Getting Hardware

Datapads are the device of choice for the masses. Wafer thin and about the size of a smartphone, datapads are as powerful as a 21st century computer - which means that they’re more than enough for the casual user. You can also get smaller “headless” versions with no screen - they look a bit like a credit cartridge, and are meant to be used with smart peripherals. Datapads are convenient, but they’re underpowered for heavy-duty work.

Terminals are basically desktop computers, and are miniature supercomputers by 21st century standards. They’re not a common fixture in most family homes - a datapad is enough for most people - but you might find them in the house of a hardcore hobbyist, scientist or hacker. They’re also an integral part of any starship.

Decks are portable terminals, a hacker’s best friend and the Firmament’s equivalent of a laptop. They don’t have a screen or keyboard though - they look like featureless plastic bricks about the size of a hardback book, with some retractable ports and lenses on the side. They’re almost always used with smart peripherals, but if necessary can be used in “projector mode” by setting them down on a flat surface and interacting with a 3-dimensional hologram.

Mainframes are big servers with vast amounts of processing power and storage space - the kind of thing that can calculate a navkey for interstellar travel. It’s not uncommon for a big corporate office to have a single mainframe and no terminals at all - individual employees just connect with a pair of smart goggles or a holoprojector station.

Smart Peripherals

Staying anchored in “flatland”, as hackers call it, is fine for the casual user or the terminal drone in a corporate office. More active types find it restrictive and inconvenient though, and these power users prefer to connect their device to a pair of smart glasses or lenses.

Most of the time, these peripherals run in HUD mode. The user’s vision is overlayed with an unobtrusive user interface, and sophisticated cameras and object recognition protocols allow them to interact with their device using gestures and eye movements. For making a phone call, doing a quick search or other basic tasks, this is the best of both worlds.

For more absorbing tasks you can switch to VR mode, known as “goggling in” by hackers. With your entire vision filled by the user interface, you can immerse yourself entirely in cyberspace without needing to sit at a terminal or stand in front of your deck like an idiot. This is generally required for hacking, interacting with complex applications, and similar tasks.

Full Immersion

For some people, a pair of goggles isn’t enough. The next step up is a SenseNet - a web of electrodes that is usually contained neatly in a cloth headband. You connect it to your deck or terminal directly, and it allows you to experience what is known as “full sensory immersion”. Ordinary folks use a SenseNet to experience VR on a level that is impossible with some smart goggles and a fancy camera - in fact, SenseNet is the most common reason for consumers to purchase their own terminal. But the instant reaction times afforded by a SenseNet are useful to hackers, too.

Hacking while fully immersed in cyberspace is a rush, and gives you the edge that every netrunner seems to need. The interface is the same, but you’re not limited by the latency between your brain and your hands. As soon as you can think a command, it’s happening. There are dangers, though - when you put on a SenseNet, the grid is no longer an abstract thing. It’s real and dangerous - suddenly terms like “biofeedback” and “neural static” become scary. Being immersed in a SenseNet has the following effects:

Getting Connected

In the Firmament, connectivity is usually considered to be a public service on the same level as roads and law enforcement. Whether you can afford the hardware is another matter, but the days of broadband providers are far in the past. Anywhere you’d expect to have cellular reception in the modern day will be covered by high-latency wireless networks that anyone can access. This system is widely known as “the grid” on almost every world, and you’re either on it or off it. It’s just one big wide-area network, so you’ll never have to worry about finding a coffee shop with free wifi.

The grid might be a single WAN, but that doesn’t mean connectivity is guaranteed - especially on the Rim. More remote environs are often deadzones. Your datapad or deck won’t be of much use in those areas without a satellite uplink (starships have this kind of hardware built in). Even these connections are sluggish at best, imposing a -2 penalty to all skill rolls. The same penalties apply to anyone trying to interact with a satellite or ship in orbit.

The difficulty is compounded when trying to access systems on another planet, or a space station halfway across the system. Even at lightspeed, communication at these distances can take minutes or even hours. This increases the penalty to a -4, as well as making realtime communication impossible. Megacorps are fond of keeping sensitive data in heavily guarded deep-space “silos” for this very reason.

Getting Secured

Every system - whether it’s a radio detonator, a corporate node, or a hacker’s deck - is rated by the quality of its ICE (intrusion countermeasures & electronics). This rating represents the overall computing power of the system and how forgiving it is to hack with, as well as how good its security protocols and defenses are. A deck with high ICE has less reaction lag and can handle more strain, making it more likely that you’ll complete the run without tripping the alarms or getting booted out of the system.

The table below gives the different levels of ICE that systems can have, along with how much it’ll cost to get a deck with that level of security:

System Type ICE Cost
Cheap/Obsolete d4 600
Streetware d6 1200
Enterprise Grade d8 2500
Military Grade d10 10K
Bleeding Edge d12 20K


When you want to break into a system and take control of it, use the netrunning rules below. For example, you’d need to do a netrun if you wanted to turn off a building’s security cameras - they’re controlled by the building’s security systems, so you’d need to take control of those. However, not all hacks require a netrun. Here are some examples of simple hacks:

Trivial hacks like this require an opposed Hacking roll against the target’s ICE. This usually takes about 10 minutes; however, you can reduce this to a single round by “hacking on the fly” at a -2 penalty. If you succeed, you accomplish whatever you were trying to do. Simple hacks don’t usually raise alarms or cause serious consequences unless a Critical Failure is rolled.


So, you want to hack something. If what you’re trying to achieve is small, the GM might just use the simple hacking rules above. Otherwise, it’s a netrun - if casual hacking is like picking a pocket, then a netrun is a heist. You’re trying to take over a system belonging to the defender, such as a building’s security network. If you succeed, you gain control and can perform actions like turning off alarms, manipulating security cameras or accessing recorded footage.

