Getting Hardware

Datapads are the device of choice for the masses. Wafer thin and about the size of a smartphone, datapads are as powerful as a 21st century computer - which means that they’re more than enough for the casual user. You can also get smaller “headless” versions with no screen - they look a bit like a credit cartridge, and are meant to be used with smart peripherals. They impose a -2 penalty to Hacking rolls due to their unsuitability for heavy-duty work.

Terminals are basically desktop computers, and are miniature supercomputers by 21st century standards. They’re not a common fixture in most family homes - a datapad is enough for most people - but you might find them in the house of a hardcore hobbyist, scientist or hacker. They’re also an integral part of any starship.

Decks are portable terminals, a hacker’s best friend and the Firmament’s equivalent of a laptop. They don’t have a screen or keyboard though - they look like featureless plastic bricks about the size of a hardback book, with some retractable ports and lenses on the side. They’re almost always used with smart peripherals, but if necessary can be used in “projector mode” by setting them down on a flat surface and interacting with a 3-dimensional hologram.

Mainframes are big servers with vast amounts of processing power and storage space - the kind of thing that can calculate a navkey for interstellar travel. It’s not uncommon for a big corporate office to have a single mainframe and no terminals at all - individual employees just connect with a pair of smart goggles or a holoprojector station.

Smart Peripherals

Staying anchored in “flatland”, as hackers call it, is fine for the casual user or the terminal drone in a corporate office. More active types find it restrictive and inconvenient though, and these power users prefer to connect their device to a pair of smart glasses or lenses.

Most of the time, these peripherals run in HUD mode. The user’s vision is overlayed with an unobtrusive user interface, and sophisticated cameras and object recognition protocols allow them to interact with their device using gestures and eye movements. For making a phone call, doing a quick search or other basic tasks, this is the best of both worlds.

For more absorbing tasks you can switch to VR mode, known as “goggling in” by hackers. With your entire vision filled by the user interface, you can immerse yourself entirely in cyberspace without needing to sit at a terminal or stand in front of your deck like an idiot. This is generally required for hacking, interacting with complex applications, and similar tasks.

Full Immersion

For some people, a pair of goggles isn’t enough. The next step up is a SenseNet - a web of electrodes that is usually contained neatly in a cloth headband. You connect it to your deck or terminal directly, and it allows you to experience what is known as “full sensory immersion”. Ordinary folks use a SenseNet to experience VR on a level that is impossible with some smart goggles and a fancy camera - in fact, SenseNet is the most common reason for consumers to purchase their own terminal. But the instant reaction times afforded by a SenseNet are useful to hackers, too.

Hacking while fully immersed in cyberspace is a rush, and gives you the edge that every netrunner seems to need. The interface is the same, but you’re not limited by the latency between your brain and your hands. As soon as you can think a command, it’s happening. There are dangers, though - when you put on a SenseNet, the grid is no longer an abstract thing. It’s real and dangerous - suddenly terms like “biofeedback” and “neural static” become scary. Being immersed in a SenseNet has the following effects:


Every system - whether it’s a radio detonator, a corporate node, or a hacker’s deck - is rated by the quality of its ICE (intrusion countermeasures & electronics). This rating represents the overall computing power of the system and how forgiving it is to hack with, as well as how good its security protocols and defenses are. A deck with high ICE has less reaction lag and can handle more strain, making it more likely that you’ll complete the run without tripping the alarms or getting booted out of the system.

The table below gives the different levels of ICE that systems can have, along with how much it’ll cost to get a deck with that level of security:

System Type ICE Cost
Cheap/Obsolete d4 600
Streetware d6 1200
Enterprise Grade d8 2500
Military Grade d10 10K
Bleeding Edge d12 20K

Getting Connected

In the Firmament, connectivity is usually considered to be a public service on the same level as roads and law enforcement. Whether you can afford the hardware is another matter, but the days of broadband providers are far in the past. This system is widely known as “the grid” on almost every world, and you’re either on it or off it. You’ll never have to worry about finding a coffee shop with free wifi.

Of course, not every terminal, door and security camera is just connected directly to the grid. There are many “subgrids”, like the network of a private office building or a data warehouse. Some of these are accessible directly from the grid and can be hacked into from anywhere; others require you to be nearby; still others will require you to physically plug into an access point somewhere.

The other thing to consider is coverage. If you’re in a deadzone without grid coverage, you can’t get online without a satellite uplink (starships have this kind of hardware built in). Even then, it’s a sluggish connection that imposes a -2 to all skill rolls. Trying to connect to something on the other side of the star system is slower still. Even at lightspeed, queries will take minutes or even hours to get a response, and hacking is impossible.

Quick Hacking

Most devices and computers will be part of a subgrid, like a building’s security network or a corporate data warehouse. However, some devices - like a billboard, vending machine or personal datapad - will be connected directly to the grid. These devices can be manipulated with Quick Hacking.

For example, let’s say you want to hack a drone:

Quick Hacking is a flat Hacking roll opposed by the target’s ICE; this takes 10 minutes. If you succeed, you gain control of the device until it gets switched off or disconnected. Failure usually just means you haven’t made any progress - but if the target’s ICE beats you with a raise, it detects the attempted intrusion. You can’t try again, and the device’s owner knows someone tried to hack them.

Combat Hacking: Proper hacking takes minutes or even hours, so it’s not feasible in the heat of combat - but you can still disrupt or confuse a target, temporarily. You can use the Hacking skill in a Test against any target that is suitably connected - like a drone, a security camera, or someone using smartglasses.


