These rules are not yet canon for my current campaign.
All resistance rolls below are expressed as an Attribute plus one of the ASDF stats. However, this only applies when the defender is a persona. When it is a host or device, substitute values for the roll as follows:
Determine threshold and base time as below. Hits over threshold used to divide the base time. If the test fails, the character spends the full time looking before coming up empty-handed.
|General knowledge / public||1||1 min|
|Of limited interest / not publicised||3||30 min|
|Hidden / actively hunted & erased||6||12 hrs|
|Protected / secret||N/A||N/A|
Suggested dice pool mods:
When looking for specific files inside a host, use thresholds as above. The base time is always 1 minute.
To spot nearby silent running icons on the local mesh: do an opposed test as above (ie against the icon’s Logic+Sleaze.) The decker rolls once against every silent running icon, and spots all the ones that fail the test in one go.
Repeated attempts within a short period of time take a cumulative -1 penalty, as usual.
To examine a device, roll a simple test. Each hit answers one question from CRB page 235.
Roll: Hacking + Logic [Attack] or [Sleaze] Resist: Willpower + Firewall
Roll: Hacking + Logic [Attack] Resist: Willpower + Firewall
Roll: Hacking + Logic [Sleaze] Resist: Willpower + Firewall
Ideally, the decker first does Probe to scout the target for security vulnerabilities: roll as above, take net hits, split into two groups as decker wants.
To actually hack the system the decker does Backdoor Entry to use the discovered vulnerabilities to get access. Same test as above.
Probe opposed test has 4 net hits. Decker uses 2 hits to reduce the time, keeps the other 2 hits back. The Probe action takes 30 minutes.
Decker rolls for Backdoor Entry and gets 4 net hits, choosing to take Admin access. They’re not maintaining access to any other systems. Later, the decker has to use a Data Spike against hostile IC. That would normally start the Overwatch Score clock, but the decker has 2 Combat Turns before that happens because of the Probe result.
If the decker then goes on to Brute Force a second system, the OS score starts counting up immediately, including for the first system that was hacked via Probe.
Roll: Cybercombat + Logic [Attack] Resist: Willpower + Firewall
Ways to deal damage or crash software. These are all Complex actions.
Data spike: does (net hits + Attack) boxes of Matrix damage, resisted by the target with Device Rating + Firewall.
Popup (requires User access): Target must be a persona using AR. Flooded with Matrix spam. Takes (net hits) as a negative ongoing dice pool penalty to all tests until the end of the next turn.
Denial of Service: Target is one or more specific devices. Target’s data streams are polluted with noise. Take 2*(net hits) as an ongoing penalty to all use of the device until the end of the next turn.
If the decker has no access, this can only be used against a single device. If the decker has User access to a PAN or host, it can be used against up to 3 devices that are in that PAN/WAN. If the decker has Admin access, it can be used on 6 devices.
“Devices” can include smartguns and cyberware. If a given action is affected by Denial of Service more than once - eg. if DoS is used against a character’s cybereyes, and cyberarm, and smartgun - then the penalties stack.
Roll: Computer + Logic [Data Processing] Resist: Willpower + Firewall
Once you have access on an icon (or the PAN/WAN that it is part of), you can do the following actions to it without any further tests.
If you have User level access:
Edit file (no test, Complex action) - create, change, copy, delete, or protect any type of file.
Note that some of these actions (particularly copy) may not complete instantly. The decker doesn’t need to spend any other actions, but they may need to wait.
If the edit is particularly intricate or tricky, GM may call for a test of Computer + Logic [Data Processing] vs a threshold to determine how successful it was.
Send message (Simple action) - send a message to a person or an order to a drone or other semi-smart device. Can be textual, audio, a picture, or a short video clip.
Control device (Simple/Complex depending on what you’re doing) - may require a test depending on what the goal is eg. shooting a turret requires a Gunnery roll. Control Device cannot override the neural connections used control cyberware.
If you have Admin level access:
Some actions still need tests however. These both need User level access to the file in question:
Roll: Electronic Warfare + Logic Resist: Willpower + Firewall
These are all Complex actions.
Snoop (no access required): listen in on the link between any two or more devices. Can be used to monitor a video feed, listen to an audio call, intercept commands sent to drones, etc.
Note that if you have Admin access to any device in the link, you can perform Snoop without any test being required. You only need to roll the above test if you do not have access to the devices.
Once you have performed Snoop, you can also insert hacking commands into the datastream to hack the remote device. This can even be achieved if the remote device is outside of local mesh range. Roll Probe/Backdoor Entry/Brute Force as normal.
Spoof Command (no access required): send a single command to a device, carefully constructed to look like it came from a legitimate source. See below for discussion.
Subvert Infrastructure (requires User access): Take control of up to (net hits) simple infrastructure devices connected to the PAN/WAN. Control continues as long as the decker maintains access to the host. Examples of devices include traffic lights, vending machines, home appliances, desk lamps, etc. Different commands can be issued to multiple devices for a single Simple action.
Squelch (no access required): prevents target device from calling or sending any messages for (net hits) number of minutes. If the target is a host subsystem, it prevents alerts leaving that subsystem and deploying IC in other subsystems for (net hits) combat turns.
Spoofed commands are considered to have User level access, not Admin. This causes some limitations in what you can do with Spoof Command, such as:
But some things you cannot do with Spoof Command: