- Getting Hardware
- Getting Connected
- Breaking the ICE
- Writing Software
Datapads are the device of choice for the masses. Wafer thin and about the size of a smartphone, datapads are as powerful as a 21st century computer - which means that they’re more than enough for the casual user. You can also get smaller “headless” versions with no screen - they look a bit like a credit cartridge, and are meant to be used with smart peripherals. Datapads are convenient, but they’re underpowered for heavy-duty work.
Terminals are basically desktop computers, and are miniature supercomputers by 21st century standards. They’re not a common fixture in most family homes - a datapad is enough for most people - but you might find them in the house of a hardcore hobbyist, scientist or hacker. They’re also an integral part of any starship.
Decks are portable terminals, a hacker’s best friend and the Firmament’s equivalent of a laptop. They don’t have a screen or keyboard though - they look like featureless plastic bricks with some retractable ports and lenses on the side. They’re almost always used with smart peripherals, but if necessary can be used in “projector mode” by setting them down on a flat surface and interacting with a 3-dimensional hologram.
Mainframes are big servers with vast amounts of processing power and storage space - the kind of thing that can calculate a navkey for interstellar travel. It’s not uncommon for a big corporate office to have a single mainframe and no terminals at all - individual employees just connect with a pair of smart goggles or a holoprojector station.
Staying anchored in “flatland”, as hackers call it, is fine for the casual user or the terminal drone in a corporate office. More active types find it restrictive and inconvenient though, and these power users prefer to connect their device to a pair of smart glasses or lenses.
Most of the time, these peripherals run in HUD mode. The user’s vision is overlayed with an unobtrusive user interface, and sophisticated cameras and object recognition protocols allow them to interact with their device using gestures and eye movements. For making a phone call, doing a quick search or other basic tasks, this is the best of both worlds.
For more absorbing tasks you can switch to VR mode, known as “goggling in” by hackers. With your entire vision filled by the user interface and a pair of headphones in your ears, you can immerse yourself entirely in cyberspace without needing to sit at a terminal or stand in front of your deck like an idiot. This is generally required for hacking, interacting with complex applications, and similar tasks.
For some people, a pair of goggles and a set of earphones isn’t enough. The next step up is a SenseNet - a web of electrodes that is usually contained neatly in a cloth headband. You connect it to your deck or terminal directly, and it allows you to experience what is known as “full sensory immersion”. Ordinary folks use a SenseNet to experience VR on a level that is impossible with some smart goggles and a fancy camera - in fact, SenseNet is the most common reason for consumers to purchase their own terminal or deck. But the instant reaction times afforded by a SenseNet are useful to hackers, too.
Hacking while fully immersed in cyberspace is a rush, and gives you the edge that every netrunner seems to need. The interface is the same, but you’re not limited by the latency between your brain and your hands. As soon as you can think a command, it’s happening. There are dangers, though - when you put on a SenseNet, the grid is no longer an abstract thing. It’s real and dangerous - suddenly terms like “biofeedback” and “neural static” become scary. Being immersed in a SenseNet has the following effects:
- +1 to all skill rolls.
- You’re dead to the world until you disconnect or someone rips the headband off. Only a Wound is enough to cut through the SenseNet trance and alert you to danger.
- If your deck crashes or you’re unexpectedly pulled out of cyberspace, you experience dumpshock. It inflicts 1 Wound that can only be healed naturally.
- If you get booted off the grid by Black ICE, you instead suffer 1d4 Wounds that can only be healed naturally.
Wounds from dumpshock are quite capable of permanently injuring or even killing a netrunner. Roll normally on the Injury Table if it’s called for - these injuries generally come from some form of brain damage, rather than actual damage to the body itself.
In the Firmament, connectivity is usually considered to be a public service on the same level as roads and law enforcement. Whether you can afford the hardware is another matter, but the days of broadband providers are far in the past. Anywhere you’d expect to have cellular reception in the modern day will be covered by high-latency wireless networks that anyone can access. This system is widely known as “the grid” on almost every world, and you’re either on it or off it. It’s just one big wide-area network, so you’ll never have to worry about finding a coffee shop with free wifi.
The grid might be a single WAN, but that doesn’t mean connectivity is guaranteed - especially on the Rim. More remote environs are often deadzones. Your datapad or deck won’t be of much use in those areas without a satellite uplink (starships have this kind of hardware built in). Even these connections are sluggish at best, imposing a -2 penalty to all skill rolls. The same penalties apply to anyone trying to interact with a satellite or ship in orbit.
The final limitation on connectivity is distance. The grid you connect to is local to the region you’re in - such as a planet, lunar colony or space station. Even at lightspeed, connections to another grid halfway across the system can take minutes or even hours. In addition to making realtime communication impossible, accessing systems or information on another grid in the same star system imposes a -4 penalty to all rolls. Megacorps are fond of keeping sensitive data in heavily guarded deep-space “silos” for this very reason.