If Quick Hacking is like picking a pocket, then a netrun is a heist. A netrun allows you to take over a subgrid or other complex system (i.e. a corporate office), giving you control over every device that it’s responsible for. Of course, you need to be able to access the system to perform a netrun against it; see the section on Getting Connected for more about that.

Netrunning is handled as a Dramatic Task; you must collect a certain number of tokens in 6 rounds, with each round lasting about 10 minutes. The exact number of tokens you need to collect depends on the defender’s ICE rating.

ICE Rating Tokens Required
d4 6
d6 7
d8 8
d10 9
d12 10

Each round, the attacker draws an Action Card and makes a Hacking roll against TN 4, and gets 1 token for each success and raise. A failure nets them no tokens, and a Critical Failure causes the system to go on Alert. If the attacker can collect the required number of tokens before they run out of time, the netrun is successful and they gain control of the system.

If the attacker runs out of time, the defender’s ICE overwhelms their deck. It crashes, taking it offline for 10 minutes and ending the run. If the attacker was using a SenseNet, they also suffer dumpshock and become Fatigued. This goes away after a night’s sleep.

Complications: If the attacker’s Action Card is a Club, they encounter a Complication. This is a bad patch of ICE, a vigilant sysadmin, or some other difficulty. It gives them a -2 to the Hacking roll, or a -4 if their ICE is lower than the target. If they fail, the system goes on Alert - or High Alert on a Critical Failure. The attacker can give up and jack out at any time, but doing so does not reset the Alert level.

Defenders: If the system is being actively monitored by a sysadmin or corporate hacker, they can use their Hacking skill instead of the system’s ICE to determine how difficult the netrun will be.

Circumstantial Modifiers

Circumstance Modifier
Alert -1
High Alert -2
User Access Codes +1
Security Access Codes +2
Bruteforce +2
Datapad -2
Damaged deck -2

Alert Levels represent the defender’s awareness of the attacker’s presence. Defenders usually begin at No Alert, but can increase to Alert or High Alert as the run progresses. After that the system goes into Lockdown, and the attacker is automatically dumped out. Alert levels might have other effects in-game, like more guards or tighter security checks.

Access Codes are a foothold on the system, making it easier to launch an attack. They are usually literal access codes (like a password), but could also be a tap plugged into a physical access port or a hacker quickly sneaking onto an unattended terminal. They could also represent a backdoor from a previous run.

Bruteforce is the hacker’s equivalent of a Wild Attack - a noisy, unsubtle hammer blow in cyberspace. When you choose to go bruteforce, you get a +2 bonus to your Hacking roll. However, the Alert level of the system increases regardless of whether you pass or fail.

Multiple Netrunners

Sometimes you might jack into a system, only to find that you’re not the only one here. Multiple netrunners can attack the same system; if they’re on the same side, just treat it as a Support action. If they’re not, each netrun operates independently - but the alert level is universal. A bunch of netrunners independently blundering around in a system are much more likely to trip the alarms.

Sometimes, two hackers might go head-to-head in a system; rival netrunners might want to boot each other off a system so they can have it all to themselves. In this case, have each side make an opposed Hacking roll. The winner gets to remain, while the loser gets booted off. If it’s a tie, neither side wins - but their noisy infighting makes the system go on Alert!

Black ICE

Most of the time, a system’s ICE is just focused on getting rid of an attacker. It consumes resources, causes system instability, and locks down access to prevent an intrusion and kick the hacker off their system. However, some systems and devices employ “Black ICE”, which takes it a step further. Black ICE is designed to overload circuits and bypass safety mechanisms, causing permanent damage to a device. It’s expensive, and tends to be illegal without special clearance.

If you get booted out of a system with Black ICE, key components of your device are permanently damaged. Until you can repair them for 10% of the device’s value, all skill rolls are made at a -2. If you’re connected by SenseNet, the biofeedback elevates dumpshock to lethal levels. You immediately become Incapacitated by damage to the nervous system, which cannot be Soaked. The Wounds inflicted by Black ICE don’t have a Golden Hour, and must heal naturally.

If you’re Incapacitated by Black ICE, you need to make the usual Vigor roll to see if you’re dead, bleeding out, et cetera. Serious injuries from dumpshock usually come from some form of brain or nervous system damage, rather than physical injury to the body itself. A result of “Hideous Scar” is some kind of facial palsy; a “Busted” result is paresis that causes muscle weakness; and so on.


If the netrun was successful, the attacker now has control over the system. They can make a flat Hacking roll as an action to manipulate the system - like taking over security cameras, opening doors or downloading data. If you’re making a permanent modification or being extra suspicious or noisy, the GM might give you a -2 or -4 penalty for difficulty. On a failure, the alert level increases (but the action is still performed).

The Alert level determines how long you’re able to maintain access to the system after a successful netrun:

No Alert. The defender remains unaware of your attempts to bypass their security, or they think a trivial attack was dealt with. You can maintain access indefinitely until the alert is raised. You can even log off and come back whenever you want.

Alert. The defender suspects an attack. Your access will be removed within 1d6 days. Very high-security systems will react in 1d6 hours. After you lose access, any access codes or modifications made to the system will eventually be found and removed.

High Alert. The defender knows they’ve been hacked. Your access will be removed within 1d6 hours. Very high-security systems will react in 1d6 minutes. They are also able to gather some artifacts from the attack; they might know your handle, what city you were hacking from, or what kind of hardware you were using.

Lockdown. You lose access immediately. The defender is able to trace the attack back to its origin, and may “hack back” or dispatch law enforcement or a team to deal with you.

If the netrun failed, you can ignore the parts about maintaining access - but the consequences still apply. If you get booted out of a system that’s on High Alert, for example, you can expect the defender to have some information about you.