Netrunning is handled as a Dramatic Task; you must collect a certain number of tokens in 6 rounds, with each round lasting about 10 minutes. The exact number of tokens you need to collect depends on the defender’s ICE rating.

ICE Rating Tokens Required
d4 6
d6 7
d8 8
d10 9
d12 10

Each round, the attacker draws an Action Card and makes a Hacking roll against TN 4, and gets 1 token for each success and raise. If they collect the required number of tokens before they run out of time, they gain control of the system.

If the attacker runs out of time, the defender’s ICE overwhelms their deck. It crashes, taking it offline for 10 minutes and ending the run. If the attacker was using a SenseNet, they also suffer dumpshock and become Fatigued. This goes away after a night’s sleep.

Complications: If the attacker’s Action Card is a Club, they encounter a Complication. This is a bad patch of ICE, a vigilant sysadmin, or some other difficulty. It gives them a -2 to the Hacking roll, or a -4 if their ICE is lower than the target. If they fail, the system goes on Alert - or High Alert on a Critical Failure. The attacker can give up and jack out at any time, but doing so does not reset the Alert level.

Defenders: If the system is being actively monitored by a sysadmin or corporate hacker, they can use their Hacking skill instead of the system’s ICE to determine how difficult the netrun will be.

Circumstantial Modifiers

Circumstance Modifier
Alert -1
High Alert -2
User Access Codes +1
Security Access Codes +2
Bruteforce +2
Hacking on the Fly -2
Datapad -2
Damaged deck -2

Alert Levels represent the defender’s awareness of the attacker’s presence. Defenders usually begin at No Alert, but can increase to Alert or High Alert as the run progresses. After that the system goes into Lockdown, and the attacker is automatically dumped out. Alert levels might have other effects in-game, like more guards or tighter security checks.

Access Codes are a foothold on the system, making it easier to launch an attack. They are usually literal access codes (like a password), but could also be a tap plugged into a physical access port or a hacker quickly sneaking onto an unattended terminal. They could also represent a backdoor from a previous run.

Bruteforce is the hacker’s equivalent of a Wild Attack - a noisy, unsubtle hammer blow in cyberspace. When you choose to go bruteforce, you get a +2 bonus to your Hacking roll. However, the Alert level of the system increases regardless of whether you pass or fail.

Hacking on the Fly allows the attacker to make a roll every combat round, instead of every 10 minutes. This is useful in tense situations like combat, but carries a hefty penalty.

Multiple Netrunners

Sometimes you might jack into a system, only to find that you’re not the only one here. Multiple netrunners can attack the same system; if they’re on the same side, just treat it as a Support action. If they’re not, each netrun operates independently - but the alert level is universal. A bunch of netrunners independently blundering around in a system are much more likely to trip the alarms.

Sometimes, two hackers might go head-to-head in a system; sometimes rival netrunners want to boot each other off a system so they can have it all to themselves. In this case, have each side make an opposed Hacking roll. The winner gets to remain, while the loser gets booted off. If it’s a tie, neither side wins - but their noisy infighting makes the system go on Alert!

Black ICE

Most of the time, a system’s ICE is just focused on getting rid of an attacker. It consumes resources, causes system instability, and locks down access to prevent an intrusion and kick the hacker off their system. However, some systems and devices employ “Black ICE”, which takes it a step further. Black ICE is designed to overload circuits and bypass safety mechanisms, causing permanent damage to a device. It’s expensive, and tends to be illegal without special clearance.

If you get booted out of a system with Black ICE, key components of your device are permanently damaged. Until you can repair them for 10% of the device’s value, all skill rolls are made at a -2. If you’re connected by SenseNet, the biofeedback elevates dumpshock to lethal levels. It immediately inflicts enough Wounds to Incapacitate you, though you are allowed to Soak them. These Wounds can’t be treated and must be healed naturally.

If you’re Incapacitated by Black ICE, you need to make the usual Vigor roll to see if you’re dead, bleeding out, et cetera. Serious injuries from dumpshock usually come from some form of brain or nervous system damage, rather than physical injury to the body itself. A result of “Hideous Scar” is some kind of facial palsy; a “Busted” result is paresis that causes muscle weakness; and so on.


If the netrun was successful, the attacker now has control over the system. They can make a flat Hacking roll as an action to manipulate the system - like taking over security cameras, opening doors or downloading data. If you’re making a permanent modification or being extra suspicious or noisy, the GM might give you a -2 or -4 penalty for difficulty. On a failure, the alert level increases (but the action is still performed).

The Alert level determines how long you’re able to maintain access to the system after a successful netrun:

No Alert. The defender remains unaware of your attempts to bypass their security, or they think a trivial attack was dealt with. You can maintain access indefinitely until the alert is raised. You can even log off and come back whenever you want.

Alert. The defender suspects an attack. Your access will be removed within 1d6 days. Very high-security systems will react in 1d6 hours. After you lose access, any access codes or modifications made to the system will eventually be found and removed.

High Alert. The defender knows they’ve been hacked. Your access will be removed within 1d6 hours. Very high-security systems will react in 1d6 minutes. They are also able to gather some artifacts from the attack; they might know your handle, what city you were hacking from, or what kind of hardware you were using.

Lockdown. You lose access immediately. The defender is able to trace the attack back to its origin, and may “hack back” or dispatch law enforcement or a team to deal with you.

If the netrun failed, you can ignore the parts about maintaining access - but the consequences still apply. If you get booted out of a system that’s on High Alert, for example, you can expect the defender to have some information about you.