making its own Extended Test and cannot collaborate with other programs.

The sole purpose of the Defuse program is to deactivate data bombs that are protecting files or devices. It is used with the Disarm Data Bomb action (p. 230). To disarm a data bomb that you have detected, make an Opposed Test between your Hacking + Disarm and the Data Bomb Rating x 2. If you score any net hits, the data bomb is removed and deleted. If not, the data bomb activates, causing its damage and possibly destroying any file to which it was attached.

Electronic counter-countermeasures (ECCM) filter out jamming signals that attempt to disrupt a wireless connection. An ECCM program adds its rating to the Signal rating of the device on which it is running when defending against jamming (see p. 246). Jamming on the fly (Unwired, p. 105) is a Complex Action and requires some device with a Signal rating (such as a commlink, radio, or drone) to act as an impromptu jammer. Make an Opposed Test between the riggers Electronic Warfare skill + Signal rating and the targets Electronic Warfare + Signal Rating + ECCM. If the Opposed Test is successful, the signal is jammed; otherwise it is unaffected.

E X P L OI T
+ Hacking

HACKING

M E DI C
+ Computer (Damage Taken x 2)
Use Medic to repair Matrix damage inflicted on icons.

HACKING

S N IF F E R
+ Hacking (or Electronic Warfare)

HACKING

S P O OF
+ Hacking vs Computer + Track

HACKING

Hack on the Fly (p. 230 & p. 235) to create an account for yourself on another node. Make a Hacking + Exploit (targets Firewall, Complex Action) Extended Test. Probing (p. 236) is a Hacking + Exploit Extended Test with a threshold equal to the targets System + Firewall. The interval is 1 hour in VR, 1 day by AR. Security accounts increase threshold by +3; Admin accounts by +6. The target node gets one free Analyze + Firewall (hackers Stealth) Test when you first log on with the hacked account. If the node detects you, an alert is triggered (Alerts, p. 238). Crashing Nodes and Programs (p. 230). Make a Hacking + Exploit (System + Firewall, Complex Action) Extended Test. When you reach the threshold, the node is crashed and reboots (p. 238) or the Program is crashed.

Repair Icon action (p. 231); Make a Computer + Medic (damage taken x 2, Complex Action) Extended Test. When the threshold is reached, all damage is removed from the target icon. Note that it is possible for the threshold to change during the Extended Test if the icon suffers further damage.

Intercept Traffic (p. 230); Make a Hacking + Sniffer Test; the hits from this test are the threshold for others to detect the snooping. If you want to block or alter some of the traffic before sending it along, you must use the Edit action. To insert fake traffic, make an Opposed Test of Hacking + Sniffer vs Firewall + System. Capture Wireless Signal (p. 229); You must be within the devices Signal range and succeed in an Electronic Warfare + Sniffer (3) test, and then you may copy, record, or forward the traffic without another test as long as you remain within the target devices Signal range and keep the Sniffer program running. There is no way for other parties to detect your capture.

Redirect Trace (p. 231); Make an Opposed Hacking + Spoof vs. the tracking icons Computer + Track; the number of net hits from this test are added to the threshold that the tracking icon needs. You may take this action multiple times against the same target. This action only works against a tracking attempt in progress. Spoof Command (p. 232); You must have an access ID from which the target accepts commands (usually by making a Matrix Perception test on the authorized source or by tracing its icon). Choose a command (p. 229) and make an Opposed Test between your Hacking + Spoof and the targets Pilot + Firewall (System + Firewall for peripheral devices); if you succeed, the target accepts the command as legitimate.

STEALTH

HACKING

TRACK
+ Computer (-Stealth)

HACKING

Stealth is a clever hacker program that attempts to hide the hacker from other system processes. While it cannot make an icon completely undetectable, it makes the hacker seem innocuous by obfuscating his activities, erasing system tracks, and mimicking authorized traffic. While it is not used for any action, Stealth hides the hacker from detection by the Firewall as he breaks into a system (p. 227), as well as from Matrix Perception tests (p. 228) and Trace User attempts (p. 232, Computer + Track - Stealth (10, Complex Action) Extended Test. The target may increase the threshold with the Redirect Trace action).

Track programs systematically analyze a users connection and follow the datatrail back to the originating node. Trace User (p. 232) back to its originating node with a Computer + Track - Stealth (10, Complex Action) Extended Test. The target may increase the threshold with the Redirect Trace action. Success grants the targets access ID and the location of the device housing the originating node (usually the users commlink). If the target is using a wired connection to the Matrix, you learn his exact location. If he is using a wireless connection, you have his location triangulated to within 50 meters. As long as you keep your Track program running, you may continue to monitor the targets location.

<PROGRAM NAME>
<+ Skill Most Used>
<Artwork>

PROGRAM TYPE

<Program Rating: (Use a Red marker to fill in your current Program Rating or cut/paste supplied dot pics)>

<Generalized rules and most common actions used with this program.>