Systems on the grid consist of nodes, which are basically networks of any size. Simple systems only have a single node - for example, your datapad and connected peripherals count as a node. Even a whole building could place all of its tasks - lighting, security, computing - under the responsibility of one node. More complex systems, though, may have a multitude of networked nodes. Systems with multiple nodes are harder to hack, but are also more expensive and complicated to monitor. Megacorps will have hundreds spread throughout the world, and just figuring out how to navigate the maze and get to the data you need is its own challenge.
Broadly speaking, a hacker might encounter four kinds of nodes:
- Public nodes are on the grid, and are trivial to find via public directory listings. The local library or a popular online game are probably public nodes. Finding the address of a public node takes 1d6 rounds and no skill roll is required.
- Hidden nodes are on the grid, but don’t advertise their existence. Most personal devices are hidden nodes; a secret hacker chatroom would be, too. To find the address of a hidden node, you must know it exists and make a Research roll against the node’s ICE. This usually takes an hour, or 10 minutes on a raise.
- Internal nodes are indirectly connected to the grid. They don’t have an address, and you can only reach them via other nodes (or by connecting directly). They’re invisible to the grid at large.
- Offline nodes aren’t connected to the grid at all; they’re isolated and airgapped. You can only connect to an offline node directly. A device that’s been disconnected from the grid also falls into this category.
If a node is on the grid, you can connect to it as long as you know its address. You can also connect to a node directly, without knowing its address or going via the grid. This usually requires you to be within 50” of it, but in some cases might require you to physically plug into an access point. This means you can hack someone’s datapad or the building your team is infiltrating without needing to search the grid for it.
Here’s an example of the layout of a large library, illustrating each kind of node:
- The access node is a public node connected to the grid, and contains an index of books, users and loans.
- The security node is a hidden node. It’s connected to the grid so that the cameras and security systems can be remotely monitored by the library’s security contractor, but isn’t advertised.
- The collection node contains the actual database of books themselves, as well as information about library staff. It’s an internal node, only visible from the access node.
- The research node contains highly sensitive and valuable research data, and is an offline node. To hack it, you’d need to break into the library’s top floor and plug in.
If you wanted to get access to a rare book on the library’s system, just hacking the access node wouldn’t be enough. You would need to pivot deeper into the system and take over the collection node in order to get the data you want.
Breaking the ICE
Every system - whether it’s a radio detonator, a corporate node, or a hacker’s deck - is rated by the quality of its ICE (intrusion countermeasures & electronics). This rating represents the overall power of the system and how forgiving it is to hack with, as well as how good its security protocols and defenses are. A deck with high ICE has less reaction lag and can handle more strain, giving you more time to complete the run before you get booted out of a system.
The table below gives the different levels of ICE that systems can have, along with how much it’ll cost to get a deck with that level of security:
So, you want to hack something. If what you’re trying to achieve is small, the GM might just ask you to make a Hacking roll against the target’s ICE rating. This includes making anonymous payments, hacking someone’s social media, tricking a vending machine or anything else which doesn’t require a full-on intrusion into a system. Otherwise, it’s a netrun.
During a netrun, the attacker is trying to gain control of a node belonging to the defender. When the netrun begins, the attacker and defender both get tokens based on their ICE rating. Each round (usually about 10 minutes of real time), the attacker makes a Hacking roll and the defender rolls their ICE skill. For example, a streetware-level system would roll d6 to defend itself. If the system is being actively monitored by a security expert or autonomous system, they can make an Electronics or Hacking roll to Support the system’s ICE.
- If the attacker rolls a 1 on their skill die, the system goes on Alert.
- If the defender rolls a 1 on their skill die, the attacker identifies a security flaw that gives them a +2 to their next Hacking roll.
- For both sides, every success and raise on the roll removes one token from their opponent.
If the attacker runs out of tokens, it means that the system’s ICE has overwhelmed their deck. It crashes, taking it offline for 10 minutes and ending the run. If the defender runs out of tokens, it means that the attacker has successfully gained control of the system. The attacker can jack out of the system at any time as an action, giving up on the run before they get booted out. Doing so does not reset the alert level, however.
|User Access Codes||+1|
|Security Access Codes||+2|
|Hacking on the Fly||-2|
Alert Levels represent the defender’s awareness of the attacker’s presence. Alert levels are usually system-wide, but on very large systems might only affect a subset of nodes. Defenders usually begin at No Alert, but can increase to Alert or High Alert as the run progresses. If the system goes beyond High Alert, the attacker is automatically dumped out.
Access Codes are a foothold on the system, making it easier to launch an attack. They are usually literal access codes (like a password), but could also be a tap plugged into a physical access port or a hacker quickly sneaking onto an unattended terminal. They could also represent a backdoor from a previous run.
Hacking on the Fly allows the attacker to make a roll every combat round, instead of every 10 minutes. This is useful in tense situations like combat, but carries a hefty penalty.
The rules above are designed to be simple and straightforward, so that running the net isn’t a time-consuming and distracting task that detracts from the enjoyment of other players. However, you should throw in opportunities and complications during a netrun that inject some life into it, and allow both sides to affect the outcome. This is what turns a hack into a netrun.
- If the netrunner’s friends can take out or distract the sysadmin, they won’t be able to Support the system’s ICE.
- If you can get inside the building and tap into an access point, you might be able to hack an internal node directly without having to go through the other nodes first. The same goes for hacking an offline node with no connection to the grid.
- If you can sneak onto an unattended workstation or get a virus onto the system, you might be able to get the bonus for having access codes.
- If the netrunner puts the system on Alert, an otherwise sleepy and low-security node might suddenly be monitored by a corporate hacker with a d10.
Sometimes you might jack into a system, only to find that you’re not the only one here. Multiple netrunners can attack the same system; if they’re on the same side, just treat it as a Support action. If they’re not, the defender gets a separate stack of tokens for each attack - but the alert level is universal. A bunch of netrunners independently blundering around in a system are much more likely to trip the alarms.
Sometimes, a netrunner might want to boot another hacker off the system so they can have it all to themselves. You can use the rules above to run this - just change who the “defender” is in this context. You roll against the ICE of another hacker to take their tokens away, and they can support their ICE with the Hacking skill.
Assuming the netrun was actually successful, the attacker now has control over the node they were trying to hack. They can now manipulate the node - such as taking over security cameras, opening doors or downloading data - with a flat Hacking roll as an action. On a failure, the alert level increases (but the action is still performed). Making permanent modifications (like installing a backdoor or virus) is riskier - the Hacking roll is opposed by the node’s ICE.
The alert level can also be manually increased by system administrators and the like. For example, a suspicious admin might make a Research roll to check the database and find unauthorised changes made by a ‘runner. Based on this, they might raise the alarm.
How long you maintain access to a system depends on the alert level:
- No Alert: You can maintain access indefinitely until the alert is raised. You can even log off and come back whenever you want.
- Alert: The defender suspects an attack. Your access will be removed within 1d6 days. Very high-security systems will react in 1d6 hours.
- High Alert: The defender knows they’ve been hacked. Your access will be removed within 1d6 hours. Very high-security systems will react in 1d6 minutes.
You can try to get back into a system after you lose access, but alert levels don’t reset after a run. Depending on how paranoid the organisation is, it could take days or even weeks for the security team to relax their vigil.
When a netrun ends - regardless of how - there may be additional consequences that follow you home. Maybe you got booted out, maybe you gave up halfway through, or maybe you got in but made too much noise and were eventually detected. Either way, the consequences depend on the alert level:
- No Alert: The defender remains unaware of your attempts to bypass their security, or they think a trivial attack was dealt with.
- Alert: The defender learns some basic information about you. For example, they might figure out what you were trying to access, what kind of hardware you’re using, or your netrunner handle (but not your real identity).
- High Alert: The defender traces the attack to its origin, and may “hack back” or dispatch law enforcement or a team to deal with you.
Most of the time, a system’s ICE is just focused on getting rid of an attacker. It consumes resources, causes system instability, and locks down access to prevent an intrusion and kick the hacker off their system. However, some systems and devices employ “Black ICE”, which takes it a step further. Black ICE is designed to overload circuits and bypass safety mechanisms, causing permanent damage to a device. It’s expensive, and tends to be illegal without special clearance.
If you get booted out of a system with Black ICE, key components of your device are permanently damaged. Until you can repair them for 10% of the device’s value, all skill rolls are made at a -2.
The Hacking skill is not just used to bypass security, but to create programs. Most of the time, this process can be abstracted away. When you make a Hacking roll to get into a system, we assume that part of that roll includes the utilities and custom software in your arsenal. Occasionally, though, you might want to write a specific program do something.
It could take anywhere from a few hours to a week to write a new program. To make it easier to come up with your own programs, you can split them up into 4 categories:
- Daemons run in the background, either on your system or on something you’ve hacked. You might have a daemon that wipes your deck when you say “good luck with that”, or one that disables the cameras as soon as a certain person enters the building.
- Viruses allow you to make more elaborate and permament changes to a system. Taking over a node might let you disable the security turrets, or take control of them. But a virus would let you update them to treat everyone as an intruder, even when you’re not connected.
- Backdoors are designed to maintain persistence and access to a system. They give you the “security access codes” bonus if you need to hack into the node again.
- Utilities are a catch-all for miscellaneous bits of software. If you want to write a fancier persona for VR chatrooms or update a commlink to use forbidden frequencies, it falls under this category.
Actually writing the program is a straight Hacking roll - though the GM may impose a difficulty penalty if what you’re trying to do is more complex or sophisticated than a basic tool.
You can create bigger and more significant software, but it will usually be a longterm project. The GM will work with you to decide exactly what kind of time, resources and special conditions are required to complete it. Examples of big projects include:
- Upgrading the ICE on your deck or adding masterwork features to it.
- Writing your own Black ICE.
- Writing commercial-grade software like a databank, facial recognition program or autonomous system.